Presentation is loading. Please wait.

Presentation is loading. Please wait.

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.

Published byAshlie Carson Modified over 9 years ago

Similar presentations

Presentation on theme: "Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC."— Presentation transcript:

1 Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC 2008, 21/3/2008 New York, USA TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AAAA A A A A

2 Agenda 2 Motivation Main Result Applications Related Work

3 3 X=01101001… Z =10011… Key K X=01101001… random source Motivating Example

4 4 X=01101001… Z =10011… Key K X=01101001… F(X)=0011.. H 1 (X|KZ) ¸ m Key K 2-universal F(X)=? Left-Over Hash Lemma F(X)=0011.. m F Key K can be reused!

5 5 Z =10011… imperfect random source X=01101011… Key K X’=01111001… Imperfect Source

6 Information Reconciliation 6 X=01101011… Key K X’=01111001… Z =10011… F(X)=0011.. decode C’ = Y © X’ Y = X © C F(X)=? C 2 R C X=01101011… Key K H 1 (X|KZ) ¸ m + |syn(X)|

7 Reusability Problem 7 X=01101011… Key K X’=01111001… Z =10011… F(X)=0011.. decode C’ = Y © X’ Y = X © C F(X)=? C 2 R C X=01101011… Key K H 1 (X|KZ) ¸ m + |syn(X)| Problem: K cannot be reused!

8 Solution 8 X=01101011… Key K X’=01111001… Z =10011… decode C’ = Y © X’ Y = X © C C 2 R C X=01101011… Key K H 1 (X|KZ) ¸ m + |syn(X)| K can be safely reused! Y = ? [Dodis, Smith 05]

9 The Quantum Case 9 ρZρZ imperfect random source X=01101011… Key K X’=01111001… 101…

10 Two-Universal Hashing 10 X=01101011… Key K X’=01111001… F(X)=0011.. decode C’ = Y © X’ Y = X © C F(X)=? C 2 R C X=01101011… Key K H 1 (X|K ρ Z ) ¸ m + |syn(X)| ρZρZ 101…

11 Problem 11 X=01101011… Key K X’=01111001… decode C’ = Y © X’ Y = X © C C 2 R C X=01101011… Key K H 1 (X|K ρ Z ) ¸ m + |syn(X)| K can be safely reused! Y = ? [Dodis, Smith 05] ρZρZ ? 101…

12 Agenda 12 Motivation Main Result Applications Related Work

13 Classical Theorem 13 random variable A in {0,1} n is ± -biased if for all {A i } ± -biased family over {0,1} n joint distribution P XZ where X in {0,1} n and Z some side information Then, for uniform I [Dodis, Smith 05] {0,1} n © = Z I,I, A I © X = ?

14 Main Theorem 14 random variable A in {0,1} n is ± -biased if for all {A i } ± -biased family over {0,1} n joint quantum-state ρ XZ where X in {0,1} n and Z some quantum side information Then, for uniform I I, ρ Z © = A I © X = ? {0,1} n

15 Proof Technique 15 random variable A in {0,1} n is ± -biased if for all {A i } ± -biased family over {0,1} n Joint quantum-state ρ XZ where X in {0,1} n and Z some quantum side information Then, for uniform I I, ρ Z A I © X = ? Proof: quantum-information theory Fourier-analysis of matrix-valued functions over {0,1} n {0,1} n

16 16 [Alon, Goldreich, Håstad, Peralta 90] ± -biased set K over {0,1} n of size |K|=O(n 2 / ± 2 ) joint quantum-state ρ XZ where X n-bit message and Z some quantum side information ρZρZ K © X=? Application: Entropic Encryption Then, for uniform I if H 1 ( ρ XZ |Z) ¸ t, then a key size of log |K|= n - t +2 log(n)+2 log(1/ ² ) + O(1) suffices to encrypt X

17 17 For any ε ¸ 0 and 0 · t · n, there exists a (t,ε)-weak quantum extractor with n-bit output and seed length n - t +2 log(n)+2 log(1/ε) + O(1) ρZρZ K © X=? Weak Extractor Then, for uniform I if H 1 ( ρ XZ |Z) ¸ t, then a key size of log |K|= n - t +2 log(n)+2 log(1/ ² ) + O(1) suffices to encrypt X

18 Application: Private Error Correction 18 [Dodis, Smith 05] for every 0 < λ < 1, there is a family of binary linear codes {C i } of length n, correcting a linear fraction of errors, and {C i } is δ < 2 -λn/2 -biased Joint quantum-state ρ XZ where X in {0,1} n and Z some quantum side information with H 1 (ρ XZ |Z) ¸ t Then, for uniform I I, ρ Z C I © X =?

19 Agenda 19 Motivation Main Result Applications Related Work

20 Randomness Extraction against Q-Memory 20 [König, Renner, Maurer 03] 2-universal hashing [König, Terhal 06] 1-bit-output extractors [this work 06] ± -biased masking [Smith 07] Srinivasan-Zuckerman extractors [König, Renner 07] Sampling min-entropy relative to quantum knowledge F Ext C I © X = ? || ρ XZ || 2 H 1 (X 1 X 2 … X n |ρ Z ) = α ) H 1 (X r 1 X r 2 … X r s |ρ Z ) ¸ α s/n

21 Related work 21 [Gavinsky, Kempe, Kerenidis, Raz, de Wolf 06] counterexample: strong extractor which is classically “secure”, but completely insecure against q-memory of similar size [Ambainis, Smith 04] encrypting quantum messages with ± -biased masking [Desrosiers, Dupuis 07] quantum entropic security Quantum Schemes

22 Conclusions 22 randomness extraction via ± -biased masking is secure in the presence of quantum attacker entropic security Error Correction without Leaking Partial Information Applications in the Bounded-(Quantum-)Storage Model Thanks to you!

23 Strong Extractor 23 Let {C i } be a δ-biased family of binary linear [n,k,d] 2 codes. {H i } the parity-check matrix. Then, Ext: (i,x)  H i x is a (t, ε)-strong quantum extractor with with (n-k)-bit output, ε= δ 2 (n-t)/2 Seed length must be linear in n Then, I, ρ Z C I © X =?

Download ppt "Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC."

Similar presentations

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Deterministic Extractors for Small Space Sources Jesse Kamp, Anup Rao, Salil Vadhan, David Zuckerman.

Deterministic Extractors for Small Space Sources Jesse Kamp, Anup Rao, Salil Vadhan, David Zuckerman.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.

Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.
The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in.

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.
Quantum One-Way Communication is Exponentially Stronger than Classical Communication TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Quantum One-Way Communication is Exponentially Stronger than Classical Communication TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.

1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,

Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,
Paul Cuff THE SOURCE CODING SIDE OF SECRECY TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.

Paul Cuff THE SOURCE CODING SIDE OF SECRECY TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
Yi Wu (CMU) Joint work with Parikshit Gopalan (MSR SVC) Ryan O’Donnell (CMU) David Zuckerman (UT Austin) Pseudorandom Generators for Halfspaces TexPoint.

Yi Wu (CMU) Joint work with Parikshit Gopalan (MSR SVC) Ryan O’Donnell (CMU) David Zuckerman (UT Austin) Pseudorandom Generators for Halfspaces TexPoint.
A Parallel Repetition Theorem for Any Interactive Argument Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before.

A Parallel Repetition Theorem for Any Interactive Argument Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before.
 Secure Authentication Using Biometric Data Karen Cui.

 Secure Authentication Using Biometric Data Karen Cui.
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.

Similar presentations

Ads by Google