4,695 research outputs found
On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-way Quantum Transmission
We consider the scenario where Alice wants to send a secret (classical)
-bit message to Bob using a classical key, and where only one-way
transmission from Alice to Bob is possible. In this case, quantum communication
cannot help to obtain perfect secrecy with key length smaller then . We
study the question of whether there might still be fundamental differences
between the case where quantum as opposed to classical communication is used.
In this direction, we show that there exist ciphers with perfect security
producing quantum ciphertext where, even if an adversary knows the plaintext
and applies an optimal measurement on the ciphertext, his Shannon uncertainty
about the key used is almost maximal. This is in contrast to the classical case
where the adversary always learns bits of information on the key in a known
plaintext attack. We also show that there is a limit to how different the
classical and quantum cases can be: the most probable key, given matching
plain- and ciphertexts, has the same probability in both the quantum and the
classical cases. We suggest an application of our results in the case where
only a short secret key is available and the message is much longer.Comment: 19 pages, 2 figures. This is a revised version of an earlier version
that appeared in the proc. of Eucrocrypt'04:LNCS3027, 200
Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization
We introduce explicit schemes based on the polarization phenomenon for the
tasks of one-way secret key agreement from common randomness and private
channel coding. For the former task, we show how to use common randomness and
insecure one-way communication to obtain a strongly secure key such that the
key construction has a complexity essentially linear in the blocklength and the
rate at which the key is produced is optimal, i.e., equal to the one-way
secret-key rate. For the latter task, we present a private channel coding
scheme that achieves the secrecy capacity using the condition of strong secrecy
and whose encoding and decoding complexity are again essentially linear in the
blocklength.Comment: 18.1 pages, 2 figures, 2 table
Modified Bennett-Brassard 1984 Quantum Key Distribution With Two-way Classical Communications
The quantum key distribution protocol without public announcement of bases is
equipped with a two-way classical communication symmetric entanglement
purification protocol. This modified key distribution protocol is
unconditionally secure and has a higher tolerable error rate of 20%, which is
higher than previous scheme without public announcement of bases.Comment: 5 pages. To appear in Physical Review
Distributions attaining secret key at a rate of the conditional mutual information
© International Association for Cryptologic Research 2015. In this paper we consider the problem of extracting secret key from an eavesdropped source pXY Z at a rate given by the conditional mutual information. We investigate this question under three different scenarios: (i) Alice (X) and Bob (Y) are unable to communicate but share common randomness with the eavesdropper Eve (Z), (ii) Alice and Bob are allowed one-way public communication, and (iii) Alice and Bob are allowed two-way public communication. Distributions having a key rate of the conditional mutual information are precisely those in which a âhelpingâ Eve offers Alice and Bob no greater advantage for obtaining secret key than a fully adversarial one. For each of the above scenarios, strong necessary conditions are derived on the structure of distributions attaining a secret key rate of I(X: Y |Z). In obtaining our results, we completely solve the problem of secret key distillation under scenario (i) and identify H(S|Z) to be the optimal key rate using shared randomness, where S is the GĂ cs-Körner Common Information. We thus provide an operational interpretation of the conditional GĂ cs- Körner Common Information. Additionally, we introduce simple example distributions in which the rate I(X: Y |Z) is achievable if and only if two-way communication is allowed
Anonymity-Preserving Public-Key Encryption: A Constructive Approach
Abstract. A receiver-anonymous channel allows a sender to send a message to a receiver without an adversary learning for whom the message is intended. Wireless broadcast channels naturally provide receiver anonymity, as does multi-casting one message to a receiver population containing the intended receiver. While anonymity and confidentiality appear to be orthogonal properties, making anonymous communication confidential is more involved than one might expect, since the ciphertext might reveal which public key has been used to encrypt. To address this problem, public-key cryptosystems with enhanced security properties have been proposed. We investigate constructions as well as limitations for preserving receiver anonymity when using public-key encryption (PKE). We use the constructive cryptography approach by Maurer and Renner and interpret cryptographic schemes as constructions of a certain ideal resource (e.g. a confidential anonymous channel) from given real resources (e.g. a broadcast channel). We define appropriate anonymous communication resources and show that a very natural resource can be constructed by using a PKE scheme which fulfills three properties that appear in cryptographic literature (IND-CCA, key-privacy, weak robustness). We also show that a desirable stronger variant, preventing the adversary from selective âtrial-deliveries â of messages, is unfortunately unachievable by any PKE scheme, no matter how strong. The constructive approach makes the guarantees achieved by applying a cryptographic scheme explicit in the constructed (ideal) resource; this specifies the exact requirements for the applicability of a cryptographic scheme in a given context. It also allows to decide which of the existing security properties of such a cryptographic scheme are adequate for the considered scenario, and which are too weak or too strong. Here, we show that weak robustness is necessary but that so-called strong robustness is unnecessarily strong in that it does not construct a (natural) stronger resource
Shared Information -- New Insights and Problems in Decomposing Information in Complex Systems
How can the information that a set of random variables
contains about another random variable be decomposed? To what extent do
different subgroups provide the same, i.e. shared or redundant, information,
carry unique information or interact for the emergence of synergistic
information?
Recently Williams and Beer proposed such a decomposition based on natural
properties for shared information. While these properties fix the structure of
the decomposition, they do not uniquely specify the values of the different
terms. Therefore, we investigate additional properties such as strong symmetry
and left monotonicity. We find that strong symmetry is incompatible with the
properties proposed by Williams and Beer. Although left monotonicity is a very
natural property for an information measure it is not fulfilled by any of the
proposed measures.
We also study a geometric framework for information decompositions and ask
whether it is possible to represent shared information by a family of posterior
distributions.
Finally, we draw connections to the notions of shared knowledge and common
knowledge in game theory. While many people believe that independent variables
cannot share information, we show that in game theory independent agents can
have shared knowledge, but not common knowledge. We conclude that intuition and
heuristic arguments do not suffice when arguing about information.Comment: 20 page
Linking Classical and Quantum Key Agreement: Is There "Bound Information"?
After carrying out a protocol for quantum key agreement over a noisy quantum
channel, the parties Alice and Bob must process the raw key in order to end up
with identical keys about which the adversary has virtually no information. In
principle, both classical and quantum protocols can be used for this
processing. It is a natural question which type of protocols is more powerful.
We prove for general states but under the assumption of incoherent
eavesdropping that Alice and Bob share some so-called intrinsic information in
their classical random variables, resulting from optimal measurements, if and
only if the parties' quantum systems are entangled. In addition, we provide
evidence that the potentials of classical and of quantum protocols are equal in
every situation. Consequently, many techniques and results from quantum
information theory directly apply to problems in classical information theory,
and vice versa. For instance, it was previously believed that two parties can
carry out unconditionally secure key agreement as long as they share some
intrinsic information in the adversary's view. The analysis of this purely
classical problem from the quantum information-theoretic viewpoint shows that
this is true in the binary case, but false in general. More explicitly, bound
entanglement, i.e., entanglement that cannot be purified by any quantum
protocol, has a classical counterpart. This "bound intrinsic information"
cannot be distilled to a secret key by any classical protocol. As another
application we propose a measure for entanglement based on classical
information-theoretic quantities.Comment: Accepted for Crypto 2000. 17 page
Multipartite Classical and Quantum Secrecy Monotones
In order to study multipartite quantum cryptography, we introduce quantities
which vanish on product probability distributions, and which can only decrease
if the parties carry out local operations or carry out public classical
communication. These ``secrecy monotones'' therefore measure how much secret
correlations are shared by the parties. In the bipartite case we show that the
mutual information is a secrecy monotone. In the multipartite case we describe
two different generalisations of the mutual information, both of which are
secrecy monotones. The existence of two distinct secrecy monotones allows us to
show that in multipartite quantum cryptography the parties must make
irreversible choices about which multipartite correlations they want to obtain.
Secrecy monotones can be extended to the quantum domain and are then defined on
density matrices. We illustrate this generalisation by considering tri-partite
quantum cryptography based on the Greenberger-Horne-Zeilinger (GHZ) state. We
show that before carrying out measurements on the state, the parties must make
an irreversible decision about what probability distribution they want to
obtain
Cascade Encryption Revisited
The security of cascade blockcipher encryption is an important and well-studied problem in theoretical cryptography with practical implications. It is well-known that double encryption improves the security only marginally, leaving triple encryption as the shortest reasonable cascade. In a recent paper, Bellare and Rogaway showed that in the ideal cipher model, triple encryption is significantly more secure than single and double encryption, stating the security of longer cascades as an open question.
In this paper, we propose a new lemma on the indistinguishability of systems extending Maurer\u27s theory of random systems. In addition to being of independent interest, it allows us to compactly rephrase Bellare and Rogaway\u27s proof strategy in this framework, thus making the argument more abstract and hence easy to follow. As a result, this allows us to address the security of longer cascades as well as some errors in their paper. Our result implies that for blockciphers with smaller key space than message space (e.g. DES), longer cascades improve the security of the encryption up to a certain limit. This partially answers the open question mentioned above
A Quantum-Proof Non-Malleable Extractor, With Application to Privacy Amplification against Active Quantum Adversaries
In privacy amplification, two mutually trusted parties aim to amplify the
secrecy of an initial shared secret in order to establish a shared private
key by exchanging messages over an insecure communication channel. If the
channel is authenticated the task can be solved in a single round of
communication using a strong randomness extractor; choosing a quantum-proof
extractor allows one to establish security against quantum adversaries.
In the case that the channel is not authenticated, Dodis and Wichs (STOC'09)
showed that the problem can be solved in two rounds of communication using a
non-malleable extractor, a stronger pseudo-random construction than a strong
extractor.
We give the first construction of a non-malleable extractor that is secure
against quantum adversaries. The extractor is based on a construction by Li
(FOCS'12), and is able to extract from source of min-entropy rates larger than
. Combining this construction with a quantum-proof variant of the
reduction of Dodis and Wichs, shown by Cohen and Vidick (unpublished), we
obtain the first privacy amplification protocol secure against active quantum
adversaries
- âŠ