121 research outputs found
Simulatable security for quantum protocols
The notion of simulatable security (reactive simulatability, universal
composability) is a powerful tool for allowing the modular design of
cryptographic protocols (composition of protocols) and showing the security of
a given protocol embedded in a larger one. Recently, these methods have
received much attention in the quantum cryptographic community.
We give a short introduction to simulatable security in general and proceed
by sketching the many different definitional choices together with their
advantages and disadvantages.
Based on the reactive simulatability modelling of Backes, Pfitzmann and
Waidner we then develop a quantum security model. By following the BPW
modelling as closely as possible, we show that composable quantum security
definitions for quantum protocols can strongly profit from their classical
counterparts, since most of the definitional choices in the modelling are
independent of the underlying machine model.
In particular, we give a proof for the simple composition theorem in our
framework.Comment: Added proof of combination lemma; added comparison to the model of
Ben-Or, Mayers; minor correction
Quantum Relational Hoare Logic with Expectations
We present a variant of the quantum relational Hoare logic from (Unruh, POPL 2019) that allows us to use "expectations" in pre- and postconditions. That is, when reasoning about pairs of programs, our logic allows us to quantitatively reason about how much certain pre-/postconditions are satisfied that refer to the relationship between the programs inputs/outputs
Everlasting Multi-Party Computation
A protocol has everlasting security if it is secure against
adversaries that are computationally unlimited after the
protocol execution. This models the fact that we cannot predict which
cryptographic schemes will be broken, say, several decades after the
protocol execution. In classical cryptography, everlasting security is
difficult to achieve: even using trusted setup like common reference
strings or signature cards, many tasks such as secure communication
and oblivious transfer cannot be achieved with everlasting security.
An analogous result in the quantum setting excludes protocols based on
common reference strings, but not protocols using a signature card. We
define a variant of the Universal Composability framework, everlasting
quantum-UC, and show that in this model, we can implement secure
communication and general multi-party computation using signature
cards as trusted setup
Collapsing sponges: Post-quantum security of the sponge construction
We investigate the post-quantum security of hash functions based on
the sponge construction. A crucial property for hash functions in the
post-quantum setting is the collapsing property (a strengthening of
collision-resistance). We show that the sponge construction is
collapsing (and in consequence quantum collision-resistant) under
suitable assumptions about the underlying block function. In
particular, if the block function is a random function or a
(non-invertible) random permutation, the sponge construction is
collapsing
Revocable quantum timed-release encryption
Timed-release encryption is a kind of encryption scheme that a
recipient can decrypt only after a specified amount of time T
(assuming that we have a moderately precise estimate of his computing
power). A revocable timed-release encryption is one where,
before the time T is over, the sender can give back the
timed-release encryption, provably loosing all access to the data. We
show that revocable timed-release encryption without trusted parties
is possible using quantum cryptography (while trivially impossible
classically).
Along the way, we develop two proof techniques in the quantum random
oracle model that we believe may have applications also for other
protocols.
Finally, we also develop another new primitive, unknown recipient
encryption, which allows us to send a message to an
unknown/unspecified recipient over an insecure network in such a way
that at most one recipient will get the message
Quantum Proofs of Knowledge
We motivate, define and construct quantum proofs of knowledge, that
is, proofs of knowledge secure against quantum adversaries. Our
constructions are based on a new quantum rewinding technique that
allows us to extract witnesses in many classical proofs of
knowledge. We give criteria under which a classical proof of knowledge
is a quantum proof of knowledge. Combining our results with Watrous\u27
results on quantum zero-knowledge, we show that there are
zero-knowledge quantum proofs of knowledge for all languages in NP
(assuming quantum 1-1 one-way functions)
- …