Tightly Secure Hierarchical Identity-Based Encryption

We construct the first tightly secure hierarchical identity-based encryption (HIBE) scheme based on standard assumptions, which solves an open problem from Blazy, Kiltz, and Pan (CRYPTO 2014). At the core of our constructions is a novel randomization technique that enables us to randomize user secret keys for identities with flexible length. The security reductions of previous HIBEs lose at least a factor of Q, which is the number of user secret key queries. Different to that, the security loss of our schemes is only dependent on the security parameter. Our schemes are adaptively secure based on the Matrix Diffie-Hellman assumption, which is a generalization of standard Diffie-Hellman assumptions such as k-Linear. We have two tightly secure constructions, one with constant ciphertext size, and the other with tighter security at the cost of linear ciphertext size. Among other things, our schemes imply the first tightly secure identity-based signature scheme by a variant of the Naor transformation

Tight bounds for classical and quantum coin flipping

Coin flipping is a cryptographic primitive for which strictly better protocols exist if the players are not only allowed to exchange classical, but also quantum messages. During the past few years, several results have appeared which give a tight bound on the range of implementable unconditionally secure coin flips, both in the classical as well as in the quantum setting and for both weak as well as strong coin flipping. But the picture is still incomplete: in the quantum setting, all results consider only protocols with perfect correctness, and in the classical setting tight bounds for strong coin flipping are still missing. We give a general definition of coin flipping which unifies the notion of strong and weak coin flipping (it contains both of them as special cases) and allows the honest players to abort with a certain probability. We give tight bounds on the achievable range of parameters both in the classical and in the quantum setting.Comment: 18 pages, 2 figures; v2: published versio

Improving the Coherence Time of Superconducting Coplanar Resonators

The quality factor and energy decay time of superconducting resonators have been measured as a function of material, geometry, and magnetic field. Once the dissipation of trapped magnetic vortices is minimized, we identify surface two-level states (TLS) as an important decay mechanism. A wide gap between the center conductor and the ground plane, as well as use of the superconductor Re instead of Al, are shown to decrease loss. We also demonstrate that classical measurements of resonator quality factor at low excitation power are consistent with single-photon decay time measured using qubit-resonator swap experiments.Comment: 3 pages, 4 figures for the main paper; total 5 pages, 6 figures including supplementary material. Submitted to Applied Physics Letter

Quantum Non-demolition Detection of Single Microwave Photons in a Circuit

Thorough control of quantum measurement is key to the development of quantum information technologies. Many measurements are destructive, removing more information from the system than they obtain. Quantum non-demolition (QND) measurements allow repeated measurements that give the same eigenvalue. They could be used for several quantum information processing tasks such as error correction, preparation by measurement, and one-way quantum computing. Achieving QND measurements of photons is especially challenging because the detector must be completely transparent to the photons while still acquiring information about them. Recent progress in manipulating microwave photons in superconducting circuits has increased demand for a QND detector which operates in the gigahertz frequency range. Here we demonstrate a QND detection scheme which measures the number of photons inside a high quality-factor microwave cavity on a chip. This scheme maps a photon number onto a qubit state in a single-shot via qubit-photon logic gates. We verify the operation of the device by analyzing the average correlations of repeated measurements, and show that it is 90% QND. It differs from previously reported detectors because its sensitivity is strongly selective to chosen photon number states. This scheme could be used to monitor the state of a photon-based memory in a quantum computer.Comment: 5 pages, 4 figures, includes supplementary materia

Chosen-ciphertext security from subset sum

We construct a public-key encryption (PKE) scheme whose security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012

On Tightly Secure Non-Interactive Key Exchange

We consider the reduction loss of security reductions for non-interactive key exchange (NIKE) schemes. Currently, no tightly secure NIKE schemes exist, and in fact Bader et al. (EUROCRYPT 2016) provide a lower bound (of O(n^2), where n is the number of parties an adversary interacts with) on the reduction loss for a large class of NIKE schemes. We offer two results: the first NIKE scheme with a reduction loss of n/2 that circumvents the lower bound of Bader et al., but is of course still far from tightly secure. Second, we provide a generalization of Bader et al.\u27s lower bound to a larger class of NIKE schemes (that also covers our NIKE scheme), with an adapted lower bound of n/2 on the reduction loss. Hence, in that sense, the reduction for our NIKE scheme is optimal

Microwave Dielectric Loss at Single Photon Energies and milliKelvin Temperatures

The microwave performance of amorphous dielectric materials at very low temperatures and very low excitation strengths displays significant excess loss. Here, we present the loss tangents of some common amorphous and crystalline dielectrics, measured at low temperatures (T < 100 mK) with near single-photon excitation energies, using both coplanar waveguide (CPW) and lumped LC resonators. The loss can be understood using a two-level state (TLS) defect model. A circuit analysis of the half-wavelength resonators we used is outlined, and the energy dissipation of such a resonator on a multilayered dielectric substrate is considered theoretically.Comment: 4 pages, 3 figures, submitted to Applied Physics Letter

Non-malleable encryption: simpler, shorter, stronger

In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural “encode-then-encrypt-bit-by-bit” approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results—(faster) construction from IND-CPA and domain extension from one-bit scheme—also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit