Results 1  10
of
103
Quantum Key Distribution and String Oblivious Transfer on Noisy Channels, Los Alamos preprint archive quantph/9606003
 Advances in Cryptology: Proceeding of Crypto ’96, Lecture Notes in Computer Science
"... Abstract. We prove the unconditional security of a quantum key distribution (QKD) protocol on a noisy channel against the most general attack allowed by quantum physics. We use the fact that in a previous paper we have reduced the proof of the unconditionally security of this QKD protocol to a proof ..."
Abstract

Cited by 42 (9 self)
 Add to MetaCart
Abstract. We prove the unconditional security of a quantum key distribution (QKD) protocol on a noisy channel against the most general attack allowed by quantum physics. We use the fact that in a previous paper we have reduced the proof of the unconditionally security of this QKD protocol to a proof that a corresponding Quantum String Oblivious Transfer (StringQOT) protocol would be unconditionally secure against Bob if implemented on top of an unconditionally secure bit commitment scheme. We prove a lemma that extends a security proof given by Yao for a (one bit) QOT protocol to this StringQOT protocol. This result and the reduction mentioned above implies the unconditional security of our QKD protocol despite our previous proof that unconditionally secure bit commitment schemes are impossible. 1
Interaction in Quantum Communication and the Complexity of Set Disjointness
, 2001
"... One of the most intriguing facts about communication using quantum states is that these states cannot be used to transmit more classical bits than the number of qubits used, yet in some scenarios there are ways of conveying information with much fewer, even exponentially fewer, qubits than possible ..."
Abstract

Cited by 33 (7 self)
 Add to MetaCart
One of the most intriguing facts about communication using quantum states is that these states cannot be used to transmit more classical bits than the number of qubits used, yet in some scenarios there are ways of conveying information with much fewer, even exponentially fewer, qubits than possible classically [1], [2], [3]. Moreover, some of these methods have a very simple structurethey involve only few message exchanges between the communicating parties. We consider the question as to whether every classical protocol may be transformed to a \simpler" quantum protocolone that has similar eciency, but uses fewer message exchanges.
Perfectly concealing quantum bit commitment from any quantum oneway permutation
, 2000
"... Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen and Young, our protocol is noninteractive and has communication complexity O(n) qubits for n a security parameter. 1
ZeroKnowledge Against Quantum Attacks
 STOC'06
, 2006
"... This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally conceal ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally concealing commitment schemes in the second case). Also included is a quantum interactive protocol for a complete problem for the complexity class of problems having “honest verifier” quantum statistical zeroknowledge proofs, which therefore establishes that honest verifier and general quantum statistical zeroknowledge are equal: QSZK = QSZK HV. Previously no nontrivial proof systems were known to be zeroknowledge against quantum attacks, except in restricted settings such as the honestverifier and common reference string models. This paper therefore establishes for the first time that true zeroknowledge is indeed possible in the presence of quantum information and computation.
Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer
, 1999
"... We present a new and very simple commitment scheme that does not depend on any assumptions about computational complexity; the Sender and Receiver may both be computationally unbounded. Instead, the scheme utilizes a "trusted initializer " who participates only in an initial setup phase. ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
We present a new and very simple commitment scheme that does not depend on any assumptions about computational complexity; the Sender and Receiver may both be computationally unbounded. Instead, the scheme utilizes a "trusted initializer " who participates only in an initial setup phase. The scheme also utilizes private channels between each pair of parties. The Sender is able to easily commit to a large value; the scheme is not just a "bitcommitment " scheme. We also observe that 1outofn oblivious transfer is easily handled in the same model, using a simple OT protocol due to Bennett et al.[2].
Quantum Bit Escrow
 In STOC 2002
"... Unconditionally secure bit commitment and coin flipping are known to be impossible in the classical world. Bit commitment is known to be impossible also in the quantum world. We introduce a related new primitive  quantum bit escrow. In this primitive Alice commits to a bit b to Bob. The commitment ..."
Abstract

Cited by 28 (0 self)
 Add to MetaCart
Unconditionally secure bit commitment and coin flipping are known to be impossible in the classical world. Bit commitment is known to be impossible also in the quantum world. We introduce a related new primitive  quantum bit escrow. In this primitive Alice commits to a bit b to Bob. The commitment is binding in the sense that if Alice is asked to reveal the bit, Alice can not bias her commitment without having a good probability of being detected cheating. The commitment is sealing in the sense that if Bob learns information about the encoded bit, then if later on he is asked to prove he was playing honestly, he is detected cheating with a good probability. Rigorously proving the correctness of quantum cryptographic protocols has proved to be a difficult task. We develop techniques to prove quantitative statements about the binding and sealing properties of the quantum bit escrow protocol.
Limits on the Power of Quantum Statistical ZeroKnowledge
, 2003
"... In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK
Characterizing quantum theory in terms of informationtheoretic constraints
 Foundations of Physics
, 2003
"... We show that three fundamental informationtheoretic constraints—the impossibility of superluminal information transfer between two physical systems by performing measurements on one of them, the impossibility of broadcasting the information contained in an unknown physical state, and the impossibil ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
We show that three fundamental informationtheoretic constraints—the impossibility of superluminal information transfer between two physical systems by performing measurements on one of them, the impossibility of broadcasting the information contained in an unknown physical state, and the impossibility of unconditionally secure bit commitment—suffice to entail that the observables and state space of a physical theory are quantummechanical. We demonstrate the converse derivation in part, and consider the implications of alternative answers to a remaining open question about nonlocality and bit commitment. KEY WORDS: quantum theory; informationtheoretic constraints. Of John Wheeler’s ‘‘Really Big Questions,’ ’ the one on which most progress has been made is It from Bit?—does information play a significant role at the foundations of physics? It is perhaps less ambitious than some of the other Questions, such as How Come Existence?, because it does not necessarily require a metaphysical answer. And unlike, say, Why the Quantum?, it does not require the discovery of new laws of nature: there was room for hope that it might be answered through a better understanding of the laws as we currently know them, particularly those of quantum physics. And this is what has happened: the better understanding is the quantum theory of information and computation. 1
A new protocol and lower bounds for quantum coin flipping
 In Proceedings of the ThirtyThird Annual ACM Symposium on Theory of Computing
, 2001
"... We present a new protocol and two lower bounds for quantum coin flipping. In our protocol, no dishonest party can achieve one outcome with probability more than 0.75. Then, we show that our protocol is optimal for a certain type of quantum protocols. For arbitrary quantum protocols, we show that if ..."
Abstract

Cited by 27 (4 self)
 Add to MetaCart
We present a new protocol and two lower bounds for quantum coin flipping. In our protocol, no dishonest party can achieve one outcome with probability more than 0.75. Then, we show that our protocol is optimal for a certain type of quantum protocols. For arbitrary quantum protocols, we show that if a protocol achieves a bias of at most ǫ, it must use at least Ω(log log 1 ǫ) rounds of communication. This implies that the parallel repetition fails for quantum coin flipping. (The bias of a protocol cannot be arbitrarily decreased by running several copies of it in parallel.) 1
Efficient Quantum Key Distribution Scheme And Proof of Its Unconditional Security
 Cryptology, ISSN: 09332790 (Paper) 14321378 (Online) published online 3 March 2004, (10.1007/s001450040142y). (SpringerVerlag
"... We devise a simple modification that essentially doubles the efficiency of the BB84 quantum key distribution scheme proposed by Bennett and Brassard. We also prove the security of our modified scheme against the most general eavesdropping attack that is allowed by the laws of physics. The first majo ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
We devise a simple modification that essentially doubles the efficiency of the BB84 quantum key distribution scheme proposed by Bennett and Brassard. We also prove the security of our modified scheme against the most general eavesdropping attack that is allowed by the laws of physics. The first major ingredient of our scheme is the assignment of significantly different probabilities to the different polarization bases during both transmission and reception, thus reducing the fraction of discarded data. A second major ingredient of our scheme is a refined analysis of accepted data: We separate the accepted data into various subsets according to the basis employed and estimate an error rate for each subset separately. We then show that such a refined data analysis guarantees the security of our scheme against the most general eavesdropping strategy, thus generalizing Shor and Preskill’s proof of security of BB84 to our new scheme. Up till now, most proposed proofs of security of singleparticle type quantum key distribution schemes have relied heavily upon the fact that the bases are chosen uniformly, randomly and independently. Our proof removes this symmetry requirement.