Improved Security Bound of (E/D)WCDM

In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.

High-speed device-independent quantum key distribution against collective attacks

The security of quantum key distribution (QKD) usually relies on that the users’s devices are well characterized according to the security models made in the security proofs. In contrast,device-independent QKD an entanglement-based protocol permits the security even without any knowledge of the underlying devices. Despite its beauty in theory, device-independent QKD is elusive to realize with current technology. This is because a faithful realization requires ahigh-quality violation of Bell inequality without the fair-sampling assumption. Particularly, in a photonic realization, a rather high detection efficiency is needed where the threshold values depend on the security proofs; this efficiency is far beyond the current reach. Here, both theoretical and experimental innovations yield the realization of device-independent QKD based on a photonic setup. On the theory side, to relax the threshold efficiency for practical deviceindependent QKD, we exploit the random post-selection combined with adding noise for preprocessing, and compute the entropy with complete nonlocal correlations. On the experiment side, we develop a high-quality polarization-entangled photonic source and achieve state-of-theart (heralded) detection efficiency of 87.49%, which outperforms previous experiments and satisfies the threshold efficiency for the first time. Together, we demonstrate device-independent QKD at a secret key rate of 466 bits/s over 20 m standard fiber in the asymptotic limit against collective attacks. Besides, we show the feasibility of generating secret keys at a fiber length of 220 meters. Importantly, our photonic implementation can generate entangled photons at a high rate and in the telecom wavelength, which is desirable for high-speed key generation over long distances. The results not only prove the feasibility of device-independent QKD with realistic devices, but also push the security of communication to an unprecedented level.

Simple security proofs for continuous variable quantum key distribution with intensity fluctuating sources

Despite tremendous theoretical and experimental progress in continuous variable (CV) quantum key distribution (QKD), the security has not been rigorously established for most current continuous variable quantum key distribution systems that have imperfections. Among these imperfections, intensity fluctuation is one of the principal problems affecting security. In this paper, we provide simple security proofs for continuous variable quantum key distribution systems with intensity fluctuating sources. Specifically, depending on device assumptions in the source, the imperfect systems are divided into two general cases for security proofs. In the most conservative case, we prove the security based on the tagging idea, which is a main technique for the security proof of discrete variable quantum key distribution. Our proofs are simple to implement without any hardware adjustment for current continuous variable quantum key distribution systems. Also, we show that our proofs are able to provide secure secret keys in the finite-size scenario.

How to Design a Secure Anonymous Authentication and Key Agreement Protocol for Multi-Server Environments and Prove Its Security

An anonymous authentication and key agreement (AAKA) protocol provides anonymous members symmetric authentication and establishes a symmetric session key for secure communication in public networks. Today, numerous popular remote services are based on multi-server architecture, such as the internet of things (IoT), smart cities, cloud services, vehicular ad hoc networks (VANET), and telecare medicine information systems (TMIS). Many researchers have attempted to design AAKA protocols in multi-server environments for various applications. However, many of these have security defects, even if they have so-called “formal” security proofs. In this paper, we analyze related AAKA protocols to identify the common design defects, expound the process of designing secure AAKA protocols, and explain why the present AAKA protocols still suffer attacks, despite having security proofs. We instruct readers on how to design a secure AAKA protocol and how to prove the security. This paper will therefore be helpful for the design of new AAKA protocols, and for ensuring their security.

Foundations of Programmable Secure Computation

This paper formalises the security of programmable secure computation focusing on simplifying security proofs of new algorithms for existing computation frameworks. Security of the frameworks is usually well established but the security proofs of the algorithms are often more intuitive than rigorous. This work specifies a transformation from the usual hybrid execution model to an abstract model that is closer to the intuition. We establish various preconditions that are satisfied by natural secure computation frameworks and protocols, thus showing that mostly the intuitive proofs suffice. More elaborate protocols might still need additional proof details.

Computing conditional entropies for quantum correlations

The rates of quantum cryptographic protocols are usually expressed in terms of a conditional entropy minimized over a certain set of quantum states. In particular, in the device-independent setting, the minimization is over all the quantum states jointly held by the adversary and the parties that are consistent with the statistics that are seen by the parties. Here, we introduce a method to approximate such entropic quantities. Applied to the setting of device-independent randomness generation and quantum key distribution, we obtain improvements on protocol rates in various settings. In particular, we find new upper bounds on the minimal global detection efficiency required to perform device-independent quantum key distribution without additional preprocessing. Furthermore, we show that our construction can be readily combined with the entropy accumulation theorem in order to establish full finite-key security proofs for these protocols.