89 research outputs found
Quantum authentication and encryption with key recycling
We propose an information-theoretically secure encryption scheme for classical messages with quantum ciphertexts that offers detection of eavesdropping attacks, and re-usability of the key in case no eavesdropping took place: the entire key can be securely re-used for encrypting new messages as long as no attack is detected. This is known to be impossible for fully classical schemes, where there is no way to detect plain eavesdropping attacks. This particular application of quantum techniques to cryptography was originally proposed by Bennett, Brassard and Breidbart in 1982, even before proposing quantum-key-distribution, and a simple candidate scheme was suggested but no rigorous security analysis was given. The idea was picked up again in 2005, when Damgård, Pedersen and Salvail suggested a new scheme for the same task, but now with a rigorous security analysis. However, their scheme is much more demanding in terms of quantum capabilities: it requires the users to have a quantum computer. In contrast, and like the original scheme by Bennett et al., our new scheme requires from the honest users merely to prepare and measure single BB84 qubits. As such, we not only show the first provably-secure scheme that is within reach of current technology, but we also confirm Bennett et al.’s original intuition that a scheme in the spirit of their original construction is indeed secure
On the power of two-party quantum cryptography
We study quantum protocols among two distrustful parties. Under the
sole assumption of correctness - guaranteeing that honest players
obtain their correct outcomes - we show that every protocol
implementing a non-trivial primitive necessarily leaks information to
a dishonest player. This extends known impossibility results to all
non-trivial primitives. We provide a framework for quantifying this
leakage and argue that leakage is a good measure for the privacy
provided to the players by a given protocol. Our framework also covers
the case where the two players are helped by a trusted third party. We
show that despite the help of a trusted third party, the players
cannot amplify the cryptographic power of any primitive. All our
results hold even against quantum honest-but-curious adversaries who
honestly follow the protocol but purify their actions and apply a
different measurement at the end of the protocol. As concrete
examples, we establish lower bounds on the leakage of standard
universal two-party primitives such as oblivious transfer
Complete Insecurity of Quantum Protocols for Classical Two-Party Computation
A fundamental task in modern cryptography is the joint computation of a
function which has two inputs, one from Alice and one from Bob, such that
neither of the two can learn more about the other's input than what is implied
by the value of the function. In this Letter, we show that any quantum protocol
for the computation of a classical deterministic function that outputs the
result to both parties (two-sided computation) and that is secure against a
cheating Bob can be completely broken by a cheating Alice. Whereas it is known
that quantum protocols for this task cannot be completely secure, our result
implies that security for one party implies complete insecurity for the other.
Our findings stand in stark contrast to recent protocols for weak coin tossing,
and highlight the limits of cryptography within quantum mechanics. We remark
that our conclusions remain valid, even if security is only required to be
approximate and if the function that is computed for Bob is different from that
of Alice.Comment: v2: 6 pages, 1 figure, text identical to PRL-version (but reasonably
formatted
Secure two-party quantum evaluation of unitaries against specious adversaries
We describe how any two-party quantum computation, specified by a unitary
which simultaneously acts on the registers of both parties, can be privately
implemented against a quantum version of classical semi-honest adversaries that
we call specious. Our construction requires two ideal functionalities to
garantee privacy: a private SWAP between registers held by the two parties and
a classical private AND-box equivalent to oblivious transfer. If the unitary to
be evaluated is in the Clifford group then only one call to SWAP is required
for privacy. On the other hand, any unitary not in the Clifford requires one
call to an AND-box per R-gate in the circuit. Since SWAP is itself in the
Clifford group, this functionality is universal for the private evaluation of
any unitary in that group. SWAP can be built from a classical bit commitment
scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows
that unitaries in the Clifford group are to some extent the easy ones. We also
show that SWAP cannot be implemented privately in the bare model
Cryptography in the Bounded Quantum-Storage Model
We initiate the study of two-party cryptographic primitives with unconditional
security, assuming that the adversary’s quantum memory is of bounded size. We show that oblivious
transfer and bit commitment can be implemented in this model using protocols where honest parties
need no quantum memory, whereas an adversarial player needs quantum memory of size at least n/2
in order to break the protocol, where n is the number of qubits transmitted. This is in sharp contrast
to the classical bounded-memory model, where we can only tolerate adversaries with memory of size
quadratic in honest players’ memory size. Our protocols are efficient and noninteractive and can be
implemented using today’s technology. On the technical side, a new entropic uncertainty relation
involving min-entropy is established
Improving the security of quantum protocols via commit-and-open
We consider two-party quantum protocols starting with a transmission
of some random BB84 qubits followed by classical messages. We show a
general compiler improving the security of such protocols: if the
original protocol is secure against an almost honest adversary, then
the compiled protocol is secure against an arbitrary computationally
bounded (quantum) adversary. The compilation preserves the number of
qubits sent and the number of rounds up to a constant factor. The
compiler also preserves security in the bounded-quantum-storage model
(BQSM), so if the original protocol was BQSM-secure, the compiled
protocol can only be broken by an adversary who has large quantum
memory and large computing power. This is in contrast to known
BQSM-secure protocols, where security breaks down completely if the
adversary has larger quantum memory than expected. We show how our
technique can be applied to quantum identification and oblivious
transfer protocols
Experimental quantum tossing of a single coin
The cryptographic protocol of coin tossing consists of two parties, Alice and
Bob, that do not trust each other, but want to generate a random bit. If the
parties use a classical communication channel and have unlimited computational
resources, one of them can always cheat perfectly. Here we analyze in detail
how the performance of a quantum coin tossing experiment should be compared to
classical protocols, taking into account the inevitable experimental
imperfections. We then report an all-optical fiber experiment in which a single
coin is tossed whose randomness is higher than achievable by any classical
protocol and present some easily realisable cheating strategies by Alice and
Bob.Comment: 13 page
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
- …