Results 1  10
of
52
The universal composable security of quantum key distribution
 Theory of Cryptography: Second Theory of Cryptography Conference, volume 3378 of Lecture
, 2005
"... The existing unconditional security definitions of quantum key distribution (QKD) do not apply to joint attacks over QKD and the subsequent use of the resulting key. In this paper, we close this potential security gap by using a universal composability theorem for the quantum setting. We first deriv ..."
Abstract

Cited by 51 (3 self)
 Add to MetaCart
(Show Context)
The existing unconditional security definitions of quantum key distribution (QKD) do not apply to joint attacks over QKD and the subsequent use of the resulting key. In this paper, we close this potential security gap by using a universal composability theorem for the quantum setting. We first derive a composable security definition for QKD. We then prove that the usual security definition of QKD still implies the composable security definition. Thus, a key produced in any QKD protocol that is unconditionally secure in the usual definition can indeed be safely used, a property of QKD that is hitherto unproven. We propose two other useful sufficient conditions for composability. As a simple application of our result, we show that keys generated by repeated runs of QKD degrade slowly. 1
Perfectly concealing quantum bit commitment from any quantum oneway permutation
, 2000
"... Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen ..."
Abstract

Cited by 44 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen and Young, our protocol is noninteractive and has communication complexity O(n) qubits for n a security parameter. 1
Quantum cryptography with imperfect apparatus
 In Foundations of Computer Science
, 1998
"... ar ..."
(Show Context)
Quantum publickey cryptosystems
 in Proc. of CRYPT0 2000
, 2000
"... Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no q ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor oneway function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum publickey cryptosystems: a quantum publickey encryption scheme or quantum trapdoor oneway function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subsetsum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.
General security definition and composability for quantum & classical protocols
, 2004
"... Abstract. We generalize the universally composable definition of Canetti to the Quantum World. The basic idea is the same as in the classical world. However, we unfold the result in a new model which is adapted to quantum protocols, and also simplify some aspects of the classical case. ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
Abstract. We generalize the universally composable definition of Canetti to the Quantum World. The basic idea is the same as in the classical world. However, we unfold the result in a new model which is adapted to quantum protocols, and also simplify some aspects of the classical case.
Unconditional security of practical quantum key distribution,” arXiv:quantph/0107017
, 2001
"... We present a proof of unconditional security of a practical quantum key distribution protocol. It is an extension of a previous result obtained by Mayers [1, 2], which proves unconditional security provided that a perfect single photon source is used. In present days, perfect single photon sources a ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
We present a proof of unconditional security of a practical quantum key distribution protocol. It is an extension of a previous result obtained by Mayers [1, 2], which proves unconditional security provided that a perfect single photon source is used. In present days, perfect single photon sources are not available and, therefore, practical implementations use either dim laser pulses or postselected states from parametric
Security of Quantum Key Distribution against All Collective Attacks
, 1998
"... Abstract. Security of quantum key distribution against sophisticated attacks is among the most important issues in quantum information theory. In this work we prove security against a very important class of attacks called collective attacks (under a compatible noise model) which use quantum memorie ..."
Abstract

Cited by 25 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Security of quantum key distribution against sophisticated attacks is among the most important issues in quantum information theory. In this work we prove security against a very important class of attacks called collective attacks (under a compatible noise model) which use quantum memories and gates, and which are directed against the final key. This work was crucial for a full proof of security (against the joint attack) recently obtained by Biham, Boyer, Boykin, Mor, and Roychowdhury [1].
Security of quantum key distribution
, 1998
"... We devise a simple modification that essentially doubles the efficiency of a wellknown quantum key distribution scheme proposed by Bennett and Brassard (BB84). Our scheme assigns significantly different probabilities for the different polarization bases during both transmission and reception to red ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
(Show Context)
We devise a simple modification that essentially doubles the efficiency of a wellknown quantum key distribution scheme proposed by Bennett and Brassard (BB84). Our scheme assigns significantly different probabilities for the different polarization bases during both transmission and reception to reduce the fraction of discarded data. The actual probabilities used in the scheme are announced in public. As the number of transmitted signals increases, the efficiency of our scheme can be made to approach 100%. An eavesdropper may try to break such a scheme by eavesdropping mainly along the predominant basis. To defeat such an attack, we perform a refined analysis of accepted data: Instead of lumping all the accepted data together to estimate a single error rate, we separate the accepted data into various subsets according to the basis employed and estimate an error rate for each subset individually.