Adrian Kent

DOI: https://doi.org/10.1103/PhysRevA.68.012312

2003-06-12

Abstract:A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multi-party computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signalling constraints into account. The best that can be hoped for, in general, are quantum protocols computationally secure against quantum attack. I describe here a method for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin tossing protocol. No security proof is attempted, but I sketch reasons why these protocols might resist quantum computational attack.

Quantum Physics,Cryptography and Security

Armin Tavakoli

DOI: https://doi.org/10.1103/PhysRevLett.126.210503

2021-05-25

Abstract:A semi-device-independent framework for prepare-and-measure experiments is introduced in which an experimenter can tune the degree of distrust in the performance of the quantum devices. In this framework, a receiver operates an uncharacterised measurement device and a sender operates a preparation device that emits states with a bounded fidelity with respect to a set of target states. No assumption on Hilbert space dimension is required. The set of quantum correlations is investigated and bounded from both the interior and the exterior. Furthermore, the optimal performance of quantum state discrimination with bounded distrust is derived and applied to certification of detection efficiency. Quantum-over-classical advantages are demonstrated and the magnitude of distrust compatible with such advantages is explored. Finally, efficient schemes for semi-device-independent random number generation are developed.

Quantum Physics

Rotem Arnon-Friedman,Renato Renner,Thomas Vidick

DOI: https://doi.org/10.1137/18M1174726

2019-03-27

Abstract:Device-independent security is the gold standard for quantum cryptography: not only is security based entirely on the laws of quantum mechanics, but it holds irrespective of any a priori assumptions on the quantum devices used in a protocol, making it particularly applicable in a quantum-wary environment. While the existence of device-independent protocols for tasks such as randomness expansion and quantum key distribution has recently been established, the underlying proofs of security remain very challenging, yield rather poor key rates, and demand very high-quality quantum devices, thus making them all but impossible to implement in practice. We introduce a technique for the analysis of device-independent cryptographic protocols. We provide a flexible protocol and give a security proof that provides quantitative bounds that are asymptotically tight, even in the presence of general quantum adversaries. At a high level our approach amounts to establishing a reduction to the scenario in which the untrusted device operates in an identical and independent way in each round of the protocol. This is achieved by leveraging the sequential nature of the protocol, and makes use of a newly developed tool, the "entropy accumulation theorem" of Dupuis et al. As concrete applications we give simple and modular security proofs for device-independent quantum key distribution and randomness expansion protocols based on the CHSH inequality. For both tasks we establish essentially optimal asymptotic key rates and noise tolerance. In view of recent experimental progress, which has culminated in loophole-free Bell tests, it is likely that these protocols can be practically implemented in the near future.

Quantum Physics,Cryptography and Security

Ilya Merkulov,Rotem Arnon-Friedman

2023-07-02

Abstract:In device-independent (DI) quantum protocols, the security statements are oblivious to the characterization of the quantum apparatus - they are based solely on the classical interaction with the quantum devices as well as some well-defined assumptions. The most commonly known setup is the so-called non-local one, in which two devices that cannot communicate between themselves present a violation of a Bell inequality. In recent years, a new variant of DI protocols, that requires only a single device, arose. In this novel research avenue, the no-communication assumption is replaced with a computational assumption, namely, that the device cannot solve certain post-quantum cryptographic tasks. The protocols for, e.g., randomness certification, in this setting that have been analyzed in the literature used ad hoc proof techniques and the strength of the achieved results is hard to judge and compare due to their complexity. Here, we build on ideas coming from the study of non-local DI protocols and develop a modular proof technique for the single-device computational setting. We present a flexible framework for proving the security of such protocols by utilizing a combination of tools from quantum information theory, such as the entropic uncertainty relation and the entropy accumulation theorem. This leads to an insightful and simple proof of security, as well as to explicit quantitative bounds. Our work acts as the basis for the analysis of future protocols for DI randomness generation, expansion, amplification and key distribution based on post-quantum cryptographic assumptions.

Quantum Physics,Cryptography and Security

Jyotirmoy Basak,Kaushik Chakraborty

DOI: https://doi.org/10.3934/amc.2024009

2024-03-19

Advances in Mathematics of Communications

Abstract:Quantum Private Query (QPQ) is an unconditional secure mistrustful cryptographic primitive which is assumed to be a probabilistic version of the Oblivious Transfer (OT) schemes or an imperfect version of Symmetric Private Information Retrieval (SPIR) schemes. Recently, Maitra et al. (Phys. Rev. A, 2017) identified that the B92 QKD-based QPQ scheme proposed by Yang et al. (Quant. Inf. Process., 2014) is vulnerable whenever the devices involved in that scheme are dubious and to improve the overall security, they suggested a semi-Device Independent (DI) proposal for that QPQ scheme by introducing a local test at the server's end. In this work, we overcome the limitation of the Maitra et al. proposal by removing trustworthiness from all the (involved) devices, and suggest a full DI proposal for the Yang et al. scheme, exploiting a proper self-testing mechanism of observables along with the local version of the tilted CHSH game. We compare the performance of our proposal with a recent full DI-QPQ scheme (arxiv 1901.03042) and discuss their relative advantages. Additionally, we present a DI proposal for a modified version of the Yang et al. scheme, enabling the client to retrieve maximum raw key bits during the oblivious key generation phase. We evaluate the security of all our proposals with a formal analysis.

computer science, theory & methods,mathematics, applied

Xingjian Zhang,Pei Zeng,Tian Ye,Hoi-Kwong Lo,Xiongfeng Ma

DOI: https://doi.org/10.1103/physrevlett.131.140801

IF: 8.6

2023-01-01

Physical Review Letters

Abstract:Complementarity is an essential feature of quantum mechanics. The preparation of an eigenstate of one observable implies complete randomness in its complementary observable. In quantum cryptography, complementarity allows us to formulate security analyses in terms of phase-error correction. However, the concept becomes much subtler in the device-independent regime that offers security without device characterization. Security proofs of device-independent quantum cryptography tasks are often complex and quite different from those of their more standard device-dependent cousins. The existing proofs pose huge challenges to experiments, among which large data-size requirement is a crux. Here, we show the complementarity security origin of the device-independent tasks. By linking complementarity with quantum nonlocality, we recast the device-independent scheme into a quantum error correction protocol. Going beyond the identical-and-independent-distribution case, we consider the most general attack. We generalize the sample entropy in classical Shannon theory for the finite-size analysis. Our method exhibits good finite-size performance and brings the device-independent scheme to a more practical regime. Applying it to the data in a recent ion-trap-based device-independent quantum key distribution experiment, one could reduce the requirement on data size to less than a third. Furthermore, the operational meaning of complementarity naturally extends device-independent scenarios to advantage key distillation, easing experiments by tolerating higher loss and lower transmittance.

Simon Neves,Verena Yacoub,Ulysse Chabaud,Mathieu Bozzio,Iordanis Kerenidis,Eleni Diamanti

DOI: https://doi.org/10.1038/s41467-023-37566-x

2022-11-07

Abstract:As in modern communication networks, the security of quantum networks will rely on complex cryptographic tasks that are based on a handful of fundamental primitives. Weak coin flipping (WCF) is a significant such primitive which allows two mistrustful parties to agree on a random bit while they favor opposite outcomes. Remarkably, perfect information-theoretic security can be achieved in principle for quantum WCF. Here, we overcome conceptual and practical issues that have prevented the experimental demonstration of this primitive to date, and demonstrate how quantum resources can provide cheat sensitivity, whereby each party can detect a cheating opponent, and an honest party is never sanctioned. Such a property is not known to be classically achievable with information-theoretic security. Our experiment implements a refined, loss-tolerant version of a recently proposed theoretical protocol and exploits heralded single photons generated by spontaneous parametric down conversion, a carefully optimized linear optical interferometer including beam splitters with variable reflectivities and a fast optical switch for the verification step. High values of our protocol benchmarks are maintained for attenuation corresponding to several kilometers of telecom optical fiber.

Quantum Physics

Jyotirmoy Basak,Kaushik Chakraborty,Arpita Maitra,Subhamoy Maitra

DOI: https://doi.org/10.1088/1751-8121/ad2430

2024-02-01

Journal of Physics A Mathematical and Theoretical

Abstract:In this paper, we present a novel Quantum Private Query (QPQ) scheme that is fully Device-Independent (DI). As far as we know, this is the first QPQ scheme that uses EPR pairs and offers full device independence. Our approach takes into account the self-testing of shared EPR pairs and the self-testing of projective measurement operators in a mistrustful scenario where neither the client nor the server trusts each other. To achieve full device independence, we also exploit self-testing of a specific class of POVM operators used by the client in our scheme. Additionally, we evaluate the performance of our proposal formally and derive an upper limit of the maximum cheating probabilities (when the protocol doesn't terminate) for both the dishonest client and the dishonest server.

physics, multidisciplinary, mathematical

Shubhayan Sarkar

DOI: https://doi.org/10.1103/PhysRevA.108.L040401

2023-10-26

Abstract:Quantum steering is an asymmetric form of quantum nonlocality where one can trust the measurements of one of the parties. In this work, inspired by practical considerations we investigate the scenario if one can not fully trust their measurement devices but only up to some precision. We first find the effect of such an imprecision on standard device-dependent quantum tomography. We then utilise this result to compute the variation in the local bound of any general steering inequality depending on the amount of trust one puts in one of the party's measurement devices. This is particularly important as we show that even a small distrust on Alice might cause the parties to observe steerability even if the quantum state is unsteerable. Furthermore, this effect becomes more relevant when observing higher dimensional quantum steering.

Quantum Physics

Rishabh Batra,Sayantan Chakraborty,Rahul Jain,Upendra Kapshikar

2024-04-17

Abstract:We present robust and composable device-independent quantum protocols for oblivious transfer (OT) and bit commitment (BC) using Magic Square devices. We assume there is no long-term quantum memory, that is, after a finite time interval, referred to as \textbf{DELAY}, the states stored in the devices decohere. By robustness, which is a highlight of our protocols, we mean that the protocols are correct and secure even when devices are slightly off from their ideal specifications (the \emph{faulty but non-malicious} regime). This is an important property, since in the real world, devices would certainly have small manufacturing errors and cannot be expected to be ideal. To the best of our understanding and knowledge, none of the known DI protocols for OT and BC in the literature are robust; they can not guarantee correctness in the faulty but non-malicious regime. Our protocols are sequentially composable and hence, can be used as building blocks to construct larger protocols, while still preserving security guarantees.

Quantum Physics

Emily Adlam,Adrian Kent

DOI: https://doi.org/10.1103/PhysRevA.92.022315

2015-04-04

Abstract:We examine the possibility of device-independent relativistic quantum bit commitment. We note the potential threat of {\it location attacks}, in which the behaviour of untrusted devices used in relativistic quantum cryptography depends on their space-time location. We describe relativistic quantum bit commitment schemes that are immune to these attacks, and show that these schemes offer device-independent security against hypothetical post-quantum adversaries subject only to the no-signalling principle. We compare a relativistic classical bit commitment scheme with similar features, and note some possible advantages of the quantum schemes.

Quantum Physics,Cryptography and Security

Dorit Aharonov,Amnon Ta-Shma,Umesh Vazirani,Andrew Yao

DOI: https://doi.org/10.1145/335305.335404

2000-01-01

Abstract:Unconditionally secure bit commitment and coin flipping are known to be impossible in the classical world. Bit commitment is known to be impossible also in the quantum world. We introduce a related new primitive - {\em quantum bit escrow}. In this primitive Alice commits to a bit $b$ to Bob. The commitment is {\em binding} in the sense that if Alice is asked to reveal the bit, Alice can not bias her commitment without having a good probability of being detected cheating. The commitment is {\em sealing} in the sense that if Bob learns information about the encoded bit, then if later on he is asked to prove he was playing honestly, he is detected cheating with a good probability. Rigorously proving the correctness of quantum cryptographic protocols has proved to be a difficult task. We develop techniques to prove quantitative statements about the binding and sealing properties of the quantum bit escrow protocol. A related primitive we construct is a quantum biased coin flipping protocol where no player can control the game, i.e., even an all-powerful cheating player must lose with some constant probability, which stands in sharp contrast to the classical world where such protocols are impossible.

Jamie Sikora

DOI: https://doi.org/10.48550/arXiv.1605.08156

2018-08-28

Abstract:Die-rolling is the cryptographic task where two mistrustful, remote parties wish to generate a random $D$-sided die-roll over a communication channel. Optimal quantum protocols for this task have been given by Aharon and Silman (New Journal of Physics, 2010) but are based on optimal weak coin-flipping protocols which are currently very complicated and not very well understood. In this paper, we first present very simple classical protocols for die-rolling which have decent (and sometimes optimal) security which is in stark contrast to coin-flipping, bit-commitment, oblivious transfer, and many other two-party cryptographic primitives. We also present quantum protocols based on integer-commitment, a generalization of bit-commitment, where one wishes to commit to an integer. We analyze these protocols using semidefinite programming and finally give protocols which are very close to Kitaev's lower bound for any $D \geq 3$. Lastly, we briefly discuss an application of this work to the quantum state discrimination problem.

Quantum Physics,Optimization and Control

Dominic Mayers,Andrew Yao

DOI: https://doi.org/10.1109/SFCS.1998.743501

1998-01-01

Abstract:Quantum key distribution, first proposed by C.H. Bennett and G. Brassard (1984), provides a possible key distribution scheme whose security depends only on the quantum laws of physics. So far the protocol has been proved secure even under channel noise and detector faults of the receiver but is vulnerable if the photon source used is imperfect. In this paper we propose and give a concrete design for a new concept, self-checking source, which requires the manufacturer of the photon source to provide certain tests; these tests are designed such that, if passed, the source is guaranteed to be adequate for the security of the quantum key distribution protocol, even though the testing devices may not be built to the original specification. The main mathematical result is a structural theorem which states that, for any state in a Hilbert space, if certain EPR-type equations are satisfied, the state must be essentially the orthogonal sum of EPR pairs

Jędrzej Kaniewski

DOI: https://doi.org/10.48550/arXiv.1512.00602

2015-12-02

Abstract:In this thesis we explore the benefits of relativistic constraints for cryptography. We first revisit non-communicating models and its applications in the context of interactive proofs and cryptography. We propose bit commitment protocols whose security hinges on communication constraints and investigate its limitations. We explain how some non-communicating models can be justified by special relativity and study the limitations of such models. In particular, we present a framework for analysing security of multiround relativistic protocols. The second part of the thesis is dedicated to analysing specific protocols. We start by considering a recently proposed two-round quantum bit commitment protocol. We propose a fault-tolerant variant of the protocol, present a complete security analysis and report on an experimental implementation performed in collaboration with an experimental group at the University of Geneva. We also propose a new, multiround classical bit commitment protocol and prove its security against classical adversaries. This demonstrates that in the classical world an arbitrarily long commitment can be achieved even if the agents are restricted to occupy a finite region of space. Moreover, the protocol is easy to implement and we report on an experiment performed in collaboration with the Geneva group.

Quantum Physics

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Guang Ping He

DOI: https://doi.org/10.1016/j.rinp.2023.106398

2023-07-23

Abstract:Quantum coin flipping (QCF) is an essential primitive for quantum cryptography. Unconditionally secure strong QCF with an arbitrarily small bias was widely believed to be impossible. But basing on a problem which cannot be solved without quantum algorithm, here we propose such a QCF protocol, and show how it manages to evade all existing no-go proofs on QCF.

Quantum Physics

Frédéric Dupuis,Philippe Lamontagne,Louis Salvail

2024-02-21

Abstract:We explore the cryptographic power of arbitrary shared physical resources. The most general such resource is access to a fresh entangled quantum state at the outset of each protocol execution. We call this the Common Reference Quantum State (CRQS) model, in analogy to the well-known Common Reference String (CRS). The CRQS model is a natural generalization of the CRS model but appears to be more powerful: in the two-party setting, a CRQS can sometimes exhibit properties associated with a Random Oracle queried once by measuring a maximally entangled state in one of many mutually unbiased bases. We formalize this notion as a Weak One-Time Random Oracle (WOTRO), where we only ask of the $m$-bit output to have some randomness when conditioned on the $n$-bit input. We show that when $n-m\in\omega(\lg n)$, any protocol for WOTRO in the CRQS model can be attacked by an (inefficient) adversary. Moreover, our adversary is efficiently simulatable, which rules out the possibility of proving the computational security of a scheme by a fully black-box reduction to a cryptographic game assumption. On the other hand, we introduce a non-game quantum assumption for hash functions that implies WOTRO in the CRQS model (where the CRQS consists only of EPR pairs). We first build a statistically secure WOTRO protocol where $m=n$, then hash the output. The impossibility of WOTRO has the following consequences. First, we show the fully-black-box impossibility of a quantum Fiat-Shamir transform, extending the impossibility result of Bitansky et al. (TCC 2013) to the CRQS model. Second, we show a fully-black-box impossibility result for a strenghtened version of quantum lightning (Zhandry, Eurocrypt 2019) where quantum bolts have an additional parameter that cannot be changed without generating new bolts. Our results also apply to $2$-message protocols in the plain model.

Quantum Physics,Cryptography and Security

Ricardo Faleiro,Manuel Goulão

DOI: https://doi.org/10.1103/PhysRevA.103.022430

2021-03-02

Abstract:In the spirit of device-independent cryptography, we present a two-party quantum authorization primitive with non-locality as its fueling resource. Therein, users are attributed authorization levels granting them access to a private database accordingly. The authorization levels are encoded in the non-local resources distributed to the users, and subsequently confirmed by their ability to win CHSH games using such resources. We formalize the protocol, prove its security, and frame it in the device-independent setting employing the notion of CHSH self-testing via simulation. Finally, we provide a proof-of-concept implementation using the Qiskit open-source framework.

Quantum Physics

Christian Schaffner

DOI: https://doi.org/10.48550/arXiv.0709.0289

2007-09-04

Abstract:This thesis initiates the study of cryptographic protocols in the bounded-quantum-storage model. On the practical side, simple protocols for Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are presented. No quantum memory is required for honest players, whereas the protocols can only be broken by an adversary controlling a large amount of quantum memory. The protocols are efficient, non-interactive and can be implemented with today's technology. On the theoretical side, new entropic uncertainty relations involving min-entropy are established and used to prove the security of protocols according to new strong security definitions. For instance, in the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers, the uncertainty relation allows to prove the security of QKD protocols while tolerating considerably higher error rates compared to the standard model with unbounded adversaries.

Quantum Physics,Cryptography and Security