Programmable hash functions and their applications

We introduce a new combinatorial primitive called *programmable hash functions* (PHFs). PHFs can be used to *program* the output of a hash function such that it contains solved or unsolved discrete logarithm instances with a certain probability. This is a technique originally used for security proofs in the random oracle model. We give a variety of *standard model* realizations of PHFs (with different parameters). The programmability makes PHFs a suitable tool to obtain black-box proofs of cryptographic protocols when considering adaptive attacks. We propose generic digital signature schemes from the strong RSA problem and from some hardness assumption on bilinear maps that can be instantiated with any PHF. Our schemes offer various improvements over known constructions. In particular, for a reasonable choice of parameters, we obtain short standard model digital signatures over bilinear maps

The Bright Side of Coulomb Blockade

We explore the photonic (bright) side of dynamical Coulomb blockade (DCB) by measuring the radiation emitted by a dc voltage-biased Josephson junction embedded in a microwave resonator. In this regime Cooper pair tunneling is inelastic and associated to the transfer of an energy 2eV into the resonator modes. We have measured simultaneously the Cooper pair current and the photon emission rate at the resonance frequency of the resonator. Our results show two regimes, in which each tunneling Cooper pair emits either one or two photons into the resonator. The spectral properties of the emitted radiation are accounted for by an extension to DCB theory.Comment: 4 pages, 4 figures + 3 pages, 1 figure supplementary materia

Obfuscation for Cryptographic Purposes

An obfuscation of a function F should satisfy two requirements: firstly, using it should be possible to evaluate F; secondly, should not reveal anything about F that cannot be learnt from oracle access to F. Several definitions for obfuscation exist. However, most of them are either too weak for or incompatible with cryptographic applications, or have been shown impossible to achieve, or both. We give a new definition of obfuscation and argue for its reasonability and usefulness. In particular, we show that it is strong enough for cryptographic applications, yet we show that it has the potential for interesting positive results. We illustrat

Superconducting properties of very high quality NbN thin films grown by high temperature chemical vapor deposition

Niobium nitride (NbN) is widely used in high-frequency superconducting electronics circuits because it has one of the highest superconducting transition temperatures ($T_c$ $\sim$ 16.5 K) and largest gap among conventional superconductors. In its thin-film form, the $T_c$ of NbN is very sensitive to growth conditions and it still remains a challenge to grow NbN thin film (below 50 nm) with high $T_c$. Here, we report on the superconducting properties of NbN thin films grown by high-temperature chemical vapor deposition (HTCVD). Transport measurements reveal significantly lower disorder than previously reported, characterized by a Ioffe-Regel ($k_F$$\ell$) parameter of $\sim$ 14. Accordingly we observe $T_c$ $\sim$ 17.06 K (point of 50% of normal state resistance), the highest value reported so far for films of thickness below 50 nm, indicating that HTCVD could be particularly useful for growing high quality NbN thin films

Size scaling of the addition spectra in silicon quantum dots

We investigate small artificial quantum dots obtained by geometrically controlled resistive confinement in low mobility silicon-on-insulator nanowires. Addition spectra were recorded at low temperature for various dot areas fixed by lithography. We compare the standard deviation of the addition spectra with theory in the high electron concentration regime. We find that the standard deviation scales as the inverse area of the dot and its absolute value is comparable to the energy spacing of the one particle spectrum.Comment: 4 pages, 5 figure

Encryption schemes secure against chosen-ciphertext selective opening attacks

Imagine many small devices send data to a single receiver, encrypted using the receiver's public key. Assume an adversary that has the power to adaptively corrupt a subset of these devices. Given the information obtained from these corruptions, do the ciphertexts from uncorrupted devices remain secure? Recent results suggest that conventional security notions for encryption schemes (like IND-CCA security) do not suffice in this setting. To fill this gap, the notion of security against selective-opening attacks (SOA security) has been introduced. It has been shown that lossy encryption implies SOA security against a passive, i.e., only eavesdropping and corrupting, adversary (SO-CPA). However, the known results on SOA security against an active adversary (SO-CCA) are rather limited. Namely, while there exist feasibility results, the (time and space) complexity of currently known SO-C

Tight bounds for classical and quantum coin flipping

Coin flipping is a cryptographic primitive for which strictly better protocols exist if the players are not only allowed to exchange classical, but also quantum messages. During the past few years, several results have appeared which give a tight bound on the range of implementable unconditionally secure coin flips, both in the classical as well as in the quantum setting and for both weak as well as strong coin flipping. But the picture is still incomplete: in the quantum setting, all results consider only protocols with perfect correctness, and in the classical setting tight bounds for strong coin flipping are still missing. We give a general definition of coin flipping which unifies the notion of strong and weak coin flipping (it contains both of them as special cases) and allows the honest players to abort with a certain probability. We give tight bounds on the achievable range of parameters both in the classical and in the quantum setting.Comment: 18 pages, 2 figures; v2: published versio

Improving the Coherence Time of Superconducting Coplanar Resonators

The quality factor and energy decay time of superconducting resonators have been measured as a function of material, geometry, and magnetic field. Once the dissipation of trapped magnetic vortices is minimized, we identify surface two-level states (TLS) as an important decay mechanism. A wide gap between the center conductor and the ground plane, as well as use of the superconductor Re instead of Al, are shown to decrease loss. We also demonstrate that classical measurements of resonator quality factor at low excitation power are consistent with single-photon decay time measured using qubit-resonator swap experiments.Comment: 3 pages, 4 figures for the main paper; total 5 pages, 6 figures including supplementary material. Submitted to Applied Physics Letter