### Citations

338 | Expander codes
- Sipser, Spielman
- 1996
(Show Context)
Citation Context ...W| codewords and minimal distance d. Families of codes as required for our subsequent results, correcting a constant fraction of errors efficiently and with constant information rate are indeed known =-=[SS96]-=-. And finally, let F and G denote suitable families of (strongly) two-universal hashfunctions, as specified in Definition 3.3, with range F : {0, 1}n → {0, 1}` and G :W → {0, 1}`, respectively. Again ... |

228 | Simple proof of security of the BB84 quantum key distribution protocol - Shor, Preskill - 2000 |

223 |
A single quantum cannot be cloned
- Wootters, Zurek
- 1982
(Show Context)
Citation Context ... all our quantum two-party protocols, discussed later in Part II. An unknown quantum state cannot be copied. This fact—unheard of in the case of classical data—is formalized in the no-cloning theorem =-=[WZ82]-=-. The peculiar property constitutes another major security feature in quantum communications and underlies all our quantum protocols in Part II. However, it also sets severe restriction in the theory ... |

168 |
Conjugate coding
- Wiesner
- 1983
(Show Context)
Citation Context ...red in the age of the Internet and the proliferation of electronic communication systems. New potential in cryptography emerged with quantum cryptography, starting with Wiesner’s groundbreaking paper =-=[Wie83]-=-1, suggesting that “quantum mechanics allows us novel forms of coding without analogue [in classical physics]” (p. 78). His approach of conjugate coding did not only lay the foundations of the new cry... |

113 | Cipher Printing Telegraph Systems for Secret Wire and Radio Telegraphic - Vernam - 1926 |

54 | Zero-knowledge against quantum attacks.
- Watrous
- 2009
(Show Context)
Citation Context ...curity proof for the quantum case was known. However, Watrous recently showed that in a limited setting an efficient quantum simulation, relying on the newly introduced quantum rewinding theorem (see =-=[Wat09]-=- and Section 3.5.2), is possible. We will discuss this aspect in more detail in Chapters 8 and 9: We will show that the quantum rewinding argument can also be applied to classical non-constant round c... |

51 | Security of Quantum Protocols Against Coherent Measurements,”
- Yao
- 1995
(Show Context)
Citation Context ...oach is sketched as a “conceptually easy fix” [BBCS91, p. 14] in a situation where a dishonest Bob has large quantum storage. Various partial results for OT in that context followed. For instance, in =-=[Yao95]-=- such a construction is proven secure against any receiver in the case of noiseless communication. To make the proof work, however, an ideal black-box commitment scheme is assumed. This approach was t... |

39 | Limits on the power of quantum statistical zero-knowledge.
- Watrous
- 2002
(Show Context)
Citation Context ...shared entanglement is necessary for non-interactive quantum zero-knowledge. Interactive quantum zeroknowledge protocols in restricted settings were proposed by Watrous in the honest-verifier setting =-=[Wat02]-=- and by Damg̊ard et al. in the CRS-model [DFS04], where the latter introduced the first Σ-protocols for QZK withstanding even active quantum attacks. In [Wat09], Watrous then proved that several inter... |

28 | Oblivious-transfer amplification - Wullschleger - 2007 |

15 |
Cryptography from noisy storage
- Wehner, Scha↵ner, et al.
(Show Context)
Citation Context ...y. To mention just a few, such models consider limited computing power, limited memory size [Mau92,DFSS05], a common resource with special properties (e.g. initially shared randomness), noisy storage =-=[WST08]-=- or restricted quantum measurement (e.g. a limited set of measurements [KMP04] or a limited set of qubits to be measured at the same time [Sal98]). Computational Security. Restricting the adversarial ... |

14 | Universally composable quantum multi-party computation.
- Unruh
- 2010
(Show Context)
Citation Context ...underlying commitment scheme such that the committed bit can still be extracted by a simulator B̂′, decrypting both commitments C0, C1 to determine, which contains a valid reply in the Σ-protocol. In =-=[Unr10]-=- a special case of our generic construction, namely the quantum oblivious transfer protocol of Section 6.1 is related to the quantum-UC context. It is shown that the protocol statistically quantum-UC-... |

10 | Composable security in the boundedquantum-storage model
- Wehner, Wullschleger
- 2008
(Show Context)
Citation Context ...orks for the quantum setting have been proposed, for instance, sequential composability in a classical environment [FS09], sequential composability in a quantum environment but restricted to the BQSM =-=[WW08]-=-, or attempts of generalizing the universal classical composability framework (UC in [Can01]) to universal quantum composability [BM04,Unr04,Unr10]. Here, we will briefly investigate our protocols in ... |

6 | Cryptography in a quantum world - Wehner - 2008 |

2 | Simulatable security for quantum protocols. Available at arxiv:quant-ph/0409125 - Unruh - 2004 |