Showing papers on "Alice and Bob published in 2011"

Dense-Coding Attack on Three-Party Quantum Key Distribution Protocols

Abstract: Cryptanalysis is an important branch in the study of cryptography, including both the classical cryptography and the quantum one. In this paper we analyze the security of two three-party quantum key distribution protocols (QKDPs) proposed recently, and point out that they are susceptible to a simple and effective attack, i.e., the dense-coding attack. It is shown that the eavesdropper Eve can totally obtain the session key by sending entangled qubits as the fake signal to Alice and performing collective measurements after Alice's encoding. The attack process is just like a dense-coding communication between Eve and Alice, where a special measurement basis is employed. Furthermore, this attack does not introduce any errors to the transmitted information and consequently will not be discovered by Alice and Bob. The attack strategy is described in detail and a proof for its correctness is given. Finally, the root cause of this insecurity and a possible way to improve these protocols are discussed.

Physical-Layer Secret Key Agreement in Two-Way Wireless Relaying Systems

Abstract: We consider secret key agreement based on radio propagation characteristics in a two-way relaying system where two legitimate parties named Alice and Bob communicate with each other via a trusted relay. In this system, Alice and Bob share secret keys generated from measured radio propagation characteristics with the help of the relay in the presence of an eavesdropper. We present four secret key agreement schemes: an amplify-and-forward (AF) scheme, a signal-combining amplify-and-forward (SC-AF) scheme, a multiple-access amplify-and-forward (MA-AF) scheme, and an amplify-and-forward with artificial noise (AF with AN) scheme. In these schemes, the basic idea is to share the effective fading coefficients between Alice and Bob and use them as the source of the secret keys. The AF scheme is based on a conventional amplify-and-forward two-way relaying method, whereas in the SC-AF scheme and the MA-AF scheme, we apply the idea of physical-layer network coding to the secret key agreement. In the AF with AN scheme, the relay transmits artificially generated noise, as well as channel information signal, in order to conceal the latter. Simulation results show that the MA-AF scheme outperforms the other schemes in Rayleigh fading channels, whereas the AF with AN scheme is suitable for Rician fading channels.

Privacy preserving probabilistic inference with Hidden Markov Models

Abstract: Alice possesses a sample of private data from which she wishes to obtain some probabilistic inference. Bob possesses Hidden Markov Models (HMMs) for this purpose, but he wants the model parameters to remain private. This paper develops a framework that enables Alice and Bob to collaboratively compute the so-called forward algorithm for HMMs while satisfying their privacy constraints. This is achieved using a public-key additively homomorphic cryptosystem. Our framework is asymmetric in the sense that a larger computational overhead is incurred by Bob who has higher computational resources at his disposal, compared with Alice who has limited computing resources. Practical issues such as the encryption of probabilities and the effect of finite precision on the accuracy of probabilistic inference are considered. The protocol is implemented in software and used for secure keyword recognition.

Conflict on a communication channel

Abstract: Imagine that Alice wants to send a message m to Bob, and that Carol wants to prevent this. Assume there is a communication channel between Alice and Bob, but that Carol is capable of blocking this channel. Furthermore, there is a cost of S dollars to send on the channel, L dollars to listen on the channel and J to block the channel. How much will Alice and Bob need to spend in order to guarantee transmission of m?This problem abstracts many types of conflict in information networks including: jamming attacks in wireless networks and distributed denial-of-service (DDoS) attacks on the Internet, where the costs to Alice, Bob and Carol represent an expenditure of energy or network resources. The problem allows us to quantitatively analyze the economics of information exchange in an adversarial setting and ask: Is communication cheaper than censorship?We answer this question in the affirmative by showing that it is significantly more costly for Carol to block communication of m than for Alice to communicate it to Bob. Specifically, if S, L and J are fixed constants, and Carol spends a total of B dollars trying to block m, then Alice and Bob must spend only O(Bφ - 1 + 1)=O(B.62+1) dollars in expectation to transmit m, where φ = (1 + √5)/2 is the golden ratio. Surprisingly, this result holds even if (1) B is unknown to both Alice and Bob; (2) Carol knows the algorithms of Alice and Bob, but not their random bits; and (3) Carol has total knowledge of past actions of both players.Finally, we apply our work to two problems: (1) DoS attacks in wireless sensor networks and (2) application-level DDoS attacks in a wired client-server scenario. Our applications show how our results can provide an additional tool in mitigating such attacks.

Sub-linear, secure comparison with two non-colluding parties

Abstract: The classic problem in the field of secure computation is Yao's millionaires' problem; we consider two new protocols solving a variation of this: a number of parties, P1,...,Pn, securely hold two l- bit values, x and y - e.g. x and y could be encrypted or secret shared. They wish to obtain a bit stating whether x is greater than y using only secure arithmetic; this should be done without revealing any information, even the output should remain secret. The present setting is special in the sense that it is assumed that two specific parties, referred to as Alice and Bob, are non-colluding. Though this assumption is not satisfied in general, it clearly is for the main example of this work: two-party computation based on Paillier encryption. The first solution requires O(log(l)(κ + loglog(l))) secure arithmetic operations in O(log(l)) rounds, where κ is a correctness parameter. The second solution requires only a constant number of rounds, but increases complexity to O(√l(κ + log(l))) arithmetic operations. For the motivating setting, each arithmetic operation requires a constant number of Paillier encryptions to be exchanged between Alice and Bob. This implies that both solutions require only a sub-linear number of invocations (in the bit-length, l) of the cryptographic primitives. This does not imply sub-linear communication, though, as the size of each encryption transmitted is more than l bits.

The quantum cryptographic switch

Abstract: We illustrate using a quantum system the principle of a cryptographic switch, in which a third party (Charlie) can control to a continuously varying degree the amount of information the receiver (Bob) receives, after the sender (Alice) has sent her information. Suppose Charlie transmits a Bell state to Alice and Bob. Alice uses dense coding to transmit two bits to Bob. Only if the 2-bit information corresponding to choice of Bell state is made available by Charlie to Bob can the latter recover Alice's information. By varying the information he gives, Charlie can continuously vary the information recovered by Bob. The performance of the protocol subjected to the squeezed generalized amplitude damping channel is considered. We also present a number of practical situations where a cryptographic switch would be of use.

Privacy-Preserving Updates to Anonymous and Confidential Databases

Abstract: Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patient's medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database, respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency.

Improving the Security of Controlled Quantum Secure Direct Communication by Using Four Particle Cluster States Against an Attack with Fake Entangled Particles

Abstract: A controlled quantum secure direct communication protocol (Zhang et al. Int. J. Theor. Phys. 48:2971–2976, 2009) by using four particle cluster states was proposed recently. The aim of Zhang et al. was that the successful realization of communication between Alice and Bob needed the cooperation of a controller, Charlie. However, we show that the controller Charlie’s role could be excluded unknowingly. Using fake entangled particles and Bell measurement, the dishonest Bob who generates the initial signals can elicit Alice’s secret message without the permission of Charlie. A possible improvement of the protocol is proposed.

Secret keys from channel noise

Abstract: We study the problem of unconditionally secure Secret Key Establishment (SKE) when Alice and Bob are connected by two noisy channels that are eavesdropped by Eve. We consider the case that Alice and Bob do not have any sources of initial randomness at their disposal. We start by discussing special cases of interest where SKE is impossible and then provide a simple SKE construction over binary symmetric channels that achieves some rates of secret key. We next focus on the Secret Key (SK) capacity and provide lower and upper bounds on this capacity. We prove the lower bound by proposing a multi-round SKE protocol, called the main protocol. The main protocol consists of an initialization round and the repetition of a two-round SKE sub-protocol, called the basic protocol. We show that the two bounds coincide when channels do not leak information to the adversary. We apply the results to the case that communicants are connected by binary symmetric channels.

Certifying entangled measurements in known Hilbert spaces

Abstract: We study under which conditions it is possible to assert that a joint measurement cannot be simulated by local operations and classical communication. More concretely, we consider a scenario where two parties, Alice and Bob, send each a state selected from a labeled set of unknown states to a third party, Charlie, who in turn interacts with the states in some undisclosed way and then announces an outcome. We show that, under the assumption that Alice and Bob know the dimensionality of their systems, there exist situations where the statistics of the outcomes reveals the nature of Charlie's measurement.

Defeating Active Eavesdropping with Quantum Illumination

Abstract: Quantum illumination is a paradigm for using entanglement to gain a performance advantage—in comparison with classical‐state systems of the same optical power—over lossy, noisy channels that destroy entanglement. Previous work has shown how it can be used to defeat passive eavesdropping on a two‐way Alice‐to‐Bob‐to‐Alice communication protocol, in which the eavesdropper, Eve, merely listens to Alice and Bob’s transmissions. This paper extends that analysis to consider how Alice and Bob can minimize their vulnerability to Eve’s doing active eavesdropping, i.e., when she injects her own light into the channel.

Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE.

Abstract: Fully homomorphic encryption (FHE) provides a simple template for secure computation between two parties (Alice and Bob) where: (I) Alice encrypts her input under her key, (II) Bob homomorphically evaluates the desired function on Alice’s ciphertext and his own input, and sends the encrypted output to Alice. Extending this approach to multiple parties raises the problem of which key to encrypt under; if all parties choose a key on their own, then homomorphic evaluation on ciphertexts under different keys will not be possible, and if a single party chooses the key for everyone then corrupting this party will break privacy for all. In this work, we explore the option of using threshold fully homomorphic encryption (TFHE), allowing many parties to cooperatively generate a common public key whose secret key is shared/distributed among them. Moreover, the parties can cooperatively decrypt a ciphertext without learning anything but the plaintext. We show how to instantiate this approach efficiently using the recent FHE schemes of Brakerski et al. (FOCS ’11, ITCS ’12) based on the learning with errors (LWE) assumption. Our main tool is to exploit the property that such LWE-based encryption schemes are homomorphic over their keys. Using TFHE, we construct multiparty computation (MPC) protocols secure against fully malicious settings, tolerating any number of corruptions, and providing security in the universal composability framework. Our schemes have several benefits over prior templates for MPC. Interaction: We get protocols with only 3 rounds of interaction in the common random string model, or 2 rounds with a reusable public-key infrastructure, improving on prior known results. Communication: The communication in our protocol is only proportional to the input and output size of the function being evaluated and independent of its circuit size. Computation: The only computation that depends on the size of the circuit being computed is a homomorphic evaluation over public ciphertexts. This computation can be performed by a single party or can be outsourced to an external server. Novel Approach: Prior approaches to MPC with a dishonest majority rely in part on some combination of the techniques of Yao (FOCS ’86) and/or Goldreich, Micali and Wigderson (STOC ’87). Our approach is fundamentally different and relies only on the homomorphic properties of LWE-based encryption.

Optimal discovery strategies in white space networks

Abstract: The whitespace-discovery problem describes two parties, Alice and Bob, trying to discovery one another and establish communication over one of a given large segment of communication channels. Subsets of the channels are occupied in each of the local environments surrounding Alice and Bob, as well as in the global environment (Eve). In the absence of a common clock for the two parties, the goal is to devise time-invariant (stationary) strategies minimizing the discovery time. We model the problem as follows. There are N channels, each of which is open (unoccupied) with probability p1, p2, q independently for Alice, Bob and Eve respectively. Further assume that N ≫ 1/(p1p2q) to allow for sufficiently many open channels. Both Alice and Bob can detect which channels are locally open and every time-slot each of them chooses one such channel for an attempted discovery. One aims for strategies that, with high probability over the environments, guarantee a shortest possible expected discovery time depending only on the pi's and q. Here we provide a stationary strategy for Alice and Bob with a guaranteed expected discovery time of O(1/(p1p2q2)) given that each party also has knowledge of p1, p2, q. When the parties are oblivious of these probabilities, analogous strategies incur a cost of a poly-log factor, i.e. O(1/(p1p2q2)). Furthermore, this performance guarantee is essentially optimal as we show that any stationary strategies of Alice and Bob have an expected discovery time of at least Ω(1/(p1p2q2)).

Non-local box complexity and secure function evaluation

Abstract: A non-local box is an abstract device into which Alice and Bob input bits x and yrespectively and receive outputs a and b, where a, b are uniformly distributed and a+b =x∧y. Such boxes have been central to the study of quantum or generalized non-locality, aswell as the simulation of non-signaling distributions. In this paper, we start by studyinghow many non-local boxes Alice and Bob need in order to compute a Boolean functionf. We provide tight upper and lower bounds in terms of the communication complexityof the function both in the deterministic and randomized case. We show that non-localbox complexity has interesting applications to classical cryptography, in particular tosecure function evaluation, and study the question posed by Beimel and Malkin [1] ofhow many Oblivious Transfer calls Alice and Bob need in order to securely compute afunction f. We show that this question is related to the non-local box complexity of thefunction and conclude by greatly improving their bounds. Finally, another consequenceof our results is that traceless two-outcome measurements on maximally entangled statescan be simulated with 3 non-local boxes, while no finite bound was previously known.

Certified security proofs of cryptographic protocols in the computational model: an application to intrusion resilience

Abstract: Security proofs for cryptographic systems can be carried out in different models which reflect different kinds of security assumptions. In the symbolic model, an attacker cannot guess a secret at all and can only apply a pre-defined set of operations, whereas in the computational model, he can hope to guess secrets and apply any polynomial-time operation. Security properties in the computational model are more difficult to establish and to check. In this paper we present a framework for certified proofs of computational indistinguishability, written using the Coq proof assistant, and based on CIL, a specialized logic for computational frames that can be applied to primitives and protocols. We demonstrate how CIL and its Coq-formalization allow proofs beyond the black-box security framework, where an attacker only uses the input/output relation of the system by executing on chosen inputs without having additional information on the state. More specifically, we use it to prove the security of a protocol against a particular kind of side-channel attack which aims at modeling leakage of information caused by an intrusion into Alice and Bob's computers.

The Garden-Hose Game: A New Model of Computation, and Application to Position-Based Quantum Cryptography

Abstract: We define a new model of communication complexity, called the garden-hose model. Informally, the garden-hose complexity of a function f:{0,1}^n x {0,1}^n to {0,1} is given by the minimal number of water pipes that need to be shared between two parties, Alice and Bob, in order for them to compute the function f as follows: Alice connects her ends of the pipes in a way that is determined solely by her input x \in {0,1}^n and, similarly, Bob connects his ends of the pipes in a way that is determined solely by his input y \in {0,1}^n. Alice turns on the water tap that she also connected to one of the pipes. Then, the water comes out on Alice's or Bob's side depending on the function value f(x,y). We prove almost-linear lower bounds on the garden-hose complexity for concrete functions like inner product, majority, and equality, and we show the existence of functions with exponential garden-hose complexity. Furthermore, we show a connection to classical complexity theory by proving that all functions computable in log-space have polynomial garden-hose complexity. We consider a randomized variant of the garden-hose complexity, where Alice and Bob hold pre-shared randomness, and a quantum variant, where Alice and Bob hold pre-shared quantum entanglement, and we show that the randomized garden-hose complexity is within a polynomial factor of the deterministic garden-hose complexity. Examples of (partial) functions are given where the quantum garden-hose complexity is logarithmic in n while the classical garden-hose complexity can be lower bounded by n^c for constant c>0. Finally, we show an interesting connection between the garden-hose model and the (in)security of a certain class of quantum position-verification schemes.

An Approach of Quantum Steganography through Special SSCE Code

Abstract: Encrypted messages sending frequently draws the attention of third parties, perhaps causing attempts to break and reveal the original messages. Steganography is introduced to hide the existence of the communication by concealing a secret message in an appropriate carrier like text, image, audio or video. Quantum steganography where the sender (Alice) embeds her steganographic information into the cover and sends it to the receiver (Bob) over a communication channel. Alice and Bob share an algorithm and hide quantum information in the cover. An eavesdropper (Eve) without access to the algorithm can’t find out the existence of the quantum message. In this paper, a text quantum steganography technique based on the use of indefinite articles (a) or (an) in conjunction with the nonspecific or non-particular nouns in English language and quantum gate truth table have been proposed. The authors also introduced a new code representation technique (SSCE Secret Steganography Code for Embedding) at both ends in order to achieve high level of security. Before the embedding operation each character of the secret message has been converted to SSCE Value and then embeds to cover text. Finally stego text is formed and transmits to the receiver side. At the receiver side different reverse operation has been carried out to get back the original information. Keywords—Quantum Steganography, SSCE (Secret Steganography Code for Embedding), Security, Cover Text, Stego Text.

Three-dimensional quantum key distribution in the presence of several eavesdroppers

Abstract: Quantum key distribution based on encoding in three-dimensional systems in the presence of several eavesdroppers is proposed. This extends the BB84 protocol in the presence of many eavesdroppers where two-level quantum systems (qubits) are replaced by three-level systems (qutrits). We discuss the scenarios involving two, three and four complementary bases. We derive the explicit form of Alice and Bob mutual information and the information gained by each eavesdropper. In particular, we show that, in the presence of only one eavesdropper, the protocol involving four bases is safer than the other ones. However, for two eavesdroppers, the security is strongly dependent on the attack probabilities. The effect of a large number of eavesdroppers is also investigated.

Oblivious Storage with Low I/O Overhead

Abstract: We study oblivious storage (OS), a natural way to model privacy-preserving data outsourcing where a client, Alice, stores sensitive data at an honest-but-curious server, Bob. We show that Alice can hide both the content of her data and the pattern in which she accesses her data, with high probability, using a method that achieves O(1) amortized rounds of communication between her and Bob for each data access. We assume that Alice and Bob exchange small messages, of size $O(N^{1/c})$, for some constant $c\ge2$, in a single round, where $N$ is the size of the data set that Alice is storing with Bob. We also assume that Alice has a private memory of size $2N^{1/c}$. These assumptions model real-world cloud storage scenarios, where trade-offs occur between latency, bandwidth, and the size of the client's private memory.

The Garden-Hose Model

Abstract: We define a new model of communication complexity, called the garden-hose model. Informally, the garden-hose complexity of a function f:{0,1}^n x {0,1}^n to {0,1} is given by the minimal number of water pipes that need to be shared between two parties, Alice and Bob, in order for them to compute the function f as follows: Alice connects her ends of the pipes in a way that is determined solely by her input x \in {0,1}^n and, similarly, Bob connects his ends of the pipes in a way that is determined solely by his input y \in {0,1}^n. Alice turns on the water tap that she also connected to one of the pipes. Then, the water comes out on Alice's or Bob's side depending on the function value f(x,y). We prove almost-linear lower bounds on the garden-hose complexity for concrete functions like inner product, majority, and equality, and we show the existence of functions with exponential garden-hose complexity. Furthermore, we show a connection to classical complexity theory by proving that all functions computable in log-space have polynomial garden-hose complexity. We consider a randomized variant of the garden-hose complexity, where Alice and Bob hold pre-shared randomness, and a quantum variant, where Alice and Bob hold pre-shared quantum entanglement, and we show that the randomized garden-hose complexity is within a polynomial factor of the deterministic garden-hose complexity. Examples of (partial) functions are given where the quantum garden-hose complexity is logarithmic in n while the classical garden-hose complexity can be lower bounded by n^c for constant c>0. Finally, we show an interesting connection between the garden-hose model and the (in)security of a certain class of quantum position-verification schemes.

Assisted entanglement distillation

Abstract: Motivated by the problem of designing quantum repeaters, we study entanglement distillation between two parties, Alice and Bob, starting from a mixed state and with the help of "repeater" stations. To treat the case of a single repeater, we extend the notion of entanglement of assistance to arbitrary mixed tripartite states and exhibit a protocol, based on a random coding strategy, for extracting pure entanglement. The rates achievable by this protocol formally resemble those achievable if the repeater station could merge its state to one of Alice and Bob even when such merging is impossible. This rate is provably better than the hashing bound for sufficiently pure tripartite states. We also compare our assisted distillation protocol to a hierarchical strategy consisting of entanglement distillation followed by entanglement swapping. We demonstrate by the use of a simple example that our random measurement strategy outperforms hierarchical distillation strategies when the individual helper stations' states fail to individually factorize into portions associated specifically with Alice and Bob. Finally, we use these results to find achievable rates for the more general scenario, where many spatially separated repeaters help two recipients distill entanglement.

Signal Sets for Secret Key Agreement With Public Discussion Based on Gaussian and Fading Channels

Abstract: We study the signal sets for information theoretically secure key agreement with public discussion over the Gaussian and flat fading channels. Alice transmits signals to Bob over a noisy channel while Eve receives signals through an independent noisy channel. By utilizing this noisy resource, Alice and Bob wish to share a secret key on which Eve has a negligible amount of information. We present a protocol that allows Alice and Bob to share a common secret information, and encompass the signal sets for an efficient protocol in information theoretic sense.

Non-distillable entanglement guarantees distillable entanglement

Abstract: The monogamy of entanglement is one of the basic quantum mechanical features, which says that when two partners Alice and Bob are more entangled then either of them has to be less entangled with the third party. Here we qualitatively present the converse monogamy of entanglement: given a tripartite pure system and when Alice and Bob are entangled and non-distillable, then either of them is distillable with the third party. Our result leads to the classification of tripartite pure states based on bipartite reduced density operators, which is a novel and effective way to this long-standing problem compared to the means by stochastic local operations and classical communications. Furthermore we systematically indicate the structure of the classified states and generate them. We also extend our results to multipartite states.

Secure Multiterminal Source Coding with Side Information at the Eavesdropper

Abstract: The problem of secure multiterminal source coding with side information at the eavesdropper is investigated. This scenario consists of a main encoder (referred to as Alice) that wishes to compress a single source but simultaneously satisfying the desired requirements on the distortion level at a legitimate receiver (referred to as Bob) and the equivocation rate --average uncertainty-- at an eavesdropper (referred to as Eve). It is further assumed the presence of a (public) rate-limited link between Alice and Bob. In this setting, Eve perfectly observes the information bits sent by Alice to Bob and has also access to a correlated source which can be used as side information. A second encoder (referred to as Charlie) helps Bob in estimating Alice's source by sending a compressed version of its own correlated observation via a (private) rate-limited link, which is only observed by Bob. For instance, the problem at hands can be seen as the unification between the Berger-Tung and the secure source coding setups. Inner and outer bounds on the so called rates-distortion-equivocation region are derived. The inner region turns to be tight for two cases: (i) uncoded side information at Bob and (ii) lossless reconstruction of both sources at Bob --secure distributed lossless compression. Application examples to secure lossy source coding of Gaussian and binary sources in the presence of Gaussian and binary/ternary (resp.) side informations are also considered. Optimal coding schemes are characterized for some cases of interest where the statistical differences between the side information at the decoders and the presence of a non-zero distortion at Bob can be fully exploited to guarantee secrecy.

Proxy Re-signature Schemes : Multi-use, Unidirectional & Translations

Abstract: In 1998, Blaze, Bleumer, and Strauss proposed proxy re-signatures, in which a semi-trusted proxy acts as a translator between Alice and Bob to translate a signature from Alice into a signature from Bob on the same message. Following are some open challenges in proxy re-signature schemes: i) the design of multi-use unidirectional systems and ii) determining whether or not a proxy re-signature scheme can be built that translates one type of signature scheme to another. We propose a solution for the first open problem using the property of forward-security. Our forward-secure proxy re-signature scheme which is based on the hardness of factoring translates one person’s signature to another person’s signature and additionally facilitates the signers as well as the proxy to guarantee the security of messages signed in the past even if their secret key is exposed today. To address the second open problem, we construct proxy signature schemes that translates Alice’s Schnorr/ElGamal/RSA signature to Bob’s RSA signature. The Signatures generated by regular signature generation algorithm and the proposed re-signature algorithms are indistinguishable.

Quantum Secret Sharing between multiparty and multiparty with squeezed state

Abstract: A quantum secret sharing protocol between multiparty and multiparty based on squeezed state is proposed. In the protocol, the members in the Alice group code the secret information on the quantum states prepared by the members in the Bob group. The groups Alice and Bob share a classical secret. The secret could be reconstructed if and only if all the members of the group Alice or the group Bob collaborate, any part of each group can't reconstruct the secret. Compared with the protocols based on single photon, this protocol is more efficient and realized more simply. The analysis shows that the protocol is secure.

Identity-based decryption

Abstract: Devices and methods are provided for managing identity-based decryption of digital content. A message sender ("Alice") uses a random key (Krand) to encrypt message content for a message recipient ("Bob"). Then Alice uses the public key of a message decryption service provider ("Carmen") to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob' s authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content.

Formal Verification of the Security of a Free-Space Quantum Key Distribution System

Abstract: The security of a free-space Quantum Key Distribution (QKD) system is analyzed by using PRISM, a probabilistic model checker. Disturbances and misalignments causing an imperfect channel are considered. The security of the system is formally demonstrated against intercept-resend and random substitution eavesdropping attacks for a particular range of transmitted photons. implemented in an experimental QKD system. We will consider the influence of possible disturbances in the free- space between Alice and Bob, and misalignments in the optics to calculate the probability of detection of the eavesdropper as a function of the number of photons transmitted (or equivalently, the length of the bit sequence generated by Alice). The rest of the paper is organized as follows. Section II includes some preliminaries and definitions. Section III briefly outlines the BB84 protocol, describes the actual free-space QKD system under development in our labs, and exposes the model checking methodology used to analyze its security. The calculated results are presented and discussed in section IV and, finally, conclusions are derived in section V.

Entanglement enhances classical communication

Abstract: As a laboratory experiment shows, when Alice and Bob each have one of a pair of entangled photons, they can transmit data more accurately over a noisy channel.