54 research outputs found
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
Universally Composable Quantum Multi-Party Computation
The Universal Composability model (UC) by Canetti (FOCS 2001) allows for
secure composition of arbitrary protocols. We present a quantum version of the
UC model which enjoys the same compositionality guarantees. We prove that in
this model statistically secure oblivious transfer protocols can be constructed
from commitments. Furthermore, we show that every statistically classically UC
secure protocol is also statistically quantum UC secure. Such implications are
not known for other quantum security definitions. As a corollary, we get that
quantum UC secure protocols for general multi-party computation can be
constructed from commitments
Attacks on quantum key distribution protocols that employ non-ITS authentication
We demonstrate how adversaries with unbounded computing resources can break
Quantum Key Distribution (QKD) protocols which employ a particular message
authentication code suggested previously. This authentication code, featuring
low key consumption, is not Information-Theoretically Secure (ITS) since for
each message the eavesdropper has intercepted she is able to send a different
message from a set of messages that she can calculate by finding collisions of
a cryptographic hash function. However, when this authentication code was
introduced it was shown to prevent straightforward Man-In-The-Middle (MITM)
attacks against QKD protocols.
In this paper, we prove that the set of messages that collide with any given
message under this authentication code contains with high probability a message
that has small Hamming distance to any other given message. Based on this fact
we present extended MITM attacks against different versions of BB84 QKD
protocols using the addressed authentication code; for three protocols we
describe every single action taken by the adversary. For all protocols the
adversary can obtain complete knowledge of the key, and for most protocols her
success probability in doing so approaches unity.
Since the attacks work against all authentication methods which allow to
calculate colliding messages, the underlying building blocks of the presented
attacks expose the potential pitfalls arising as a consequence of non-ITS
authentication in QKD-postprocessing. We propose countermeasures, increasing
the eavesdroppers demand for computational power, and also prove necessary and
sufficient conditions for upgrading the discussed authentication code to the
ITS level.Comment: 34 page
Modal beam splitter:Determination of the transversal components of an electromagnetic light field
The transversal profile of beams can always be defined as a superposition of orthogonal fields, such as optical eigenmodes. Here, we describe a generic method to separate the individual components in a laser beam and map each mode onto its designated detector with low crosstalk. We demonstrate this with the decomposition into Laguerre-Gaussian beams and introduce a distribution over the integer numbers corresponding to the discrete orbital and radial momentum components of the light field. The method is based on determining an eigenmask filter transforming the incident optical eigenmodes to position eigenmodes enabling the detection of the state of the light field using single detectors while minimizing cross talk with respect to the set of filter masks considered.UK Engineering and Physical Sciences Research Council [EP/J01771X/1]This item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at [email protected]
Tight Finite-Key Analysis for Quantum Cryptography
Despite enormous progress both in theoretical and experimental quantum
cryptography, the security of most current implementations of quantum key
distribution is still not established rigorously. One of the main problems is
that the security of the final key is highly dependent on the number, M, of
signals exchanged between the legitimate parties. While, in any practical
implementation, M is limited by the available resources, existing security
proofs are often only valid asymptotically for unrealistically large values of
M. Here, we demonstrate that this gap between theory and practice can be
overcome using a recently developed proof technique based on the uncertainty
relation for smooth entropies. Specifically, we consider a family of
Bennett-Brassard 1984 quantum key distribution protocols and show that security
against general attacks can be guaranteed already for moderate values of M.Comment: 11 pages, 2 figure
Reviewing the integration of patient data: how systems are evolving in practice to meet patient needs
<p>Abstract</p> <p>Background</p> <p>The integration of Information Systems (IS) is essential to support shared care and to provide consistent care to individuals – patient-centred care. This paper identifies, appraises and summarises studies examining different approaches to integrate patient data from heterogeneous IS.</p> <p>Methods</p> <p>The literature was systematically reviewed between 1995–2005 to identify articles mentioning patient records, computers and data integration or sharing.</p> <p>Results</p> <p>Of 3124 articles, 84 were included describing 56 distinct projects. Most of the projects were on a regional scale. Integration was most commonly accomplished by messaging with pre-defined templates and middleware solutions. HL7 was the most widely used messaging standard. Direct database access and web services were the most common communication methods. The user interface for most systems was a Web browser. Regarding the type of medical data shared, 77% of projects integrated diagnosis and problems, 67% medical images and 65% lab results. More recently significantly more IS are extending to primary care and integrating referral letters.</p> <p>Conclusion</p> <p>It is clear that Information Systems are evolving to meet people's needs by implementing regional networks, allowing patient access and integration of ever more items of patient data. Many distinct technological solutions coexist to integrate patient data, using differing standards and data architectures which may difficult further interoperability.</p
The Communication Complexity of Threshold Private Set Intersection
Threshold private set intersection enables Alice and Bob who hold sets and of size to compute the intersection if the sets do not differ by more than some threshold parameter .
In this work, we investigate the communication complexity of this problem and we establish the first upper and lower bounds.
We show that any protocol has to have a communication complexity of .
We show that an almost matching upper bound of can be obtained via fully homomorphic encryption.
We present a computationally more efficient protocol based on weaker assumptions, namely additively homomorphic encryption, with a communication complexity of .
We show how our protocols can be extended to the multiparty setting.
For applications like biometric authentication, where a given fingerprint has to have a large intersection with a fingerprint from a database, our protocols may result in significant communication savings.
We, furthermore, show how to extend all of our protocols to the multiparty setting.
Prior to this work, all previous protocols had a communication complexity of .
Our protocols are the first ones with communication complexities that mainly depend on the threshold parameter and only logarithmically on the set size
Basic Algorithms for Rational Function Fields
AbstractBy means of Gröbner basis techniques algorithms for solving various problems concerning subfields K(g):=K(g1, …,gm) of a rational function field K(x):=K(x1, …,xn) are derived: computing canonical generating sets, deciding field membership, computing the degree and separability degree resp. the transcendence degree and a transcendence basis of K(x)/K(g), deciding whetherf∈K(x) is algebraic or transcendental over K(g), computing minimal polynomials, and deciding whether K(g) contains elements of a “particular structure”, e.g. monic univariate polynomials of fixed degree. The essential idea is to reduce these problems to questions concerning an ideal of a polynomial ring; connections between minimal primary decompositions over K(x) of this ideal and intermediate fields of K(g) and K(x) are given. In the last section some practical considerations concerning the use of the algorithms are discussed
- …