Adaptive Versus Non-Adaptive Strategies in the Quantum Setting with Applications

We prove a general relation between adaptive and non-adaptive strategies in the quantum setting, i.e., between strategies where the adversary can or cannot adaptively base its action on some auxiliary quantum side information. Our relation holds in a very general setting, and is applicable as long as we can control the bit-size of the side information, or, more generally, its "information content". Since adaptivity is notoriously difficult to handle in the analysis of quantum cryptographic protocols, this gives us a very powerful tool: as long as we have enough control over the side information, it is sufficient to restrict ourselves to non-adaptive attacks. We demonstrate the usefulness of this methodology with two examples. The first is a quantum bit commitment scheme based on 1-bit cut-and-choose. Since bit commitment implies oblivious transfer in the quantum setting, and oblivious transfer is universal for two-party computation, this implies the universality of 1-bit cut-and-choose, and thus solves the main open problem ofi¾?[9]. The second example is a quantum bit commitment scheme proposed in 1993 by Brassard et al. It was originally suggested as an unconditionally secure scheme, back when this was thought to be possible. We partly restore the scheme by proving it secure in a variant of the bounded quantum storage model. In both examples, the fact that the adversary holds quantum side information obstructs a direct analysis of the scheme, and we circumvent it by analyzing a non-adaptive version, which can be done by means of known techniques, and applying our main result.

[1]  Robert König,et al.  The Operational Meaning of Min- and Max-Entropy , 2008, IEEE Transactions on Information Theory.

[2]  Serge Fehr,et al.  Sampling in a Quantum Population, and Applications , 2009, CRYPTO.

[3]  R. Renner,et al.  The Quantum Reverse Shannon Theorem Based on One-Shot Information Theory , 2009, 0912.3805.

[4]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[5]  Dominique Unruh,et al.  Universally Composable Quantum Multi-party Computation , 2009, EUROCRYPT.

[6]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[7]  Daniel Kraschewski,et al.  Complete Primitives for Information-Theoretically Secure Two-Party Computation , 2013 .

[8]  Charles H. Bennett,et al.  Quantum cryptography using any two nonorthogonal states. , 1992, Physical review letters.

[9]  Ivan Damgård,et al.  Cryptography in the Bounded-Quantum-Storage Model , 2008, SIAM J. Comput..

[10]  Manoj Prabhakaran,et al.  A Zero-One Law for Cryptographic Complexity with Respect to Computational UC Security , 2010, CRYPTO.

[11]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[12]  Robert König,et al.  Universally Composable Privacy Amplification Against Quantum Adversaries , 2004, TCC.

[13]  Manoj Prabhakaran,et al.  A Unified Characterization of Completeness and Triviality for Secure Function Evaluation , 2012, INDOCRYPT.

[14]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[15]  Jörn Müller-Quade,et al.  Completeness Theorems with Constructive Proofs for Finite Deterministic 2-Party Functions , 2010, TCC.

[16]  Jonathan Katz,et al.  Feasibility and Completeness of Cryptographic Tasks in the Quantum World , 2013, TCC.

[17]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[18]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[19]  Claude Crépeau,et al.  Quantum Oblivious Transfer , 1994 .

[20]  Serge Fehr,et al.  An All-But-One Entropic Uncertainty Relation, and Application to Password-Based Identification , 2011, TQC.