The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives.The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link ; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.
We introduce the notion of non-malleability of a quantum state encryption scheme (in dimension d): in addition to the requirement that an adversary cannot learn information about the state, here we demand that no controlled modification of the encrypted state can be effected.We show that such a scheme is equivalent to a unitary 2-design [Dankert et al.], as opposed to normal encryption which is a unitary 1-design. Our other main results include a new proof of the lower bound of (d 2 − 1) 2 + 1 on the number of unitaries in a 2-design [Gross et al.], which lends itself to a generalization to approximate 2-design. Furthermore, while in prime power dimension there is a unitary 2-design with ≤ d 5 elements, we show that there are always approximate 2-designs with O(ǫ −2 d 4 log d) elements.
In usual security proofs of quantum protocols the adversary (Eve) is expected to have full control over any quantum communication between any communicating parties (Alice and Bob). Eve is also expected to have full access to an authenticated classical channel between Alice and Bob. Unconditional security against any attack by Eve can be proved even in the realistic setting of device and channel imperfection. In this paper we show that the security of quantum key distribution protocols is ruined if one allows Eve to possess a very limited access to the random sources used by Alice. Such knowledge should always be expected in realistic experimental conditions via different side channels.
We present a fair and optimistic [7,8] quantum contract signing protocol between two clients that requires no communication with the third trusted party during the exchange phase. We discuss its fairness and show that it is possible to design such a protocol for which the probability of a dishonest client to cheat becomes negligible, and scales as N −1/2 , where N is the number of messages exchanged between the clients. Our protocol is not based on the exchange of signed messages: its fairness is based on the laws of quantum mechanics. Thus, it is abuse-free [9], and the clients do not have to generate new keys for each message during the Exchange phase. We discuss a real-life scenario when the measurement errors and qubit state corruption due to noisy channels occur and argue that for real, good enough measurement apparatus and transmission channels, our protocol would still be fair. Our protocol could be implemented by today's technology, as it requires in essence the same type of apparatus as the one needed for BB84 cryptographic protocol [12]. Finally, we briefly discuss two alternative versions of the protocol, one that uses only two states (based on B92 protocol [24]) and the other that uses entangled pairs (based on [20]), and show that it is possible to generalize our protocol to an arbitrary number of clients.
We propose a protocol for anonymous distribution of quantum information that can be used to implement either channel with anonymous sender or channel with anonymous receiver. Our protocol achieves anonymity and message secrecy with unconditional security. It uses classical anonymous transfer. It tolerates disruption of the protocol, but the number of disrupters must be limited by the quantum Gilbert-Varshamov bound. This bound can be exceeded provided a specific entanglement distillation procedure will be used. A different version of the protocol tolerates any number of disrupters, but is secure only when receiver does not actively cooperate with other corrupted participants.
Expansion and amplification of weak randomness plays a crucial role in many security protocols. Using quantum devices, such procedure is possible even without trusting the devices used, by utilizing correlations between outcomes of parts of the devices. We show here how to extract random bits with an arbitrarily low bias from a single arbitrarily weak min-entropy source in a device independent setting. To do this we use Mermin devices that exhibit super-classical correlations. Number of devices used scales polynomially in the length of the random sequence n. Our protocol is robust, it can tolerate devices that malfunction with a probability dropping polynomially in n at the cost of a minor increase of the number of devices used. High quality randomness is a very useful resource in many computation and cryptographic tasks. In fact it has been shown that many protocols (including quantum ones) vitally require perfect randomness for their security[1-3]. Unfortunately, at the same time perfect randomness is very rare. In the classical world the true randomness, i.e. independent uniformly distributed random bits, cannot be produced at all. The only available resource is pseudo-randomness, sequences that appear random to all observers (often referred to as adversaries) not having full information about the whole environment. Thus classical randomness generators produce pseudorandom numbers stemming from external sources and fluctuations, hoping that the adversary will not be able to reconstruct all the background information. Sources producing imperfect randomness even taking into account the limited capabilities of the adversary are called weak random sources. To enhance the quality and security of these sources, ran-domness extractors are used. These are devices that combine more sources of randomness to obtain fewer bits of higher quality [4]. On the other hand, theoretically the production of true randomness is possible, if one assumes Quantum theory to be valid: Preparation of a pure state and measurement in its complementary basis will yield a perfectly random result. This is due to the inherent randomness present in Quantum theory itself-this principle is being used in the design commercially available devices [5]. The assumption , however, is high quality and stability of quantum devices in an adversarial setting, which is far from trivial to achieve [6]. In addition, quantum devices in reality act more like black boxes that are inaccessible for users except for providing them classical inputs and obtaining classical outputs from them. It is very hard, if not impossible, to directly test what these devices actually do, whether they perform operations and measurements as promised and whether their outputs really come from quantum measurements. Therefor it is crucial to test these devices even during their activity-satisfying these tests shall guarantee that the devices are correctly designed and manufactured and they work as desired. This is possible by utilizing super-classical correlations of certain quantum ...
Expansion and amplification of weak randomness plays a crucial role in many security protocols. Using quantum devices, such procedure is possible even without trusting the devices used, by utilizing correlations between outcomes of parts of the devices. We show here how to extract random bits with an arbitrarily low bias from a single arbitrarily weak min-entropy source in a device independent setting. To do this we use Mermin devices that exhibit super-classical correlations. Number of devices used scales polynomially in the length of the random sequence n. Our protocol is robust, it can tolerate devices that malfunction with a probability dropping polynomially in n at the cost of a minor increase of the number of devices used.High quality randomness is a very useful resource in many computation and cryptographic tasks. In fact it has been shown that many protocols (including quantum ones) vitally require perfect randomness for their security [1][2][3].Unfortunately, at the same time perfect randomness is very rare. In the classical world the true randomness, i.e. independent uniformly distributed random bits, cannot be produced at all. The only available resource is pseudo-randomness, sequences that appear random to all observers (often referred to as adversaries) not having full information about the whole environment. Thus classical randomness generators produce pseudorandom numbers stemming from external sources and fluctuations, hoping that the adversary will not be able to reconstruct all the background information. Sources producing imperfect randomness even taking into account the limited capabilities of the adversary are called weak random sources. To enhance the quality and security of these sources, randomness extractors are used. These are devices that combine more sources of randomness to obtain fewer bits of higher quality [4].On the other hand, theoretically the production of true randomness is possible, if one assumes Quantum theory to be valid: Preparation of a pure state and measurement in its complementary basis will yield a perfectly random result. This is due to the inherent randomness present in Quantum theory itself -this principle is being used in the design commercially available devices [5]. The assumption, however, is high quality and stability of quantum devices in an adversarial setting, which is far from trivial to achieve [6].In addition, quantum devices in reality act more like black boxes that are inaccessible for users except for providing them classical inputs and obtaining classical outputs from them. It is very hard, if not impossible, to directly test what these devices actually do, whether they perform operations and measurements as promised and whether their outputs really come from quantum measurements. Therefor it is crucial to test these devices even during their activity -satisfying these tests shall guarantee that the devices are correctly designed and manufactured and they work as desired. This is possible by utilizing super-classical correlations of certain quantum...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.