Presentation is loading. Please wait.

Presentation is loading. Please wait.

Christian Schaffner CWI Amsterdam, Netherlands Quantum Cryptography beyond Key Distribution Tropical QKD Waterloo, ON, Canada Wednesday, 16 June 2010.

Published byDarcy Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Christian Schaffner CWI Amsterdam, Netherlands Quantum Cryptography beyond Key Distribution Tropical QKD Waterloo, ON, Canada Wednesday, 16 June 2010."— Presentation transcript:

1 Christian Schaffner CWI Amsterdam, Netherlands Quantum Cryptography beyond Key Distribution Tropical QKD Waterloo, ON, Canada Wednesday, 16 June 2010

2 2 Outline  Cryptographic Primitives  Noisy-Storage Model  Position-Based Quantum Cryptography  Conclusion

3 3 Cryptography settings where parties do not trust each other: secure communication authentication Alice Bob Eve three-party scenario = ? use the same quantum hardware for applications in two- and multi-party scenarios

4 4 I’m Alice, my PIN is 4049 I want $50 Alright Alice, here you go. (example stolen from Louis Salvail) Modern-Day Cryptography

5 5 I’m Alice my PIN is 4049 I want $50 Sorry, I’m out of order Alice: 4049

6 6 Modern-Day Cryptography Alright Alice, here you go. Alice: 4049 I’m Alice, my PIN is 4049 I want $500.000

7 7 Where It Went Wrong I’m Alice my PIN is 4049 I want $50

8 8 = = Secure Evaluation of the Equality PIN-based identification scheme should be a secure evaluation of the equality function dishonest player can exclude only one possible password a a = b ? ? b ?

9 9 IDEAL REAL f f Secure Function Evaluation: Definition we have: protocol x y f(x,y) we want: ideal functionality security: if REAL looks like IDEAL to the outside world f(x,y)

10 10 f f we have: protocol x f(x,y) y we want: ideal functionality security: if REAL looks like IDEAL to the outside world IDEAL REAL Secure Function Evaluation: Dishonest Alice

11 11 f f Secure Function Evaluation: Dishonest Bob we have: protocol x f(x,y) y we want: ideal functionality security: if REAL looks like IDEAL to the outside world IDEAL REAL

12 12 Modern Cryptography two-party scenarios: password-based identification (=) millionaire‘s problem (<) dating problem (AND) multi-party scenarios: sealed-bid auctions e-voting … use QKD hardware for applications in two- and multi-party scenarios

13 13 In the plain model (no restrictions on adversaries, using quantum communication, as in QKD): Secure function evaluation is impossible (Lo ‘97) Restrict the adversary: Computational assumptions (e.g. factoring or discrete logarithms are hard) Can we implement these primitives?

14 14 use the technical difficulties in building a quantum computer to our advantage storing quantum information is a technical challenge Bounded-Quantum-Storage Model : bound the number of qubits an adversary can store (Damgaard, Fehr, Salvail, S ‘05) Noisy-(Quantum-)Storage Model: more general and realistic model (Wehner, S, Terhal ’07; König, Wehner, Wullschleger ‘09) Exploit Quantum-Storage Imperfections Conversion can failError in storageReadout can fail

15 15 Outline Cryptographic Primitives  Noisy-Storage Model  Position-Based Quantum Cryptography  Conclusion

16 16 The Noisy-Storage Model (Wehner, S, Terhal ’07)

17 17 what an (active) adversary can do:  change messages  computationally all-powerful  unlimited classical storage  actions are ‘instantaneous’ restriction:  noisy quantum storage The Noisy-Storage Model (Wehner, S, Terhal ’07) waiting time: ¢ t

18 18 The Noisy-Storage Model (Wehner, S, Terhal ’07) Arbitrary encoding attack Arbitrary encoding attack Unlimited classical storage  change messages  computationally all-powerful  unlimited classical storage  actions are ‘instantaneous’  change messages  computationally all-powerful  unlimited classical storage  actions are ‘instantaneous’ waiting time: ¢ t Adversary’s state Noisy quantum storage models:  decoherence in memory  transfer into storage (photonic states onto different carrier)

19 19 natural conditions on the storage channel: waiting does not help: The Noisy-Storage Model Arbitrary encoding attack Arbitrary encoding attack Noisy quantum storage Unlimited classical storage Adversary’s state during waiting time: ¢ t

20 20 General case [ König Wehner Wullschleger arxiv:0906.1030] : Storage channels with “strong converse” property, e.g. depolarizing channel Some simplifications [S arxiv:1002.1495] Protocol Structure 20 weak string erasure waiting time: ¢ t quantum part as in BB84  Noisy quantum storage  Noisy quantum storage

21 21 Outline Cryptographic Primitives Noisy-Storage Model  Position-Based Quantum Cryptography  Conclusion

22 22 Position-Based Quantum Cryptography Prover wants to convince verifiers that she is at a particular position assumptions: communication at speed of light instantaneous computation verifiers can coordinate no coalition of (fake) provers, i.e. not at the claimed position, can convince verifiers Verifier1 Verifier2 Prover [Malaney: 1004.4689, Chandran Fehr Gelles Goyal Ostrovsky: 1005.1750] classically impossible ! even using computational assumptions

23 23 Position-Based Quantum Cryptography intuitively: security follows from no cloning formally, usage of recently established strong complementary information trade-off Verifier1 Verifier2 Prover [Chandran Fehr Gelles Goyal Ostrovsky: 1005.1750]

24 24 Position-Based Quantum Cryptography can be generalized to more dimensions basic scheme for secure positioning more advanced schemes allow message authentication and key distribution connections to entropic uncertainty relations and non-local games many open questions Verifier1 Verifier2Prover [Chandran Fehr Gelles Goyal Ostrovsky: 1005.1750]

25 25 Conclusion = = cryptographic primitives noisy-storage model: well-defined adversary model composable security definitions position-based q cryptography QKD hardware and know-how is useful in applications beyond key distribution

Download ppt "Christian Schaffner CWI Amsterdam, Netherlands Quantum Cryptography beyond Key Distribution Tropical QKD Waterloo, ON, Canada Wednesday, 16 June 2010."

Similar presentations

Quantum Cryptography http://www.dcs.warwick.ac.uk/~esvbb Nick Papanikolaou Third Year CSE Student npapanikolaou@iee.org http://www.dcs.warwick.ac.uk/~esvbb.

Quantum Cryptography Nick Papanikolaou Third Year CSE Student
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (ETH Zürich,

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (ETH Zürich,
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,

Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
Position-Based Quantum Cryptography Christian Schaffner ILLC, University of Amsterdam Centrum Wiskunde & Informatica Logic Tea, ILLC Tuesday, 14/02/2012.

Position-Based Quantum Cryptography Christian Schaffner ILLC, University of Amsterdam Centrum Wiskunde & Informatica Logic Tea, ILLC Tuesday, 14/02/2012.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.

Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Similar presentations

Ads by Google