Cryptography in the Bounded-Quantum-Storage Model

This thesis initiates the study of cryptographic protocols in the bounded-quantum-storage model. On the practical side, simple protocols for Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are presented. No quantum memory is required for honest players, whereas the protocols can only be broken by an adversary controlling a large amount of quantum memory. The protocols are efficient, non-interactive and can be implemented with today’s technology. On the theoretical side, new entropic uncertainty relations involving min-entropy are established and used to prove the security of protocols according to new strong security definitions. For instance, in the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers, the uncertainty relation allows to prove the security of QKD protocols while tolerating considerably higher error rates compared to the standard model with unbounded adversaries.

💡 Research Summary

The dissertation “Cryptography in the Bounded‑Quantum‑Storage Model” introduces a novel cryptographic framework that assumes the adversary’s quantum memory is limited, while honest parties require none. This bounded‑quantum‑storage model (BQSM) departs from the traditional unconditional‑security setting, where both parties are assumed to have unlimited computational and storage resources, and from the classical bounded‑memory model, which only tolerates adversaries with memory polynomially larger than that of the honest parties. By leveraging realistic physical constraints on quantum storage—currently on the order of a few hundred qubits—the author constructs practical, non‑interactive protocols for three fundamental primitives: Rabin oblivious transfer (OT), 1‑2 OT, and bit commitment.

The work begins with a thorough review of cryptographic models and the impossibility results that rule out unconditional security for OT and bit commitment in the unrestricted quantum setting (Mayers, Lo‑Chau). It then formalizes BQSM, defining the adversary’s quantum memory bound (Q) and the total number of transmitted qubits (N). Security is achieved when breaking a protocol would require storing more than a constant fraction of the (N) qubits, which exceeds any realistic (Q).

A central technical contribution is the development of new entropic uncertainty relations based on min‑entropy rather than Shannon entropy. By considering two or more mutually unbiased bases (MUBs), the author proves that for any measurement strategy the min‑entropy of the measurement outcome conditioned on the adversary’s quantum side‑information remains above a fixed threshold. This “min‑entropy splitting lemma” enables tight security reductions: the adversary’s ability to guess any function of the sender’s data is bounded unless he can store a large portion of the quantum transcript. The relations are stronger than previous Shannon‑entropy based bounds and are directly applicable to the analysis of OT and commitment protocols.

For Rabin OT, the protocol sends each bit encoded in a random basis; the receiver obtains the bit with probability ½ and discards it otherwise. The security proof combines the new uncertainty relation with privacy amplification via two‑universal hashing, showing that a dishonest receiver who stores fewer than (N/2) qubits learns essentially no information about the transmitted bit. The protocol tolerates realistic channel noise and loss, and its non‑interactive nature makes it implementable with current photon‑polarization hardware.

The 1‑2 OT construction uses two MUBs to encode two bits simultaneously. The receiver chooses the basis corresponding to the desired bit and measures; the other bit remains hidden unless the adversary stores at least half of the transmitted qubits. The author also provides a novel characterization of classical 1‑2 OT security: the receiver’s ignorance of the XOR (or any non‑trivial linear function) of the two inputs is equivalent to the standard “learn only one of the two bits” requirement. This insight extends to string OT and yields a clean reduction from weak OT to strong OT without additional rounds.

Bit commitment is realized by first committing to a random string via a quantum encoding and later opening it. Two security notions are examined: the standard binding condition (the committer cannot open both values) and a stronger condition derived from the min‑entropy uncertainty relation, which guarantees that any cheating strategy would need to store a super‑linear amount of quantum data. Hiding is ensured through privacy amplification, making the commitment statistically hiding even against quantum‑bounded eavesdroppers.

Finally, the dissertation applies the uncertainty relations to Quantum Key Distribution (QKD) against eavesdroppers with bounded quantum memory. By quantifying the min‑entropy of the raw key conditioned on the adversary’s stored qubits, the author derives a higher tolerable quantum bit error rate (QBER) than in the standard unconditional model—approximately 30 % versus the usual 11 % for BB84—while still guaranteeing composable security. This result demonstrates that practical QKD can be made more robust when realistic memory constraints are taken into account.

In conclusion, the thesis establishes BQSM as a powerful and realistic security model, provides concrete, implementable protocols for core cryptographic primitives, and introduces min‑entropy based uncertainty relations that sharpen security analyses across OT, commitment, and QKD. The work bridges the gap between theoretical impossibility and practical feasibility, opening new avenues for quantum‑secure cryptography that align with today’s technological limits.