Secure identification and QKD in the bounded-quantum-storage model

We consider the problem of secure identification: user U proves to server S that he knows an agreed (possibly low-entropy) password w, while giving away as little information on w as possible, namely the adversary can exclude at most one possible password for each execution of the scheme. We propose a solution in the bounded-quantum-storage model, where U and S may exchange qubits, and a dishonest party is assumed to have limited quantum memory. No other restriction is posed upon the adversary. An improved version of the proposed identification scheme is also secure against a man-in-the-middle attack, but requires U and S to additionally share a high-entropy key k. However, security is still guaranteed if one party loses k to the attacker but notices the loss. In both versions of the scheme, the honest participants need no quantum memory, and noise and imperfect quantum sources can be tolerated. The schemes compose sequentially, and w and k can securely be re-used. A small modification to the identification scheme results in a quantum-key-distribution (QKD) scheme, secure in the bounded-quantum-storage model, with the same re-usability properties of the keys, and without assuming authenticated channels. This is in sharp contrast to known QKD schemes (with unbounded adversary) without authenticated channels, where authentication keys must be updated, and unsuccessful executions can cause the parties to run out of keys.

[1]  Renato Renner,et al.  Security of quantum key distribution , 2005, Ausgezeichnete Informatikdissertationen.

[2]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[3]  Ivan Damgård,et al.  A Tight High-Order Entropic Quantum Uncertainty Relation with Applications , 2006, CRYPTO.

[4]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[5]  Serge Fehr,et al.  Improving the Security of Quantum Protocols , 2009 .

[6]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[7]  Hoi-Kwong Lo,et al.  Efficient Quantum Key Distribution Scheme and a Proof of Its Unconditional Security , 2004, Journal of Cryptology.

[8]  Serge Fehr,et al.  Composing Quantum Protocols in a Classical Environment , 2009, TCC.

[9]  Chip Elliott,et al.  Quantum cryptography in practice , 2003, SIGCOMM '03.

[10]  Christian Schaffner,et al.  Robust cryptography in the noisy-quantum-storage model , 2008, Quantum Inf. Comput..

[11]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[12]  Ivan Damgård,et al.  Improving the Security of Quantum Protocols via Commit-and-Open , 2009, CRYPTO.

[13]  Serge Fehr,et al.  Randomness Extraction Via delta -Biased Masking in the Presence of a Quantum Attacker , 2007, TCC.

[14]  Robert König,et al.  The Operational Meaning of Min- and Max-Entropy , 2008, IEEE Transactions on Information Theory.

[15]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[16]  Ueli Maurer,et al.  On Generating the Initial Key in the Bounded-Storage Model , 2004, EUROCRYPT.

[17]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[18]  Robert König,et al.  Universally Composable Privacy Amplification Against Quantum Adversaries , 2004, TCC.

[19]  Claude Crépeau,et al.  Statistical Security Conditions for Two-Party Secure Function Evaluation , 2008, ICITS.

[20]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[21]  Hoi-Kwong Lo,et al.  Insecurity of Quantum Secure Computations , 1996, ArXiv.

[22]  Christian Schaffner,et al.  Cryptography from noisy storage. , 2007, Physical review letters.

[23]  I. Chuang,et al.  Quantum Computation and Quantum Information: Introduction to the Tenth Anniversary Edition , 2010 .

[24]  Ivan Damgård,et al.  Cryptography in the bounded quantum-storage model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[25]  Ueli Maurer,et al.  A Provably-Secure Strongly-Randomized Cipher , 1991, EUROCRYPT.

[26]  Christian Thommesen The existence of binary linear concatenated codes with Reed - Solomon outer codes which asymptotically meet the Gilbert- Varshamov bound , 1983, IEEE Trans. Inf. Theory.

[27]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[28]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.

[29]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.