28,446 research outputs found
A proposal for founding mistrustful quantum cryptography on coin tossing
A significant branch of classical cryptography deals with the problems which
arise when mistrustful parties need to generate, process or exchange
information. As Kilian showed a while ago, mistrustful classical cryptography
can be founded on a single protocol, oblivious transfer, from which general
secure multi-party computations can be built.
The scope of mistrustful quantum cryptography is limited by no-go theorems,
which rule out, inter alia, unconditionally secure quantum protocols for
oblivious transfer or general secure two-party computations. These theorems
apply even to protocols which take relativistic signalling constraints into
account. The best that can be hoped for, in general, are quantum protocols
computationally secure against quantum attack. I describe here a method for
building a classically certified bit commitment, and hence every other
mistrustful cryptographic task, from a secure coin tossing protocol. No
security proof is attempted, but I sketch reasons why these protocols might
resist quantum computational attack.Comment: Title altered in deference to Physical Review's fear of question
marks. Published version; references update
Security of quantum key distribution protocols using two-way classical communication or weak coherent pulses
We apply the techniques introduced in [Kraus et. al., Phys. Rev. Lett. 95,
080501, 2005] to prove security of quantum key distribution (QKD) schemes using
two-way classical post-processing as well as QKD schemes based on weak coherent
pulses instead of single-photon pulses. As a result, we obtain improved bounds
on the secret-key rate of these schemes
Noise Tolerance of the BB84 Protocol with Random Privacy Amplification
We prove that BB84 protocol with random privacy amplification is secure with
a higher key rate than Mayers' estimate with the same error rate. Consequently,
the tolerable error rate of this protocol is increased from 7.5 % to 11 %. We
also extend this method to the case of estimating error rates separately in
each basis, which enables us to securely share a longer key.Comment: 26 pages, 1 figure, version 2 fills a logical gap in the proof.
Version 3 includes an upper bound on the mutual information with finete code
length by using the decoding error probability of the code. Version 4 adds a
paragraph clarifying that no previous paper has proved that the BB84 with
random privacy amplification can tolerate the 11% error rat
Beating the PNS attack in practical quantum cryptography
In practical quantum key distribution, weak coherent state is often used and
the channel transmittance can be very small therefore the protocol could be
totally insecure under the photon-number-splitting attack. We propose an
efficient method to verify the upper bound of the fraction of counts caused by
multi-photon pluses transmitted from Alice to Bob, given whatever type of Eve's
action. The protocol simply uses two coherent states for the signal pulses and
vacuum for decoy pulse. Our verified upper bound is sufficiently tight for QKD
with very lossy channel, in both asymptotic case and non-asymptotic case. The
coherent states with mean photon number from 0.2 to 0.5 can be used in
practical quantum cryptography. We show that so far our protocol is the
decoy-state protocol that really works for currently existing set-ups.Comment: So far this is the unique decoy-state protocol which really works
efficiently in practice. Prior art results are commented in both main context
and the Appendi
No Superluminal Signaling Implies Unconditionally Secure Bit Commitment
Bit commitment (BC) is an important cryptographic primitive for an agent to
convince a mutually mistrustful party that she has already made a binding
choice of 0 or 1 but only to reveal her choice at a later time. Ideally, a BC
protocol should be simple, reliable, easy to implement using existing
technologies, and most importantly unconditionally secure in the sense that its
security is based on an information-theoretic proof rather than computational
complexity assumption or the existence of a trustworthy arbitrator. Here we
report such a provably secure scheme involving only one-way classical
communications whose unconditional security is based on no superluminal
signaling (NSS). Our scheme is inspired by the earlier works by Kent, who
proposed two impractical relativistic protocols whose unconditional securities
are yet to be established as well as several provably unconditionally secure
protocols which rely on both quantum mechanics and NSS. Our scheme is
conceptually simple and shows for the first time that quantum communication is
not needed to achieve unconditional security for BC. Moreover, with purely
classical communications, our scheme is practical and easy to implement with
existing telecom technologies. This completes the cycle of study of
unconditionally secure bit commitment based on known physical laws.Comment: This paper has been withdrawn by the authors due to a crucial
oversight on an earlier work by A. Ken
Unconditionally secure key distillation from multi-photons
In this paper, we prove that the unconditionally secure key can be
surprisingly extracted from {\it multi}-photon emission part in the photon
polarization-based QKD. One example is shown by explicitly proving that one can
indeed generate an unconditionally secure key from Alice's two-photon emission
part in ``Quantum cryptography protocols robust against photon number splitting
attacks for weak laser pulses implementations'' proposed by V. Scarani {\it et
al.,} in Phys. Rev. Lett. {\bf 92}, 057901 (2004), which is called SARG04. This
protocol uses the same four states as in BB84 and differs only in the classical
post-processing protocol. It is, thus, interesting to see how the classical
post-processing of quantum key distribution might qualitatively change its
security. We also show that one can generate an unconditionally secure key from
the single to the four-photon part in a generalized SARG04 that uses six
states. Finally, we also compare the bit error rate threshold of these
protocols with the one in BB84 and the original six-state protocol assuming a
depolarizing channel.Comment: The title has changed again. We considerably improved our
presentation, and furthermore we proposed & analyzed a security of a modified
SARG04 protocol, which uses six state
Secure two-party quantum evaluation of unitaries against specious adversaries
We describe how any two-party quantum computation, specified by a unitary
which simultaneously acts on the registers of both parties, can be privately
implemented against a quantum version of classical semi-honest adversaries that
we call specious. Our construction requires two ideal functionalities to
garantee privacy: a private SWAP between registers held by the two parties and
a classical private AND-box equivalent to oblivious transfer. If the unitary to
be evaluated is in the Clifford group then only one call to SWAP is required
for privacy. On the other hand, any unitary not in the Clifford requires one
call to an AND-box per R-gate in the circuit. Since SWAP is itself in the
Clifford group, this functionality is universal for the private evaluation of
any unitary in that group. SWAP can be built from a classical bit commitment
scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows
that unitaries in the Clifford group are to some extent the easy ones. We also
show that SWAP cannot be implemented privately in the bare model
Unconditionally Secure Bit Commitment
We describe a new classical bit commitment protocol based on cryptographic
constraints imposed by special relativity. The protocol is unconditionally
secure against classical or quantum attacks. It evades the no-go results of
Mayers, Lo and Chau by requiring from Alice a sequence of communications,
including a post-revelation verification, each of which is guaranteed to be
independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev.
Let
- …