Secure two-party quantum evaluation of unitaries against specious adversaries

We describe how any two-party quantum computation, specified by a unitary which simultaneously acts on the registers of both parties, can be privately implemented against a quantum version of classical semi-honest adversaries that we call specious. Our construction requires two ideal functionalities to garantee privacy: a private SWAP between registers held by the two parties and a classical private AND-box equivalent to oblivious transfer. If the unitary to be evaluated is in the Clifford group then only one call to SWAP is required for privacy. On the other hand, any unitary not in the Clifford requires one call to an AND-box per R-gate in the circuit. Since SWAP is itself in the Clifford group, this functionality is universal for the private evaluation of any unitary in that group. SWAP can be built from a classical bit commitment scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows that unitaries in the Clifford group are to some extent the easy ones. We also show that SWAP cannot be implemented privately in the bare model

The Case for Quantum Key Distribution

Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of either information-theoretically secure symmetric key authentication or computationally secure public key authentication: even when using public key authentication, we argue that QKD still offers stronger security than classical key agreement.Comment: 12 pages, 1 figure; to appear in proceedings of QuantumComm 2009 Workshop on Quantum and Classical Information Security; version 2 minor content revision

Universally Composable Quantum Multi-Party Computation

The Universal Composability model (UC) by Canetti (FOCS 2001) allows for secure composition of arbitrary protocols. We present a quantum version of the UC model which enjoys the same compositionality guarantees. We prove that in this model statistically secure oblivious transfer protocols can be constructed from commitments. Furthermore, we show that every statistically classically UC secure protocol is also statistically quantum UC secure. Such implications are not known for other quantum security definitions. As a corollary, we get that quantum UC secure protocols for general multi-party computation can be constructed from commitments

Computational Indistinguishability between Quantum States and Its Cryptographic Application

We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is "secure" against any polynomial-time quantum adversary. Our problem, QSCDff, is to distinguish between two types of random coset states with a hidden permutation over the symmetric group of finite degree. This naturally generalizes the commonly-used distinction problem between two probability distributions in computational cryptography. As our major contribution, we show that QSCDff has three properties of cryptographic interest: (i) QSCDff has a trapdoor; (ii) the average-case hardness of QSCDff coincides with its worst-case hardness; and (iii) QSCDff is computationally at least as hard as the graph automorphism problem in the worst case. These cryptographic properties enable us to construct a quantum public-key cryptosystem, which is likely to withstand any chosen plaintext attack of a polynomial-time quantum adversary. We further discuss a generalization of QSCDff, called QSCDcyc, and introduce a multi-bit encryption scheme that relies on similar cryptographic properties of QSCDcyc.Comment: 24 pages, 2 figures. We improved presentation, and added more detail proofs and follow-up of recent wor

Molecular basis of intramolecular electron transfer in sulfite-oxidizing enzymes is revealed by high resolution structure of a heterodimeric complex of the catalytic molybdopterin subunit and a c-type cytochrome subunit.

Sulfite-oxidizing molybdoenzymes convert the highly reactive and therefore toxic sulfite to sulfate and have been identified in insects, animals, plants, and bacteria. Although the well studied enzymes from higher animals serve to detoxify sulfite that arises from the catabolism of sulfur-containing amino acids, the bacterial enzymes have a central role in converting sulfite formed during dissimilatory oxidation of reduced sulfur compounds. Here we describe the structure of the Starkeya novella sulfite dehydrogenase, a heterodimeric complex of the catalytic molybdopterin subunit and a c-type cytochrome subunit, that reveals the molecular mechanism of intramolecular electron transfer in sulfite-oxidizing enzymes. The close approach of the two redox centers in the protein complex (Mo-Fe distance 16.6 angstrom) allows for rapid electron transfer via tunnelling or aided by the protein environment. The high resolution structure of the complex has allowed the identification of potential through-bond pathways for electron transfer including a direct link via Arg-55A and/or an aromatic-mediated pathway. A potential site of electron transfer to an external acceptor cytochrome c was also identified on the SorB subunit on the opposite side to the interaction with the catalytic SorA subunit

Commitment Capacity of Discrete Memoryless Channels

In extension of the bit commitment task and following work initiated by Crépeau and Kilian, we introduce and solve the problem of characterising the optimal rate at which a discrete memoryless channel can be used for bit commitment. It turns out that the answer is very intuitive: it is the maximum equivocation of the channel (after removing trivial redundancy), even when unlimited noiseless bidirectional side communication is allowed. By a wellknown reduction, this result provides a lower bound on the channels capacity for implementing coin tossing, which we conjecture to be an equality. The method of proving this..