Presentation is loading. Please wait.

Presentation is loading. Please wait.

Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang.

Published byCoral Hart Modified over 9 years ago

Similar presentations

Presentation on theme: "Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang."— Presentation transcript:

1 Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang Song (Penn. State U.) Vassilis Zikas (U. Maryland)

2 How would classical cryptography change in a quantum world?

3 Take advantage of quantum to break protocols o Factoring and Discrete Logarithm-based protocols are no longer secure [Shor94] Use quantum to build protocols o Quantum Key Distribution (QKD)[BB84] Use classical authenticated channel to build statistically secure channel Impossible in the classical setting How would quantum change classical crypto?

4 Secure Multi-Party Computation over the Internet o Allow mutually distrustful parties to carry out a crypto task over the Internet o E.g., coin-tossing, jointly evaluating a function, playing online poker, commitment, oblivious transfer,…. o Security model: Universal Composition (UC) framework [Canetti01, Unruh10] Computational vs Information Theoretical o A notable distinction: [BBCS91] Using quantum, Oblivious Transfer(OT) can be implemented from Commitment (COM) Universally Composable, Statistical Security [DFLSS09,Unruh10] Impossible in the classical setting How would quantum change classical crypto? Question: are there more distinctions that quantum brings about?

5 Secure Multi-Party Computation over the Internet o OT is complete [Kilian88] in the sense that it can be used to implement other crypto tasks. o Analogous to Computational Complexity, crypto tasks have different strength: Complete vs Feasible o The classical landscape is well studied [MPR10,MPR09,KMQ11] How would quantum change classical crypto? Feasible Complete P NP Complete Question: How would the landscape differ in the quantum setting?

6 Our Contribution Identify another distinction: OT from Cut-and- Choose (CC) Application: systematical characterization of a set of tasks in quantum UC Feasible Complete Computational Setting Information Theoretical Setting Feasible Complete

7 Derive the quantum landscape

8 How useful is F as a trusted setup? assuming basic secure communication is given Feasible Intermediate Complete in the classical setting Possible “levels of power” for F Feasible/Useless/Trivial : access to F is equivalent to no trusted setup (e.g., secure channel) Intermediate: some level of power between the two extremes Complete : all tasks have UC-secure protocols in presence of F (e.g., OT)

9 How useful is F as a trusted setup? Adversaries with quantum power o Some feasible F becomes infeasible o Some complete F becomes not complete Feasible Intermediate Complete Feasible Intermediate Complete in the quantum setting Honest Players with quantum power o Some infeasible (including complete) F becomes feasible o Some incomplete (including feasible) F becomes complete

10 2-party, finite, deterministic tasks We next show how to draw the `cryptographic complexity’ landscape in the quantum setting o for an interesting class of tasks: 2-party finite deterministic task including OT, COM, CC,…. SFE f Input(x 1 ) Input(x 2 ) Output(f 2 (x 1,x 2 ) ) Output(f 1 (x 1,x 2 ) ) Reactiv e 2PC Reactiv e 2PC Input(x’ 1 ) Input(x’ 2 ) Output(y’ 2 ) Output(y’ 1 ) Input(x 1 ) Input(x 2 ) Output(y 2 ) Output(y 1 ) Input(x’’ 1 ) Input(x’’ 2 ) Output(y’’ 2 ) Output(y’’ 1 ) input/output domains are in poly-size

11 How useful is F as a trusted setup? in the classical setting Feasible COM CC XOR OT Information Theoretical Setting [MPR09, KMQ11/08] Feasible COM OT CC XOR Computational Setting [MPR10]

12 Feasible COM OT CC XOR What about quantum setting? Quantum landscape [This work] Feasible COM OT CC XOR Classical landscape [MPR10] [Unruh10, IPS08] [HSS11, CLOS02] + suitable computational assumption Computational Setting Rewinding used in the security proof

13 Feasible COM OT CC XOR What about quantum setting? Quantum landscape [This work] Feasible COM OT CC XOR Classical landscape [MPR10] [Unruh10, IPS08] [HSS11, CLOS02] + suitable computational assumption Computational Setting This work Rewinding used in the security proof

14 Feasible COM OT CC XOR What about quantum setting? Quantum landscape [This work] Feasible COM OT CC XOR Classical landscape [MPR10] [Unruh10, IPS08] [HSS11, CLOS02] + suitable computational assumption Computational Setting This work Rewinding used in the security proof Warning: it might be the case that all tasks in the set is feasible.

15 Feasible COM CC XOR OT Feasible COM CC XOR OT Classical landscape [MPR09, KMQ11/08] What about quantum setting? Quantum landscape [This work] [Unruh10, IPS08] [Unruh10,BBCS91] Information Theoretical Setting This work

16 Feasible COM OT CC XOR What about quantum setting? Computational Setting Feasible COM CC XOR OT Information Theoretical Setting

17 Design OT from CC

18 Main Result: CC  OT OT Input(b 0, b 1 ) Input(s) Output(b s ) Output( ) CC Input(x 1 ) Input(x 2 ) Output(x 1 ) Output(x 1  x 2 ) Theorem: There is a quantum protocol UC securely realizing OT in the CC-hybrid world against all statistical quantum adversaries. COM Commit( ) Commit(x) Open( )Open(x)

19 OT from COM [BBCS91] I 0, I 1 COM i C All i in [ n ] All i in C b 0, b 1 s bsbs

20 OT from CC I 0, I 1 All i in [ n ] b 0, b 1 s bsbs CC i Abort if

21 Security Definition Universal Composition (UC) framework [Canetti01] (cf. DM00, PW01,…) Z Z π π π π A A Protocol π UC securely realize task F if: for every real world A there is an ideal world S two worlds are indistinguishable to all environment Z Real world F F Z Z Ideal world ≈ S S

22 Quantum UC Quantum UC [Unruh10] (cf. Unruh04,BOM04, HSS11) Protocol π UC securely realize task F if: for every real world A there is an ideal world S two worlds are indistinguishable to all environment Z QUC We only consider classical F F F Z Z Ideal world Z Z π π π π A A Real world ≈ S S

23 OT from CC I 0, I 1 All i in [ n ] b 0, b 1 s bsbs CC i Abort if Design simulator: Extracting (b 0,b 1 ) when Alice is corrupted Extracting s when Bob is corrupted Statistically close communication transcript

24 OT from CC I 0, I 1 All i in [ n ] b 0, b 1 s bsbs CC i Abort if

25 OT Z Z Ideal world I 0, I 1 All i in [ n ] bsbs CCiCCi CCiCCi Abort if (b0,b1)(b0,b1) s bsbs S

26 OT from CC I 0, I 1 All i in [ n ] b 0, b 1 s bsbs CC i Abort if

27 OT Z Z Ideal world (b0,b1)(b0,b1) s bsbs I 0, I 1 CCiCCi CCiCCi All i in [ n ] S

28 Summary and Open questions Feasible COM OT CC XOR Computational Setting Feasible COM CC XOR OT Information Theoretical Setting Main Result: CC  OT Open questions:  Much larger set: randomized tasks, infinite tasks, multi-party….  Quantum tasks

Download ppt "Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang."

Similar presentations

Dov Gordon & Jonathan Katz University of Maryland.

Dov Gordon & Jonathan Katz University of Maryland.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)

BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),
Survey: Secure Composition of Multiparty Protocols Yehuda Lindell Bar-Ilan University.

Survey: Secure Composition of Multiparty Protocols Yehuda Lindell Bar-Ilan University.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign.

On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)

On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Similar presentations

Ads by Google