A Tight High-Order Entropic Quantum Uncertainty Relation with Applications

Damgård, Ivan; Fehr, Serge; Renner, Renato; Salvail, Louis; Schaffner, Christian

doi:10.1007/978-3-540-74143-5_20

Cited by 98 publications

(221 citation statements)

References 39 publications

Supporting

Mentioning

217

Contrasting

Order By: Relevance

“…Finally, we show that the ad-hoc security definitions proposed by Damgård, Fehr, Salvail and Schaffner for their 1-2 OT and secure-identification protocols in the bounded-quantum-storage model [7,9] imply (and are likely to be equivalent) to the corresponding security definitions obtained from our approach. 3 This implies composability in the above sense for these quantum protocols in the bounded-quantum-storage model.…”

Section: Contributionmentioning

confidence: 68%

“…This is clearly a stronger composition result than we obtain (though restricted to the bounded-quantum-storage model) but comes at the price of a more demanding security definition. And indeed, whereas we show that the simple definitions used in [8,7] already guarantee composability into classical protocols without any modifications to the original parameters and proofs, [29] need to strengthen the quantum-memory bound (and re-do the security proof) in order to show that the 1-2 OT protocol from [7] meets their strong security definition. As we argued above, this is an overkill in many situations.…”

Section: Related Workmentioning

confidence: 89%

“…As we argued above, this is an overkill in many situations. 1 We are well aware that quantum OT is impossible without any restriction on the adversary, but it becomes possible for instance when restricting the adversary's quantum memory [8,7]. 2 Here, "classical" can be understood as "non-quantum" as well as "being a classic".…”

Section: Related Workmentioning

confidence: 99%

“…Since essentially no interesting two-party task can be implemented securely by a quantum protocol against unbounded quantum attacks [20,19,18,16], one typically has to put some restriction upon the dishonest player's capabilities, like to limit his quantum-storage capabilities [8,7,9,28] or the size of coherent measurements he can do [24]. Throughout, we let A and B be subfamilies of all possible strategies A and B of a dishonest Alice and a dishonest Bob, respectively.…”

Section: The Security Definitionmentioning

confidence: 99%

“…In the full version [11] of this paper, we also show the corresponding for the 1-2 OT scheme [7] and for other variants of OT.…”

Section: Example: Secure Identificationmentioning

confidence: 99%

See 4 more Smart Citations

Composing Quantum Protocols in a Classical Environment

Fehr

Schaffner

2009

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. We propose a general security definition for cryptographic quantum protocols that implement classical non-reactive two-party tasks. The definition is expressed in terms of simple quantuminformation-theoretic conditions which must be satisfied by the protocol to be secure. The conditions are uniquely determined by the ideal functionality F defining the cryptographic task to be implemented. We then show the following composition result. If quantum protocols π1, . . . , π securely implement ideal functionalities F1, . . . , F according to our security definition, then any purely classical two-party protocol, which makes sequential calls to F1, . . . , F , is equally secure as the protocol obtained by replacing the calls to F1, . . . , F with the respective quantum protocols π1, . . . , π . Hence, our approach yields the minimal security requirements which are strong enough for the typical use of quantum protocols as subroutines within larger classical schemes. Finally, we show that recently proposed quantum protocols for secure identification and oblivious transfer in the bounded-quantum-storage model satisfy our security definition, and thus compose in the above sense.

show abstract

Section: Contributionmentioning

confidence: 68%

Section: Related Workmentioning

confidence: 89%

Section: Related Workmentioning

confidence: 99%

Section: The Security Definitionmentioning

confidence: 99%

“…In the full version [11] of this paper, we also show the corresponding for the 1-2 OT scheme [7] and for other variants of OT.…”

Section: Example: Secure Identificationmentioning

confidence: 99%

See 3 more Smart Citations

Composing Quantum Protocols in a Classical Environment

Fehr

Schaffner

2009

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

Oblivious Transfer and Linear Functions

Damgård

Fehr

Salvail

et al. 2006

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We study unconditionally secure 1-out-of-2 Oblivious Transfer (1-2 OT). We first point out that a standard security requirement for 1-2 OT of bits, namely that the receiver only learns one of the bits sent, holds if and only if the receiver has no information on the XOR of the two bits. We then generalize this to 1-2 OT of strings and show that the security can be characterized in terms of binary linear functions. More precisely, we show that the receiver learns only one of the two strings sent if and only if he has no information on the result of applying any binary linear function (which non-trivially depends on both inputs) to the two strings.We then argue that this result not only gives new insight into the nature of 1-2 OT, but it in particular provides a very powerful tool for analyzing 1-2 OT protocols. We demonstrate this by showing that with our characterization at hand, the reducibility of 1-2 OT (of strings) to a wide range of weaker primitives follows by a very simple argument. This is in sharp contrast to previous literature, where reductions of 1-2 OT to weaker flavors have rather complicated and sometimes even incorrect proofs.

show abstract