Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography In the Bounded Quantum-Storage Model

Published byLouisa Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography In the Bounded Quantum-Storage Model"— Presentation transcript:

1 Cryptography In the Bounded Quantum-Storage Model
Ivan Damgård, Louis Salvail, Christian Schaffner BRICS, University of Århus, DK Serge Fehr CWI, Amsterdam, NL FOCS Pittsburgh Tuesday, October 25th 2005

2 Classical 2-party primitives
Rabin Oblivious Transfer b b / ? private oblivious OT Bit Commitment b Cb b in Cb? BC binding hiding OT ) BC OT is complete for two-party cryptography

3 Known Impossibility Results
In the classical unconditionally secure model without further assumptions OT In the unconditionally secure model with quantum communication [Mayers97, Lo-Chau97] BC

4 Classical Bounded-Storage Model
random string which players try to store a memory bound applies at a specified moment protocol for OT [DHRS, TCC04]: memory size of honest players: k memory of dishonest players: <k2 Tight bound [DM, EC04] can be improved by allowing quantum communication OT () BC

5 Quantum Bounded-Storage Model
quantum memory bound applies at a specified moment. Besides that, players are unbounded (in time and space) unconditional secure against adversaries with quantum memory of less then half of the transmitted qubits honest players do not need quantum memory at all honest players: 0 k dishonest players: <n/2 <k2 ratio: 1 k OT BC

6 Agenda Quantum Bounded-Storage Model Protocol for Oblivious Transfer Protocol for Bit Commitment Practicality Issues

7 Quantum Mechanics (Toy Version)
+ basis £ basis Measurements: with prob. 1 yields 1 with prob. ½ yields 0 with prob. ½ yields 1

8 Quantum Protocol for OT
Alice Bob 0110… 0110… memory bound: store < n/2 qubits h is two-universal and BINARY, maps to one bit Example: honest players

9 Quantum Protocol for OT II
Alice Bob 0110… 0011… memory bound: store < n/2 qubits honest players? private?

10 Obliviousness against dishonest Bob?
Alice Bob 0110… 11… memory bound: store < n/2 qubits

11 Proof of Obliviousness: Tools
Purification techniques like in the Shor-Preskill security proof of BB84 Privacy Amplification against Quantum Adversaries [RK, TCC05] new min-entropy based uncertainty relation: OT For a n-qubit register A in state A, let P+ and P£ be the probabilities of measuring A in the +-basis respectively £-basis. Then it holds P+1 + P£1 · 1 + negl(n).

12 Agenda Quantum Bounded Storage Model Protocol for Oblivious Transfer Protocol for Bit Commitment Practicality Issues

13 Quantum Protocol for Bit Commitment
Verifier Committer BC memory bound: store < n/2 qubits

14 Quantum Protocol for Bit Commitment II
Verifier Committer memory bound: store < n/2 qubits one round, non-interactive commit by receiving! unconditionally hiding unconditionally binding as long as Memcommitter < n / 2 BC ) proof uses same tools as for OT !

15 Agenda Quantum Bounded Storage Model Protocol for Oblivious Transfer Protocol for Bit Commitment Practicality Issues

16 OT BC Practicality Issues With today’s technology, we
can transmit quantum bits encoded in photons cannot store them for longer than a few milliseconds OT BC Problems: imperfect sources (multi-pulse emissions) transmission errors

17 Practicality Issues II
Our protocols can be modified to resist attacks based on multi-photon emissions tolerate (quantum) noise OT BC Well within reach of current technology. makes sense over short distances (in contrast to QKD)

18 Thank you for your attention!
Summary Protocols for OT and BC that are efficient, non-interactive unconditionally secure against adversaries with bounded quantum memory practical: honest players do not need quantum memory fault-tolerant OT BC Thank you for your attention!

19 Binding Property: Proof Idea
Verifier Committer BC memory bound: store < n/2 qubits

20 Open Problems and Next Steps
Other flavors of OT: e.g. 1-out-of-2 Oblivious Transfer, String-OT, … Better memory bounds Composability? What happens to the memory bound? Better uncertainty relations for more MUB OT BC

21 Quantum 1-2-OT Alice Bob memory bound: store < 0.4n qubits
h is two-universal and BINARY, maps to one bit

22 Three Ways Out Bound computing power (schemes based on complexity assumptions) Noisy communication [e.g. CrépeauMorozovWolf04] Physical limitations OT Physical limitations e.g. bounded memory size BC

23 Quantum Mechanics II + basis £ basis EPR pairs: prob. ½ : 0
prob. ½ : 0 prob. ½ : 1 prob. 1 : 0

24 Agenda Quantum Bounded-Storage Model Protocol for Oblivious Transfer Protocol for Bit Commitment Practicality Issues

Download ppt "Cryptography In the Bounded Quantum-Storage Model"

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Quantum Cryptography Post Tenebras Lux!

Quantum Cryptography Post Tenebras Lux!
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (ETH Zürich,

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (ETH Zürich,
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,

Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Oblivious Transfer and Bit Commitment from Noisy Channels Ivan Damgård BRICS, Århus University.

Oblivious Transfer and Bit Commitment from Noisy Channels Ivan Damgård BRICS, Århus University.
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.

Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.
Oblivious Transfer and Linear Functions Ivan Damgård, Louis Salvail, Christian Schaffner (BRICS, University of Aarhus, Denmark) Serge Fehr (CWI Amsterdam,

Oblivious Transfer and Linear Functions Ivan Damgård, Louis Salvail, Christian Schaffner (BRICS, University of Aarhus, Denmark) Serge Fehr (CWI Amsterdam,

Similar presentations

Ads by Google