The Garden-Hose Game and Application to Position-Based Quantum Cryptography
暂无分享,去创建一个
The goal of position-based cryptography is to use the geographical position of a party as its only “credential”. For example, one would like to send a message to a party at a geographical position pos with the guarantee that the party can decrypt the message only if he or she is physically present at pos. The general concept of position-based cryptography was introduced by Chandran, Goyal, Moriarty and Ostrovsky [1]. A central task in position-based cryptography is the problem of position-verification. We have a prover P at position pos, wishing to convince a set of verifiers V0, . . . , Vk (at different points in geographical space) that P is indeed at that position pos. The prover can run an interactive protocol with the verifiers in order to convince them. The main technique for such a protocol is known as distance bounding [2]. In this technique, a verifier sends a random nonce to P and measures the time taken for P to reply back with this value. Assuming that the speed of communication is bounded by the speed of light, this technique gives an upper bound on the distance of P from the verifier. The problem of secure position-verification has been studied before in the field of wireless security, and there have been several proposals for this task ([2–9]). However, [1] shows that there exists no protocol for secure position-verification that offers security in the presence of multiple colluding adversaries. In other words, the set of verifiers cannot distinguish between the case when they are interacting with an honest prover at pos and the case when they are interacting with multiple colluding dishonest provers, none of which is at position pos. The impossibility result of [1] relies heavily on the fact that an adversary can locally store all information he receives and at the same time share this information with other colluding adversaries, located elsewhere. Due to the no-cloning theorem, such a strategy will not work in the quantum setting, which opens the door to secure protocols that use quantum information. The quantum model was first studied by Kent et al. under the name of “quantum tagging” [10, 11]. Several schemes were developed [11–15] and proven later to be insecure. Finally in [16] it was shown that in general no unconditionally secure quantum position-verification scheme is possible. Any scheme can be broken using a double exponential amount of EPR pairs in the size of the messages of the protocol. Later, Beigi and König improved in [17] the double exponential dependence to single exponential making use of port-based teleportation [18, 19]. Due to the exponential overhead in EPR pairs, the general no-go theorem does not rule out the existence of quantum schemes that are secure for all practical purposes. Such schemes should have the property that the protocol, when followed honestly, is feasible, but cheating the protocol requires unrealistic amounts of resources, for example EPR pairs or time.
[1] Ieee Journal On Selected Areas In Communications, Vol. 9, No. 6, August 1991 , .
[2] Robert A. Malaney,et al. Quantum Location Verification in Noisy Channels , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.
[3] John P. Steinberger,et al. Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part II , 2020, CRYPTO.