CWI Cryptology Group

Abstract: In this talk of approx. 45 mins I will give an overview of my PhD thesis.
In this thesis, we present two new quantum-information-theoretic tools
* a "quantum-sampling" framework to infer properties about an unknown $n$-qubit quantum state, from measuring a fraction of those qubits.
* an "all-but-one" quantum uncertainty relation. Furthermore, we study the problem of message authentication in an extended setting and present an authentication protocol with a special key-privacy property.
Also, we present new security proofs for important quantum-cryptographic protocols (quantum key distribution, quantum reduction of oblivious transfer to an ideal bit commitment, quantum identification). Some of those proofs use our new information-theoretic tools.
I will do my to best to find a good balance between giving a broad overview and discussing some technical details.

Abstract: A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other’s input than what is implied by the value of the function. In this work, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.
Joint work with Harry Buhrman and Matthias Christandl
http://prl.aps.org/abstract/PRL/v109/i16/e160501

Abstract: I will present a new definition for the classical (i.e. non-quantum) conditional Rényi entropy of order α. In contrast to previous suggestions, the new definition satisfies monotonicity, meaning that additional knowledge can only decrease the uncertainty, and the chain rule, meaning that the drop in uncertainty is at most the number of bits that encode the additional knowledge. These are very natural and very useful properties for a conditional entropy measure, and thus we feel that this new definition is "the right" one. Towards the end of the presentation, I will also briefly discuss the quantum case, and I will point out that here it is not fully clear yet what should be "the right" definition.
This is ongoing joint work with Stefan Berens (Leiden University).

Abstract: We provide the first two-party protocol allowing Alice and Bob to evaluate privately even against active adversaries any completely positive, trace- preserving map F: L(A_in⊗B_in)→L(A_out⊗B_out), given as a quantum circuit, upon their joint quantum input state ρ ∈ D(A_in⊗B_in). Our protocol leaks no more to any active adversary than an ideal functionality for F provided Alice and Bob have the cryptographic resources for active secure two-party classical computation. Our protocol is constructed from the protocol for the same task secure against specious adversaries presented at CRYPTO'2010.