Results 1  10
of
38
Experimental Quantum Cryptography
 Journal of Cryptology
, 1992
"... We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the ..."
Abstract

Cited by 195 (20 self)
 Add to MetaCart
We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally 3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party's expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power. A preliminary version of this paper was presented at Eurocrypt '90, May 21 ...
Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract)
, 1988
"... ) Claude Cr'epeau Department of Computer Science MIT Joe Kilian y Mathematics Department MIT Abstract A useful paradigm in studying cryptographic scenarios is that of protocol minimalism. That is, given a cryptographic model, one wishes to determine the simplest protocols one needs in order to b ..."
Abstract

Cited by 109 (12 self)
 Add to MetaCart
) Claude Cr'epeau Department of Computer Science MIT Joe Kilian y Mathematics Department MIT Abstract A useful paradigm in studying cryptographic scenarios is that of protocol minimalism. That is, given a cryptographic model, one wishes to determine the simplest protocols one needs in order to be able to implement secure protocols in general. In the standard cryptographic model, this approach allows one to encapsulate ones cryptographic assumptions. In other, nonstandard scenarios, the approach can greatly simplifying the task of developing protocols without cryptographic assumptions. Oblivious transfer protocols, first introduced by Rabin [R], are conceptually very simple, yet can be used to implement a wide variety of protocols([EGL],[BCR1],[K]). The versatility of these games amply motivates a wider study of the power of simple twoparty games. In this paper, we present some general techniques for establishing the cryptographic strength of a wide variety of games. As case studie...
Practical Quantum Oblivious Transfer
, 1992
"... We describe a protocol for quantum oblivious transfer , utilizing faint pulses of polarized light, by which one of two mutually distrustful parties ("Alice") transmits two onebit messages in such a way that the other party ("Bob") can choose which message he gets but cannot obtain information about ..."
Abstract

Cited by 73 (12 self)
 Add to MetaCart
We describe a protocol for quantum oblivious transfer , utilizing faint pulses of polarized light, by which one of two mutually distrustful parties ("Alice") transmits two onebit messages in such a way that the other party ("Bob") can choose which message he gets but cannot obtain information about both messages (he will learn his chosen bit's value with exponentially small error probability and may gain at most exponentially little information about the value of the other bit), and Alice will be entirely ignorant of which bit he received. Neither party can cheat (ie deviate from the protocol while appearing to follow it) in such a way as to obtain more information than what is given by the description of the protocol. Our protocol is easy to modify in order to implement the AllorNothing Disclosure of one out of two string messages, and it can be used to implement bit commitment and oblivious circuit evaluation without complexitytheoretic assumptions, in a way that remains secure e...
A Quantum Bit Commitment Scheme Provably Unbreakable by both Parties
, 1993
"... Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure commit(x), to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be ..."
Abstract

Cited by 68 (12 self)
 Add to MetaCart
Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure commit(x), to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be able to tell from that evidence what x is. At a later time, Alice can reveal, through a procedure unveil(x), the value of x and prove to Bob that the piece of evidence sent earlier really corresponded to that bit. Classical bit commitment schemes (by which Alice's piece of evidence is classical information such as a bit string) cannot be secure against unlimited computing power and none have been proven secure against algorithmic sophistication. Previous quantum bit commitment schemes (by which Alice's piece of evidence is quantum information such as a stream of polarized photons) were known to be invulnerable to unlimited computing power and algorithmic sophistication, but not to arbitrary...
Security of Quantum Protocols against Coherent Measurements
 Proceedings of 26th Annual ACM Symposium on the Theory of Computing
, 1995
"... The goal of quantum cryptography is to design cryptographic protocols whose security depends on quantum physics and little else. A serious obstacle to security proofs is the cheaters' ability to make coherent measurements on the joint properties of large composite states. With the exception of comm ..."
Abstract

Cited by 39 (0 self)
 Add to MetaCart
The goal of quantum cryptography is to design cryptographic protocols whose security depends on quantum physics and little else. A serious obstacle to security proofs is the cheaters' ability to make coherent measurements on the joint properties of large composite states. With the exception of commit protocols, no cryptographic primitives have been proved secure when coherent measurements are allowed. In this paper we develop some mathematical techniques for analyzing probabilistic events in Hilbert spaces, and prove the security of a canonical quantum oblivious transfer protocol against coherent measurements. 1 Introduction Work on quantum cryptography was started by Wiesner [Wi70] twentyfive years ago. Much knowledge on how to exploit quantum physics for cryptographic purposes has been gained through the work of Bennet and Brassard ([BBBW83][BB84][BBBSS92]), and later Cr'epeau ([Cr90][BC91][BBCS92][Cr94]). Furthermore, prototypes for implementing some of these This research was...
Securing wireless systems via lower layer enforcements
 in Proceedings of the 5th ACM workshop on Wireless security, 2006
"... Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domainspecific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorrelates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate crosslayer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.
Onetime programs
 In Advances in Cryptology – CRYPTO ’08
, 2008
"... Abstract. In this work, we introduce onetime programs, a new computational paradigm geared towards security applications. A onetime program can be executed on a single input, whose value can be specified at run time. Other than the result of the computation on this input, nothing else about the pr ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
Abstract. In this work, we introduce onetime programs, a new computational paradigm geared towards security applications. A onetime program can be executed on a single input, whose value can be specified at run time. Other than the result of the computation on this input, nothing else about the program is leaked. Hence, a onetime program is like a black box function that may be evaluated once and then “self destructs. ” This also extends to ktime programs, which are like black box functions that can be evaluated k times and then self destruct. Onetime programs serve many of the same purposes of program obfuscation, the obvious one being software protection, but also including applications such as temporary transfer of cryptographic ability. Moreover, the applications of onetime programs go well beyond those of obfuscation, since onetime programs can only be executed once (or more generally, a limited number of times) while obfuscated programs have no such bounds. For example, onetime programs lead naturally to electronic
On the Security of the Quantum Oblivious Transfer and Key Distribution Protocols
 Advances in Cryptology  Proceedings of Crypto '95
, 1995
"... . No quantum key distribution (QKD) protocol has been proved fully secure. A remaining problem is the eavesdropper's ability to make coherent measurements on the joint properties of large composite systems. This problem has been recently solved by Yao in the case of the security of a quantum oblivio ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
. No quantum key distribution (QKD) protocol has been proved fully secure. A remaining problem is the eavesdropper's ability to make coherent measurements on the joint properties of large composite systems. This problem has been recently solved by Yao in the case of the security of a quantum oblivious transfer (QOT ) protocol. We consider an extended OT task which, in addition to Alice and Bob, includes an eavesdropper Eve among the participants. An honest Eve is inactive and receives no information at all about Alice's input when Bob and Alice are honest. We prove that the security of a QOT protocol against Bob implies its security against Eve as well as the security of a QKD protocol. 1 Introduction The goal of quantum cryptography is to design cryptographic protocols that are secure against unlimited quantum or classical computational power. At present, the quantum protocols that have been designed are commitment [BC, BCJL], oblivious transfer [Cr87, Cr94, BBCS, MS, Yao], key dis...
Quantum CopyProtection and Quantum Money
"... Forty years ago, Wiesner proposed using quantum states to create money that is physically impossible to counterfeit, something that cannot be done in the classical world. However, Wiesner’s scheme required a central bank to verify the money, and the question of whether there can be unclonable quantu ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Forty years ago, Wiesner proposed using quantum states to create money that is physically impossible to counterfeit, something that cannot be done in the classical world. However, Wiesner’s scheme required a central bank to verify the money, and the question of whether there can be unclonable quantum money that anyone can verify has remained open since. One can also ask a related question, which seems to be new: can quantum states be used as copyprotected programs, which let the user evaluate some function f, but not create more programs for f? This paper tackles both questions using the arsenal of modern computational complexity. Our main result is that there exist quantum oracles relative to which publiclyverifiable quantum money is possible, and any family of functions that cannot be efficiently learned from its inputoutput behavior can be quantumly copyprotected. This provides the first formal evidence that these tasks are achievable. The technical core of our result is a “ComplexityTheoretic NoCloning Theorem,” which generalizes both the standard NoCloning Theorem and the optimality of Grover search, and might be of independent interest. Our security argument also requires explicit constructions of quantum tdesigns. Moving beyond the oracle world, we also present an explicit candidate scheme for publiclyverifiable quantum money, based on random stabilizer states; as well as two explicit schemes for copyprotecting the family of point functions. We do not know how to base the security of these schemes on any existing cryptographic assumption. (Note that without an oracle, we can only hope for security under some computational assumption.)
A Quick Glance at Quantum Cryptography
, 1998
"... The recent application of the principles of quantum mechanics to cryptography has led to a remarkable new dimension in secret communication. As a result of these new developments, it is now possible to construct cryptographic communication systems which detect unauthorized eavesdropping should it oc ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
The recent application of the principles of quantum mechanics to cryptography has led to a remarkable new dimension in secret communication. As a result of these new developments, it is now possible to construct cryptographic communication systems which detect unauthorized eavesdropping should it occur, and which give a guarantee of no eavesdropping should it not occur. Contents 1 Cryptographic systems before quantum cryptography 3 2 Preamble to quantum cryptography 7 Partially supported by ARL Contract #DAAL0195P1884, ARO Grant #P38804PH QC, and the LOOP Fund. 3 The BB84 quantum cryptographic protocol without noise 10 3.1 Stage 1. Communication over a quantum channel . . . . . . . 12 3.2 Stage 2. Communication in two phases over a public channel . 14 3.2.1 Phase 1 of Stage 2. Extraction of raw key . . . . . . . 14 3.2.2 Phase 2 of Stage 2. Detection of Eve's intrusion via error detection . . . . . . . . . . . . . . . . . . . . . . 15 4 The BB84 quantum cryptographic pr...