Implementation of two-party protocols in the noisy-storage model

Wehner, Stephanie; Curty, Marcos; Schaffner, Christian; Lo, Hoi-Kwong

doi:10.1103/physreva.81.052336

Cited by 50 publications

(87 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, although randomized procedures like error correction and privacy amplification that are widely employed in QKD have been used in the security analysis of protocols dealing with bounded adversaries 36 , it is an open question whether such procedures can be used in the information-theoretic security setting; in principle, any such step can be used by the malicious party to his or her advantage. Therefore, new techniques may be needed in order to deal with the imperfections of the implementation and the inherent limitations to the attainable communication distance.…”

Section: Discussionmentioning

confidence: 99%

“…This system can also potentially be used for protocols employing decoy states [39][40][41] . Although the use of decoy states is a powerful tool for achieving practical long-distance QKD and for improving the performance of quantum cryptographic protocols in the noisy storage model 36 , it is not known, to the best of our knowledge, if a protocol employing decoy states can be devised for quantum coin flipping providing security against all-powerful adversaries.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Experimental plug and play quantum coin flipping

et al. 2014

View full text Add to dashboard Cite

Performing complex cryptographic tasks will be an essential element in future quantum communication networks. These tasks are based on a handful of fundamental primitives, such as coin flipping, where two distrustful parties wish to agree on a randomly generated bit. Although it is known that quantum versions of these primitives can offer informationtheoretic security advantages with respect to classical protocols, a demonstration of such an advantage in a practical communication scenario has remained elusive. Here we experimentally implement a quantum coin flipping protocol that performs strictly better than classically possible over a distance suitable for communication over metropolitan area optical networks. The implementation is based on a practical plug and play system, developed by significantly enhancing a commercial quantum key distribution device. Moreover, we provide combined quantum coin flipping protocols that are almost perfectly secure against bounded adversaries. Our results offer a useful toolbox for future secure quantum communications.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Experimental plug and play quantum coin flipping

et al. 2014

View full text Add to dashboard Cite

show abstract

“…Using this relation in a cryptographic protocol only yields an additional error ε in the overall security error, and it is widely employed in the protocols of [6,9,10,[12][13][14]. From a theoretical (asymptotic) viewpoint, this uncertainty relation is certainly sufficient.…”

mentioning

confidence: 99%

“…In particular, a low value for c means that the adversary's memory must be very limited and/or noisy for security to be possible [5,6,9] at all. Furthermore, a low value of c means that any experiment implementing such protocols can tolerate only a small amount of bit flip errors and losses [8,12,13]. For instance, if p err is the bit flip error on the channel connecting Alice and Bob, then security for the cryptographic primitive known as oblivious transfer is possible if c − h(p err ) > 0 [12,14], where h(p) = −p log 2 p − (1 − p) log 2 (1 − p) is the binary Shannon entropy.…”

mentioning

confidence: 99%

“…Furthermore, a low value of c means that any experiment implementing such protocols can tolerate only a small amount of bit flip errors and losses [8,12,13]. For instance, if p err is the bit flip error on the channel connecting Alice and Bob, then security for the cryptographic primitive known as oblivious transfer is possible if c − h(p err ) > 0 [12,14], where h(p) = −p log 2 p − (1 − p) log 2 (1 − p) is the binary Shannon entropy. Motivated by this need to obtain a strong uncertainty relation for BB84 bases, that is, a large c , the authors of [6] considered the so-called smooth min-entropy H ε min (X|ΘK).…”

mentioning

confidence: 99%

See 1 more Smart Citation

Min-entropy uncertainty relation for finite-size cryptography

Berta

Wehner

2012

Phys. Rev. A

Self Cite

View full text Add to dashboard Cite

Apart from their foundational significance, entropic uncertainty relations play a central role in proving the security of quantum cryptographic protocols. Of particular interest are thereby relations in terms of the smooth min-entropy for BB84 and six-state encodings. Previously, strong uncertainty relations were obtained which are valid in the limit of large block lengths. Here, we prove a new uncertainty relation in terms of the smooth min-entropy that is only marginally less strong, but has the crucial property that it can be applied to rather small block lengths. This paves the way for a practical implementation of many cryptographic protocols. As part of our proof we show tight uncertainty relations for a family of Rényi entropies that may be of independent interest.

show abstract

Computationally Secure Semi‐Quantum All‐Or‐Nothing Oblivious Transfer from Dihedral Coset States

Yan,

Wang,

2024

Adv Quantum Tech

View full text Add to dashboard Cite

The quest for perfect quantum oblivious transfer (QOT) with information‐theoretic security remains a challenge, necessitating the exploration of computationally secure QOT as a viable alternative. Unlike the unconditionally secure quantum key distribution (QKD), the computationally secure QOT relies on specific quantum‐safe computational hardness assumptions, such as the post‐quantum hardness of learning with errors (LWE) problem and quantum‐hard one‐way functions. This raises an intriguing question: Are there additional efficient quantum hardness assumptions that are suitable for QOT? In this work, leveraging the dihedral coset state derived from the dihedral coset problem (DCP), a basic variant of OT, known as the all‐or‐nothing OT, is studied in the semi‐quantum setting. Specifically, the DCP originates from the dihedral hidden subgroup problem (DHSP), conjectured to be challenging for any quantum polynomial‐time algorithms. First, a computationally secure quantum protocol is presented for all‐or‐nothing OT, which is then simplified into a semi‐quantum OT protocol with minimal quantumness, where the interaction needs merely classical communication. To efficiently instantiate the dihedral coset state, a powerful cryptographic tool called the LWE‐based noisy trapdoor claw‐free functions (NTCFs) is used. The construction requires only a three‐message interaction and ensures perfect statistical privacy for the receiver and computational privacy for the sender.

show abstract

Implementation of two-party protocols in the noisy-storage model

Cited by 50 publications

References 34 publications

Experimental plug and play quantum coin flipping

Experimental plug and play quantum coin flipping

Min-entropy uncertainty relation for finite-size cryptography

Computationally Secure Semi‐Quantum All‐Or‐Nothing Oblivious Transfer from Dihedral Coset States

Contact Info

Product

Resources

About