scholarly journals On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions

1998 ◽  
Vol 5 (37) ◽  
Author(s):  
Ivan B. Damgård ◽  
Joe Kilian ◽  
Louis Salvail

We consider the problem of basing Oblivious Transfer (OT)<br />and Bit Commitment (BC), with information theoretic security, on seemingly weaker primitives.We introduce a general model for describing such primitives, called Weak Generic Transfer (WGT). This model includes as important special cases Weak Oblivious Transfer (WOT), where both<br />the sender and receiver may learn too much about the other party's input, and a new, more realistic model of noisy channels, called unfair noisy channels. An unfair noisy channel has a known range of possible noise levels; protocols must work for any level within this range against adversaries who know the actual noise level. We give a precise characterization for when one can base OT on WOT. When the deviation of the WOT from the ideal is above a certain threshold, we show that no information-theoretic reductions from OT (even against passive adversaries) and BC exist; when the deviation is below this threshold, we give a reduction from OT (and hence BC) that is information-theoretically secure against active adversaries.<br />For unfair noisy channels we show a similar threshold phenomenon for bit commitment. If the upper bound on the noise is above a threshold (given as function of the lower bound) then no information-theoretic reduction from OT (even against passive adversaries) or BC exist; when it is below this threshold we give a reduction from BC. As a partial result, we give<br />a reduction from OT to UNC for smaller noise intervals.

2013 ◽  
Vol 13 (1&2) ◽  
pp. 158-177
Author(s):  
Andre Chailloux ◽  
Iordanis Kerenidis ◽  
Jamie Sikora

Oblivious transfer is a fundamental primitive in cryptography. While perfect information theoretic security is impossible, quantum oblivious transfer protocols can limit the dishonest player's cheating. Finding the optimal security parameters in such protocols is an important open question. In this paper we show that every 1-out-of-2 oblivious transfer protocol allows a dishonest party to cheat with probability bounded below by a constant strictly larger than $1/2$. Alice's cheating is defined as her probability of guessing Bob's index, and Bob's cheating is defined as his probability of guessing both input bits of Alice. In our proof, we relate these cheating probabilities to the cheating probabilities of a bit commitment protocol and conclude by using lower bounds on quantum bit commitment. Then, we present an oblivious transfer protocol with two messages and cheating probabilities at most $3/4$. Last, we extend Kitaev's semidefinite programming formulation to more general primitives, where the security is against a dishonest player trying to force the outcome of the other player, and prove optimal lower and upper bounds for them.


2020 ◽  
Vol 6 (37) ◽  
pp. eaaz4487 ◽  
Author(s):  
Margarida Pereira ◽  
Go Kato ◽  
Akihiro Mizutani ◽  
Marcos Curty ◽  
Kiyoshi Tamaki

In theory, quantum key distribution (QKD) offers information-theoretic security. In practice, however, it does not due to the discrepancies between the assumptions used in the security proofs and the behavior of the real apparatuses. Recent years have witnessed a tremendous effort to fill the gap, but the treatment of correlations among pulses has remained a major elusive problem. Here, we close this gap by introducing a simple yet general method to prove the security of QKD with arbitrarily long-range pulse correlations. Our method is compatible with those security proofs that accommodate all the other typical device imperfections, thus paving the way toward achieving implementation security in QKD with arbitrary flawed devices. Moreover, we introduce a new framework for security proofs, which we call the reference technique. This framework includes existing security proofs as special cases, and it can be widely applied to a number of QKD protocols.


2003 ◽  
Vol 10 (36) ◽  
Author(s):  
Ivan B. Damgård ◽  
Serge Fehr ◽  
Kirill Morozov ◽  
Louis Salvail

In a paper from EuroCrypt'99, Damgård, Kilian and Salvail show various positive and negative results on constructing Bit Commitment (BC) and Oblivious Transfer (OT) from Unfair Noisy Channels (UNC), i.e., binary symmetric channels where the error rate is only known to be in a certain interval [gamma ..delta] and can be chosen adversarily. They also introduce a related primitive called PassiveUNC. We prove in this paper that any OT protocol that can be constructed based on a PassiveUNC and is secure against a passive adversary can be transformed using a generic "compiler'' into an OT protocol based on a UNC which is secure against an active adversary. Apart from making positive results easier to prove in general, this also allows correcting a problem in the EuroCrypt'99 paper: There, a positive result was claimed on constructing from UNC an OT that is secure against active cheating. We point out that the proof sketch given for this was incomplete, and we show that a correct proof of a much stronger result follows from our general compilation result and a new technique for transforming between weaker versions of OT with different parameters.


2021 ◽  
Vol 12 (1) ◽  
Author(s):  
René Schwonnek ◽  
Koon Tong Goh ◽  
Ignatius W. Primaatmaja ◽  
Ernest Y.-Z. Tan ◽  
Ramona Wolf ◽  
...  

AbstractDevice-independent quantum key distribution (DIQKD) is the art of using untrusted devices to distribute secret keys in an insecure network. It thus represents the ultimate form of cryptography, offering not only information-theoretic security against channel attacks, but also against attacks exploiting implementation loopholes. In recent years, much progress has been made towards realising the first DIQKD experiments, but current proposals are just out of reach of today’s loophole-free Bell experiments. Here, we significantly narrow the gap between the theory and practice of DIQKD with a simple variant of the original protocol based on the celebrated Clauser-Horne-Shimony-Holt (CHSH) Bell inequality. By using two randomly chosen key generating bases instead of one, we show that our protocol significantly improves over the original DIQKD protocol, enabling positive keys in the high noise regime for the first time. We also compute the finite-key security of the protocol for general attacks, showing that approximately 108–1010 measurement rounds are needed to achieve positive rates using state-of-the-art experimental parameters. Our proposed DIQKD protocol thus represents a highly promising path towards the first realisation of DIQKD in practice.


2014 ◽  
Vol 33 ◽  
pp. 1460361 ◽  
Author(s):  
Lachlan J. Gunn ◽  
James M. Chappell ◽  
Andrew Allison ◽  
Derek Abbott

While information-theoretic security is often associated with the one-time pad and quantum key distribution, noisy transport media leave room for classical techniques and even covert operation. Transit times across the public internet exhibit a degree of randomness, and cannot be determined noiselessly by an eavesdropper. We demonstrate the use of these measurements for information-theoretically secure communication over the public internet.


2012 ◽  
Vol 457-458 ◽  
pp. 1499-1507 ◽  
Author(s):  
Si Guang Chen ◽  
Meng Wu ◽  
Wei Feng Lu

In this work we consider the problem of designing a secret error-correcting network coding scheme against an adversary that can re-select the tapping links in different time slot and inject z erroneous packets into network. We first derive a necessary condition for keeping the transmitted information secret from the adversary, while the network is only subject to the eavesdropping attack. We then design an error-correcting scheme by combining the rank-metric codes with shared secret model, which can decode the transmitted information correctly provided a sufficiently large q. With that, a secret error-correcting network coding is proposed by combining this error-correcting scheme with secret communication. We show that under the requirement of communication can achieve a rate of packets. Moreover, it ensures that the communicated information is reliable and information-theoretic security from the adversary. In particular, the requirement of packet length is not as large as the required in [12]. Finally, the security and performance analyses illustrate the characteristics of our scheme.


Quantum ◽  
2021 ◽  
Vol 5 ◽  
pp. 447
Author(s):  
Zixin Huang ◽  
Peter P. Rohde ◽  
Dominic W. Berry ◽  
Pieter Kok ◽  
Jonathan P. Dowling ◽  
...  

Quantum data locking is a quantum phenomenon that allows us to encrypt a long message with a small secret key with information-theoretic security. This is in sharp contrast with classical information theory where, according to Shannon, the secret key needs to be at least as long as the message. Here we explore photonic architectures for quantum data locking, where information is encoded in multi-photon states and processed using multi-mode linear optics and photo-detection, with the goal of extending an initial secret key into a longer one. The secret key consumption depends on the number of modes and photons employed. In the no-collision limit, where the likelihood of photon bunching is suppressed, the key consumption is shown to be logarithmic in the dimensions of the system. Our protocol can be viewed as an application of the physics of Boson Sampling to quantum cryptography. Experimental realisations are challenging but feasible with state-of-the-art technology, as techniques recently used to demonstrate Boson Sampling can be adapted to our scheme (e.g., Phys. Rev. Lett. 123, 250503, 2019).


Sign in / Sign up

Export Citation Format

Share Document