Results 11  20
of
157
A Quantum Bit Commitment Scheme Provably Unbreakable by both Parties
, 1993
"... Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure commit(x), to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be ..."
Abstract

Cited by 68 (12 self)
 Add to MetaCart
Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure commit(x), to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be able to tell from that evidence what x is. At a later time, Alice can reveal, through a procedure unveil(x), the value of x and prove to Bob that the piece of evidence sent earlier really corresponded to that bit. Classical bit commitment schemes (by which Alice's piece of evidence is classical information such as a bit string) cannot be secure against unlimited computing power and none have been proven secure against algorithmic sophistication. Previous quantum bit commitment schemes (by which Alice's piece of evidence is quantum information such as a stream of polarized photons) were known to be invulnerable to unlimited computing power and algorithmic sophistication, but not to arbitrary...
The Quantum Challenge to Structural Complexity Theory
, 1992
"... This is a nontechnical survey paper of recent quantummechanical discoveries that challenge generally accepted complexitytheoretic versions of the ChurchTuring thesis. In particular, building on pionering work of David Deutsch and Richard Jozsa, we construct an oracle relative to which there exi ..."
Abstract

Cited by 53 (5 self)
 Add to MetaCart
This is a nontechnical survey paper of recent quantummechanical discoveries that challenge generally accepted complexitytheoretic versions of the ChurchTuring thesis. In particular, building on pionering work of David Deutsch and Richard Jozsa, we construct an oracle relative to which there exists a set that can be recognized in Quantum Polynomial Time (QP), yet any Turing machine that recognizes it would require exponential time even if allowed to be probabilistic, provided that errors are not tolerated. In particular, QP 6` ZPP relative to this oracle. Furthermore, there are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive Turing machines, yet they can be implemented even in practice by quantum mechanical apparatus. 1 Deutsch's Quantum Computer In a bold paper published in the Proceedings of the Royal Society, David Deutsch put forth in 1985 the quantum computer [7] (see also [8]). Even though this may c...
ConstantRound Perfect ZeroKnowledge Computationally Convincing Protocols
, 1991
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 \Gammak . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds. The protocol is computationally convincing (rather than statistically convincing as would have been an interactive proofsystem in the sense of Goldwasser, Micali and Rackoff) because the ver...
Quantum Key Distribution and String Oblivious Transfer on Noisy Channels, Los Alamos preprint archive quantph/9606003
 Advances in Cryptology: Proceeding of Crypto ’96, Lecture Notes in Computer Science
"... Abstract. We prove the unconditional security of a quantum key distribution (QKD) protocol on a noisy channel against the most general attack allowed by quantum physics. We use the fact that in a previous paper we have reduced the proof of the unconditionally security of this QKD protocol to a proof ..."
Abstract

Cited by 42 (9 self)
 Add to MetaCart
Abstract. We prove the unconditional security of a quantum key distribution (QKD) protocol on a noisy channel against the most general attack allowed by quantum physics. We use the fact that in a previous paper we have reduced the proof of the unconditionally security of this QKD protocol to a proof that a corresponding Quantum String Oblivious Transfer (StringQOT) protocol would be unconditionally secure against Bob if implemented on top of an unconditionally secure bit commitment scheme. We prove a lemma that extends a security proof given by Yao for a (one bit) QOT protocol to this StringQOT protocol. This result and the reduction mentioned above implies the unconditional security of our QKD protocol despite our previous proof that unconditionally secure bit commitment schemes are impossible. 1
Security of Quantum Protocols against Coherent Measurements
 Proceedings of 26th Annual ACM Symposium on the Theory of Computing
, 1995
"... The goal of quantum cryptography is to design cryptographic protocols whose security depends on quantum physics and little else. A serious obstacle to security proofs is the cheaters' ability to make coherent measurements on the joint properties of large composite states. With the exception of comm ..."
Abstract

Cited by 39 (0 self)
 Add to MetaCart
The goal of quantum cryptography is to design cryptographic protocols whose security depends on quantum physics and little else. A serious obstacle to security proofs is the cheaters' ability to make coherent measurements on the joint properties of large composite states. With the exception of commit protocols, no cryptographic primitives have been proved secure when coherent measurements are allowed. In this paper we develop some mathematical techniques for analyzing probabilistic events in Hilbert spaces, and prove the security of a canonical quantum oblivious transfer protocol against coherent measurements. 1 Introduction Work on quantum cryptography was started by Wiesner [Wi70] twentyfive years ago. Much knowledge on how to exploit quantum physics for cryptographic purposes has been gained through the work of Bennet and Brassard ([BBBW83][BB84][BBBSS92]), and later Cr'epeau ([Cr90][BC91][BBCS92][Cr94]). Furthermore, prototypes for implementing some of these This research was...
Quantum Bit Commitment and Coin Tossing Protocols
 in Advances in Cryptology: Proceedings of Crypto '90, Lecture Notes in Computer Science
, 1991
"... this paper does not yield to this attack. Unfortunately, we can still describe a possible attack on this new scheme, which is based on an unverified belief about quantum mechanics (unlike EPR, which has been verified experimentally). Can one build such a scheme, unbreakable in an absolute way, bas ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
this paper does not yield to this attack. Unfortunately, we can still describe a possible attack on this new scheme, which is based on an unverified belief about quantum mechanics (unlike EPR, which has been verified experimentally). Can one build such a scheme, unbreakable in an absolute way, based solely on the equations of quantum mechanics? We cannot answer this question at this time. Still we have been able to build a cointossing protocol that is secure unless both attacks can be implemented. This seems to indicate that maybe Bit Commitment is more than CoinTossing since, at this time, we are unable to offer a Bit Commitment scheme with this same level of security. 7 Acknowledgements
Unconditionally Secure Key Agreement and the Intrinsic Conditional Information
, 1999
"... This paper is concerned with secretkey agreement by public discussion. Assume that two parties Alice and Bob and an adversary Eve have access to independent realizations of random variables X , Y , and Z, respectively, with joint distribution PXY Z . The secret key rate S(X ; Y jjZ) has been define ..."
Abstract

Cited by 36 (7 self)
 Add to MetaCart
This paper is concerned with secretkey agreement by public discussion. Assume that two parties Alice and Bob and an adversary Eve have access to independent realizations of random variables X , Y , and Z, respectively, with joint distribution PXY Z . The secret key rate S(X ; Y jjZ) has been defined as the maximal rate at which Alice and Bob can generate a secret key by communication over an insecure, but authenticated channel such that Eve's information about this key is arbitrarily small. We define a new conditional mutual information measure, the intrinsic conditional mutual information between X and Y when given Z, denoted by I(X ; Y # Z), which is an upper bound on S(X ; Y jjZ). The special scenarios are analyzed where X , Y , and Z are generated by sending a binary random variable R, for example a signal broadcast by a satellite, over independent channels, or two scenarios in which Z is generated by sending X and Y over erasure channels. In the first two scenarios it can be sho...
Perfectly concealing quantum bit commitment from any quantum oneway permutation
, 2000
"... Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum oneway permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen and Young, our protocol is noninteractive and has communication complexity O(n) qubits for n a security parameter. 1
Linking Information Reconciliation and Privacy Amplification
 JOURNAL OF CRYPTOLOGY
, 1994
"... Information reconciliation allows two parties knowing correlated random variables, such as a noisy version of the partner's random bit string, to agree on a shared string. Privacy amplification allows two parties sharing a partially secret string about which an opponent has some partial informati ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
Information reconciliation allows two parties knowing correlated random variables, such as a noisy version of the partner's random bit string, to agree on a shared string. Privacy amplification allows two parties sharing a partially secret string about which an opponent has some partial information, to distill a shorter but almost completely secret key by communicating only over an insecure channel, as long as an upper bound on the opponent's knowledge about the string is known. The relation between these two techniques has not been well understood. In particular, it is important to understand the effect of sideinformation, obtained by the opponent through an initial reconciliation step, on the size of the secret key that can be distilled safely by subsequent privacy amplification. The purpose of this paper is to provide the missing link between these techniques by presenting bounds on the reduction of the R'enyi entropy of a random variable induced by sideinformation. We s...