Results 11  20
of
74
Composing quantum protocols in a classical environment
, 2009
"... We propose a general security definition for cryptographic quantum protocols that implement classical nonreactive twoparty tasks. The definition is expressed in terms of simple quantuminformationtheoretic conditions which must be satisfied by the protocol to be secure. The conditions are unique ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
We propose a general security definition for cryptographic quantum protocols that implement classical nonreactive twoparty tasks. The definition is expressed in terms of simple quantuminformationtheoretic conditions which must be satisfied by the protocol to be secure. The conditions are uniquely determined by the ideal functionality F defining the cryptographic task to be implemented. We then show the following composition result. If quantum protocols π1,...,πℓ securely implement ideal functionalities F1,...,Fℓ according to our security definition, then any purely classical twoparty protocol, which makes sequential calls to F1,...,Fℓ, is equally secure as the protocol obtained by replacing the calls to F1,...,Fℓ with the respective quantum protocols π1,...,πℓ. Hence, our approach yields the minimal security requirements which are strong enough for the typical use of quantum protocols as subroutines within larger classical schemes. Finally, we show that recently proposed quantum protocols for secure identification and oblivious transfer in the boundedquantumstorage model satisfy our security definition, and thus compose in the above sense.
Secure assisted quantum computation
 Quantum Information and Computation
, 2005
"... Suppose Alice wants to perform some computation that could be done quickly on a quantum computer, but she cannot do universal quantum computation. Bob can do universal quantum computation and claims he is willing to help, but Alice wants to be sure that Bob cannot learn her input, the result of her ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
Suppose Alice wants to perform some computation that could be done quickly on a quantum computer, but she cannot do universal quantum computation. Bob can do universal quantum computation and claims he is willing to help, but Alice wants to be sure that Bob cannot learn her input, the result of her calculation, or perhaps even the function she is trying to compute. We describe a simple, efficient protocol by which Bob can help Alice perform the computation, but there is no way for him to learn anything about it. We also discuss techniques for Alice to detect whether Bob is honestly helping her or if he is introducing errors. 1
Computational Collapse of Quantum State with Application to Oblivious Transfer
, 2003
"... ..."
(Show Context)
Defeating Classical Bit Commitments With a Quantum Computer
, 1998
"... It has been recently shown by Mayers that no bit commitment is secure if the participants have unlimited computational power and technology. However it was noticed that a secure protocol could be obtained by forcing the cheater to execute a measurement. Similar situations had been encountered previo ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
It has been recently shown by Mayers that no bit commitment is secure if the participants have unlimited computational power and technology. However it was noticed that a secure protocol could be obtained by forcing the cheater to execute a measurement. Similar situations had been encountered previously in the design of Quantum Oblivious Transfer. The question is whether a classical bit commitment could be used for this specific purpose. We demonstrate that, surprisingly, classical unconditionally concealing bit commitments do not help.
Computational indistinguishability between quantum states and its cryptographic application
 Advances in Cryptology – EUROCRYPT 2005
, 2005
"... We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset s ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
(Show Context)
We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset states with a hidden permutation over the symmetric group of finite degree. This naturally generalizes the commonlyused distinction problem between two probability distributions in computational cryptography. As our major contribution, we show three cryptographic properties: (i) QSCDff has the trapdoor property; (ii) the averagecase hardness of QSCDff coincides with its worstcase hardness; and (iii) QSCDff is computationally at least as hard in the worst case as the graph automorphism problem. These cryptographic properties enable us to construct a quantum publickey cryptosystem, which is likely to withstand any chosen plaintext attack of a polynomialtime quantum adversary. We further discuss a generalization of QSCDff, called QSCDcyc, and introduce a multibit encryption scheme relying on the cryptographic properties of QSCDcyc.
How to Convert the Flavor of a Quantum Bit Commitment
 Eurocrypt 2001, Lecture Notes in Computer Science
, 2001
"... Abstract. In this paper we show how to convert a statistically binding but computationally concealing quantum bit commitment scheme into a computationally binding but statistically concealing qbc scheme. For a security parameter n, the construction of the statistically concealing scheme requires O(n ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
Abstract. In this paper we show how to convert a statistically binding but computationally concealing quantum bit commitment scheme into a computationally binding but statistically concealing qbc scheme. For a security parameter n, the construction of the statistically concealing scheme requires O(n 2) executions of the statistically binding scheme. As a consequence, statistically concealing but computationally binding quantum bit commitments can be based upon any family of quantum oneway functions. Such a construction is not known to exist in the classical world. 1
A brief review on the impossibility of quantum bit commitment
, 1997
"... The desire to obtain an unconditionally secure bit commitment protocol in quantum cryptography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit commitment ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
The desire to obtain an unconditionally secure bit commitment protocol in quantum cryptography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit commitment protocol was proposed together with a security proof. However, a basic flaw in the protocol was discovered by Mayers in 1995 and subsequently by Lo and Chau. Later the result was generalized by Mayers who showed that unconditionally secure bit commitment is impossible. A brief review on quantum bit commitment which focuses on the general impossibility theorem and on recent attempts to bypass this result is provided.
Composable Security in the BoundedQuantumStorage Model
, 2008
"... We present a simplified framework for proving sequential composability in the quantum setting. In particular, we give a new, simulationbased, definition for security in the boundedquantumstorage model, and show that this definition allows for sequential composition of protocols. Damgård et al. (F ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
(Show Context)
We present a simplified framework for proving sequential composability in the quantum setting. In particular, we give a new, simulationbased, definition for security in the boundedquantumstorage model, and show that this definition allows for sequential composition of protocols. Damgård et al. (FOCS ’05, CRYPTO ’07) showed how to securely implement bit commitment and oblivious transfer in the boundedquantumstorage model, where the adversary is only allowed to store a limited number of qubits. However, their security definitions did only apply to the standalone setting, and it was not clear if their protocols could be composed. Indeed, we first give a simple attack that shows that these protocols are not composable without a small refinement of the model. Finally, we prove the security of their randomized oblivious transfer protocol in our refined model. Secure implementations of oblivious transfer and bit commitment then follow easily by a (classical) reduction to randomized oblivious transfer.
Implications of superstrong nonlocality for cryptography
, 2005
"... Nonlocal boxes are hypothetical “machines” that give rise to superstrong nonlocal correlations, leading to a stronger violation of Bell/CHSH inequalities than is possible within the framework of quantum mechanics. We show how nonlocal boxes can be used to perform any twoparty secure computation. ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Nonlocal boxes are hypothetical “machines” that give rise to superstrong nonlocal correlations, leading to a stronger violation of Bell/CHSH inequalities than is possible within the framework of quantum mechanics. We show how nonlocal boxes can be used to perform any twoparty secure computation. We first construct a protocol for bit commitment and then show how to achieve oblivious transfer using nonlocal boxes. Both have been shown to be impossible using quantum mechanics alone.