Simulatable security for quantum protocols. (arXiv:quant-ph/0409125v2 CROSS LISTED)

The notion of simulatable security (reactive simulatability, universal composability) is a powerful tool for allowing the modular design of cryptographic protocols (composition of protocols) and showing the security of a given protocol embedded in a larger one. Recently, these methods have received much attention in the quantum cryptographic community. We give a short introduction to simulatable security in general and proceed by sketching the many different definitional choices together with their advantages and disadvantages. Based on the reactive simulatability modelling of Backes, Pfitzmann and Waidner we then develop a quantum security model. By following the BPW modelling as closely as possible, we show that composable quantum security definitions for quantum protocols can strongly profit from their classical counterparts, since most of the definitional choices in the modelling are independent of the underlying machine model. In particular, we give a proof for the simple composition theorem in our framework.

[1]  David P. DiVincenzo,et al.  Quantum information and computation , 2000, Nature.

[2]  Jörn Müller-Quade,et al.  On the problem of authentication in a quantum protocol to detect traffic analysis , 2003, Quantum Inf. Comput..

[3]  M. Ben-Or,et al.  General Security Definition and Composability for Quantum & Classical Protocols , 2004, quant-ph/0409062.

[4]  Robert König,et al.  Universally Composable Privacy Amplification Against Quantum Adversaries , 2004, TCC.

[5]  Debbie W. Leung,et al.  The Universal Composable Security of Quantum Key Distribution , 2004, TCC.

[6]  Michael Backes,et al.  Cryptographically sound analysis of security protocols , 2002 .

[7]  Dennis Hofheinz,et al.  Comparing Two Notions of Simulatability , 2005, TCC.

[8]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[9]  Silvio Micali,et al.  Secure Computation (Abstract) , 1991, CRYPTO.

[10]  D. Deutsch,et al.  Rapid solution of problems by quantum computation , 1992, Proceedings of the Royal Society of London. Series A: Mathematical and Physical Sciences.

[11]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[12]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[13]  Birgit Pfitzmann,et al.  Secure Asynchronous Reactive Systems , 2004 .

[14]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[15]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Jörn Müller-Quade,et al.  On the Security and Composability of the One Time Pad , 2005, SOFSEM.

[17]  Birgit Pfitzmann,et al.  Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation , 2002, FME.

[18]  Jeroen van de Graaf,et al.  Towards a formal definition of security for quantum protocols , 1998 .

[19]  Birgit Pfitzmann,et al.  Secure Reactive Systems , 2000 .

[20]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[21]  Jörn Müller-Quade,et al.  Polynomial runtime in simulatability definitions , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[22]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[23]  Thomas Beth,et al.  On using quantum protocols to detect traffic analysis , 2001, Quantum Inf. Comput..