Quantum Authentication and Encryption with Key Recycling

We propose an information-theoretically secure encryption scheme for classical messages with quantum ciphertexts that offers detection of eavesdropping attacks, and re-usability of the key in case no eavesdropping took place: the entire key can be securely re-used for encrypting new messages as long as no attack is detected. This is known to be impossible for fully classical schemes, where there is no way to detect plain eavesdropping attacks. This particular application of quantum techniques to cryptography was originally proposed by Bennett, Brassard and Breidbart in 1982, even before proposing quantum-key-distribution, and a simple candidate scheme was suggested but no rigorous security analysis was given. The idea was picked up again in 2005, when Damgard, Pedersen and Salvail suggested a new scheme for the same task, but now with a rigorous security analysis. However, their scheme is much more demanding in terms of quantum capabilities: it requires the users to have a quantum computer. In contrast, and like the original scheme by Bennett et al., our new scheme merely requires to prepare and measure single BB84 qubits. As such, we not only show a provably-secure scheme that is within reach of current technology, but we also confirm Bennett et al.'s original intuition that a scheme in the spirit of their original construction is indeed secure.

[1]  Gilles Brassard,et al.  Quantum Cryptography II: How to re-use a one-time pad safely even if P=NP , 2014, Natural Computing.

[2]  Renato Renner,et al.  Security of quantum key distribution , 2005, Ausgezeichnete Informatikdissertationen.

[3]  Ivan Damgård,et al.  Secure identification and QKD in the bounded-quantum-storage model , 2007, Theor. Comput. Sci..

[4]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[5]  Andris Ambainis,et al.  Private quantum channels , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[6]  Gilles Brassard,et al.  Quantum cryptography: Public key distribution and coin tossing , 2014, Theor. Comput. Sci..

[7]  Ivan Damgård,et al.  How to re-use a one-time pad safely and almost optimally even if P = NP , 2014, Natural Computing.

[8]  Serge Fehr,et al.  Randomness Extraction Via delta -Biased Masking in the Presence of a Quantum Attacker , 2007, TCC.

[9]  Michal Horodecki,et al.  How to reuse a one-time pad and other notes on authentication encryption and protection of quantum information , 2003, ArXiv.

[10]  Ivan Damgård,et al.  A Quantum Cipher with Near Optimal Key-Recycling , 2005 .

[11]  Adam D. Smith,et al.  Authentication of quantum messages , 2001, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[12]  Serge Fehr,et al.  One-Sided Device-Independent QKD and Position-Based Cryptography from Monogamy Games , 2013, EUROCRYPT.

[13]  Debbie W. Leung,et al.  Quantum vernam cipher , 2000, Quantum Inf. Comput..

[14]  Christopher Portmann,et al.  Quantum Authentication with Key Recycling , 2016, EUROCRYPT.

[15]  Mark Zhandry,et al.  New Security Notions and Feasibility Results for Authentication of Quantum Data , 2016, CRYPTO.

[16]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.