1,219 research outputs found
A min-entropy uncertainty relation for finite size cryptography
Apart from their foundational significance, entropic uncertainty relations
play a central role in proving the security of quantum cryptographic protocols.
Of particular interest are thereby relations in terms of the smooth min-entropy
for BB84 and six-state encodings. Previously, strong uncertainty relations were
obtained which are valid in the limit of large block lengths. Here, we prove a
new uncertainty relation in terms of the smooth min-entropy that is only
marginally less strong, but has the crucial property that it can be applied to
rather small block lengths. This paves the way for a practical implementation
of many cryptographic protocols. As part of our proof we show tight uncertainty
relations for a family of Renyi entropies that may be of independent interest.Comment: 5+6 pages, 1 figure, revtex. new version changed author's name from
Huei Ying Nelly Ng to Nelly Huei Ying Ng, for consistency with other
publication
Entangled cloud storage
Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files. We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider). Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client's files are intact, the entire remote database continues to be safe and unblemishe
A transform of complementary aspects with applications to entropic uncertainty relations
Even though mutually unbiased bases and entropic uncertainty relations play
an important role in quantum cryptographic protocols they remain ill
understood. Here, we construct special sets of up to 2n+1 mutually unbiased
bases (MUBs) in dimension d=2^n which have particularly beautiful symmetry
properties derived from the Clifford algebra. More precisely, we show that
there exists a unitary transformation that cyclically permutes such bases. This
unitary can be understood as a generalization of the Fourier transform, which
exchanges two MUBs, to multiple complementary aspects. We proceed to prove a
lower bound for min-entropic entropic uncertainty relations for any set of
MUBs, and show that symmetry plays a central role in obtaining tight bounds.
For example, we obtain for the first time a tight bound for four MUBs in
dimension d=4, which is attained by an eigenstate of our complementarity
transform. Finally, we discuss the relation to other symmetries obtained by
transformations in discrete phase space, and note that the extrema of discrete
Wigner functions are directly related to min-entropic uncertainty relations for
MUBs.Comment: 16 pages, 2 figures, v2: published version, clarified ref [30
An Error in the Mixed Adversary Protocol by Fitzi, Hirt and Maurer
We point out an error in the protocol for mixed adversaries andzero error from the Crypto 98 paper by Fitzi, Hirt and Maurer. Weshow that the protocol only works under a stronger requirement on theadversary than the one claimed. Hence the bound on the adversary'scorruption capability given there is not tight. Subsequent work hasshown, however, a new bound which is indeed tight
A Tight High-Order Entropic Quantum Uncertainty Relation With Applications
We derive a new entropic quantum uncertainty relation involving min-entropy.
The relation is tight and can be applied in various quantum-cryptographic
settings.
Protocols for quantum 1-out-of-2 Oblivious Transfer and quantum Bit
Commitment are presented and the uncertainty relation is used to prove the
security of these protocols in the bounded quantum-storage model according to
new strong security definitions.
As another application, we consider the realistic setting of Quantum Key
Distribution (QKD) against quantum-memory-bounded eavesdroppers. The
uncertainty relation allows to prove the security of QKD protocols in this
setting while tolerating considerably higher error rates compared to the
standard model with unbounded adversaries. For instance, for the six-state
protocol with one-way communication, a bit-flip error rate of up to 17% can be
tolerated (compared to 13% in the standard model).
Our uncertainty relation also yields a lower bound on the min-entropy key
uncertainty against known-plaintext attacks when quantum ciphers are composed.
Previously, the key uncertainty of these ciphers was only known with respect to
Shannon entropy.Comment: 21 pages; editorial changes, additional applicatio
Implementation of two-party protocols in the noisy-storage model
The noisy-storage model allows the implementation of secure two-party
protocols under the sole assumption that no large-scale reliable quantum
storage is available to the cheating party. No quantum storage is thereby
required for the honest parties. Examples of such protocols include bit
commitment, oblivious transfer and secure identification. Here, we provide a
guideline for the practical implementation of such protocols. In particular, we
analyze security in a practical setting where the honest parties themselves are
unable to perform perfect operations and need to deal with practical problems
such as errors during transmission and detector inefficiencies. We provide
explicit security parameters for two different experimental setups using weak
coherent, and parametric down conversion sources. In addition, we analyze a
modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030
considering practical aspects, v2: published version, title changed in
accordance with PRA guideline
Tests for Establishing Security Properties
Ensuring strong security properties in some cases requires participants to carry out tests during the execution of a protocol. A classical example is electronic voting: participants are required to verify the presence of their ballots on a bulletin board, and to verify the computation of the election outcome. The notion of certificate transparency is another example, in which participants in the protocol are required to perform tests to verify the integrity of a certificate log.
We present a framework for modelling systems with such `testable properties', using the applied pi calculus. We model the tests that are made by participants in order to obtain the security properties. Underlying our work is an attacker model called ``malicious but cautious'', which lies in between the Dolev-Yao model and the ``honest but curious'' model. The malicious-but-cautious model is appropriate for cloud computing providers that are potentially malicious but are assumed to be cautious about launching attacks that might cause user tests to fail
An All-But-One Entropic Uncertainty Relation, and Application to Password-based Identification
Entropic uncertainty relations are quantitative characterizations of
Heisenberg's uncertainty principle, which make use of an entropy measure to
quantify uncertainty. In quantum cryptography, they are often used as
convenient tools in security proofs. We propose a new entropic uncertainty
relation. It is the first such uncertainty relation that lower bounds the
uncertainty in the measurement outcome for all but one choice for the
measurement from an arbitrarily large (but specifically chosen) set of possible
measurements, and, at the same time, uses the min-entropy as entropy measure,
rather than the Shannon entropy. This makes it especially suited for quantum
cryptography. As application, we propose a new quantum identification scheme in
the bounded quantum storage model. It makes use of our new uncertainty relation
at the core of its security proof. In contrast to the original quantum
identification scheme proposed by Damg{\aa}rd et al., our new scheme also
offers some security in case the bounded quantum storage assumption fails hold.
Specifically, our scheme remains secure against an adversary that has unbounded
storage capabilities but is restricted to non-adaptive single-qubit operations.
The scheme by Damg{\aa}rd et al., on the other hand, completely breaks down
under such an attack.Comment: 33 pages, v
Improving the Security of Quantum Protocols via Commit-and-Open
We consider two-party quantum protocols starting with a transmission of some
random BB84 qubits followed by classical messages. We show a general "compiler"
improving the security of such protocols: if the original protocol is secure
against an "almost honest" adversary, then the compiled protocol is secure
against an arbitrary computationally bounded (quantum) adversary. The
compilation preserves the number of qubits sent and the number of rounds up to
a constant factor. The compiler also preserves security in the
bounded-quantum-storage model (BQSM), so if the original protocol was
BQSM-secure, the compiled protocol can only be broken by an adversary who has
large quantum memory and large computing power. This is in contrast to known
BQSM-secure protocols, where security breaks down completely if the adversary
has larger quantum memory than expected. We show how our technique can be
applied to quantum identification and oblivious transfer protocols.Comment: 21 pages; editorial change (reorganizing of several subsections in
new section 5 about "extensions and generalizations"); added clarifications
about efficient simulation; minor improvement
- …