Dominic Mayers

Unconditional security in quantum cryptography

Basic techniques to prove the unconditional security of quantum crypto graphy are described. They are applied to a quantum key distribution protocol proposed by Bennett and Brassard [1984]. The proof considers a practical variation on the protocol in which the channel is noisy and photos may be lost during the transmission. Each individual signal sent into the channel must contain a single photon or any two-dimensional system in the exact state described in the protocol. No restriction is imposed on the detector used at the receiving side of the channel, except that whether or not the received system is detected must be independent of the basis used to measure this system.

Unconditionally secure quantum bit commitment is impossible

The claim of quantum cryptography has always been that it can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space, or technology available to the cheaters. We show that this claim does not hold for any quantum bit commitment protocol. Since many cryptographic tasks use bit commitment as a basic primitive, this result implies a severe setback for quantum cryptography. The model used encompasses all reasonable implementations of quantum bit commitment protocols in which the participants have not met before, including those that make use of the theory of special relativity.

Quantum cryptography with imperfect apparatus

Quantum key distribution, first proposed by C.H. Bennett and G. Brassard (1984), provides a possible key distribution scheme whose security depends only on the quantum laws of physics. So far the protocol has been proved secure even under channel noise and detector faults of the receiver but is vulnerable if the photon source used is imperfect. In this paper we propose and give a concrete design for a new concept, self-checking source, which requires the manufacturer of the photon source to provide certain tests; these tests are designed such that, if passed, the source is guaranteed to be adequate for the security of the quantum key distribution protocol, even though the testing devices may not be built to the original specification. The main mathematical result is a structural theorem which states that, for any state in a Hilbert space, if certain EPR-type equations are satisfied, the state must be essentially the orthogonal sum of EPR pairs.

Quantum Key Distribution and String Oblivious Transfer in Noisy Channels

We prove the unconditional security of a quantum key distribution (QKD) protocol on a noisy channel against the most general attack allowed by quantum physics. We use the fact that in a previous paper we have reduced the proof of the unconditionally security of this QKD protocol to a proof that a corresponding Quantum String Oblivious Transfer (String-QOT) protocol would be unconditionally secure against Bob if implemented on top of an unconditionally secure bit commitment scheme. We prove a lemma that extends a security proof given by Yao for a (one bit) QOT protocol to this String-QOT protocol. This result and the reduction mentioned above implies the unconditional security of our QKD protocol despite our previous proof that unconditionally secure bit commitment schemes are impossible.

Perfectly concealing quantum bit commitment from any quantum one-way permutation

We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum one-way permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen and Young, our protocol is non-interactive and has communication complexity O(n) qubits for n a security parameter.

On the Security of the Quantum Oblivious Transfer and Key Distribution Protocols

No quantum key distribution (QKD) protocol has been proved fully secure. A remaining problem is the eavesdroppers ability to make coherent measurements on the joint properties of large composite systems. This problem has been recently solved by Yao in the case of the security of a quantum oblivious transfer (QOT) protocol. We consider an extended OT task which, in addition to Alice and Bob, includes an eavesdropper Eve among the participants. An honest Eve is inactive and receives no information at all about Alices input when Bob and Alice are honest. We prove that the security of a QOT protocol against Bob implies its security against Eve as well as the security of a QKD protocol.

Reduction of Quantum Entropy by Reversible Extraction of Classical Information

Abstract We inquire under what conditions some of the information in a quantum signal source, namely a set of pure states ψa emitted with probabilities p a, can be extracted in classical form by a measurement leaving the quantum system with less entropy than it had before, but retaining the ability to regenerate the source state exactly from the classical measurement result and the after-measurement state of the quantum system. We show that this can be done if and only if the source states ψa fall into two or more mutually orthogonal subsets.