Results 21  30
of
74
From LowDistortion Norm Embeddings to Explicit Uncertainty Relations and Efficient Information Locking
"... Quantum uncertainty relations are at the heart of many quantum cryptographic protocols performing classically impossible tasks. One operational manifestation of these uncertainty relations is a purely quantum effect referred to as information locking [12]. A locking scheme can be viewed as a cryptog ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Quantum uncertainty relations are at the heart of many quantum cryptographic protocols performing classically impossible tasks. One operational manifestation of these uncertainty relations is a purely quantum effect referred to as information locking [12]. A locking scheme can be viewed as a cryptographic protocol in which a uniformly random nbit message is encoded in a quantum system using a classical key of size much smaller than n. Without the key, no measurement of this quantum state can extract more than a negligible amount of information about the message (the message is “locked”). Furthermore, knowing the key, it is possible to recover (or “unlock”) the message. In this paper, we make the following contributions by exploiting a connection between uncertainty relations and lowdistortion embeddings of ℓ2 into ℓ1.
ROBUST CRYPTOGRAPHY IN THE NOISYQUANTUMSTORAGE MODEL
, 2009
"... It was shown in [42] that cryptographic primitives can be implemented based on the assumption that quantum storage of qubits is noisy. In this work we analyze a protocol for the universal task of oblivious transfer that can be implemented using quantumkeydistribution (QKD) hardware in the practica ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
It was shown in [42] that cryptographic primitives can be implemented based on the assumption that quantum storage of qubits is noisy. In this work we analyze a protocol for the universal task of oblivious transfer that can be implemented using quantumkeydistribution (QKD) hardware in the practical setting where honest participants are unable to perform noisefree operations. We derive tradeoffs between the amount of storage noise, the amount of noise in the operations performed by the honest participants and the security of oblivious transfer which are greatly improved compared to the results in [42]. As an example, we show that for the case of depolarizing noise in storage we can obtain secure oblivious transfer as long as the quantum biterror rate of the channel does not exceed 11 % and the noise on the channel is strictly less than the quantum storage noise. This is optimal for the protocol considered. Finally, we show that our analysis easily carries over to quantum protocols for secure identification.
Oblivious transfer and linear functions
 CRYPTO 2006. LNCS
, 2006
"... We study unconditionally secure 1outof2 Oblivious Transfer (12 OT). We first point out that a standard security requirement for 12 OT of bits, namely that the receiver only learns one of the bits sent, holds if and only if the receiver has no information on the XOR of the two bits. We then ge ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We study unconditionally secure 1outof2 Oblivious Transfer (12 OT). We first point out that a standard security requirement for 12 OT of bits, namely that the receiver only learns one of the bits sent, holds if and only if the receiver has no information on the XOR of the two bits. We then generalize this to 12 OT of strings and show that the security can be characterized in terms of binary linear functions. More precisely, we show that the receiver learns only one of the two strings sent if and only if he has no information on the result of applying any binary linear function (which nontrivially depends on both inputs) to the two strings. We then argue that this result not only gives new insight into the nature of 12 OT, but it in particular provides a very powerful tool for analyzing 12 OT protocols. We demonstrate this by showing that with our characterization at hand, the reducibility of 12 OT (of strings) to a wide range of weaker primitives follows by a very simple argument. This is in sharp contrast to previous literature, where reductions of 12 OT to weaker flavors have rather complicated and sometimes even incorrect proofs.
On the efficiency of classical and quantum oblivious transfer reductions
 In Advances in Cryptology — CRYPTO ’10, Lecture Notes in Computer Science
, 2010
"... Abstract. Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multiparty computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such a ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multiparty computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such as noisy channels. It is important to know how efficient such unconditionally secure reductions can be in principle, i.e., how many instances of a given primitive are at least needed to implement OT. For perfect (errorfree) implementations good lower bounds are known, e.g. the bounds by Beaver (STOC ’96) or by Dodis and Micali (EUROCRYPT ’99). However, in practice one is usually willing to tolerate a small probability of error and it is known that these statistical reductions can in general be much more efficient. Thus, the known bounds have only limited application. In the first part of this work we provide bounds on the efficiency of secure (onesided) twoparty computation of arbitrary finite functions from distributed randomness in the statistical case. From these results we derive bounds on the efficiency of protocols that use (different variants of) OT as a blackbox. When applied to implementations of OT, our bounds generalize known results to the statistical case. Our results hold in particular for transformations between a finite number of primitives and for any error. Furthermore, we provide bounds on the efficiency of protocols implementing Rabin OT.
Brief history of quantum cryptography: A personal perspective, awaji island, japan
 Proceedings of IEEE Information Theory Workshop on Theory and Practice in Information Theoretic Security
, 2005
"... ..."
(Show Context)
Remote preparation of arbitrary ensembles and quantum bit commitment
, 2008
"... The HughstonJozsaWootters theorem shows that any finite ensemble of quantum states can be prepared “at a distance”, and it has been used to demonstrate the insecurity of all bit commitment protocols based on finite quantum systems without superselection rules. In this paper, we prove a generalized ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
The HughstonJozsaWootters theorem shows that any finite ensemble of quantum states can be prepared “at a distance”, and it has been used to demonstrate the insecurity of all bit commitment protocols based on finite quantum systems without superselection rules. In this paper, we prove a generalized HJW theorem for arbitrary ensembles of states on a C∗algebra. We then use this result to demonstrate the insecurity of bit commitment protocols based on infinite quantum systems, and quantum systems with Abelian superselection rules.
Quantum information and computation
 arXiv:quantph/0512125. Forthcoming in Butterfield and Earman (eds.) Handbook of Philosophy of Physics
, 2005
"... This Chapter deals with theoretical developments in the subject of quantum information and quantum computation, and includes an overview of classical information and some relevant quantum mechanics. The discussion covers topics in quantum communication, quantum cryptography, and quantum computation, ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
This Chapter deals with theoretical developments in the subject of quantum information and quantum computation, and includes an overview of classical information and some relevant quantum mechanics. The discussion covers topics in quantum communication, quantum cryptography, and quantum computation, and concludes by considering whether a perspective in terms of quantum information
Multiparty Quantum Computation
 MASTER'S THESIS, MIT
, 2001
"... We investigate definitions of and protocols for multiparty quantum computing in the scenario where the secret data are quantum systems. We work in the quantum informationtheoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of veri ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We investigate definitions of and protocols for multiparty quantum computing in the scenario where the secret data are quantum systems. We work in the quantum informationtheoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of verifiable quantum secret sharing, we give a protocol which tolerates any t < n/4 cheating parties (out of n). This is shown to be optimal. We use this new tool to establish that any multiparty quantum computation can be securely performed as long as the number of dishonest players is less than n/6.
Stronger impossibility results for quantum string commitment
, 2007
"... String commitment schemes are similar to the well studied bit commitment schemes in cryptography with the difference that the committing party, say Alice is supposed to commit a long string instead of a single bit, to another party say Bob. Similar to bit commitment schemes, such schemes are suppose ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
String commitment schemes are similar to the well studied bit commitment schemes in cryptography with the difference that the committing party, say Alice is supposed to commit a long string instead of a single bit, to another party say Bob. Similar to bit commitment schemes, such schemes are supposed to be binding, i.e Alice cannot change her choice after committing and concealing i.e. Bob cannot find Alice’s committed string before Alice reveals it. Strong impossibility results are known for bit commitment schemes both in the classical and quantum settings, for example due to Mayer [13] and Lo and Chau [11, 12]. In fact for approximate quantum bit commitment schemes, tradeoffs between the degrees of cheating of Alice and Bob, referred to as bindingconcealing tradeoffs are known as well for example due to Spekkens and Terry [15]. Recently, Buhrman, Christandl, Hayden, Lo and Wehner [1] have shown similar bindingconcealing tradeoffs for quantum string commitment schemes (QSC), both in the scenario of single execution of the protocol and in the asymptotic regime of sufficiently large number of parallel executions of the protocol. We show stronger tradeoff in the scenario of single execution of a QSC protocol which also immediately imply the tradeoff shown by Buhrman et al. in the asymptotic regime of multiple parallel executions of a QSC protocol. We show our results by making a central use of an important information theoretic tool called the substate theorem due to Jain, Radhakrishnan and Sen [6]. Our techniques are quite different from that of [1] and may be of independent interest.
On the power of twoparty quantum cryptography
, 2009
"... We study quantum protocols among two distrustful parties. Under the sole assumption of correctness—guaranteeing that honest players obtain their correct outcomes—we show that every protocol implementing a nontrivial primitive necessarily leaks information to a dishonest player. This extends known i ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
We study quantum protocols among two distrustful parties. Under the sole assumption of correctness—guaranteeing that honest players obtain their correct outcomes—we show that every protocol implementing a nontrivial primitive necessarily leaks information to a dishonest player. This extends known impossibility results to all nontrivial primitives. We provide a framework for quantifying this leakage and argue that leakage is a good measure for the privacy provided to the players by a given protocol. Our framework also covers the case where the two players are helped by a trusted third party. We show that despite the help of a trusted third party, the players cannot amplify the cryptographic power of any primitive. All our results hold even against quantum honestbutcurious adversaries who honestly follow the protocol but purify their actions and apply a different measurement at the end of the protocol. As concrete examples, we establish lower bounds on the leakage of standard universal twoparty primitives such as oblivious transfer.