-
Composable and Finite Computational Security of Quantum Message Transmission
Authors:
Fabio Banfi,
Ueli Maurer,
Christopher Portmann,
Jiamin Zhu
Abstract:
Recent research in quantum cryptography has led to the development of schemes that encrypt and authenticate quantum messages with computational security. The security definitions used so far in the literature are asymptotic, game-based, and not known to be composable. We show how to define finite, composable, computational security for secure quantum message transmission. The new definitions do no…
▽ More
Recent research in quantum cryptography has led to the development of schemes that encrypt and authenticate quantum messages with computational security. The security definitions used so far in the literature are asymptotic, game-based, and not known to be composable. We show how to define finite, composable, computational security for secure quantum message transmission. The new definitions do not involve any games or oracles, they are directly operational: a scheme is secure if it transforms an insecure channel and a shared key into an ideal secure channel from Alice to Bob, i.e., one which only allows Eve to block messages and learn their size, but not change them or read them. By modifying the ideal channel to provide Eve with more or less capabilities, one gets an array of different security notions. By design these transformations are composable, resulting in composable security.
Crucially, the new definitions are finite. Security does not rely on the asymptotic hardness of a computational problem. Instead, one proves a finite reduction: if an adversary can distinguish the constructed (real) channel from the ideal one (for some fixed security parameters), then she can solve a finite instance of some computational problem. Such a finite statement is needed to make security claims about concrete implementations.
We then prove that (slightly modified versions of) protocols proposed in the literature satisfy these composable definitions. And finally, we study the relations between some game-based definitions and our composable ones. In particular, we look at notions of quantum authenticated encryption and QCCA2, and show that they suffer from the same issues as their classical counterparts: they exclude certain protocols which are arguably secure.
△ Less
Submitted 9 October, 2019; v1 submitted 9 August, 2019;
originally announced August 2019.
-
Causal Boxes: Quantum Information-Processing Systems Closed under Composition
Authors:
Christopher Portmann,
Christian Matt,
Ueli Maurer,
Renato Renner,
Björn Tackmann
Abstract:
Complex information-processing systems, for example quantum circuits, cryptographic protocols, or multi-player games, are naturally described as networks composed of more basic information-processing systems. A modular analysis of such systems requires a mathematical model of systems that is closed under composition, i.e., a network of these objects is again an object of the same type. We propose…
▽ More
Complex information-processing systems, for example quantum circuits, cryptographic protocols, or multi-player games, are naturally described as networks composed of more basic information-processing systems. A modular analysis of such systems requires a mathematical model of systems that is closed under composition, i.e., a network of these objects is again an object of the same type. We propose such a model and call the corresponding systems causal boxes.
Causal boxes capture superpositions of causal structures, e.g., messages sent by a causal box A can be in a superposition of different orders or in a superposition of being sent to box B and box C. Furthermore, causal boxes can model systems whose behavior depends on time. By instantiating the Abstract Cryptography framework with causal boxes, we obtain the first composable security framework that can handle arbitrary quantum protocols and relativistic protocols.
△ Less
Submitted 21 March, 2017; v1 submitted 7 December, 2015;
originally announced December 2015.
-
Locking of accessible information and implications for the security of quantum cryptography
Authors:
Robert Koenig,
Renato Renner,
Andor Bariska,
Ueli Maurer
Abstract:
The unconditional security of a quantum key distribution protocol is often defined in terms of the accessible information, that is, the maximum mutual information between the distributed key S and the outcome of an optimal measurement on the adversary's (quantum) system. We show that, even if this quantity is small, certain parts of the key S might still be completely insecure when S is used in…
▽ More
The unconditional security of a quantum key distribution protocol is often defined in terms of the accessible information, that is, the maximum mutual information between the distributed key S and the outcome of an optimal measurement on the adversary's (quantum) system. We show that, even if this quantity is small, certain parts of the key S might still be completely insecure when S is used in applications, such as for one-time pad encryption. This flaw is due to a locking property of the accessible information: one additional (physical) bit of information might increase the accessible information by more than one bit.
△ Less
Submitted 11 January, 2006; v1 submitted 2 December, 2005;
originally announced December 2005.
-
On the Power of Quantum Memory
Authors:
Robert Koenig,
Ueli Maurer,
Renato Renner
Abstract:
We address the question whether quantum memory is more powerful than classical memory. In particular, we consider a setting where information about a random n-bit string X is stored in r classical or quantum bits, for r<n, i.e., the stored information is bound to be only partial. Later, a randomly chosen binary question F about X is asked, which has to be answered using only the stored informati…
▽ More
We address the question whether quantum memory is more powerful than classical memory. In particular, we consider a setting where information about a random n-bit string X is stored in r classical or quantum bits, for r<n, i.e., the stored information is bound to be only partial. Later, a randomly chosen binary question F about X is asked, which has to be answered using only the stored information. The maximal probability of correctly guessing the answer F(X) is then compared for the cases where the storage device is classical or quantum mechanical, respectively.
We show that, despite the fact that the measurement of quantum bits can depend arbitrarily on the question F to be answered, the quantum advantage is negligible already for small values of the difference n-r.
An implication for cryptography is that privacy amplification by application of a compression function mapping n-bit strings to s-bit strings (for some s<n-r), chosen publicly from a two-universal class of hash functions, remains essentially equally secure when the adversary's memory is allowed to be r quantum rather than only r classical bits.
△ Less
Submitted 21 April, 2005; v1 submitted 26 May, 2003;
originally announced May 2003.
-
A Quantum solution to the Byzantine agreement problem
Authors:
Matthias Fitzi,
Nicolas Gisin,
Ueli Maurer
Abstract:
We present a solution to an old and timely problem in distributed computing. Like Quantum Key Distribution (QKD), quantum channels make it possible to achieve taks classically impossible. However, unlike QKD, here the goal is not secrecy but agreement, and the adversary is not outside but inside the game, and the resources require qutrits.
We present a solution to an old and timely problem in distributed computing. Like Quantum Key Distribution (QKD), quantum channels make it possible to achieve taks classically impossible. However, unlike QKD, here the goal is not secrecy but agreement, and the adversary is not outside but inside the game, and the resources require qutrits.
△ Less
Submitted 25 July, 2001;
originally announced July 2001.
