This thesis initiates the study of cryptographic protocols in the bounded-quantum-storage model. On the practical side, simple protocols for Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are presented. No quantum memory is required for honest players, whereas the protocols can only be broken by an adversary controlling a large amount of quantum memory. The protocols are efficient, non-interactive and can be implemented with today's technology. On the theoretical side, new entropic uncertainty relations involving min-entropy are established and used to prove the security of protocols according to new strong security definitions. For instance, in the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers, the uncertainty relation allows to prove the security of QKD protocols while tolerating considerably higher error rates compared to the standard model with unbounded adversaries.
Deep Dive into Cryptography in the Bounded-Quantum-Storage Model.
This thesis initiates the study of cryptographic protocols in the bounded-quantum-storage model. On the practical side, simple protocols for Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are presented. No quantum memory is required for honest players, whereas the protocols can only be broken by an adversary controlling a large amount of quantum memory. The protocols are efficient, non-interactive and can be implemented with today’s technology. On the theoretical side, new entropic uncertainty relations involving min-entropy are established and used to prove the security of protocols according to new strong security definitions. For instance, in the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers, the uncertainty relation allows to prove the security of QKD protocols while tolerating considerably higher error rates compared to the standard model with unbounded adversaries.
two bits. This result generalizes to 1-2 OT of strings, in which case the security can be characterized in terms of binary linear functions. More precisely, it is shown that the receiver learns only one of the two strings sent, if and only if he has no information on the result of applying any binary linear function which non-trivially depends on both inputs to the two strings. This result not only gives new insight into the nature of 1-2 OT, but it in particular provides a powerful tool for analyzing 1-2 OT protocols. With this characterization at hand, the reducibility of 1-2 OT of strings to a wide range of weaker primitives follows by a very simple argument.
I am grateful to everyone who helped and supported me during my PhD studies here in Århus.
First of all, I want to cordially thank my supervisors and co-authors Louis Salvail and Ivan Damgård and the whole cryptology group at DAIMI for providing an excellent environment for cryptographic research. Countless are the hours I have spent discussing scientific as well as non-scientific issues with Louis, merci beaucoup! I thank my other co-authors Claude Crépeau, Serge Fehr, Renato Renner, George Savvides and Jürg Wullschleger for many inspiring visits and discussions.
I appreciated very much being a PhD student in a well-organized and wellfunded research group and to be able to work in a brand-new building with plenty of space, great infrastructure and always helpful and friendly staff and secretaries: Ellen, Hanne, Karen, Lene, Michael, and Uffe.
Studying in Århus has been a great experience mainly because of all the friends from the constantly changing “gang” of foreign and Danish fellows at DAIMI including Allan, Claudio, Claus, Doina, Gabi, Henrik, Jan, Jesper, Jooyong, Johan, Kevin, Michael, Mikkel, Mirka, Rune, Tord, Thomas M, Tomas, and Troels; but not to forget the ones who have left Denmark and are now spread around the world: Barnie, Christopher, Emanuela and Paolo, Fitzi, Gosia and Darek, Jens, Jesús, Karl, Kirill, Marco, Nelly and Antonio, Philipp, Thomas P, and Saurabh. I thank you all for the wonderful time, both at and off the table-soccer table. Special thanks to Gosia and Henrik for constructive comments on the introduction of this thesis and to Jürg and Serge for further comments.
I would also like to thank Claude Crépeau for hosting me for a fantastic summer half-year at McGill university in Montréal where I had the chance to meet many interesting people doing quantum research and experience the exciting spot where the francophone part of North America meets the anglophone rest of the continent. I thank Prof. Andreas Winter from the University of Bristol and Prof. Stefan Wolf from ETH Zürich as well as Prof. Susanne Bødker from the University of Aarhus for agreeing to constitute the evaluation committee for my PhD thesis.
Last but not least, I want to express my gratitude to my family for their immense love and support from the distance. I am infinitely grateful for the great childhood they gave me which was and still is an invaluable source of self-confidence for me. v Chapter 1
In the quest for interesting cryptographic models, bounding the quantum memory of adversarial players is a great assumption.
It is a fascinating art to come up with protocols1 that achieve a cryptographic task like encryption, authentication, identification, voting, secure function evaluation to name just a famous few. To define a notion of security for such protocols, one needs to specify a cryptographic model, i.e. an environment in which the protocol is run. The model states for example the number of honest and dishonest players, the allowed running time and amount of memory available to honest and dishonest players, how dishonest players are allowed to deviate from the protocol, the use of external resources like (quantum) communication channels or other already established cryptographic functionalities etc.
While coming up with more and more protocols for different models, cryptographers realized that some basic primitives (i.e. precisely defined cryptographic tasks) are useful as “benchmarks” of how powerful a particular cryptographic model is. An example is the two-party primitive Oblivious Transfer (OT). It comes in different flavors, but all of these variants are equivalent in the sense that anyone of them can be implemented using (possibly several instances of) an other. The one-out-of-two variant 1-2 OT was originally introduced by Wiesner around 1970 (but only published much later in [Wie83]) in the very first paper about quantum cryptography, and later rediscovered by Even, Goldreich, and Lempel [EGL82]. It lets a sender Alice transmit two bits to a receiver Bob who can choose which of them to receive. A secure implementation of 1-2 OT does not allow a dishonest sender to learn which of the two bits was received and it does not allow a dishonest receiver to learn any information about the second bit. It was a surprising insight when Kili
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
