32,686 research outputs found
A proposal for founding mistrustful quantum cryptography on coin tossing
A significant branch of classical cryptography deals with the problems which
arise when mistrustful parties need to generate, process or exchange
information. As Kilian showed a while ago, mistrustful classical cryptography
can be founded on a single protocol, oblivious transfer, from which general
secure multi-party computations can be built.
The scope of mistrustful quantum cryptography is limited by no-go theorems,
which rule out, inter alia, unconditionally secure quantum protocols for
oblivious transfer or general secure two-party computations. These theorems
apply even to protocols which take relativistic signalling constraints into
account. The best that can be hoped for, in general, are quantum protocols
computationally secure against quantum attack. I describe here a method for
building a classically certified bit commitment, and hence every other
mistrustful cryptographic task, from a secure coin tossing protocol. No
security proof is attempted, but I sketch reasons why these protocols might
resist quantum computational attack.Comment: Title altered in deference to Physical Review's fear of question
marks. Published version; references update
No Superluminal Signaling Implies Unconditionally Secure Bit Commitment
Bit commitment (BC) is an important cryptographic primitive for an agent to
convince a mutually mistrustful party that she has already made a binding
choice of 0 or 1 but only to reveal her choice at a later time. Ideally, a BC
protocol should be simple, reliable, easy to implement using existing
technologies, and most importantly unconditionally secure in the sense that its
security is based on an information-theoretic proof rather than computational
complexity assumption or the existence of a trustworthy arbitrator. Here we
report such a provably secure scheme involving only one-way classical
communications whose unconditional security is based on no superluminal
signaling (NSS). Our scheme is inspired by the earlier works by Kent, who
proposed two impractical relativistic protocols whose unconditional securities
are yet to be established as well as several provably unconditionally secure
protocols which rely on both quantum mechanics and NSS. Our scheme is
conceptually simple and shows for the first time that quantum communication is
not needed to achieve unconditional security for BC. Moreover, with purely
classical communications, our scheme is practical and easy to implement with
existing telecom technologies. This completes the cycle of study of
unconditionally secure bit commitment based on known physical laws.Comment: This paper has been withdrawn by the authors due to a crucial
oversight on an earlier work by A. Ken
Noise Tolerance of the BB84 Protocol with Random Privacy Amplification
We prove that BB84 protocol with random privacy amplification is secure with
a higher key rate than Mayers' estimate with the same error rate. Consequently,
the tolerable error rate of this protocol is increased from 7.5 % to 11 %. We
also extend this method to the case of estimating error rates separately in
each basis, which enables us to securely share a longer key.Comment: 26 pages, 1 figure, version 2 fills a logical gap in the proof.
Version 3 includes an upper bound on the mutual information with finete code
length by using the decoding error probability of the code. Version 4 adds a
paragraph clarifying that no previous paper has proved that the BB84 with
random privacy amplification can tolerate the 11% error rat
Beating the PNS attack in practical quantum cryptography
In practical quantum key distribution, weak coherent state is often used and
the channel transmittance can be very small therefore the protocol could be
totally insecure under the photon-number-splitting attack. We propose an
efficient method to verify the upper bound of the fraction of counts caused by
multi-photon pluses transmitted from Alice to Bob, given whatever type of Eve's
action. The protocol simply uses two coherent states for the signal pulses and
vacuum for decoy pulse. Our verified upper bound is sufficiently tight for QKD
with very lossy channel, in both asymptotic case and non-asymptotic case. The
coherent states with mean photon number from 0.2 to 0.5 can be used in
practical quantum cryptography. We show that so far our protocol is the
decoy-state protocol that really works for currently existing set-ups.Comment: So far this is the unique decoy-state protocol which really works
efficiently in practice. Prior art results are commented in both main context
and the Appendi
On the communication cost of entanglement transformations
We study the amount of communication needed for two parties to transform some
given joint pure state into another one, either exactly or with some fidelity.
Specifically, we present a method to lower bound this communication cost even
when the amount of entanglement does not increase. Moreover, the bound applies
even if the initial state is supplemented with unlimited entanglement in the
form of EPR pairs, and the communication is allowed to be quantum mechanical.
We then apply the method to the determination of the communication cost of
asymptotic entanglement concentration and dilution. While concentration is
known to require no communication whatsoever, the best known protocol for
dilution, discovered by Lo and Popescu [Phys. Rev. Lett. 83(7):1459--1462,
1999], requires a number of bits to be exchanged which is of the order of the
square root of the number of EPR pairs. Here we prove a matching lower bound of
the same asymptotic order, demonstrating the optimality of the Lo-Popescu
protocol up to a constant factor and establishing the existence of a
fundamental asymmetry between the concentration and dilution tasks.
We also discuss states for which the minimal communication cost is
proportional to their entanglement, such as the states recently introduced in
the context of ``embezzling entanglement'' [W. van Dam and P. Hayden,
quant-ph/0201041].Comment: 9 pages, 1 figure. Added a reference and some further explanations.
In v3 some arguments are given in more detai
Coin Tossing is Strictly Weaker Than Bit Commitment
We define cryptographic assumptions applicable to two mistrustful parties who
each control two or more separate secure sites between which special relativity
guarantees a time lapse in communication. We show that, under these
assumptions, unconditionally secure coin tossing can be carried out by
exchanges of classical information. We show also, following Mayers, Lo and
Chau, that unconditionally secure bit commitment cannot be carried out by
finitely many exchanges of classical or quantum information. Finally we show
that, under standard cryptographic assumptions, coin tossing is strictly weaker
than bit commitment. That is, no secure classical or quantum bit commitment
protocol can be built from a finite number of invocations of a secure coin
tossing black box together with finitely many additional information exchanges.Comment: Final version; to appear in Phys. Rev. Let
Experimental demonstration of phase-remapping attack in a practical quantum key distribution system
Unconditional security proofs of various quantum key distribution (QKD)
protocols are built on idealized assumptions. One key assumption is: the sender
(Alice) can prepare the required quantum states without errors. However, such
an assumption may be violated in a practical QKD system. In this paper, we
experimentally demonstrate a technically feasible "intercept-and-resend" attack
that exploits such a security loophole in a commercial "plug & play" QKD
system. The resulting quantum bit error rate is 19.7%, which is below the
proven secure bound of 20.0% for the BB84 protocol. The attack we utilize is
the phase-remapping attack (C.-H. F. Fung, et al., Phys. Rev. A, 75, 32314,
2007) proposed by our group.Comment: 16 pages, 6 figure
Unconditionally Secure Bit Commitment
We describe a new classical bit commitment protocol based on cryptographic
constraints imposed by special relativity. The protocol is unconditionally
secure against classical or quantum attacks. It evades the no-go results of
Mayers, Lo and Chau by requiring from Alice a sequence of communications,
including a post-revelation verification, each of which is guaranteed to be
independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev.
Let
Alternative schemes for measurement-device-independent quantum key distribution
Practical schemes for measurement-device-independent quantum key distribution
using phase and path or time encoding are presented. In addition to immunity to
existing loopholes in detection systems, our setup employs simple encoding and
decoding modules without relying on polarization maintenance or optical
switches. Moreover, by employing a modified sifting technique to handle the
dead-time limitations in single-photon detectors, our scheme can be run with
only two single-photon detectors. With a phase-postselection technique, a
decoy-state variant of our scheme is also proposed, whose key generation rate
scales linearly with the channel transmittance.Comment: 30 pages, 5 figure
A classical analogue of entanglement
We show that quantum entanglement has a very close classical analogue, namely
secret classical correlations. The fundamental analogy stems from the behavior
of quantum entanglement under local operations and classical communication and
the behavior of secret correlations under local operations and public
communication. A large number of derived analogies follow. In particular
teleportation is analogous to the one-time-pad, the concept of ``pure state''
exists in the classical domain, entanglement concentration and dilution are
essentially classical secrecy protocols, and single copy entanglement
manipulations have such a close classical analog that the majorization results
are reproduced in the classical setting. This analogy allows one to import
questions from the quantum domain into the classical one, and vice-versa,
helping to get a better understanding of both. Also, by identifying classical
aspects of quantum entanglement it allows one to identify those aspects of
entanglement which are uniquely quantum mechanical.Comment: 13 pages, references update
- âŠ