23 research outputs found
Approximate Quantum Error-Correcting Codes and Secret Sharing Schemes
It is a standard result in the theory of quantum error-correcting codes that
no code of length n can fix more than n/4 arbitrary errors, regardless of the
dimension of the coding and encoded Hilbert spaces. However, this bound only
applies to codes which recover the message exactly. Naively, one might expect
that correcting errors to very high fidelity would only allow small violations
of this bound. This intuition is incorrect: in this paper we describe quantum
error-correcting codes capable of correcting up to (n-1)/2 arbitrary errors
with fidelity exponentially close to 1, at the price of increasing the size of
the registers (i.e., the coding alphabet). This demonstrates a sharp
distinction between exact and approximate quantum error correction. The codes
have the property that any components reveal no information about the
message, and so they can also be viewed as error-tolerant secret sharing
schemes.
The construction has several interesting implications for cryptography and
quantum information theory. First, it suggests that secret sharing is a better
classical analogue to quantum error correction than is classical error
correction. Second, it highlights an error in a purported proof that verifiable
quantum secret sharing (VQSS) is impossible when the number of cheaters t is
n/4. More generally, the construction illustrates a difference between exact
and approximate requirements in quantum cryptography and (yet again) the
delicacy of security proofs and impossibility results in the quantum model.Comment: 14 pages, no figure
Authentication of Quantum Messages
Authentication is a well-studied area of classical cryptography: a sender S
and a receiver R sharing a classical private key want to exchange a classical
message with the guarantee that the message has not been modified by any third
party with control of the communication line. In this paper we define and
investigate the authentication of messages composed of quantum states. Assuming
S and R have access to an insecure quantum channel and share a private,
classical random key, we provide a non-interactive scheme that enables S both
to encrypt and to authenticate (with unconditional security) an m qubit message
by encoding it into m+s qubits, where the failure probability decreases
exponentially in the security parameter s. The classical private key is 2m+O(s)
bits. To achieve this, we give a highly efficient protocol for testing the
purity of shared EPR pairs. We also show that any scheme to authenticate
quantum messages must also encrypt them. (In contrast, one can authenticate a
classical message while leaving it publicly readable.) This has two important
consequences: On one hand, it allows us to give a lower bound of 2m key bits
for authenticating m qubits, which makes our protocol asymptotically optimal.
On the other hand, we use it to show that digitally signing quantum states is
impossible, even with only computational security.Comment: 22 pages, LaTeX, uses amssymb, latexsym, time
Oblivious Transfer from weakly Random Self-Reducible Public-Key Cryptosystem
In this work, we define a new notion of weakly Random-Self-Reducibile cryptosystems and show how it can be used to implement secure Oblivious Transfer. We also show that two recent (Post-quantum) cryptosystems (based on Learning with errors and Approximate Integer GCD) can be considered as weakly Random-Self-Reducible
Awareness Tool for Safe and Responsible Driving (OSCAR) : A Potential Educational Intervention for Increasing Interest, Openness and Knowledge About the Abilities Required and Compensatory Strategies Among Older Drivers
Abstract : Objective: This pilot study aimed to verify the impact of the awareness tool for safe and responsible driving (OSCAR) on older adultsâ (1) interest, openness, and knowledge about the abilities and compensatory strategies required for safe driving; (2) awareness
of changes that have occurred in their own driving abilities; and (3) actual utilization of compensatory strategies. Methods: A preexperimental design, including a pretest (T0) and posttest (T1) 8 to 10 weeks after exposure to the intervention, was used with 48 drivers aged between 67 and 84. The participants had a valid driving license and drove at least once a week. Results: Overall, the results demonstrate that OSCAR increased interest, openness, and knowledge about the abilities and compensatory strategies of older drivers (P < .01). After exposure to OSCAR, the majority of the participants confirmed that changes had occurred in at least one of their abilities. Moreover, half of the older drivers reported having started using 6 or more compensatory strategies. Conclusion: In summary, in addition to increasing older adultsâ interest, openness, and knowledge to discussion about driving, OSCAR also improved awareness of the changes that could negatively impact safe driving and enhanced utilization of compensatory strategies. While promoting safe driving and the prevention of crashes and injuries, this intervention could ultimately help older adults maintain or increase their transportation mobility. More studies are needed to further evaluate OSCAR and identify ways to improve its effectiveness
Non-Transitive Transfer of Confidence: A Perfect Zero-Knowledge Interactive Protocol for SAT and Beyond
A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any problem in NP (and beyond). The fact that our protocol is perfect zero-knowledge does not depend on unproved cryptographic assumptions. Furthermore, our protocol is powerful enough to allow Alice to convince Bob of theorems for which she does not even have a proof. Whenever Alice can convince herself probabilistically of a theorem, perhaps thanks to her knowledge of some trap-door information, she can convince Bob as well, without compromising the trap-door in any way. This results in a non-transitive transfer of confidence from Alice to Bob, because Bob will not be able to convince anyone else afterwards. Our protocol is dual to those of [GrMiWi86a, BrCr86]. 1. INTRODUCTION Assume that Alice h..
Sorting Out Zero-Knowledge
this paper is to explain the various notions involved and to offer a new terminology that emphasizes their differences. There are two orthogonal aspects to zero-knowledge interactive proofs. One is the notion of zero-knowledge and the other is the notion of interactive proof. Unfortunately, these two notions are often thought to be inseparable. This confusion is reminiscent of the long lasting confusion among many people between public-key encryption and digital signature. It is clear that interactive proofs make sense independently of zero-knowledge (after all, Babai's Arthur-Merlin games [Ba] were invented independently of [GMR1]), but it is more subtle to see that a protocol could be zero-knowledge without being an interactiv
Zero-Knowledge Simulation of Boolean Circuits
A zero-knowledge interactive proof is a protocol by which Alice can convince a polynomially-bounded Bob of the truth of some theorem without giving him any hint as to how the proof might proceed. Under cryptographic assumptions, we give a general technique for achieving this goal for any problem in NP. This extends to a presumably larger class, which combines the powers of non-determinism and randomness. Our protocol is powerful enough to allow Alice to convince Bob of theorems for which she does not even have a proof. Whenever Alice can convince herself probabilistically of a theorem, perhaps thanks to her knowledge of some trap-door information, she can convince Bob as well, without compromising the trap-door in any way. 1. INTRODUCTION The notion of zero-knowledge interactive proofs (ZKIP) introduced a few years ago by Goldwasser, Micali and Rackoff [GwMiRac85] has become a very active research area. Assume that Alice holds the proof of some theorem. A zero-knowledge interactive pr..
Statistical security conditions for two-party secure function evaluation
Abstract To simplify proofs in information-theoretic security, the standard security definition of two-party secure function evaluation based on the real/ideal model paradigm is often replaced by an informationtheoretic security definition. At EUROCRYPT 2006, we showed that most of these definitions had some weaknesses, and presented new information-theoretic conditions that were equivalent to a simulation-based definition in the real/ideal model. However, there we only considered the perfect case, where the protocol is not allowed to make any error, which has only limited applications. We generalize these results to the statistical case, where the protocol is allowed to make errors with a small probability. Our results are based on a new measure of information that we call the statistical information, which may be of independent interest