139 research outputs found
Non-malleability for quantum public-key encryption
Non-malleability is an important security property for public-key encryption (PKE). Its significance is due to the fundamental unachievability of integrity and authenticity guarantees in this setting, rendering it the strongest integrity-like property achievable using only PKE, without digital signatures. In this work, we generalize this notion to the setting of quantum public-key encryption. Overcoming the notorious "recording barrier" known from generalizing other integrity-like security notions to quantum encryption, we generalize one of the equivalent classical definitions, comparison-based non-malleability, and show how it can be fulfilled. In addition, we explore one-time non-malleability notions for symmetric-key encryption from the literature by defining plaintext and ciphertext variants and by characterizing their relation
The operational meaning of min- and max-entropy
We show that the conditional min-entropy Hmin(A|B) of a bipartite
state rho_AB is directly related to the maximum achievable overlap
with a maximally entangled state if only local actions on the B-part
of rho_AB are allowed. In the special case where A is classical, this
overlap corresponds to the probability of guessing A given B. In a
similar vein, we connect the conditional max-entropy Hmax(A|B) to the
maximum fidelity of rho_AB with a product state that is completely
mixed on A. In the case where A is classical, this corresponds to the
security of A when used as a secret key in the presence of an
adversary holding B. Because min- and max-entropies are known to
characterize information-processing tasks such as randomness
extraction and state merging, our results establish a direct
connection between these tasks and basic operational problems. For
example, they imply that the (logarithm of the) probability of
guessing A given B is a lower bound on the number of uniform secret
bits that can be extracted from A relative to an adversary holding B
Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability
Game-playing proofs constitute a powerful framework for classical cryptographic security arguments, most notably applied in the context of indifferentiability. An essential ingredient in such proofs is lazy sampling of random primitives. We develop a quantum game-playing proof framework by generalizing two recently developed proof techniques. First, we describe how Zhandry's compressed quantum oracles [Zha18] can be used to do quantum lazy sampling from non-uniform function distributions. Second, we observe how Unruh's one-way-to-hiding lemma [Unr14] can also be applied to compressed oracles, providing a quantum counterpart to the fundamental lemma of game-playing.
Subsequently, we use our game-playing framework to prove quantum indifferentiability of the sponge construction, assuming a random internal function or a random permutation. Our results upgrade post-quantum security of SHA-3 to the same level that is proven against classical adversaries
On the power of two-party quantum cryptography
We study quantum protocols among two distrustful parties. Under the
sole assumption of correctness - guaranteeing that honest players
obtain their correct outcomes - we show that every protocol
implementing a non-trivial primitive necessarily leaks information to
a dishonest player. This extends known impossibility results to all
non-trivial primitives. We provide a framework for quantifying this
leakage and argue that leakage is a good measure for the privacy
provided to the players by a given protocol. Our framework also covers
the case where the two players are helped by a trusted third party. We
show that despite the help of a trusted third party, the players
cannot amplify the cryptographic power of any primitive. All our
results hold even against quantum honest-but-curious adversaries who
honestly follow the protocol but purify their actions and apply a
different measurement at the end of the protocol. As concrete
examples, we establish lower bounds on the leakage of standard
universal two-party primitives such as oblivious transfer
Complete Insecurity of Quantum Protocols for Classical Two-Party Computation
A fundamental task in modern cryptography is the joint computation of a
function which has two inputs, one from Alice and one from Bob, such that
neither of the two can learn more about the other's input than what is implied
by the value of the function. In this Letter, we show that any quantum protocol
for the computation of a classical deterministic function that outputs the
result to both parties (two-sided computation) and that is secure against a
cheating Bob can be completely broken by a cheating Alice. Whereas it is known
that quantum protocols for this task cannot be completely secure, our result
implies that security for one party implies complete insecurity for the other.
Our findings stand in stark contrast to recent protocols for weak coin tossing,
and highlight the limits of cryptography within quantum mechanics. We remark
that our conclusions remain valid, even if security is only required to be
approximate and if the function that is computed for Bob is different from that
of Alice.Comment: v2: 6 pages, 1 figure, text identical to PRL-version (but reasonably
formatted
Cryptographic timestamping through Sequential Work
We present a definition of an ideal timestamping functionality that maintains a timestamped record of bitstrings. The functionality can be queried to certify the record and the age of each entry at the current time. An adversary can corrupt the timestamping functionality, in which case the adversary can output its own certifications of the record and age of entries under strict limitations. Most importantly, the adversary initially cannot falsify any part of the record, but the maximum age of entries the adversary can falsify grows linearly over time. We introduce a single-prover non-interactive cryptographic timestamping protocol based on proofs of sequential work. The protocol securely implements the timestamping functionality in the random-oracle model and universal-composability framework against an adversary that can compute proofs of sequential work faster by a certain factor. Because of the computational effort required, such adversaries have the same strict limitations under which they can falsify the record as under the ideal functionality. This protocol trivially extends to a multi-prover protocol where the adversary can only generate malicious proofs when it has corrupted at least half of all provers. As an attractive feature, we show how any party can efficiently borrow proofs by interacting with the protocol and generate its own certification of records and their ages with only a constant loss in age. The security guarantees of our timestamping protocol only depend on how long ago the adversary corrupted parties and on how fast honest parties can compute proofs of sequential work relative to an adversary, in particular these guarantees are not affected by how many proofs of sequential work honest or adversarial parties run in parallel
Secure Multi-party Quantum Computation with a Dishonest Majority
The cryptographic task of secure multi-party (classical) computation has received a lot of attention in the last decades. Even in the extreme case where a computation is performed between k mutually distrustful players, and security is required even for the single honest player if all other players are colluding adversaries, secure protocols are known. For quantum computation, on the other hand, protocols allowing arbitrary dishonest majority have only been proven for k=2. In this work, we generalize the approach taken by Dupuis, Nielsen and Salvail (CRYPTO 2012) in the two-party setting to devise a secure, efficient protocol for multi-party quantum computation for any number of players k, and prove security against up to k−1 colluding adversaries. The quantum round complexity of the protocol for computing a quantum circuit with g gates acting on w qubits is O((w+g)k). To achieve efficiency, we develop a novel public verification protocol for the Clifford authentication code, and a testing protocol for magic-state inputs, both using classical multi-party computation
Secure Multi-party Quantum Computation with a Dishonest Majority
The cryptographic task of secure multi-party (classical) computation has received a lot of attention in the last decades. Even in the extreme case where a computation is performed between k mutually distrustful players, and security is required even for the single honest player if all other players are colluding adversaries, secure protocols are known. For quantum computation, on the other hand, protocols allowing arbitrary dishonest majority have only been proven for k=2. In this work, we generalize the approach taken by Dupuis, Nielsen and Salvail (CRYPTO 2012) in the two-party setting to devise a secure, efficient protocol for multi-party quantum computation for any number of players k, and prove security against up to k−1 colluding adversaries. The quantum round complexity of the protocol for computing a quantum circuit with g gates acting on w qubits is O((w+g)k). To achieve efficiency, we develop a novel public verification protocol for the Clifford authentication code, and a testing protocol for magic-state inputs, both using classical multi-party computation
Cryptography in the Bounded Quantum-Storage Model
We initiate the study of two-party cryptographic primitives with unconditional
security, assuming that the adversary’s quantum memory is of bounded size. We show that oblivious
transfer and bit commitment can be implemented in this model using protocols where honest parties
need no quantum memory, whereas an adversarial player needs quantum memory of size at least n/2
in order to break the protocol, where n is the number of qubits transmitted. This is in sharp contrast
to the classical bounded-memory model, where we can only tolerate adversaries with memory of size
quadratic in honest players’ memory size. Our protocols are efficient and noninteractive and can be
implemented using today’s technology. On the technical side, a new entropic uncertainty relation
involving min-entropy is established
Quantum fully homomorphic encryption with verification
Fully-homomorphic encryption (FHE) enables computation on encrypted data while maintaining secrecy. Recent research has shown that such schemes exist even for quantum computation. Given the numerous applications of classical FHE (zero-knowledge proofs, secure two-party computation, obfuscation, etc.) it is reasonable to hope that quantum FHE (or QFHE) will lead to many new results in the quantum setting. However, a crucial ingredient in almost all applications of FHE is circuit verification. Classically, verification is performed by checking a transcript of the homomorphic computation. Quantumly, this strategy is impossible due to no-cloning. This leads to an important open question: can quantum computations be delegated and verified in a non-interactive manner? In this work, we answer this question in the affirmative, by constructing a scheme for QFHE with verification (vQFHE). Our scheme provides authenticated encryption, and enables arbitrary polynomial-time quantum computations without the need of interaction between client and server. Verification is almost entirely classical; for computations that start and end with classical states, it is completely classical. As a first application, we show how to construct quantum one-time programs from classical one-time programs and vQFHE
- …