Simulatable security for quantum protocols
نویسنده
چکیده
The notion of simulatable security (reactive simulatability, universal composability) is a powerful tool for allowing the modular design of cryptographic protocols (composition of protocols) and showing the security of a given protocol embedded in a larger one. Recently, these methods have received much attention in the quantum cryptographic community (e.g. [RK04,BOHL04]). We give a short introduction to simulatable security in general and proceed by sketching the many different definitional choices together with their advantages and disadvantages. Based on the reactive simulatability modelling of Backes, Pfitzmann andWaidner [BPW04b] we then develop a quantum security model. By following the BPW modelling as closely as possible, we show that composable quantum security definitions for quantum protocols can strongly profit from their classical counterparts, since most of the definitional choices in the modelling are independent of the underlying machine model. In particular, we give a proof for the simple composition theorem in our framework.
منابع مشابه
Fully Simulatable Quantum-Secure Coin-Flipping and Applications
We propose a coin-flip protocol which yields a string of strong, random coins and is fully simulatable against poly-sized quantum adversaries on both sides. It can be implemented with quantum-computational security without any set-up assumptions, since our construction only assumes mixed commitment schemes which we show how to construct in the given setting. We then show that the interactive ge...
متن کاملA Framework For Fully-Simulatable h-Out-Of-n Oblivious Transfer
—We present a framework for fully-simulatable h-out-of-n oblivious transfer (OT n h) with security against non-adaptive malicious adversaries. The framework costs six communication rounds and costs at most 40n public-key operations in computational overhead. Compared with the known protocols for fully-simulatable oblivious transfer that works in the plain mode (where there is no trusted common ...
متن کاملGeneric Fully Simulatable Adaptive Oblivious Transfer
We aim at constructing adaptive oblivious transfer protocols, enjoying fully simulatable security, from various well-known assumptions such as DDH, d-Linear, QR, DCR, and LWE. To this end, we present two generic constructions of adaptive OT, one of which utilizes verifiable shuffles together with threshold decryption schemes, while the other uses permutation networks together with what we call ...
متن کاملObtaining Efficient Fully Simulatable Oblivious Transfer from General Assumptions
We introduce a general construction of fully simulatable oblivious transfer based on lossy encryption. Furthermore, we extend the common definition of lossy encryption by introducing the notion of computationally lossy encryption. If the cryptosystem used is computationally lossy, our general construction yields oblivious transfer protocols with computational security for both parties. Otherwis...
متن کاملOn the Impossibility of Sender-Deniable Public Key Encryption
The primitive of deniable encryption was first introduced by Canetti et al. (CRYPTO, 1997). Deniable encryption is a regular public key encryption scheme with the added feature that after running the protocol honestly and transmitting a message m, both Sender and Receiver may produce random coins showing that the transmitted ciphertext was an encryption of any message m′ in the message space. D...
متن کامل