Quantum-secure message authentication via blind-unforgeability

Formulating and designing unforgeable authentication of classical messages in the presence of quantum adversaries has been a challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quantum setting. A particular difficulty is how to fairly capture the notion of "predicting an unqueried value" when the adversary can query in quantum superposition. In this work, we uncover serious shortcomings in existing approaches, and propose a new definition. We then support its viability by a number of constructions and characterizations. Specifically, we demonstrate a function which is secure according to the existing definition by Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack, whereby a query supported only on inputs that start with 0 divulges the value of the function on an input that starts with 1. We then propose a new definition, which we call "blind-unforgeability" (or BU.) This notion matches "intuitive unpredictability" in all examples studied thus far. It defines a function to be predictable if there exists an adversary which can use "partially blinded" oracle access to predict values in the blinded region. Our definition (BU) coincides with standard unpredictability (EUF-CMA) in the classical-query setting. We show that quantum-secure pseudorandom functions are BU-secure MACs. In addition, we show that BU satisfies a composition property (Hash-and-MAC) using "Bernoulli-preserving" hash functions, a new notion which may be of independent interest. Finally, we show that BU is amenable to security reductions by giving a precise bound on the extent to which quantum algorithms can deviate from their usual behavior due to the blinding in the BU security experiment.Comment: 23+9 pages, v3: published version, with one theorem statement in the summary of results correcte

Theory of a Slow-Light Catastrophe

In diffraction catastrophes such as the rainbow the wave nature of light resolves ray singularities and draws delicate interference patterns. In quantum catastrophes such as the black hole the quantum nature of light resolves wave singularities and creates characteristic quantum effects related to Hawking radiation. The paper describes the theory behind a recent proposal [U. Leonhardt, arXiv:physics/0111058, Nature (in press)] to generate a quantum catastrophe of slow light.Comment: Physical Review A (in press

Quantum catastrophe of slow light

Catastrophes are at the heart of many fascinating optical phenomena. The rainbow, for example, is a ray catastrophe where light rays become infinitely intense. The wave nature of light resolves the infinities of ray catastrophes while drawing delicate interference patterns such as the supernumerary arcs of the rainbow. Black holes cause wave singularities. Waves oscillate with infinitely small wave lengths at the event horizon where time stands still. The quantum nature of light avoids this higher level of catastrophic behaviour while producing a quantum phenomenon known as Hawking radiation. As this letter describes, light brought to a standstill in laboratory experiments can suffer a similar wave singularity caused by a parabolic profile of the group velocity. In turn, the quantum vacuum is forced to create photon pairs with a characteristic spectrum. The idea may initiate a theory of quantum catastrophes, in addition to classical catastrophe theory, and the proposed experiment may lead to the first direct observation of a phenomenon related to Hawking radiation.Comment: Published as "A laboratory analogue of the event horizon using slow light in an atomic medium

Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions

We present hash functions that are almost optimally one-way in the quantum setting. Our hash functions are based on the Merkle-Damgård construction iterating a Davies-Meyer compression function, which is built from a block cipher. The quantum setting that we use is a natural extention of the classical ideal cipher model. Recent work has revealed that symmetric-key schemes using a block cipher or a public permutation, such as CBC-MAC or the Even-Mansour cipher, can get completely broken with quantum superposition attacks, in polynomial time of the block size. Since many of the popular schemes are built from a block cipher or a permutation, the recent findings motivate us to study such schemes that are provably secure in the quantum setting. Unfortunately, no such schemes are known, unless one relies on certain algebraic assumptions. In this paper we present hash constructions that are provably one-way in the quantum setting without algebraic assumptions, solely based on the assumption that the underlying block cipher is ideal. To do this, we reduce one-wayness to a problem of finding a fixed point and then bound its success probability with a distinguishing advantage. We develop a generic tool that helps us prove indistinguishability of two quantum oracle distributions

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof techniques allow the reduction to record information about the adversary\u27s queries, a crucial feature of many classical ROM proofs, including all proofs of indifferentiability for hash function domain extension. In this work, we give a new QROM proof technique that overcomes this ``recording barrier\u27\u27. Our central observation is that when viewing the adversary\u27s query and the oracle itself in the Fourier domain, an oracle query switches from writing to the adversary\u27s space to writing to the oracle itself. This allows a reduction to simulate the oracle by simply recording information about the adversary\u27s query in the Fourier domain. We then use this new technique to show the indifferentiability of the Merkle-Damgard domain extender for hash functions. We also give a proof of security for the Fujisaki-Okamoto transformation; previous proofs required modifying the scheme to include an additional hash term. Given the threat posed by quantum computers and the push toward quantum-resistant cryptosystems, our work represents an important tool for efficient post-quantum cryptosystems

Recoherence in the entanglement dynamics and classical orbits in the N-atom Jaynes-Cummings model

The rise in linear entropy of a subsystem in the N-atom Jaynes-Cummings model is shown to be strongly influenced by the shape of the classical orbits of the underlying classical phase space: we find a one-to-one correspondence between maxima (minima) of the linear entropy and maxima (minima) of the expectation value of atomic excitation J_z. Since the expectation value of this operator can be viewed as related to the orbit radius in the classical phase space projection associated to the atomic degree of freedom, the proximity of the quantum wave packet to this atomic phase space borderline produces a maximum rate of entanglement. The consequence of this fact for initial conditions centered at periodic orbits in regular regions is a clear periodic recoherence. For chaotic situations the same phenomenon (proximity of the atomic phase space borderline) is in general responsible for oscillations in the entanglement properties.Comment: 15 pages (text), 6 figures; to be published in Physical Review

Conditional probabilities in quantum theory, and the tunneling time controversy

It is argued that there is a sensible way to define conditional probabilities in quantum mechanics, assuming only Bayes's theorem and standard quantum theory. These probabilities are equivalent to the ``weak measurement'' predictions due to Aharonov {\it et al.}, and hence describe the outcomes of real measurements made on subensembles. In particular, this approach is used to address the question of the history of a particle which has tunnelled across a barrier. A {\it gedankenexperiment} is presented to demonstrate the physically testable implications of the results of these calculations, along with graphs of the time-evolution of the conditional probability distribution for a tunneling particle and for one undergoing allowed transmission. Numerical results are also presented for the effects of loss in a bandgap medium on transmission and on reflection, as a function of the position of the lossy region; such loss should provide a feasible, though indirect, test of the present conclusions. It is argued that the effects of loss on the pulse {\it delay time} are related to the imaginary value of the momentum of a tunneling particle, and it is suggested that this might help explain a small discrepancy in an earlier experiment.Comment: 11 pages, latex, 4 postscript figures separate (one w/ 3 parts

The Cosmological Constant

This is a review of the physics and cosmology of the cosmological constant. Focusing on recent developments, I present a pedagogical overview of cosmology in the presence of a cosmological constant, observational constraints on its magnitude, and the physics of a small (and potentially nonzero) vacuum energy.Comment: 50 pages. Submitted to Living Reviews in Relativity (http://www.livingreviews.org/), December 199

Mevalonate Cascade Regulation of Airway Mesenchymal Cell Autophagy and Apoptosis: A Dual Role for p53

Statins inhibit the proximal steps of cholesterol biosynthesis, and are linked to health benefits in various conditions, including cancer and lung disease. We have previously investigated apoptotic pathways triggered by statins in airway mesenchymal cells, and identified reduced prenylation of small GTPases as a primary effector mechanism leading to p53-mediated cell death. Here, we extend our studies of statin-induced cell death by assessing endpoints of both apoptosis and autophagy, and investigating their interplay and coincident regulation. Using primary cultured human airway smooth muscle (HASM) and human airway fibroblasts (HAF), autophagy, and autophagosome formation and flux were assessed by transmission electron microscopy, cytochemistry (lysosome number and co-localization with LC3) and immunoblotting (LC3 lipidation and Atg12-5 complex formation). Chemical inhibition of autophagy increased simvastatin-induced caspase activation and cell death. Similarly, Atg5 silencing with shRNA, thus preventing Atg5-12 complex formation, increased pro-apoptotic effects of simvastatin. Simvastatin concomitantly increased p53-dependent expression of p53 up-regulated modulator of apoptosis (PUMA), NOXA, and damage-regulated autophagy modulator (DRAM). Notably both mevalonate cascade inhibition-induced autophagy and apoptosis were p53 dependent: simvastatin increased nuclear p53 accumulation, and both cyclic pifithrin-α and p53 shRNAi partially inhibited NOXA, PUMA expression and caspase-3/7 cleavage (apoptosis) and DRAM expression, Atg5-12 complex formation, LC3 lipidation, and autophagosome formation (autophagy). Furthermore, the autophagy response is induced rapidly, significantly delaying apoptosis, suggesting the existence of a temporally coordinated p53 regulation network. These findings are relevant for the development of statin-based therapeutic approaches in obstructive airway disease