Results 1  10
of
177
Exponential separations for oneway quantum communication complexity, with applications to cryptography
 IN PROCEEDINGS OF 39TH ACM STOC
, 2007
"... We give an exponential separation between oneway quantum and classical communication protocols for a partial Boolean function (a variant of the Boolean Hidden Matching Problem of BarYossef et al.) Earlier such an exponential separation was known only for a relational problem. The communication pr ..."
Abstract

Cited by 58 (16 self)
 Add to MetaCart
We give an exponential separation between oneway quantum and classical communication protocols for a partial Boolean function (a variant of the Boolean Hidden Matching Problem of BarYossef et al.) Earlier such an exponential separation was known only for a relational problem. The communication problem corresponds to a strong extractor that fails against a small amount of quantum information about its random source. Our proof uses the Fourier coefficients inequality of Kahn, Kalai, and Linial. We also give a number of applications of this separation. In particular, we show that there are privacy amplification schemes that are secure against classical adversaries but not against quantum adversaries; and we give the first example of a keyexpansion scheme in the model of boundedstorage cryptography that is secure against classical memorybounded adversaries but not against quantum ones.
The operational meaning of min and maxentropy
 IEEE Transactions on Information Theory
"... Abstract—In this paper, we show that the conditional minentropy of a bipartite state is directly related to the maximum achievable overlap with a maximally entangled state if only local actions on the part of are allowed. In the special case where is classical, this overlap corresponds to t ..."
Abstract

Cited by 45 (9 self)
 Add to MetaCart
(Show Context)
Abstract—In this paper, we show that the conditional minentropy of a bipartite state is directly related to the maximum achievable overlap with a maximally entangled state if only local actions on the part of are allowed. In the special case where is classical, this overlap corresponds to the probability of guessing given. In a similar vein, we connect the conditional maxentropy to the maximum fidelity of with a product state that is completely mixed on . In the case where is classical, this corresponds to the security of when used as a secret key in the presence of an adversary holding . Because min and maxentropies are known to characterize informationprocessing tasks such as randomness extraction and state merging, our results establish a direct connection between these tasks and basic operational problems. For example, they imply that the (logarithm of the) probability of guessing given is a lower bound on the number of uniform secret bits that can be extracted from relative to an adversary holding . Index Terms—Entropy measures, maxentropy, minentropy, operational interpretations, quantum information theory, quantum hypothesis testing, singlet fraction, singleshot information theory. I.
A tight highorder entropic quantum uncertainty relation with applications
, 2007
"... We derive a new entropic quantum uncertainty relation involving minentropy. The relation is tight and can be applied in various quantumcryptographic settings. Protocols for quantum 1outof2 Oblivious Transfer and quantum Bit Commitment are presented and the uncertainty relation is used to prove ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
(Show Context)
We derive a new entropic quantum uncertainty relation involving minentropy. The relation is tight and can be applied in various quantumcryptographic settings. Protocols for quantum 1outof2 Oblivious Transfer and quantum Bit Commitment are presented and the uncertainty relation is used to prove the security of these protocols in the boundedquantumstorage model according to new strong security definitions. As another application, we consider the realistic setting of Quantum Key Distribution (QKD) against quantummemorybounded eavesdroppers. The uncertainty relation allows to prove the security of QKD protocols in this setting while tolerating considerably higher error rates compared to the standard model with unbounded adversaries. For instance, for the sixstate protocol with oneway communication, a bitflip error rate of up to 17 % can be tolerated (compared to 13 % in the standard model). Our uncertainty relation also yields a lower bound on the minentropy key uncertainty against knownplaintext attacks when quantum ciphers are composed. Previously, the key uncertainty of these ciphers was only known with respect to Shannon entropy.
Unconditional security from noisy quantum storage
, 2009
"... We consider the implementation of twoparty cryptographic primitives based on the sole assumption that no largescale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide sec ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
(Show Context)
We consider the implementation of twoparty cryptographic primitives based on the sole assumption that no largescale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide security even against the most general attack. Such unconditional results were previously only known in the socalled boundedstorage model which is a special case of our setting. Our protocols can be implemented with presentday hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties.
Composing quantum protocols in a classical environment
, 2009
"... We propose a general security definition for cryptographic quantum protocols that implement classical nonreactive twoparty tasks. The definition is expressed in terms of simple quantuminformationtheoretic conditions which must be satisfied by the protocol to be secure. The conditions are unique ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
We propose a general security definition for cryptographic quantum protocols that implement classical nonreactive twoparty tasks. The definition is expressed in terms of simple quantuminformationtheoretic conditions which must be satisfied by the protocol to be secure. The conditions are uniquely determined by the ideal functionality F defining the cryptographic task to be implemented. We then show the following composition result. If quantum protocols π1,...,πℓ securely implement ideal functionalities F1,...,Fℓ according to our security definition, then any purely classical twoparty protocol, which makes sequential calls to F1,...,Fℓ, is equally secure as the protocol obtained by replacing the calls to F1,...,Fℓ with the respective quantum protocols π1,...,πℓ. Hence, our approach yields the minimal security requirements which are strong enough for the typical use of quantum protocols as subroutines within larger classical schemes. Finally, we show that recently proposed quantum protocols for secure identification and oblivious transfer in the boundedquantumstorage model satisfy our security definition, and thus compose in the above sense.
Entropic uncertainty relations – A survey
, 2009
"... Uncertainty relations play a central role in quantum mechanics. Entropic uncertainty relations in particular have gained significant importance within quantum information, providing the foundation for the security of many quantum cryptographic protocols. Yet, rather little is known about entropic un ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
Uncertainty relations play a central role in quantum mechanics. Entropic uncertainty relations in particular have gained significant importance within quantum information, providing the foundation for the security of many quantum cryptographic protocols. Yet, rather little is known about entropic uncertainty relations with more than two measurement settings. In this note we review known results and open questions. The uncertainty principle is one of the fundamental ideas of quantum mechanics. Since Heisenberg’s uncertainty relations for canonically conjugate variables, they have been one of the most prominent examples of how quantum mechanics differs from the classical world (Heisenberg, 1927). Uncertainty relations today are probably best known in the form given by (Robertson, 1929), who extended Heisenberg’s result to two arbitrary observables A and B. Robertson’s relation states that if we prepare many copies of the state ψ〉, and measure each copy individually using either A or B, we have
The boundedstorage model in the presence of a quantum adversary
 IEEE Transactions on Information Theory
, 2008
"... Abstract—An extractor is a function that is used to extract randomness. Given an imperfect random sourceX and a uniform seedY, the output (X; Y) is close to uniform. We study properties of such functions in the presence of prior quantum information about X, with a particular focus on cryptographic a ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
(Show Context)
Abstract—An extractor is a function that is used to extract randomness. Given an imperfect random sourceX and a uniform seedY, the output (X; Y) is close to uniform. We study properties of such functions in the presence of prior quantum information about X, with a particular focus on cryptographic applications. We prove that certain extractors are suitable for key expansion in the boundedstorage model where the adversary has a limited amount of quantum memory. For extractors with onebit output we show that the extracted bit is essentially equally secure as in the case where the adversary has classical resources. We prove the security of certain constructions that output multiple bits in the boundedstorage model. Index Terms—Boundedstorage model, cryptography, extractors, locking, privacy amplification, quantum information theory, quantum key distribution, quantum memory, security proofs, universal composability. I.
Secure identification and QKD in the boundedquantumstorage model
 In Advances in Cryptology— CRYPTO ’07
, 2007
"... Abstract. We consider the problem of secure identification: user U proves to server S that he knows an agreed (possibly lowentropy) password w, while giving away as little information on w as possible, namely the adversary can exclude at most one possible password for each execution of the scheme. ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the problem of secure identification: user U proves to server S that he knows an agreed (possibly lowentropy) password w, while giving away as little information on w as possible, namely the adversary can exclude at most one possible password for each execution of the scheme. We propose a solution in the boundedquantumstorage model, where U and S may exchange qubits, and a dishonest party is assumed to have limited quantum memory. No other restriction is posed upon the adversary. An improved version of the proposed identification scheme is also secure against a maninthemiddle attack, but requires U and S to additionally share a highentropy key k. However, security is still guaranteed if one party loses k to the attacker but notices the loss. In both versions of the scheme, the honest participants need no quantum memory, and noise and imperfect quantum sources can be tolerated. The schemes compose sequentially, and w and k can securely be reused. A small modification to the identification scheme results in a quantumkeydistribution (QKD) scheme, secure in the boundedquantumstorage model, with the same reusability properties of the keys, and without assuming authenticated channels. This is in sharp contrast to known QKD schemes (with unbounded adversary) without authenticated channels, where authentication keys must be updated, and unsuccessful executions can cause the parties to run out of keys. 1
The apex of the family tree of protocols: Optimal rates and resource inequalities
 New Journal of Physics
"... Abstract. We establish bounds on the maximum entanglement gain and minimum quantum communication cost of the Fully Quantum SlepianWolf protocol in the oneshot regime, which is considered to be at the apex of the existing family tree in Quantum Information Theory. These quantities, which are expres ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We establish bounds on the maximum entanglement gain and minimum quantum communication cost of the Fully Quantum SlepianWolf protocol in the oneshot regime, which is considered to be at the apex of the existing family tree in Quantum Information Theory. These quantities, which are expressed in terms of smooth min and maxentropies, reduce to the known rates of quantum communication cost and entanglement gain in the asymptotic i.i.d. scenario. We also provide an explicit proof of the optimality of these asymptotic rates. We introduce a resource inequality for the oneshot FQSW protocol, which in conjunction with our results, yields achievable oneshot rates of its children protocols. In particular, it yields bounds on the oneshot quantum capacity of a noisy channel in terms of a single entropic quantity, unlike previously bounds. We also obtain an explicit expression for the achievable rate for oneshot state redistribution. ar X iv