71 research outputs found
Defeating classical bit commitments with a quantum computer
It has been recently shown by Mayers that no bit commitment scheme is secure
if the participants have unlimited computational power and technology. However
it was noticed that a secure protocol could be obtained by forcing the cheater
to perform a measurement. Similar situations had been encountered previously in
the design of Quantum Oblivious Transfer. The question is whether a classical
bit commitment could be used for this specific purpose. We demonstrate that,
surprisingly, classical unconditionally concealing bit commitments do not help.Comment: 13 pages. Supersedes quant-ph/971202
On the Commitment Capacity of Unfair Noisy Channels
Noisy channels are a valuable resource from a cryptographic point of view.
They can be used for exchanging secret-keys as well as realizing other
cryptographic primitives such as commitment and oblivious transfer. To be
really useful, noisy channels have to be consider in the scenario where a
cheating party has some degree of control over the channel characteristics.
Damg\r{a}rd et al. (EUROCRYPT 1999) proposed a more realistic model where such
level of control is permitted to an adversary, the so called unfair noisy
channels, and proved that they can be used to obtain commitment and oblivious
transfer protocols. Given that noisy channels are a precious resource for
cryptographic purposes, one important question is determining the optimal rate
in which they can be used. The commitment capacity has already been determined
for the cases of discrete memoryless channels and Gaussian channels. In this
work we address the problem of determining the commitment capacity of unfair
noisy channels. We compute a single-letter characterization of the commitment
capacity of unfair noisy channels. In the case where an adversary has no
control over the channel (the fair case) our capacity reduces to the well-known
capacity of a discrete memoryless binary symmetric channel
Zero-Knowledge MIPs using Homomorphic Commitment Schemes
A Zero-Knowledge Protocol (ZKP) allows one party to convince another party of
a fact without disclosing any extra knowledge except the validity of the fact.
For example, it could be used to allow a customer to prove their identity to a
potentially malicious bank machine without giving away private information such
as a personal identification number. This way, any knowledge gained by a
malicious bank machine during an interaction cannot be used later to compromise
the client's banking account. An important tool in many ZKPs is bit commitment,
which is essentially a digital way for a sender to put a message in a lock-box,
lock it, and send it to the receiver. Later, the key is sent for the receiver
to open the lock box and read the message. This way, the message is hidden from
the receiver until they receive the key, and the sender is unable to change
their mind after sending the lock box. In this paper, the homomorphic
properties of a particular multi-party commitment scheme are exploited to allow
the receiver to perform operations on commitments, resulting in polynomial time
ZKPs for two NP-Complete problems: the Subset Sum Problem and 3SAT. These ZKPs
are secure with no computational restrictions on the provers, even with shared
quantum entanglement. In terms of efficiency, the Subset Sum ZKP is competitive
with other practical quantum-secure ZKPs in the literature, with less rounds
required, and fewer computations.Comment: 27 pages, 8 figure
Non-Locality in Interactive Proofs
In multi-prover interactive proofs (MIPs), the verifier is usually
non-adaptive. This stems from an implicit problem which we call
``contamination'' by the verifier. We make explicit the verifier contamination
problem, and identify a solution by constructing a generalization of the MIP
model. This new model quantifies non-locality as a new dimension in the
characterization of MIPs. A new property of zero-knowledge emerges naturally as
a result by also quantifying the non-locality of the simulator.Comment: 32 pages, 14 figures. Submitted to Crypto 2019, Feb 2019. Report
arXiv:1804.02724 merged here in the update proces
A brief review on the impossibility of quantum bit commitment
The desire to obtain an unconditionally secure bit commitment protocol in
quantum cryptography was expressed for the first time thirteen years ago. Bit
commitment is sufficient in quantum cryptography to realize a variety of
applications with unconditional security. In 1993, a quantum bit commitment
protocol was proposed together with a security proof. However, a basic flaw in
the protocol was discovered by Mayers in 1995 and subsequently by Lo and Chau.
Later the result was generalized by Mayers who showed that unconditionally
secure bit commitment is impossible. A brief review on quantum bit commitment
which focuses on the general impossibility theorem and on recent attempts to
bypass this result is provided.Comment: 11 page
How to Convert a Flavor of Quantum Bit Commitment
In this paper we show how to convert a statistically bindingbut computationally concealing quantum bit commitment scheme into a computationally binding but statistically concealing scheme. For a security parameter n, the construction of the statistically concealing scheme requires O(n^2) executions of the statistically binding scheme. As a consequence, statistically concealing but computationally binding quantum bit commitments can be based upon any family of quantum one-way functions. Such a construction is not known to exist in the classical world
Computational Collapse of Quantum State with Application to Oblivious Transfer
Quantum 2-party cryptography differs from its classical counterpart in at least one important way: Given black-box access to a perfect commitment scheme there exists a secure 1-2 quantum oblivious transfer. This reduction proposed by Crépeau and Kilian was proved secure against any receiver by Yao, in the case where perfect commitments are used. However, quantum commitments would normally be based on computational assumptions. A natural question therefore arises: What happens to the security of the above reduction when computationally secure commitments are used instead of perfect ones? In this paper, we address the security of 1-2 QOT when computationally binding string commitments are available. In particular, we analyse the security of a primitive called Quantum Measurement Commitment when it is constructed from unconditionally concealing but computationally binding commitments. As measuring a quantum state induces an irreversible collapse, we describe a QMC as an instance of ``computational collapse of a quantum state''. In a QMC a state appears to be collapsed to a polynomial time observer who cannot extract full information about the state without breaking a computational assumption. We reduce the security of QMC to a weak binding criteria for the string commitment. We also show that secure QMCs implies QOT using a straightforward variant of the reduction above
Simple backdoors to RSA key generation
We present extremely simple ways of embedding a backdoor in the key
generation scheme of RSA. Three of our schemes generate two
genuinely random primes and of a given size, to obtain their
public product . However they generate private/public
exponents pairs in such a way that appears very random while
allowing the author of the scheme to easily factor given only
the public information . Our last scheme, similar to the PAP
method of Young and Yung, but more secure, works for any public
exponent such as by revealing the factorization of
in its own representation. This suggests that nobody should
rely on RSA key generation schemes provided by a third party
- …