Showing papers on "Alice and Bob published in 2002"

Building decision tree classifier on private data

Abstract: This paper studies how to build a decision tree classifier under the following scenario: a database is vertically partitioned into two pieces, with one piece owned by Alice and the other piece owned by Bob Alice and Bob want to build a decision tree classifier based on such a database, but due to the privacy constraints, neither of them wants to disclose their private pieces to the other party or to any third partyWe present a protocol that allows Alice and Bob to conduct such a classifier building without having to compromise their privacy Our protocol uses an untrusted third-party server, and is built upon a useful building block, the scalar product protocol Our solution to the scalar product protocol is more efficient than any existing solutions

Secure Communication with a Publicly Known Key

Abstract: We present a scheme for direct and confidential communication between Alice and Bob, where there is no need for establishing a shared secret key first, and where the key used by Alice even will become known publicly. The communication is based on the exchange of single photons and each and every photon transmits one bit of Alice’s message without revealing any information to a potential eavesdropper.

Cryptographic methods for remote authentication

Abstract: Methods are described for two parties to use a small shared secret (S) to mutually authenticate one another other over an insecure network. The methods are secure against off-line dictionary attack and incorporate an otherwise unauthenticated public key distribution system. One embodiment uses two computers Alice and Bob, and a Diffie-Hellman exponential key exchange in a large prime-order finite group. Both parties choose the same generator of the group (g) as a function of S. Alice chooses a random number R A , and sends g R A to Bob. Bob chooses a random R B , sends g R B to Alice. Both compute a shared key K=g (R A R B ) . Each party insures that K is a generator of the group, verifies that the other knows K, and then uses K as an authenticated key. Constraints are described to prevent passive and active attacks. An extension is described where Alice proves knowledge of S to Bob who knows only a one-way transformation of S. These methods establish a secure, authenticated network session using only an easily memorized password.

Semicausal operations are semilocalizable

Abstract: We prove a conjecture by DiVincenzo, which in the terminology of Preskill et al. states that semicausal operations are semilocalizable. That is, we show that any operation on the combined system of Alice and Bob, which does not allow Bob to send messages to Alice, can be represented as an operation by Alice, transmitting a quantum particle to Bob, and a local operation by Bob. The proof is based on the uniqueness of the Stinespring representation for a completely positive map. We sketch some of the problems in transferring these concepts to the context of relativistic quantum field theory.

Hyper-Encryption and Everlasting Security

Abstract: We present substantial extensions of works [1], [2], and all previous works, on encryption in the bounded storage model introduced by Maurer in [25]. The major new result is that the sharedsecret key employed by the sender Alice and the receiver Bob can be re-used to send an exponential number of messages, against strong adaptive attacks. This essential step enhances the usability of the encryption method, and also allows strong authentication andnon-malleability described below.We give an encryption scheme that is provably secure against adaptive attacks by a computationally unbounded adversary in the bounded storage model. In the model, a sender Alice and a receiver Bob have access to a public random string ?, and share a secret key s. Alice and Bob observe ? on the fly, and by use of s extract bits from which they create a one-time pad X used to encrypt M as C = X ? M. The size of the secret key s is |s| = k log2 |?|, where k is a security parameter. An Adversary AD can compute andstore any function A1(?) = ?, subject to the bound on storage |?| ? ? ? |?|, ? < 1, and captures C. Even if AD later gets the key s and is computationally unbounded, the encryption is provably secure. Assume that the key s is repeatedly used with successive strings ?1, ?2, ... to produce encryptions C1, C2, ... of messages M1, M2, ... AD computes ?1 = A1(?1), obtains C1, and gets to see the first message M1. Using these he computes andstores ?2 = A1(?2, ?1, C1,M1), and so on. When he has stored ?l and captured Cl, he gets the key s (but not Ml). The main result is that the encryption Cl is provably secure against this adaptive attack, where l, the number of time the secret key s is re-used, is exponentially large in the security parameter k. On this we base noninteractive protocols for authentication and non-malleability. Again, the shared secret key used in these protocols can be securely re-used an exponential number of times against adaptive attacks. The method of proof is stronger than the one in [1], [2], and yields ergodic results of independent interest. We discuss in the Introduction the feasibility of the bounded storage model, and outline a solution. Furthermore, the existence of an encryption scheme with the provable strong security properties presented here, may prompt other implementations of the bounded storage model.

Hyper-encryption and everlasting security

Abstract: We present substantial extensions of works [1], [2], and all previous works, on encryption in the bounded storage model introduced by Maurer in [25]. The major new result is that the shared secret key employed by the sender Alice and the receiver Bob can be re-used to send an exponential number of messages, against strong adaptive attacks. This essential step enhances the usability of the encryption method, and also allows strong authentication and non-malleability described below. We give an encryption scheme that is provably secure against adaptive attacks by a computationally unbounded adversary in the bounded storage model. In the model, a sender Alice and a receiver Bob have access to a public random string a, and share a secret key s. Alice and Bob observe a on the fly, and by use of s extract bits from which they create a one-time pad X used to encrypt M as C = X ○+ M. The size of the secret key s is s = k log 2 |α|, where k is a security parameter. An Adversary AD can compute and store any function A 1 (α) = η, subject to the bound on storage |η| < γ |α|, γ < 1, and captures C. Even if AD later gets the key s and is computationally unbounded, the encryption is provably secure. Assume that the key s is repeatedly used with successive strings α 1 , α 2 ,… to produce encryptions C 1 , C 2 ,… of messages M 1 , M 2 ,.....AD computes η 1 = A 1 (α 1 ), obtains C 1 , and gets to see the first message M 1 . Using these he computes and stores 772 = A 1 (α 2 , η 1 , C 1 , M 1 ), and so on. When he has stored η l and captured C l , he gets the key s (but not M l ). The main result is that the encryption C l is provably secure against this adaptive attack, where l, the number of time the secret key s is re-used, is exponentially large in the security parameter k. On this we base non-interactive protocols for authentication and non-malleability. Again, the shared secret key used in these protocols can be securely re-used an exponential number of times against adaptive attacks. The method of proof is is stronger than the one in [1], [2], and yields ergodic results of independent interest. We discuss in the Introduction the feasibility of the bounded storage model, and outline a solution. Furthermore, the existence of an encryption scheme with the provable strong security properties presented here, may prompt other implementations of the bounded storage model.

Uncloneable Encryption

Abstract: Quantum states cannot be cloned I show how to extend this property to classical messages encoded using quantum states, a task I call "uncloneable encryption" An uncloneable encryption scheme has the property that an eavesdropper Eve not only cannot read the encrypted message, but she cannot copy it down for later decoding She could steal it, but then the receiver Bob would not receive the message, and would thus be alerted that something was amiss I prove that any authentication scheme for quantum states acts as a secure uncloneable encryption scheme Uncloneable encryption is also closely related to quantum key distribution (QKD), demonstrating a close connection between cryptographic tasks for quantum states and for classical messages Thus, studying uncloneable encryption and quantum authentication allows for some modest improvements in QKD protocols While the main results apply to a one-time key with unconditional security, I also show uncloneable encryption remains secure with a pseudorandom key In this case, to defeat the scheme, Eve must break the computational assumption behind the pseudorandom sequence before Bob receives the message, or her opportunity is lost This means uncloneable encryption can be used in a non-interactive setting, where QKD is not available, allowing Alice and Bob to convert a temporary computational assumption into a permanently secure message

Hyper-encryption against Space-Bounded Adversaries from On-Line Strong Extractors

Abstract: We study the problem of information-theoretically secure encryption in the bounded-storage model introduced by Maurer [10]. The sole assumption of this model is a limited storage bound on an eavesdropper Eve, who is even allowed to be computationally unbounded. Suppose a sender Alice and a receiver Bob agreed on a short private key beforehand, and there is a long public random string accessible by all parties, say broadcast from a satellite or sent by Alice. Eve can only store some partial information of this long random string due to her limited storage. Alice and Bob read the public random string using the shared private key, and produce a one-time pad for encryption or decryption. In this setting, Aumann, Ding, and Rabin [2] proposed protocols with a nice property called everlasting security, which says that the security holds even if Eve later manages to obtain that private key. Ding and Rabin [5] gave a better analysis showing that the same private key can be securely reused for an exponential number of times, against some adaptive attacks.We study this problem from the approach of constructing randomness extractors ([13,11,16,15] and more), which seems to provide a more intuitive understanding together with some powerful tools. A strong extractor is a function which purifies randomness from a slightly random source using a short random seed as a catalyst, so that its output and its seed together look almost random. We show that any strong extractor immediately yields an encryption scheme with the nice security properties of [2,5]. To have an efficient encryption scheme, we need strong extractors which can be evaluated in an on-line and efficient way. We give one such construction. This yields an encryption scheme, which has the same nice security properties as before but now can encrypt longer messages using a shorter private key. In addition, our scheme works even when the long public random string is not perfectly random, as long as it contains enough amount of randomness.

The Impossibility of Pseudo-Telepathy Without Quantum Entanglement

Abstract: In a pseudo-telepathy game, communi- cation can be entirely replaced by quantum entangle- ment. We provide, for the first proposed and simplest two-player game of this type, the proof that commu- nication is indeed necessary to win with certainty if no quantum entanglement is shared by the players. This completes the game's analysis and shows its "pseudo- telepathic" properties. I. THE GAME BY BRASSARD, CLEVE, AND TAPP Consider the following simple game. Alice and Bob, unable to communicate, are both given a 16-bit string such that the strings are either equal, or they differ in exactly 8 positions. Both parties are then supposed to output a 4-bit string in such a way that these short strings are equal if and only if the original longer strings given to them were equal as well; if they manage to do this, we say that they win the game. The described game is a special case of so-called pseudo- telepathy and was proposed in (l), where it was shown that it can be won without failure by two parties sharing some quantum entanglement. Due to the additional fact that the game cannot be won otherwise, it can be used as a simple demonstration experiment for the existence of such entan- glement. Previously, the impossibility result has, however, been proven only "asymptotically" (i.e., for games where the involved strings are long enough), and no specific parame- ters have been known for which the game has the described "pseudo-telepathic'' property. We provide this proof for the game as described above. Our result, together with the pos- sibility result for the quantum setting, implies that in the context of this particular game, quantum entanglement can replace classical communication; note that entanglement does not, however, allow for such communication.

Compressing quantum mixed-state sources by sending classical information

Abstract: We consider visible compression for discrete memoryless sources of mixed quantum states when only classical information can be sent from Alice to Bob. We assume that Bob knows the source statistics, and that Alice and Bob have access to the same source of random numbers. We put in an information-theoretic framework some previous results on visible compression for sources of states with commuting density operators, and remove the commutativity requirement. We derive a general achievable compression rate, which is for the noncommutative case still higher than the known lower bound. We also present several related problems of classical information theory, and show how they can be used to answer some questions of the mixed-state compression problem.

Security proof of quantum cryptography based entirely on entanglement purification

Abstract: We give a proof that entanglement purification, even with noisy apparatus, is sufficient to disentangle an eavesdropper (Eve) from the communication channel. In the security regime, the purification process factorizes the overall initial state into a tensor-product state of Alice and Bob, on one side, and Eve on the other side, thus establishing a completely private, albeit noisy, quantum communication channel between Alice and Bob. The security regime is found to coincide for all practical purposes with the purification regime of a two-way recurrence protocol. This makes two-way entanglement purification protocols, which constitute an important element in the quantum repeater, an efficient tool for secure long-distance quantum cryptography.

Extracting quantum entanglement (general entanglement purification protocols)

Abstract: We study the problem of extracting Einstein-Podolsky-Rosen (EPR) pairs from a general source of entanglement. Suppose Alice and Bob share a bipartite state /spl rho/ which is "reasonably close" to perfect EPR pairs. The only information Alice and Bob possess is a lower bound on the fidelity of /spl rho/ and a maximally entangled state. They wish to "purify" /spl rho/ using local operations and classical communication, and output a state that is arbitrarily close to EPR pairs. We prove that, on average, Alice and Bob cannot increase the fidelity of the input state significantly. On the other hand, there exist protocols that may fail with a small probability, and otherwise will output states arbitrarily close to EPR pairs with very high probability. These protocols come from the "purity-testing protocols" of H. Barnum et al. (2001).

On the Breidbart eavesdropping problem of the extended BB84 QKD protocol

Abstract: We discuss the Breidbart eavesdropping scheme of the extended BB84 quantum key distribution protocol. Calculation of the effective average Alice/Eve mutual information after performing a standard error-correction under various intercept/resend strategies shows that the Breidbart eavesdropping/Breidbart resend strategy (B/B strategy) is the most effective one. Sine Alice and Bob can test openly whether there is the B/B eavesdropping by making use of the rejected data, we suggest an amendment of the BB84 protocol to reduce the requirements of the privacy amplification algorithm and hence reduce the quantum key loss. Finally, we present a quantum key regeneration method for error-correction which may be more secure than the standard error-correction process.

Deterministic and Highly Efficient Quantum Cryptography with Entangled Photon Pairs

Abstract: We present a protocol for deterministic and highly efficient quantum cryptography with entangled photon pairs in a 4x4-dimentional Hilbert space. Two communicating parties, Alice and Bob first share a both polarization- and path-entangled photon pair, and then each performs a complete Bell-state measurement on their own photon in one of two complementary Bell-state bases. It is demonstrated that each measurement in which both Alice and Bob register a photon can build certain perfect correlation and generate 1.5 key bits on average. The security of our protocol is guaranteed by the non-cloning theorem.

Extracting Quantum Entanglement

Abstract: We study the problem of extracting EPR pairs from a general source of entanglement. Suppose Alice and Bob share a bipartite state R which is "reasonably close" to perfect EPR pairs. The only information Alice and Bob possess is a lower bound on the fidelity of R and a maximally entangled state. They wish to "purify" R using local operations and classical communication and output a state that is arbitrarily close to EPR pairs. We prove that on average, Alice and Bob cannot increase the fidelity of the input state significantly. On the other hand, there exist protocols that may fail with a small probability, and otherwise will output states arbitrarily close to EPR pairs with very high probability. These protocols come from the "purity-testing protocols" of Barnum et al.

Hyper-encryption against space-bounded adversaries from on-line strong extractors

Abstract: We study the problem of information-theoretically secure encryption in the bounded-storage model introduced by Maurer [10]. The sole assumption of this model is a limited storage bound on an eavesdropper Eve, who is even allowed to be computationally unbounded. Suppose a sender Alice and a receiver Bob agreed on a short private key beforehand, and there is a long public random string accessible by all parties, say broadcast from a satellite or sent by Alice. Eve can only store some partial information of this long random string due to her limited storage. Alice and Bob read the public random string using the shared private key, and produce a one-time pad for encryption or decryption. In this setting, Aumann, Ding, and Rabin [2] proposed protocols with a nice property called everlasting security, which says that the security holds even if Eve later manages to obtain that private key. Ding and Rabin [5] gave a better analysis showing that the same private key can be securely reused for an exponential number of times, against some adaptive attacks. We study this problem from the approach of constructing randomness extractors ([13,11,16,15] and more), which seems to provide a more intuitive understanding together with some powerful tools. A strong extractor is a function which purifies randomness from a slightly random source using a short random seed as a catalyst, so that its output and its seed together look almost random. We show that any strong extractor immediately yields an encryption scheme with the nice security properties of [2,5]. To have an efficient encryption scheme, we need strong extractors which can be evaluated in an on-line and efficient way. We give one such construction. This yields an encryption scheme, which has the same nice security properties as before but now can encrypt longer messages using a shorter private key. In addition, our scheme works even when the long public random string is not perfectly random, as long as it contains enough amount of randomness.

Towards the Classical Communication Complexity of Entanglement Distillation Protocols with Incomplete Information

Abstract: Quantum entanglement distillation protocols are LOCC protocols between Alice and Bob that convert imperfect EPR pairs, or, in general, partially entangled bipartite states into perfect or near-perfect EPR pairs. The classical communication complexity of these protocols is the minimal amount of classical communication needed for the conversion. In this paper, we focus on the communication complexity of protocols that operate with incomplete information, i.e., where the inputs are mixed states and/or prepared adversarially. We study 3 models of imperfect EPR pairs. In the measure-r model, r out of n EPR pairs are measured by an adversary; in the depolarization model, Bob's share of qubits underwent a depolarization channel; in the fidelity model, the only information Alice and Bob possess is the fidelity of the shared state. For the measure-r model and the depolarization model, we prove tight and almost-tight bounds on the outcome of LOCC protocols that don't use communication. For the fidelity model, we prove a lower bound on the communication complexity that matches the upper bound given by Ambainis, Smith, and Yang [ASY02].

A remark on quantum key distribution with two way communication: the classical complexity in decoding the CSS code can be removed

Abstract: So far all the proven unconditionally secure prepare and measure protocols for the quantum key distribution(QKD) must solve the very complex problem of decoding the classical CSS code. In the decoding stage, Bob has to compare his string with an exponentially large number of all the strings in certain code space to find out the closest one. Here we have spotted that, in an entanglement purification protocol(EPP), the random basis in the state preparation stage is only necessary to those check qubits, but uncessary to the code qubits. In our modified two way communication EPP(2-EPP) protocol, Alice and Bob may first take all the parity checks on $Z$ basis to reduce the bit flip error to strictly zero with a high probability, e.g., $1-2^{-30}$, and then use the CSS code to obtain the final key. We show that, this type of 2-EPP protocol can be reduced to an equivalent prepare and measure protocol. In our protocol, the huge complexity of decoding the classical CSS code is totally removed.

Towards the Communication Complexity of Entanglement Distillation Protocols

Abstract: Quantum entanglement distillation protocols are LOCC protocols between Alice and Bob that convert imperfect EPR pairs, or, in general, partially entangled bipartite states into perfect or near-perfect EPR pairs. The classical communication complexity of these protocols is the minimal amount of classical communication needed for the conversion. In this paper, we focus on the communication complexity of protocols that operate with incomplete information, i.e., where the inputs are mixed states and/or prepared adversarially. We study 3 models of imperfect EPR pairs. In the measure-r model, r out of n EPR pairs are measured by an adversary; in the depolarization model, Bob's share of qubits underwent a depolarization channel; in the fidelity model, the only information Alice and Bob possess is the fidelity of the shared state. For the measure-r model and the depolarization model, we prove tight and almost-tight bounds on the outcome of LOCC protocols that don't use communication. For the fidelity model, we prove a lower bound on the communication complexity that matches the upper bound given by Ambainis, Smith, and Yang [ASY02].

Teleportation as a measure of entanglement for an arbitrary state of two qubits

Abstract: Summary form only given. Characterizing the entanglement of a general bipartite quantum system is a difficult problem. Most measures involve difficult extremizations and their physical motivation is not always clear. In this paper we propose an experimental measure of entanglement based on a modified version of the familiar teleportation protocol of Bennett et al. (1993). Briefly, teleportation traditionally involves two parties, Alice and Bob. Initially, Alice has a qubit in an unknown quantum state which she would like to communicate to Bob and Bob has two qubits in an entangled Einstein-Podolsky-Rosen (EPR) pair. To accomplish this transfer, Bob shares one qubit of his EPR pair with Alice. She then performs a joint measurement or Bell measurement on her two qubits and relays this information back to Bob over a classical channel. Bob then uses the outcome of Alice's Bell measurement to transform his qubit, with a local unitary transformation, into the original quantum state, always with a fidelity of one.

Experimental Realization of Continuous Variable Teleportation

Abstract: Quantum teleportation is a method of quantum state transportation with a classical channel and a quantum channel [1]. In this technique, the “information” contained in a quantum state is transferred from a sending station (Alice) to a receiving station (Bob), with the original quantum state thereby reconstructed at Bob’s place with the received information and previously shared entanglement. Note that it is impossible to perform the state transformation represented by quantum teleportation only with a classical channel, which can be qualitatively explained as follows. If one attempts to obtain complete information with some particular measurement on an unknown quantum state of motion, for example, then both position and momentum (canonically conjugate variables) must be determined simultaneously with negligible error, which is of course impossible [2]. It is thus impossible for Alice to obtain complete information on the unknown quantum state, so that she certainly cannot send enough information for the reconstruction of the state to Bob. He then is unable to reconstruct the complete state at his place. By contrast, in quantum teleportation, Alice and Bob neatly circumvent constraints that would otherwise be imposed on Alice’s state measurement and Bob’s state generation, and are thereby able to reconstruct the original state at Bob’s place.