اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدQuantum-secure message authentication via blind-unforgeability
86
0
0.0
(
0
)
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
Formulating and designing unforgeable authentication of classical messages in the presence of quantum adversaries has been a challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quantum setting. A particular difficulty is how to fairly capture the notion of predicting an unqueried value when the adversary can query in quantum superposition. In this work, we uncover serious shortcomings in existing approaches, and propose a new definition. We then support its viability by a number of constructions and characterizations. Specifically, we demonstrate a function which is secure according to the existing definition by Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack, whereby a query supported only on inputs that start with 0 divulges the value of the function on an input that starts with 1. We then propose a new definition, which we call blind-unforgeability (or BU.) This notion matches intuitive unpredictability in all examples studied thus far. It defines a function to be predictable if there exists an adversary which can use partially blinded oracle access to predict values in the blinded region. Our definition (BU) coincides with standard unpredictability (EUF-CMA) in the classical-query setting. We show that quantum-secure pseudorandom functions are BU-secure MACs. In addition, we show that BU satisfies a composition property (Hash-and-MAC) using Bernoulli-preserving hash functions, a new notion which may be of independent interest. Finally, we show that BU is amenable to security reductions by giving a precise bound on the extent to which quantum algorithms can deviate from their usual behavior due to the blinding in the BU security experiment.
قيم البحث
اقرأ أيضاً
In this paper, we propose a new theoretical scheme for quantum secure direct communication (QSDC) with user authentication. Different from the previous QSDC protocols, the present protocol uses only one orthogonal basis of single-qubit states to enco
de the secret message. Moreover, this is a one-time and one-way communication protocol, which uses qubits prepared in a randomly chosen arbitrary basis, to transmit the secret message. We discuss the security of the proposed protocol against some common attacks and show that no eaves-dropper can get any information from the quantum and classical channels. We have also studied the performance of this protocol under realistic device noise. We have executed the protocol in IBMQ Armonk device and proposed a repetition code based protection scheme that requires minimal overhead.
Recently, Yan et al. proposed a quantum secure direct communication (QSDC) protocol with authentication using single photons and Einstein-Podolsky-Rosen (EPR) pairs (Yan et al., CMC-Computers, Materials & Continua, 63(3), 2020). In this work, we show
that the QSDC protocol is not secure against intercept-and-resend attack and impersonation attack. An eavesdropper can get the full secret message by applying these attacks. We propose a modification of this protocol, which defeats the above attacks along with all the familiar attacks.
In encryption, non-malleability is a highly desirable property: it ensures that adversaries cannot manipulate the plaintext by acting on the ciphertext. Ambainis, Bouda and Winter gave a definition of non-malleability for the encryption of quantum da
ta. In this work, we show that this definition is too weak, as it allows adversaries to inject plaintexts of their choice into the ciphertext. We give a new definition of quantum non-malleability which resolves this problem. Our definition is expressed in terms of entropic quantities, considers stronger adversaries, and does not assume secrecy. Rather, we prove that quantum non-malleability implies secrecy; this is in stark contrast to the classical setting, where the two properties are completely independent. For unitary schemes, our notion of non-malleability is equivalent to encryption with a two-design (and hence also to the definition of Ambainis et al.). Our techniques also yield new results regarding the closely-related task of quantum authentication. We show that total authentication (a notion recently proposed by Garg, Yuen and Zhandry) can be satisfied with two-designs, a significant improvement over the eight-design construction of Garg et al. We also show that, under a mild adaptation of the rejection procedure, both total authentication and our notion of non-malleability yield quantum authentication as defined by Dupuis, Nielsen and Salvail.
Quantum key distribution (QKD) enables unconditionally secure communication between distinct parties using a quantum channel and an authentic public channel. Reducing the portion of quantum-generated secret keys, that is consumed during the authentic
ation procedure, is of significant importance for improving the performance of QKD systems. In the present work, we develop a lightweight authentication protocol for QKD based on a `ping-pong scheme of authenticity check for QKD. An important feature of this scheme is that the only one authentication tag is generated and transmitted during each of the QKD post-processing rounds. For the tag generation purpose, we design an unconditionally secure procedure based on the concept of key recycling. The procedure is based on the combination of almost universal$_2$ polynomial hashing, XOR universal$_2$ Toeplitz hashing, and one-time pad (OTP) encryption. We demonstrate how to minimize both the length of the recycled key and the size of the authentication key, that is required for OTP encryption. As a result, in real case scenarios, the portion of quantum-generated secret keys that is consumed for the authentication purposes is below 1%. Finally, we provide a security analysis of the full quantum key growing process in the framework of universally composable security.
Barnum, Crepeau, Gottesman, Tapp, and Smith (quant-ph/0205128) proposed methods for authentication of quantum messages. The first method is an interactive protocol (TQA) based on teleportation. The second method is a noninteractive protocol (QA) in w
hich the sender first encrypts the message using a protocol QEnc and then encodes the quantum ciphertext with an error correcting code chosen secretly from a set (a purity test code (PTC)). Encryption was shown to be necessary for authentication. We augment the protocol QA with an extra step which recycles the entire encryption key provided QA accepts the message. We analyze the resulting integrated protocol for quantum authentication and key generation, which we call QA+KG. Our main result is a proof that QA+KG is universal composably (UC) secure in the Ben-Or-Mayers model (quant-ph/0409062). More specifically, this implies the UC-security of (a) QA, (b) recycling of the encryption key in QA, and (c) key-recycling of the encryption scheme QEnc by appending PTC. For an m-qubit message, encryption requires 2m bits of key; but PTC can be performed using only O(log m) + O(log e) bits of key for probability of failure e. Thus, we reduce the key required for both QA and QEnc, from linear to logarithmic net consumption, at the expense of one bit of back communication which can happen any time after the conclusion of QA and before reusing the key. UC-security of QA also extends security to settings not obvious from quant-ph/0205128. Our security proof structure is inspired by and similar to that of quant-ph/0205128, reducing the security of QA to that of TQA. In the process, we define UC-secure entanglement, and prove the UC-security of the entanglement generating protocol given in quant-ph/0205128, which could be of independent interest.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
