1 / 18

Cryptography In the Bounded Quantum-Storage Model

Cryptography In the Bounded Quantum-Storage Model. Ivan Damgård, Louis Salvail, Christian Schaffner BRICS, University of Århus, DK Serge Fehr CWI, Amsterdam, NL. FOCS 2005 - Pittsburgh Tuesday, October 25 th 2005. Rabin Oblivious Transfer. b. b / ?. Bit Commitment. b. C b. b.

waneta
Download Presentation

Cryptography In the Bounded Quantum-Storage Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography In theBounded Quantum-Storage Model Ivan Damgård, Louis Salvail, Christian SchaffnerBRICS, University of Århus, DK Serge Fehr CWI, Amsterdam, NL FOCS 2005 - Pittsburgh Tuesday, October 25th 2005

  2. Rabin Oblivious Transfer b b / ? Bit Commitment b Cb b b in Cb? Classical 2-party primitives • private • oblivious OT BC • binding • hiding • OT ) BC • OT is complete for two-party cryptography

  3. Known Impossibility Results • In the classical unconditionally secure model without further assumptions OT • In the unconditionally secure model with quantum communication [Mayers97, Lo-Chau97] BC

  4. ()  ()  Classical Bounded-Storage Model • random string which players try to store • a memory bound applies at a specified moment • protocol for OT [DHRS, TCC04]: memory size of honest players: k memory of dishonest players: <k2 • Tight bound [DM, EC04] • can be improved by allowing quantum communication OT BC

  5. Quantum Bounded-Storage Model • quantum memory bound applies at a specified moment. Besides that, players are unbounded (in time and space) • unconditional secure against adversaries with quantum memory of less then half of the transmitted qubits • honest players do not needquantum memory at all • honest players: 0 k dishonest players: <n/2 <k2 • ratio: 1 k OT  BC 

  6. Agenda • Quantum Bounded-Storage Model • Protocol for Oblivious Transfer • Protocol for Bit Commitment • Practicality Issues

  7. Quantum Mechanics (Toy Version) + basis £ basis Measurements: with prob. 1 yields 1 with prob. ½ yields 0 with prob. ½ yields 1

  8. memory bound: store < n/2 qubits Quantum Protocol for OT Bob Alice 0110… 0110… Example: honest players

  9. memory bound: store < n/2 qubits Quantum Protocol for OT II Bob Alice 0110… 0011…   honest players? private?

  10. memory bound: store < n/2 qubits Obliviousness against dishonest Bob? Bob Alice 0110… … 11…

  11. Proof of Obliviousness: Tools • Purification techniques like in the Shor-Preskill security proof of BB84 • Privacy Amplification against Quantum Adversaries [RK, TCC05] • new min-entropy based uncertainty relation: OT  For a n-qubit register A in state A, let P+ and P£ be the probabilities of measuring A in the +-basis respectively £-basis. Then it holds P+1 + P£1· 1 + negl(n).

  12. Agenda • Quantum Bounded Storage Model • Protocol for Oblivious Transfer • Protocol for Bit Commitment • Practicality Issues

  13. memory bound: store < n/2 qubits Quantum Protocol for Bit Commitment Verifier Committer BC

  14. Quantum Protocol for Bit Commitment II Verifier Committer memory bound: store < n/2 qubits • one round, non-interactive • commit by receiving! • unconditionally hiding • unconditionally binding as long as Memcommitter < n / 2 BC ) proof uses same tools as for OT !

  15. Agenda • Quantum Bounded Storage Model • Protocol for Oblivious Transfer • Protocol for Bit Commitment • Practicality Issues

  16. Practicality Issues With today’s technology, we • can transmit quantum bits encoded in photons • cannot store them for longer than a few milliseconds OT BC Problems: • imperfect sources (multi-pulse emissions) • transmission errors

  17. Practicality Issues II Our protocols can be modified to • resist attacks based onmulti-photon emissions • tolerate (quantum) noise OT  • Well within reach of current technology. • makes sense over short distances (in contrast to QKD) BC 

  18. Summary Protocols for OT and BC that are • efficient, non-interactive • unconditionally secure against adversaries with bounded quantum memory • practical: • honest players do not need quantum memory • fault-tolerant OT  BC  Thank you for your attention!

More Related