A Quantum Cipher with Near Optimal Key-Recycling

Assuming an insecure quantum channel and an authenticated classical channel, we propose an unconditionally secure scheme for encrypting classical messages under a shared key, where attempts to eavesdrop the ciphertext can be detected. If no eavesdropping is detected, we can securely re-use the entire key for encrypting new messages. If eavesdropping is detected, we must discard a number of key bits corresponding to the length of the message, but can re-use almost all of the rest. We show this is essentially optimal. Thus, provided the adversary does not interfere (too much) with the quantum channel, we can securely send an arbitrary number of message bits, independently of the length of the initial key. Moreover, the key-recycling mechanism only requires one-bit feedback. While ordinary quantum key distribution with a classical one time pad could be used instead to obtain a similar functionality, this would need more rounds of interaction and more communication.

[1]  Debbie W. Leung,et al.  The Universal Composable Security of Quantum Key Distribution , 2004, TCC.

[2]  Debbie W. Leung Quantum vernam cipher , 2002, Quantum Inf. Comput..

[3]  Olivier Danvy,et al.  An Operational Foundation for Delimited Continuations in the CPS Hierarchy , 2005, Log. Methods Comput. Sci..

[4]  Michal Horodecki,et al.  How to reuse a one-time pad and other notes on authentication encryption and protection of quantum information , 2003, ArXiv.

[5]  Shor,et al.  Simple proof of security of the BB84 quantum key distribution protocol , 2000, Physical review letters.

[6]  Ivan Damgård,et al.  A Quantum Cipher with Near Optimal Key-Recycling , 2005 .

[7]  Olivier Danvy,et al.  On the dynamic extent of delimited continuations , 2005, Inf. Process. Lett..

[8]  Adam D. Smith,et al.  Authentication of quantum messages , 2001, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[9]  Ivan Damgård,et al.  On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-Way Quantum Transmission , 2004, EUROCRYPT.

[10]  Robert König,et al.  Universally Composable Privacy Amplification Against Quantum Adversaries , 2004, TCC.

[11]  Ueli Maurer,et al.  On Generating the Initial Key in the Bounded-Storage Model , 2004, EUROCRYPT.

[12]  Olivier Danvy,et al.  Program Extraction From Proofs of Weak Head Normalization , 2005, MFPS.

[13]  W. Wootters,et al.  Optimal state-determination by mutually unbiased measurements , 1989 .

[14]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.

[15]  Olivier Danvy,et al.  On obtaining the Boyer-Moore string-matching algorithm by partial evaluation , 2006, Inf. Process. Lett..

[16]  Thierry Paul,et al.  Quantum computation and quantum information , 2007, Mathematical Structures in Computer Science.

[17]  Caslav Brukner,et al.  Mutually unbiased binary observable sets on N qubits , 2002 .

[18]  Salil P. Vadhan,et al.  On Constructing Locally Computable Extractors and Cryptosystems in the Bounded Storage Model , 2003, CRYPTO.

[19]  O. Danvy,et al.  A Simple Proof of a Folklore Theorem about Delimited Control , 2005 .

[20]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[21]  R. Cleve,et al.  HOW TO SHARE A QUANTUM SECRET , 1999, quant-ph/9901025.

[22]  Peter Bro Miltersen,et al.  Reviewing bounds on the circuit size of the hardest functions , 2005, Inf. Process. Lett..

[23]  Andris Ambainis,et al.  Private quantum channels , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[24]  Chi-Jen Lu Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors , 2003, Journal of Cryptology.

[25]  Olivier Danvy,et al.  A Concrete Framework for Environment Machines , 2005 .