Showing papers on "Alice and Bob published in 1997"
Journal Article•
TL;DR: In this paper, it was shown that for sufficiently large n privacy amplification is possible when Eve's min-entropy about S exceeds only n/2 rather than 2n/3.
Abstract: Privacy amplification allows two parties Alice and Bob knowing a partially secret string S to extract, by communication over a public channel, a shorter, highly secret string S'. Bennett, Brassard, Crepeau, and Maurer showed that the length of S' can be almost equal to the conditional Renyi entropy of S given an opponent Eve's knowledge. All previous results on privacy amplification assumed that Eve has access to the public channel but is passive or, equivalently, that messages inserted by Eve can be detected by Alice and Bob. In this paper we consider privacy amplification secure even against active opponents. First it is analyzed under what conditions information-theoretically secure authentication is possible even though the common key is only partially secret. This result is used to prove that privacy amplification can be secure against an active opponent and that the size of S' can be almost equal to Eve's min-entropy about S minus 2n/3 if S is an n-bit string. Moreover, it is shown that for sufficiently large n privacy amplification is possible when Eve's min-entropy about S exceeds only n/2 rather than 2n/3.
174 citations
24 Jun 1997
TL;DR: A.C. Yao (1979) as discussed by the authors showed that the deterministic two-player SM complexity of any function is at least the square root of its deterministic deterministic SM complexity.
Abstract: We solve a 17 year old problem of A.C.C. Yao (1979). In the two-player communication model introduced by Yao in 1979, Alice and Bob wish to collaboratively evaluate a function f(x,y) in which Alice knows only input x and Bob knows only input y. Both players have unlimited computational power. The objective is to minimize the amount of communication. Yao (1979) also introduced an oblivious version of this communication game which we call the simultaneous messages (SM) model. The difference is that in the SM model, Alice and Bob don't communicate with each other. Instead, they simultaneously send messages to a referee, who sees none of the input. The referee then announces the function value. The deterministic two-player SM complexity of any function is straight forward to determine. Yao suggested the randomized version of this model, where each player has access to private coin flips. Our main result is that the order of magnitude of the randomized SM complexity of any function f is at least the square root of the deterministic SM complexity of f. We found this result in February 1996, independently but subsequently to I. Newman and M. Szegedy (1996) who obtained this lower bound for the special case of the "equality" function. Our proof is entirely different from and considerably simpler than the Newman-Szegedy solution. A proof similar in spirit to ours, was found by J. Bourgain and A. Wigderson simultaneously to us (unpublished); we include an outline of their proof. The quadratic reduction actually does occur for the "equality" function. We give a new proof of this fact. This result, combined with our main result, settles Yao's question, asking the exact randomized SM complexity of the equality function. The lower bound proof uses the probabilistic method; the upper bound uses linear algebra. We also give a constructive proof that O(log n) public coins reduce the complexity of "equality" to constant.
85 citations
17 Aug 1997
TL;DR: First it is analyzed under what conditions information-theoretically secure authentication is possible even though the common key is only partially secret and that for sufficiently large n privacy amplification is possible when Eve's min-entropy about S exceeds only n/2 rather than 2n/3.
Abstract: Privacy amplification allows two parties Alice and Bob knowing a partially secret string S to extract, by communication over a public channel, a shorter, highly secret string S'. Bennett, Brassard, Crepeau, and Maurer showed that the length of S' can be almost equal to the conditional Renyi entropy of S given an opponent Eve's knowledge. All previous results on privacy amplification assumed that Eve has access to the public channel but is passive or, equivalently, that messages inserted by Eve can be detected by Alice and Bob. In this paper we consider privacy amplification secure even against active opponents. First it is analyzed under what conditions information-theoretically secure authentication is possible even though the common key is only partially secret. This result is used to prove that privacy amplification can be secure against an active opponent and that the size of S' can be almost equal to Eve's min-entropy about S minus 2n/3 if 5 is an n-bit string. Moreover, it is shown that for sufficiently large n privacy amplification is possible when Eve's min-entropy about S exceeds only n/2 rather than 2n/3.
19 citations
Posted Content•
TL;DR: In this article, it was shown that the mathematical interchange symmetry of the Schmidt decomposition can be promoted into a physical symmetry between the actions of Alice and Bob, and that the most general (multi-step two-way-communications) strategy of entanglement manipulation of a pure state is equivalent to a strategy involving only a single (generalized) measurement by Alice followed by one-way communications of its result to Bob.
Abstract: Suppose two distant observers Alice and Bob share a pure bipartite quantum state. By applying local operations and communicating with each other using a classical channel, Alice and Bob can manipulate it into some other states. Previous investigations of entanglement manipulations have been largely limited to a small number of strategies and their average outcomes. Here we consider a general entanglement manipulation strategy and go beyond the average property. For a pure entangled state shared between two separated persons Alice and Bob, we show that the mathematical interchange symmetry of the Schmidt decomposition can be promoted into a physical symmetry between the actions of Alice and Bob. Consequently, the most general (multi-step two-way-communications) strategy of entanglement manipulation of a pure state is, in fact, equivalent to a strategy involving only a single (generalized) measurement by Alice followed by one-way communications of its result to Bob. We also prove that strategies with one-way communications are generally more powerful than those without communications. In summary, one-way communications is necessary and sufficient for the entanglement manipulations of a pure bipartite state. The supremum probability of obtaining a maximally entangled state (of any dimension) from an arbitrary state is determined and a strategy for achieving this probability is constructed explicitly. One important question is whether collective manipulations in quantum mechanics can greatly enhance the probability of large deviations from the average behavior. We answer this question in the negative for a specific problem.
9 citations
Posted Content•
TL;DR: The aim of an all-or-nothing disclosure of secrets cryptographic protocol is to allow Alice and Bob to satisfy these superficially irreconcilable wishes and it is shown that such a protocol can be carried out securely by using quantum information.
Abstract: Alice has $n$ secrets which she regards as equally valuable. She is willing to sell any of them to Bob, but wants to ensure that if he pays for only one secret he cannot obtain any information about the others. Bob would like to buy one of the secrets from Alice, but wants to ensure that Alice can obtain no information about which of her secrets he has obtained. The aim of an all-or-nothing disclosure of secrets cryptographic protocol is to allow Alice and Bob to satisfy these superficially irreconcilable wishes. We show that such a protocol can be carried out securely by using quantum information. The protocol can be modified to implement oblivious transfers in which Bob receives a secret randomly chosen from the $n$.
4 citations
DOI•
01 Jan 1997
TL;DR: The secret key rate S X Y jjZ has been chosen as the maximal rate at which Alice and Bob can generate a secret key by communication over an insecure but authenticated channel such that Eve s information about this key is arbitrarily small.
Abstract: This paper is concerned with secret key agreement by public discussion two parties Alice and Bob and an adversary Eve have access to independent realizations of random variables X Y and Z respectively with joint distribution PXY Z The secret key rate S X Y jjZ has been de ned as the maximal rate at which Alice and Bob can generate a secret key by communication over an insecure but authenticated channel such that Eve s information about this key is arbitrarily small We de ne a new conditional mutual information mea sure the intrinsic conditional mutual information between X and Y when given Z denoted by I X Y Z which is an upper bound on S X Y jjZ The special scenarios where X Y and Z are generated by sending a binary random variable R for example a signal broadcast by a satellite over independent channels or where Z is generated by sending X and Y over erasure channels are analyzed In the rst scenario it can be shown that the secret key rate is strictly positive if and only if I X Y Z is strictly positive For the second scenario a new protocol is presented which allows secret key agreement even when all the previously known protocols fail
1 citations