Results 1  10
of
10
Perfectly concealing quantum bit commitment from any quantum oneway permutation
, 2000
"... Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen ..."
Abstract

Cited by 44 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen and Young, our protocol is noninteractive and has communication complexity O(n) qubits for n a security parameter. 1
Efficient authentication from hard learning problems
 EUROCRYPT
"... Abstract. We construct efficient authentication protocols and messageauthentication codes (MACs) whose security can be reduced to the learning parity with noise (LPN) problem. Despite a large body of work – starting with the HB protocol of Hopper and Blum in 2001 – until now it was not even known ho ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We construct efficient authentication protocols and messageauthentication codes (MACs) whose security can be reduced to the learning parity with noise (LPN) problem. Despite a large body of work – starting with the HB protocol of Hopper and Blum in 2001 – until now it was not even known how to construct an efficient authentication protocol from LPN which is secure against maninthemiddle (MIM) attacks. A MAC implies such a (tworound) protocol. 1
Computational Collapse of Quantum State with Application to Oblivious Transfer
, 2003
"... ..."
(Show Context)
Composable Security in the BoundedQuantumStorage Model
, 2008
"... We present a simplified framework for proving sequential composability in the quantum setting. In particular, we give a new, simulationbased, definition for security in the boundedquantumstorage model, and show that this definition allows for sequential composition of protocols. Damgård et al. (F ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
(Show Context)
We present a simplified framework for proving sequential composability in the quantum setting. In particular, we give a new, simulationbased, definition for security in the boundedquantumstorage model, and show that this definition allows for sequential composition of protocols. Damgård et al. (FOCS ’05, CRYPTO ’07) showed how to securely implement bit commitment and oblivious transfer in the boundedquantumstorage model, where the adversary is only allowed to store a limited number of qubits. However, their security definitions did only apply to the standalone setting, and it was not clear if their protocols could be composed. Indeed, we first give a simple attack that shows that these protocols are not composable without a small refinement of the model. Finally, we prove the security of their randomized oblivious transfer protocol in our refined model. Secure implementations of oblivious transfer and bit commitment then follow easily by a (classical) reduction to randomized oblivious transfer.
Quantum proofs of knowledge
, 2010
"... We motivate, define and construct quantum proofs of knowledge, proofs of knowledge secure against quantum adversaries. Our constructions are based on a new quantum rewinding technique that allows us to extract witnesses in many classical proofs of knowledge. We give criteria under which a classical ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
We motivate, define and construct quantum proofs of knowledge, proofs of knowledge secure against quantum adversaries. Our constructions are based on a new quantum rewinding technique that allows us to extract witnesses in many classical proofs of knowledge. We give criteria under which a classical proof of knowledge is a quantum proof of knowledge. Combining our results with Watrous’ results on quantum zeroknowledge, we show that there are zeroknowledge quantum proofs of knowledge for all languages in NP.
General properties of quantum zeroknowledge proofs
 In Proceedings of the Fifth IACR Theory of Cryptography Conference
, 2008
"... This paper studies the complexity classes QZK and HVQZK, the classes of problems having a quantum computational zeroknowledge proof system and an honestverifier quantum computational zeroknowledge proof system, respectively. The results proved in this paper include: • HVQZK = QZK. • Any problem i ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
This paper studies the complexity classes QZK and HVQZK, the classes of problems having a quantum computational zeroknowledge proof system and an honestverifier quantum computational zeroknowledge proof system, respectively. The results proved in this paper include: • HVQZK = QZK. • Any problem in QZK has a publiccoin quantum computational zeroknowledge proof system. • Any problem in QZK has a quantum computational zeroknowledge proof system of perfect completeness. • Any problem in QZK has a threemessage publiccoin quantum computational zeroknowledge proof system of perfect completeness with polynomially small error in soundness (hence with arbitrarily small constant error in soundness). All the results proved in this paper are unconditional, i.e., they do not rely any computational assumptions such as the existence of quantum oneway functions or permutations. For the classes QPZK, HVQPZK, and QSZK of problems having a quantum perfect zeroknowledge proof system, an honestverifier quantum perfect zeroknowledge proof system, and a quantum statistical zeroknowledge proof system, respectively, the following new properties are proved:
Secure authentication from a weak key, without leaking information
 Advances in Cryptology — Eurocrypt 2011, volume 6632 of LNCS
, 2011
"... Abstract. We study the problem of authentication based on a weak key in the informationtheoretic setting. A key is weak if its minentropy is an arbitrary small fraction of its bit length. This problem has recently received considerable attention, with different solutions optimizing different param ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We study the problem of authentication based on a weak key in the informationtheoretic setting. A key is weak if its minentropy is an arbitrary small fraction of its bit length. This problem has recently received considerable attention, with different solutions optimizing different parameters. We study the problem in an extended setting, where the weak key is as a onetime session key that is derived from a public source of randomness with the help of a (potentially also weak) longterm key. Our goal now is to authenticate a message by means of the weak session key in such a way that (nearly) no information on the longterm key is leaked. Ensuring privacy of the longterm key is vital for the longterm key to be reusable. Previous work has not considered such a privacy issue, and previous solutions do not seem to satisfy this requirement. We show the existence of a practical fourround protocol that provides message authentication from a weak session key and that avoids nonnegligible leakage on the longterm key. The security of our scheme also holds in the quantum setting where the adversary may have limited quantum side information on the weak session key. As an application of our scheme, we show the existence of an identification scheme in the bounded quantum storage model that is secure against a maninthemiddle attack and that is truly passwordbased: it does not need any high entropy key, in contrast to the scheme proposed by Damg˚ard et al.. 1.
ZeroKnowledge Proofs and String Commitments Withstanding Quantum Attacks
"... Abstract. The concept of zeroknowledge (ZK) has become of fundamental importance in cryptography. However, in a setting where entities are modeled by quantum computers, classical arguments for proving ZK fail to hold since, in the quantum setting, the concept of rewinding is not generally applicabl ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The concept of zeroknowledge (ZK) has become of fundamental importance in cryptography. However, in a setting where entities are modeled by quantum computers, classical arguments for proving ZK fail to hold since, in the quantum setting, the concept of rewinding is not generally applicable. Moreover, known classical techniques that avoid rewinding have various shortcomings in the quantum setting. We propose new techniques for building quantum zeroknowledge (QZK) protocols, which remain secure even under (active) quantum attacks. We obtain computational QZK proofs and perfect QZK arguments for any NP language in the common reference string model. This is based on a general method converting an important class of classical honestverifier ZK (HVZK) proofs into QZK proofs. This leads to quite practical protocols if the underlying HVZK proof is efficient. These are the first proof protocols enjoying these properties, in particular the first to achieve perfect QZK. As part of our construction, we propose a general framework for building unconditionally hiding (trapdoor) string commitment schemes, secure against quantum attacks, as well as concrete instantiations based on specific (believed to be) hard problems. This is of independent interest, as these are the first unconditionally hiding string commitment schemes withstanding quantum attacks. Finally, we give a partial answer to the question whether QZK is possible in the plain model. We propose a new notion of QZK, nonoblivious verifier QZK, which is strictly stronger than honestverifier QZK but weaker than full QZK, and we show that this notion can be achieved by means of efficient (quantum) protocols. 1
NonInteractive Quantum Statistical and Perfect ZeroKnowledge
"... This paper introduces quantum analogues of noninteractive perfect and statistical zeroknowledge proof systems. Similar to the classical cases, it is shown that sharing randomness or entanglement is necessary for nontrivial protocols of noninteractive quantum perfect and statistical zeroknowledge ..."
Abstract
 Add to MetaCart
This paper introduces quantum analogues of noninteractive perfect and statistical zeroknowledge proof systems. Similar to the classical cases, it is shown that sharing randomness or entanglement is necessary for nontrivial protocols of noninteractive quantum perfect and statistical zeroknowledge. It is also shown that, with sharing EPR pairs a priori, the class of languages having onesided bounded error noninteractive quantum perfect zeroknowledge proof systems has a natural complete problem. Nontriviality of such a proof system is based on the fact proved in this paper that the Graph NonAutomorphism problem, which is not known in BQP, can be reduced to our complete problem. Our results may be the first nontrivial quantum zeroknowledge proofs secure even against dishonest quantum verifiers, since our protocols are noninteractive, and thus the zeroknowledge property does not depend on whether the verifier in the protocol is honest or not. A restricted version of our complete problem derives a natural complete problem for BQP.