Impossibility of composable Oblivious Transfer in relativistic quantum cryptography

Cryptography in the relativistic quantum setting We can now concretely define the abstract systems behind the resources, converters, and distinguishers presented in Appendix A above as Causal Boxes. In the rest of their work, Portmann et al. [5] also provide general composition operations between Causal Boxes, proving the properties required by Maurer and Renner [4] in order to guarantee the desired general composability properties of the framework. Moreover, a pseudo-metric δ defining statistical distance between Causal Boxes is provided in the same work. The last element to instantiate is the partially ordered set T used to define causality. In order to model relativistic effects, we use the following: Definition B.4 (Minkowski space-time). A Minkowski space-timeM' R4 is a four-dimensional space where a point P ∈M is a tuple P = (~x, t) of a position ~x in space and a timestamp t. We define a causal order ≺ on the space-time: we say that P = (~xP , tP ) is in the causal past of Q = (~xQ, tQ) (i.e. P ≺ Q) if and only if the following holds: ||~xQ − ~xP ||2 ≤ c · (tQ − tP ), where c is the speed of light. In other words, light can reach ~xQ from ~xP in time tQ − tP . One can see that this order can be used to define a causality function satisfying Definition B.2. Different parties in a relativistic protocol should negotiate a common reference frame in order to not have ambiguities in representing the space-time points. However, it is important to notice that security does not depend on the chosen frame, as it will only depend on the causal order ≺ defined above, which is invariant under Lorentz transformations. From now on, along with messages, we will also specify the timestamp of the position in the space-time in which they are sent. This completes our framework, since Causal Boxes instantiated with a Minkowski space-time not only model quantum effects3, but also relativistic ones. 3Indeed, Portmann et al. [5] remark that Causal Boxes can model any non-signalling process with either quantum and classical inputs.

[1]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[2]  Dominique Unruh,et al.  Universally Composable Quantum Multi-party Computation , 2009, EUROCRYPT.

[3]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[4]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[5]  Yongmei Huang,et al.  Satellite-to-ground quantum key distribution , 2017, Nature.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[8]  Renato Renner,et al.  Cryptographic security of quantum key distribution , 2014, ArXiv.

[9]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[10]  Jian-Wei Pan,et al.  Ground-to-satellite quantum teleportation , 2017, Nature.

[11]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[12]  Hoi-Kwong Lo,et al.  Is Quantum Bit Commitment Really Possible? , 1996, ArXiv.

[13]  M. Ben-Or,et al.  General Security Definition and Composability for Quantum & Classical Protocols , 2004, quant-ph/0409062.

[14]  Dong He,et al.  Satellite-based entanglement distribution over 1200 kilometers , 2017, Science.

[15]  H. F. Chau,et al.  Why quantum bit commitment and ideal quantum coin tossing are impossible , 1997 .

[16]  Hoi-Kwong Lo,et al.  Insecurity of Quantum Secure Computations , 1996, ArXiv.

[17]  Ueli Maurer,et al.  Causal Boxes: Quantum Information-Processing Systems Closed Under Composition , 2015, IEEE Transactions on Information Theory.

[18]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[19]  Lídia del Rio,et al.  Composable security in relativistic quantum cryptography , 2017, New Journal of Physics.

[20]  Adrian Kent,et al.  Unconditionally Secure Bit Commitment , 1998, quant-ph/9810068.

[21]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[22]  Adrian Kent,et al.  Unconditionally Secure Bit Commitment by Transmitting Measurement Outcomes , 2011, Physical review letters.