Results 1  10
of
43
ZeroKnowledge Against Quantum Attacks
 STOC'06
, 2006
"... This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally conceal ..."
Abstract

Cited by 53 (0 self)
 Add to MetaCart
(Show Context)
This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally concealing commitment schemes in the second case). Also included is a quantum interactive protocol for a complete problem for the complexity class of problems having “honest verifier” quantum statistical zeroknowledge proofs, which therefore establishes that honest verifier and general quantum statistical zeroknowledge are equal: QSZK = QSZK HV. Previously no nontrivial proof systems were known to be zeroknowledge against quantum attacks, except in restricted settings such as the honestverifier and common reference string models. This paper therefore establishes for the first time that true zeroknowledge is indeed possible in the presence of quantum information and computation.
A new protocol and lower bounds for quantum coin flipping
 In Proceedings of the ThirtyThird Annual ACM Symposium on Theory of Computing
, 2001
"... We present a new protocol and two lower bounds for quantum coin flipping. In our protocol, no dishonest party can achieve one outcome with probability more than 0.75. Then, we show that our protocol is optimal for a certain type of quantum protocols. For arbitrary quantum protocols, we show that if ..."
Abstract

Cited by 42 (5 self)
 Add to MetaCart
(Show Context)
We present a new protocol and two lower bounds for quantum coin flipping. In our protocol, no dishonest party can achieve one outcome with probability more than 0.75. Then, we show that our protocol is optimal for a certain type of quantum protocols. For arbitrary quantum protocols, we show that if a protocol achieves a bias of at most ǫ, it must use at least Ω(log log 1 ǫ) rounds of communication. This implies that the parallel repetition fails for quantum coin flipping. (The bias of a protocol cannot be arbitrarily decreased by running several copies of it in parallel.) 1
Quantum publickey cryptosystems
 in Proc. of CRYPT0 2000
, 2000
"... Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no q ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor oneway function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum publickey cryptosystems: a quantum publickey encryption scheme or quantum trapdoor oneway function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subsetsum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.
Alexandria digital library
 Communications of the ACM
, 1995
"... We investigate definitions of and protocols for multiparty quantum computing in the scenario where the secret data are quantum systems. We work in the quantum informationtheoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of veri ..."
Abstract

Cited by 36 (6 self)
 Add to MetaCart
We investigate definitions of and protocols for multiparty quantum computing in the scenario where the secret data are quantum systems. We work in the quantum informationtheoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of verifiable quantum secret sharing, we give a protocol which tolerates any t < n/4 cheating parties (out of n). This is shown to be optimal. We use this new tool to establish that any multiparty quantum computation can be securely performed as long as the number of dishonest players is less than n/6.
Cryptography In the Bounded QuantumStorage Model
 IN 46TH ANNUAL IEEE SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE (FOCS
, 2005
"... We initiate the study of twoparty cryptographic primitives with unconditional security, assuming that the adversary’s quantum memory is of bounded size. We show that oblivious transfer and bit commitment can be implemented in this model using protocols where honest parties need no quantum memory, w ..."
Abstract

Cited by 36 (8 self)
 Add to MetaCart
(Show Context)
We initiate the study of twoparty cryptographic primitives with unconditional security, assuming that the adversary’s quantum memory is of bounded size. We show that oblivious transfer and bit commitment can be implemented in this model using protocols where honest parties need no quantum memory, whereas an adversarial player needs quantum memory of size at least n/2 in order to break the protocol, where n is the number of qubits transmitted. This is in sharp contrast to the classical boundedmemory model, where we can only tolerate adversaries with memory of size quadratic in honest players’ memory size. Our protocols are efficient, noninteractive and can be implemented using today’s technology. On the technical side, a new entropic uncertainty relation involving minentropy is established.
A quantum GoldreichLevin theorem with cryptographic applications
 In Proc. of STACS ’02, LNCS 2285
, 2002
"... We investigate the GoldreichLevin Theorem in the context of quantum information. This result is a reduction from the computational problem of inverting a oneway function to the problem of predicting a particular bit associated with that function. We show that the quantum version of the reduction—b ..."
Abstract

Cited by 36 (2 self)
 Add to MetaCart
(Show Context)
We investigate the GoldreichLevin Theorem in the context of quantum information. This result is a reduction from the computational problem of inverting a oneway function to the problem of predicting a particular bit associated with that function. We show that the quantum version of the reduction—between quantum oneway functions and quantum hardpredicates—is quantitatively more efficient than the known classical version. Roughly speaking, if the oneway function acts on nbit strings then the overhead in the reduction is by a factor of O(n/ε2) in the classical case but only by a factor of O(1/ε) in the quantum case, where 1 2 +ε is the probability of predicting the hardpredicate. Moreover, we prove via a lower bound that, in a blackbox framework, the classical version of the reduction cannot have overhead less than Ω(n/ε2). We also show that, using this reduction, a quantum bit commitment scheme that is perfectly binding and computationally concealing can be obtained from any quantum oneway permutation. This complements a recent result by Dumais, Mayers and Salvail, where the bit commitment scheme is perfectly concealing and computationally binding. We also show how to perform qubit commitment by a similar approach. 1
A tight highorder entropic quantum uncertainty relation with applications
, 2007
"... We derive a new entropic quantum uncertainty relation involving minentropy. The relation is tight and can be applied in various quantumcryptographic settings. Protocols for quantum 1outof2 Oblivious Transfer and quantum Bit Commitment are presented and the uncertainty relation is used to prove ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
(Show Context)
We derive a new entropic quantum uncertainty relation involving minentropy. The relation is tight and can be applied in various quantumcryptographic settings. Protocols for quantum 1outof2 Oblivious Transfer and quantum Bit Commitment are presented and the uncertainty relation is used to prove the security of these protocols in the boundedquantumstorage model according to new strong security definitions. As another application, we consider the realistic setting of Quantum Key Distribution (QKD) against quantummemorybounded eavesdroppers. The uncertainty relation allows to prove the security of QKD protocols in this setting while tolerating considerably higher error rates compared to the standard model with unbounded adversaries. For instance, for the sixstate protocol with oneway communication, a bitflip error rate of up to 17 % can be tolerated (compared to 13 % in the standard model). Our uncertainty relation also yields a lower bound on the minentropy key uncertainty against knownplaintext attacks when quantum ciphers are composed. Previously, the key uncertainty of these ciphers was only known with respect to Shannon entropy.
On the Impossibility of Constructing NonInteractive StatisticallySecret Protocols from any Trapdoor OneWay Function
 In Topics in Cryptology  The Cryptographers’ Track at the RSA Conference
, 2002
"... We show that noninteractive statisticallysecret bit commitment cannot be constructed from arbitrary blackbox onetoone trapdoor functions and thus from general publickey cryptosystems. Reducing the problems of noninteractive cryptocomputing, rerandomizable encryption, and noninteractive stat ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
(Show Context)
We show that noninteractive statisticallysecret bit commitment cannot be constructed from arbitrary blackbox onetoone trapdoor functions and thus from general publickey cryptosystems. Reducing the problems of noninteractive cryptocomputing, rerandomizable encryption, and noninteractive statisticallysenderprivate oblivious transfer and lowcommunication private information retrieval to such commitment schemes, it follows that these primitives are neither constructible from onetoone trapdoor functions and publickey encryption in general. Furthermore, our...
Computational Collapse of Quantum State with Application to Oblivious Transfer
, 2003
"... ..."
(Show Context)
Computational indistinguishability between quantum states and its cryptographic application
 Advances in Cryptology – EUROCRYPT 2005
, 2005
"... We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset s ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
(Show Context)
We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset states with a hidden permutation over the symmetric group of finite degree. This naturally generalizes the commonlyused distinction problem between two probability distributions in computational cryptography. As our major contribution, we show three cryptographic properties: (i) QSCDff has the trapdoor property; (ii) the averagecase hardness of QSCDff coincides with its worstcase hardness; and (iii) QSCDff is computationally at least as hard in the worst case as the graph automorphism problem. These cryptographic properties enable us to construct a quantum publickey cryptosystem, which is likely to withstand any chosen plaintext attack of a polynomialtime quantum adversary. We further discuss a generalization of QSCDff, called QSCDcyc, and introduce a multibit encryption scheme relying on the cryptographic properties of QSCDcyc.