Showing papers on "Alice and Bob published in 2018"

Intrinsic motivation and automatic curricula via asymmetric self-play

Abstract: We describe a simple scheme that allows an agent to learn about its environment in an unsupervised manner. Our scheme pits two versions of the same agent, Alice and Bob, against one another. Alice proposes a task for Bob to complete; and then Bob attempts to complete the task. In this work we will focus on two kinds of environments: (nearly) reversible environments and environments that can be reset. Alice will "propose" the task by doing a sequence of actions and then Bob must undo or repeat them, respectively. Via an appropriate reward structure, Alice and Bob automatically generate a curriculum of exploration, enabling unsupervised training of the agent. When Bob is deployed on an RL task within the environment, this unsupervised training reduces the number of supervised episodes needed to learn, and in some cases converges to a higher reward.

Three-step three-party quantum secure direct communication

Abstract: We propose a three-party quantum secure direct communication (QSDC) protocol with hyperentanglement in both spatial-mode and polarization degrees of freedom The secret message can be encoded independently with desired unitary operations in two degrees of freedom In this protocol, a party can synchronously obtain the other two parties messages Compared with previous three-party QSDC protocols, our protocol has several advantages First, the single photons in our protocol are only required to transmit for three times This advantage makes this protocol simple and useful Second, Alice and Bob can send different secret messages to Charlie, respectively Finally, with hyperentanglement, this protocol has a higher information capacity than other protocols

Duality Games and Operational Duality Relations.

Abstract: We give operational meaning to wave-particle duality in terms of discrimination games. Duality arises as a constraint on the probability of winning these games. The games are played with the aid of an $n$-port interferometer, and involve 3 parties, Alice and Bob, who cooperate, and the House, who supervises the game. In one game called ways they attempt to determine the path of a particle in the interferometer. In another, called phases, they attempt to determine which set of known phases have been applied to the different paths. The House determines which game is to be played by flipping a coin. We find a tight wave-particle duality relation that allows us to relate the probabilities of winning these games, and use it to find an upper bound on the probability of winning the combined game. This procedure allows us to express wave-particle duality in terms of discrimination probabilities.

Multi-Hop Routing in Covert Wireless Networks

Abstract: In covert communication, Alice tries to communicate with Bob without being detected by a warden Willie. When the distance between Alice and Bob becomes large compared with the distance between Alice and Willie(s), the performance of covert communication will be degraded. In this case, multi-hop message transmission via intermediate relays can help to improve the performance. Hence, in this paper, multi-hop covert communication over a moderate size network and in the presence of multiple collaborating Willies is considered. The relays can transmit covertly using either a single key for all relays or different independent keys at the relays. For each case, we develop efficient algorithms to find optimal paths with maximum throughput and minimum end-to-end delay between Alice and Bob. As expected, employing multiple hops significantly improves the ability to communicate covertly versus the case of a single-hop transmission. Furthermore, at the expense of more shared key bits, analytical results and numerical simulations demonstrate that the multi-hop covert communication with different independent keys at the relays has better performance than the multi-hop covert communication with a single key.

Laconic Function Evaluation and Applications

Abstract: We introduce a new cryptographic primitive called laconic function evaluation (LFE). Using LFE, Alice can compress a large circuit f into a small digest. Bob can encrypt some data x under this digest in a way that enables Alice to recover f(x) without learning anything else about Bob's data. For the scheme to be laconic, we require that the size of the digest, the run-time of the encryption algorithm and the size of the ciphertext should all be small, much smaller than the circuit-size of f. We construct an LFE scheme for general circuits under the learning with errors (LWE) assumption, where the above parameters only grow polynomially with the depth but not the size of the circuit. We then use LFE to construct secure 2-party and multi-party computation (2PC, MPC) protocols with novel properties: _We construct a 2-round 2PC protocol between Alice and Bob with respective inputs x_A, x_B in which Alice learns the output f(x_A, x_B) in the second round. This is the first such protocol which is "Bob-optimized", meaning that Alice does all the work while Bob's computation and the total communication of the protocol are smaller than the size of the circuit f or even Alice's input x_A. In contrast, prior solutions based on fully homomorphic encryption are "Alice-optimized". _We construct an MPC protocol, which allows n parties to securely evaluate a function f(x_1,...,x_N) over their respective inputs, where the total amount of computation performed by the parties during the protocol execution is smaller than that of evaluating the function itself! Each party has to individually pre-process the circuit f before the protocol starts and post-process the protocol transcript to recover the output after the protocol ends, and the cost of these steps is larger than the circuit size. However, this gives the first MPC where the computation performed by each party during the actual protocol execution, from the time the first protocol message is sent until the last protocol message is received, is smaller than the circuit size.

Maximum Secrecy Throughput of MIMOME FSO Communications With Outage Constraints

Abstract: In this paper, we consider a scenario where two multiple-aperture legitimate nodes (Alice and Bob) communicate by means of free-space optical communication in the presence of a multiple-aperture eavesdropper (Eve), which is subject to pointing errors. Two different schemes are considered depending on the availability of channel state information (CSI) at Alice: 1) the adaptive scheme, where Alice possesses the instantaneous CSI with respect to Bob and 2) the fixed-rate scheme, where such information is not available at Alice. The performance of the aforementioned schemes is evaluated in terms of a recently proposed metric named effective secrecy throughput (EST), which encompasses both the reliability and secrecy constraints. By constraining the system to operate below a given maximum allowed secrecy outage probability, we evaluate the EST analytically and through numerical results, showing that the use of multiple apertures at Alice is very important toward achieving the optimal EST.

Covert Communication over Adversarially Jammed Channels

Abstract: Suppose that a transmitter Alice potentially wishes to communicate with a receiver Bob over an adversarially jammed binary channel. An active adversary James eavesdrops on their communication over a binary symmetric channel (BSC$(q))$, and may maliciously flip (up to) a certain fraction p of their transmitted bits based on his observation. We consider a setting where the communication must be simultaneously covert as well as reliable, i.e., James should be unable to accurately distinguish whether or not Alice is communicating, while Bob should be able to correctly recover Alice’s message with high probability regardless of the adversarial jamming strategy. We show that, unlike the setting with passive adversaries, reliable covert communication against active adversaries requires Alice and Bob to have a shared key (of length at least $\Omega$(log $n)$) even when Bob has a better channel than James. We present inner and outer bounds on the information-theoretically optimal throughputs as a function of the channel parameters, the desired level of covertness, and the amount of shared key available. Further, these bounds match for a wide range of parameters of interest. Full version [1]: https://arxiv.org/pdf/1805.02426.pdf

Free-space optical wiretap channel and experimental secret key agreement in 7.8 km terrestrial link

Abstract: Secret key agreement using physical properties of a wireless channel is becoming a promising scheme to establish a secret key between two users, especially in short-distance radio frequency (RF) communications. In this scheme, the existence of codes or key distillation that can make the leaked information to an eavesdropper arbitrarily small can be derived in an information theoretical way, given a priori knowledge on the channel linking a sender (Alice), a legitimate receiver (Bob), and an eavesdropper (Eve), which is called the wiretap channel. In practice, however, it is often difficult for Alice and Bob to get sufficient knowledge on Eve. In this study, we implement a free-space optical wiretap channel in a 7.8 km-terrestrial link and study how to estimate Eve’s tapping ability, demonstrating high speed secret key agreement in the optical domain under a certain restricted condition of line-of-sight.

Bidirectional Controlled Quantum Teleportation in the Three-dimension System

Abstract: We present a scheme for bidirectional controlled quantum teleportation (BCQT) via a five-qutrit entangled state as the quantum channel. In this scheme, two distant parties, Alice and Bob, are not only senders but also receivers, and Alice wants to teleport an unknown single-qutrit state to Bob, at the same time, Bob wishes to teleport another arbitrary single-qutrit state, respectively. It is shown that, only if the two senders and the controller collaborate with each other, the BCQT can be completed successfully.

Efficient Card-Based Cryptographic Protocols for the Millionaires' Problem Using Private Input Operations

Abstract: This paper proposes new efficient card-based cryptographic protocols for the millionaires' problem using private input operations The millionaires' problem is one of the fundamental problems in cryptography Two players, Alice and Bob, want to know which of them is richer without revealing their actual amount of asset Many cryptographic protocols were proposed to solve the problem Card-based cryptographic protocols were proposed to execute cryptographic protocols using physical cards instead of computers Though some card-based cryptographic protocols for the millionaires' problem were proposed, most of them use many cards whose number depends on the size of the amount of asset Though Nakai et al implicitly proposed a new protocol that uses a constant number of cards using private input operations, their protocol is not efficient since the number of rounds is 2n+1, where n is the maximum number of bits of the asset This paper shows new card-based protocols whose number of rounds is n+1 Another important feature of the proposed protocols is no-open property No cards are opened until the end of the protocol

SSteGAN: Self-learning Steganography Based on Generative Adversarial Networks

Abstract: Steganography is designed to conceal a secret message within public media. Traditional steganography needs a lot of expert knowledge and complex artificial rules. To solve this problem, we propose a novel self-learning steganographic algorithm based on the generative adversarial network, which we called SSteGAN. This method learns the steganographic algorithm in an unsupervised manner without expert knowledge and directly generates the stego image from the secret message without the cover image. We define a game with four parts: Alice, Bob, Dev and Eve. Alice and Bob attempt to communicate securely. Eve eavesdrops on their conversation and wants to distinguish whether the secret message is embedded in the image. Dev attempts to determine real images from generated images. Experiment results demonstrate that Alice can produce vivid stego images and Bob can successfully decode the secret message with \( 98.8\% \) accuracy.

Practical security of semi-quantum key distribution

Abstract: Unconditionally secure key distribution is impossible using classical communication only. However, by providing Alice and Bob with quantum capable hardware the task becomes possible. How quantum does a protocol need to be, though, in order to gain this advantage? In 2007, Boyer et al., proposed "semi-quantum key distribution" where only Alice need be quantum while Bob need only limited classical" capabilities. Several protocols were proposed and proven secure in the perfect qubit scenario" but not necessarily against realistic attacks (with one exception being recently published in (PRA 96 062335)). In this paper, we devise a new SQKD protocol and analyze its security against certain practical attacks.

A Generalized Quantum Slepian–Wolf

Abstract: In this paper, we consider a quantum generalization of the task considered by Slepian and Wolf regarding distributed source compression. In our task, Alice, Bob, Charlie, and Reference share a joint pure state. Alice and Bob wish to send a part of their respective systems to Charlie without collaborating with each other. We give achievability bounds for this task in the one-shot setting and provide the asymptotic and independent identically distributed analysis in the case when there is no side information with Charlie. Our result implies the result of Abeyesinghe et al. , who studied a special case of this problem. As another special case wherein Bob holds trivial registers, we recover the result of Devetak and Yard regarding quantum state redistribution.

Detector-device-independent quantum secret sharing with source flaws.

Abstract: Measurement-device-independent entanglement witness (MDI-EW) plays an important role for detecting entanglement with untrusted measurement device. We present a double blinding-attack on a quantum secret sharing (QSS) protocol based on GHZ state. Using the MDI-EW method, we propose a QSS protocol against all detector side-channels. We allow source flaws in practical QSS system, so that Charlie can securely distribute a key between the two agents Alice and Bob over long distances. Our protocol provides condition on the extracted key rate for the secret against both external eavesdropper and arbitrary dishonest participants. A tight bound for collective attacks can provide good bounds on the practical QSS with source flaws. Then we show through numerical simulations that using single-photon source a secure QSS over 136 km can be achieved.

Two Party Distribution Testing: Communication and Security.

Abstract: We study the problem of discrete distribution testing in the two-party setting. For example, in the standard closeness testing problem, Alice and Bob each have $t$ samples from, respectively, distributions $a$ and $b$ over $[n]$, and they need to test whether $a=b$ or $a,b$ are $\epsilon$-far for some fixed $\epsilon>0$. This is in contrast to the well-studied one-party case, where the tester has unrestricted access to samples of both distributions, for which optimal bounds are known for a number of variations. Despite being a natural constraint in applications, the two-party setting has evaded attention so far. We address two fundamental aspects: 1) what is the communication complexity, and 2) can it be accomplished securely, without Alice and Bob learning extra information about each other's input. Besides closeness testing, we also study the independence testing problem, where Alice and Bob have $t$ samples from distributions $a$ and $b$ respectively, which may be correlated; the question is whether $a,b$ are independent of $\epsilon$-far from being independent. Our contribution is three-fold: 1) Communication: we show how to gain communication efficiency with more samples, beyond the information-theoretic bound on $t$. The gain is polynomially better than what one obtains by adapting standard algorithms. 2) Lower bounds: we prove tightness of our protocols for the closeness testing, and for the independence testing when the number of samples is unbounded. These lower bounds are of independent interest as these are the first 2-party communication lower bounds for testing problems. 3) Security: we define secure distribution testing and argue that it must leak at least some minimal information. We then provide secure versions of the above protocols with an overhead that is only polynomial in the security parameter.

On the Achievable Secrecy Diversity of Cooperative Networks With Untrusted Relays

Abstract: Cooperative relaying is often deployed to enhance the communication reliability (i.e., diversity order) and consequently the end-to-end achievable rate. However, this raises several security concerns when the relays are untrusted, since they may have access to the relayed message. In this paper, we study the achievable secrecy diversity order of cooperative networks with untrusted relays. In particular, we consider a network with an $N$ -antenna transmitter (Alice), $K$ single-antenna relays, and a single-antenna destination (Bob). We consider the general scenario, where there is no relation between $N$ and $K$ , and therefore, $K$ can be larger than $N$ . Alice and Bob are assumed to be far away from each other, and all communication is done through the relays, i.e., there is no direct link. Providing secure communication while enhancing the diversity order has been shown to be very challenging. In fact, it has been shown in the literature that the maximum achievable secrecy diversity order for the adopted system model is one (while using artificial noise jamming). In this paper, we adopt a nonlinear interference alignment scheme that we have proposed recently to transmit the signals from Alice to Bob. We analyze the proposed scheme in terms of the achievable secrecy rate and secrecy diversity order. Assuming Gaussian inputs, we derive an explicit expression for the achievable secrecy rate and show analytically that a secrecy diversity order of up to $\min (N,K)-1$ can be achieved using the proposed technique. We provide several numerical examples to validate the obtained analytical results and demonstrate the superiority of the proposed technique to its counterparts that exist in the literature.

Schemes for Hybrid Bidirectional Controlled Quantum Communication via Multi-qubit Entangled States

Abstract: We present two schemes for hybrid bidirectional controlled quantum communication (HBCQC) via six- and nine-qubit entangled states as the quantum channel, respectively. In these schemes, two distant parties, Alice and Bob are not only senders but also receivers, and Alice wants to teleport an unknown single-qubit state to Bob, at the same time, Bob wishes to help Alice remotely prepares an arbitrary single- and two- qubit state, respectively. It is shown that, only if the two senders and the controller collaborate with each other, the HBCQC can be completed successfully. We demonstrate, in our both schemes, the total success probability of the HBCQC can reach 1, that is, the schemes are deterministic.

An Artificial-Noise-Aided Secure Scheme for Hybrid Parallel PLC/Wireless OFDM Systems

Abstract: We investigate the physical-layer security of indoor hybrid parallel power-line/wireless orthogonal-frequency division-multiplexing (OFDM) communication systems. We propose an artificial- noise (AN) aided scheme to enhance the system's security in the presence of an eavesdropper by exploiting the decoupled nature of the power-line and wireless communication media. The proposed scheme does not require the instantaneous channel state information of the eavesdropper's links to be known at the legitimate nodes. In our proposed scheme, the legitimate transmitter (Alice) and the legitimate receiver (Bob) cooperate to secure the hybrid system where an AN signal is shared from Bob to Alice on the link with the lower channel- to-noise ratio (CNR) while the information stream in addition to a noisy-amplified version of the received AN signal is transmitted from Alice to Bob on the link with higher CNR at each OFDM sub- channel. In addition, we investigate the effect of the transmit power levels at both Alice and Bob and the power allocation ratio between the data and AN signals at Alice on the secure throughput. We investigate both single-link eavesdropping attacks, where only one link is exposed to eavesdropping attacks, and two-link eavesdropping attacks, where the two links are exposed to eavesdropping attacks.

Information-Theoretic Secret-Key Agreement: The Asymptotically Tight Relation Between the Secret-Key Rate and the Channel Quality Ratio

Abstract: Information-theoretic secret-key agreement between two parties Alice and Bob is a well-studied problem that is provably impossible in a plain model with public (authenticated) communication, but is known to be possible in a model where the parties also have access to some correlated randomness. One particular type of such correlated randomness is the so-called satellite setting, where uniform random bits (e.g., sent by a satellite) are received by the parties and the adversary Eve over inherently noisy channels. The antenna size determines the error probability, and the antenna is the adversary’s limiting resource much as computing power is the limiting resource in traditional complexity-based security. The natural assumption about the adversary is that her antenna is at most Q times larger than both Alice’s and Bob’s antenna, where, to be realistic, Q can be very large.

Interactive communication with unknown noise rate

Abstract: Alice and Bob want to run a protocol over a noisy channel, where some bits are flipped adversarially. Several results show how to make an L-bit noise-free communication protocol robust over such a channel. In a recent breakthrough, Haeupler described an algorithm sending a number of bits that is conjecturally near optimal for this model. However, his algorithm critically requires prior knowledge of the number of bits that will be flipped by the adversary. We describe an algorithm requiring no such knowledge, under the additional assumption that the channel connecting Alice and Bob is private. If an adversary flips T bits, our algorithm sends L + O ( L ( T + 1 ) log ⁡ L + T ) bits in expectation and succeeds with high probability in L. It does so without any a priori knowledge of T. Assuming a lower bound conjectured by Haeupler, our result is optimal up to logarithmic factors.

A resource-competitive jamming defense

Abstract: Consider a scenario where Alice wishes to send a message m to Bob in a time-slotted wireless network However, there exists an adversary, Carol, who aims to prevent the transmission of m by jamming the communication channel There is a per-slot cost of 1 to send, receive or jam m on the channel, and we are interested in how much Alice and Bob need to spend relative to Carol in order to guarantee communication Our approach is to design an algorithm in the framework of resource-competitive analysis where the cost incurred by correct network devices (ie, Alice and Bob) is parameterized by the cost incurred by faulty devices (ie, Carol) We present an algorithm that guarantees the successful transmission of m and has the following property: if Carol incurs a cost of $$T$$ to jam, then both Alice and Bob have a cost of $$O(T^{\varphi - 1} + 1)=O(T^{62}+1)$$ in expectation, where $$\varphi = (1+ \sqrt{5})/2$$ is the golden ratio In other words, it possible for Alice and Bob to communicate while incurring asymptotically less cost than Carol We generalize to the case where Alice wishes to send m to n receivers, and we achieve a similar result Our findings hold even if (1) $$T$$ is unknown to either party; (2) Carol knows the algorithms of both parties, but not their random bits; (3) Carol can jam using knowledge of past actions of both parties; and (4) Carol can jam reactively, so long as there is sufficient network traffic in addition to m

Fast Secret Key Generation in Static Environments Using Induced Randomness

Abstract: Secret key agreement in distributed low-power networks, such as Internet of Things (IoT) networks, is a major requirement for deploying cryptographic protocols to protect the security of sensitive data. However, due to the distributed nature of such networks, the devices need to be able to generate secret keys locally from some common source of randomness. The randomness in the characteristics of the physical layer channel provides such sources, however, this can be quite limited if the devices operate in a static environment and experience static or very slow fading channel. Therefore, fast secret key generation in such environments while keeping a low complexity architecture for the network nodes, such as IoT devices, remains a challenging task. We design a low- complexity protocol for fast secret key generation in static environments. To this end, we propose to use a limited number of random bits independently generated by the legitimate parties, referred to as Alice and Bob, in combination with the fading parameter to create a common source of randomness. In the proposed protocol, Alice and Bob share their random bits over the public channel, assumed to be a fading channel, and then construct a common random sequence. Then they perform several steps for recovery from errors in the shared sequence, privacy amplification to limit the chances of a successful attack, and consistency checking by exploiting universal hash functions. We characterize the reliability of the proposed protocol and provide an upper bound on the probability of accepting a mismatched key by Alice and Bob. The eavesdropper Eve is assumed to be passive and a successful attack by her is the event of guessing the key right based on her observations. We provide an analytical upper bound, that can be numerically evaluated, on the probability of a successful attack by Eve using the cryptographic notion of semantic security. In the simulations, the proposed protocol achieves a bit generation rate of 64-96 bits/packet, bit mismatch rate of 11-24\%, bit error rate of 0.005\%, 50\% randomness efficiency, the probability of successful attack of at most $2^{-31}$, and the probability of consistency checking failure of at most $2^{-16}$.

Accumulable optimistic fair exchange from verifiably encrypted homomorphic signatures

Abstract: Let us consider a situation where a client (Alice) frequently buys a certain kind of product from a shop (Bob) (e.g., an online music service sells individual songs at the same price, and a client buys songs multiple times in a month). In this situation, Alice and Bob would like to aggregate the total transactions and pay once per month because individual payments are troublesome. Though optimistic fair exchange (OFE) has been considered in order to swap electronic items simultaneously, known OFE protocols cannot provide such aggregate function efficiently because various costs are bounded by the number of transactions in the period. In order to run this aggregation procedure efficiently, we introduce a new kind of OFE called accumulable OFE (AOFE) that allows clients to efficiently accumulate payments in each period. In AOFE, any memory costs, computational costs, and communication complexity of the payment round must be constant in terms of the number of transactions. Since a client usually has just a low power and poor memory device, these efficiencies are desirable in practice. Currently, known approaches (e.g., based on verifiably encrypted signature scheme) are not very successful for constructing AOFE. Thus, we consider a new approach based on a new cryptographic primitive called verifiably encrypted homomorphic signature scheme (VEHS). In this paper, we propose a generic construction of AOFE from VEHS and also present a concrete VEHS scheme over a composite-order bilinear group by using the dual-form signature techniques. This VEHS scheme is also of independent interest. Since we can prove the security of VEHS without random oracles, our AOFE protocol is also secure without random oracles. Finally, we implemented our AOFE protocol, and it is efficient enough for practical use.

Application of Blind Quantum Computation to Two-Party Quantum Computation

Abstract: Blind quantum computation (BQC) allows a client who has only limited quantum power to achieve quantum computation with the help of a remote quantum server and still keep the client’s input, output, and algorithm private. Recently, Kashefi and Wallden extended BQC to achieve two-party quantum computation which allows two parties Alice and Bob to perform a joint unitary transform upon their inputs. However, in their protocol Alice has to prepare rotated single qubits and perform Pauli operations, and Bob needs to have a powerful quantum computer. In this work, we also utilize the idea of BQC to put forward an improved two-party quantum computation protocol in which the operations of both Alice and Bob are simplified since Alice only needs to apply Pauli operations and Bob is just required to prepare and encrypt his input qubits.

Practical and Easy-to-Understand Card-Based Implementation of Yao’s Millionaire Protocol

Abstract: Yao’s millionaire protocol enables Alice and Bob to know whether or not Bob is richer than Alice by using a public-key cryptosystem without revealing the actual amounts of their properties. In this paper, we present a simple and practical implementation of Yao’s millionaire protocol using a deck of playing cards; we straightforwardly implement the idea behind Yao’s millionaire protocol so that even non-experts can easily understand its correctness and secrecy. Our implementation is based partially on the previous card-based scheme proposed by Nakai, Tokushige, Misawa, Iwamoto, and Ohta; their scheme admits players’ private actions on a sequence of cards called Private Permutation (PP), implying that a malicious player could make an active attack (for example, he/she could exchange some of the cards stealthily when doing such a private action). In contrast, our implementation relies on a familiar shuffling operation called a random cut, and hence, it can be conducted completely publicly so as to avoid any active attack.

Round elimination in exact communication complexity.

Abstract: We study two basic graph parameters, the chromatic number and the orthogonal rank, in the context of classical and quantum exact communication complexity. In particular, we consider two types of communication problems that we call promise equality and list problems. For both of these, it was already known that the one-round classical and one-round quantum complexities are characterized by the chromatic number and orthogonal rank of a certain graph, respectively. In a promise equality problem, Alice and Bob must decide if their inputs are equal or not. We prove that classical protocols for such problems can always be reduced to one-round protocols with no extra communication. In contrast, we give an explicit instance of a promise equality problem that exhibits an exponential gap between the one- and two-round exact quantum communication complexities. Whereas the chromatic number thus fully captures the complexity of promise equality problems, the hierarchy of "quantum chromatic numbers" (starting with the orthogonal rank) giving the quantum communication complexity for every fixed number of communication rounds turns out to enjoy a much richer structure. In a list problem, Bob gets a subset of some finite universe, Alice gets an element from Bob's subset, and their goal is for Bob to learn which element Alice was given. The best general lower bound (due to Orlitsky) and upper bound (due to Naor, Orlitsky, and Shor) on the classical communication complexity of such problems differ only by a constant factor. We exhibit an example showing that, somewhat surprisingly, the four-round protocol used in the bound of Naor et al. can in fact be optimal. Finally, we pose a conjecture on the orthogonality rank of a certain graph whose truth would imply an intriguing impossibility of round elimination in quantum protocols for list problems, something that works trivially in the classical case.

An Information-Theoretic Perspective on the Quantum Bit Commitment Impossibility Theorem.

Abstract: This paper proposes a different approach to pinpoint the causes for which an unconditionally secure quantum bit commitment protocol cannot be realized, beyond the technical details on which the proof of Mayers’ no-go theorem is constructed. We have adopted the tools of quantum entropy analysis to investigate the conditions under which the security properties of quantum bit commitment can be circumvented. Our study has revealed that cheating the binding property requires the quantum system acting as the safe to harbor the same amount of uncertainty with respect to both observers (Alice and Bob) as well as the use of entanglement. Our analysis also suggests that the ability to cheat one of the two fundamental properties of bit commitment by any of the two participants depends on how much information is leaked from one side of the system to the other and how much remains hidden from the other participant.

Sending a Message with Unknown Noise

Abstract: Alice and Bob are connected via a two-way channel, and Alice wants to send a message of L bits to Bob. An adversary flips an arbitrary but finite number of bits, T, on the channel. This adversary knows our algorithm and Alice's message, but does not know any private random bits generated by Alice or Bob, nor the bits sent over the channel, except when these bits can be predicted by knowledge of Alice's message or our algorithm. We want Bob to receive Alice's message and for both players to terminate, with error probability at most δ > 0, where δ is a parameter known to both Alice and Bob. Unfortunately, the value T is unknown in advance to either Alice or Bob, and the value L is unknown in advance to Bob.We describe an algorithm to solve the above problem while sending an expected L + O(T + min(T + 1, L /log L) log (L /δ)) bits. A special case is when δ = O (1/LC), for some constant c. Then when T = o (L /log L), the expected number of bits sent is L + o(L), and when T = Ω(L), the expected number of bits sent is L + O (T), which is asymptotically optimal.

How to Subvert Backdoored Encryption: Security Against Adversaries that Decrypt All Ciphertexts

Abstract: We study secure and undetectable communication in a world where governments can read all encrypted communications of citizens. We consider a world where the only permitted communication method is via a government-mandated encryption scheme, using government-mandated keys. Citizens caught trying to communicate otherwise (e.g., by encrypting strings which do not appear to be natural language plaintexts) will be arrested. The one guarantee we suppose is that the government-mandated encryption scheme is semantically secure against outsiders: a perhaps advantageous feature to secure communication against foreign entities. But what good is semantic security against an adversary that has the power to decrypt? Even in this pessimistic scenario, we show citizens can communicate securely and undetectably. Informally, there is a protocol between Alice and Bob where they exchange ciphertexts that look innocuous even to someone who knows the secret keys and thus sees the corresponding plaintexts. And yet, in the end, Alice will have transmitted her secret message to Bob. Our security definition requires indistinguishability between unmodified use of the mandated encryption scheme, and conversations using the mandated encryption scheme in a modified way for subliminal communication. Our topics may be thought to fall broadly within the realm of steganography: the science of hiding secret communication in innocent-looking messages, or cover objects. However, we deal with the non-standard setting of adversarial cover object distributions (i.e., a stronger-than-usual adversary). We leverage that our cover objects are ciphertexts of a secure encryption scheme to bypass impossibility results which we show for broader classes of steganographic schemes. We give several constructions of subliminal communication schemes based on any key exchange protocol with random messages (e.g., Diffie-Hellman).