Unforgeable Authentication and Signing of Quantum States
- LecturerDr. 托馬索 加萊多尼 (KS 密碼學專家)
Host: Kai-Min Chung - Time2019-09-09 (Mon.) 10:00 ~ 12:00
- LocationAuditorium 101 at IIS new Building
Abstract
In this talk I will present recent results on the topic of
computationally secure transmission of quantum states. The Internet of
the future will arguably include both large-scale quantum computers and
high-capacity quantum channels. How will we securely transmit data
(including quantum states) over the resulting "quantum Internet?"
Entanglement-based methods (e.g., teleportation) are costly and
inefficient, both in terms of communication and storage complexity.
Encryption and authentication offer a non-interactive and efficient
alternative, with the basic features of Internet communication: (i.)
keys exchanged over public channels, (ii.) a short key suffices for
transmitting unlimited amount of data, and (iii.) security guarantees
are maximal for both secrecy and authenticity. However, encrypting,
authenticating, and signing quantum data requires understanding the
following core components, which have essentially not been studied in
the quantum setting: ciphertext authentication (even one-time), k-time
secret-key authentication (even for k = 2), unforgeability against
adaptive chosen message attacks, public-key verifiable signatures,
adaptive chosen-ciphertext security for encryption (CCA2), and
authenticated encryption. The lack of progress in this area has largely
been due to fundamental obstacles involving no-cloning and measurement,
which make it difficult even to formulate proper security definitions,
much less construct schemes or prove their security.
I will present recent results that make significant progress on each
component listed above. Starting with the symmetric-key case, the first
security definitions, constructions, security proofs, relations, and
separations are given. These results are then extended to the public-key
case. Herein, of particular interest are results regarding public-key
signatures on quantum states: first, a very strong impossibility result
convincingly shows that signatures only exist for purely classical data.
It is then shown that one can nonetheless sign quantum data, provided
that it is also encrypted. A thorough treatment of the theory of the
resulting "quantum signcryption" notion is finally provided.