Composable and Finite Computational Security of Quantum Message Transmission

  • Fabio BanfiEmail author
  • Ueli Maurer
  • Christopher Portmann
  • Jiamin Zhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11891)


Recent research in quantum cryptography has led to the development of schemes that encrypt and authenticate quantum messages with computational security. The security definitions used so far in the literature are asymptotic, game-based, and not known to be composable. We show how to define finite, composable, computational security for secure quantum message transmission. The new definitions do not involve any games or oracles, they are directly operational: a scheme is secure if it transforms an insecure channel and a shared key into an ideal secure channel from Alice to Bob, i.e., one which only allows Eve to block messages and learn their size, but not change them or read them. By modifying the ideal channel to provide Eve with more or less capabilities, one gets an array of different security notions. By design these transformations are composable, resulting in composable security.

Crucially, the new definitions are finite. Security does not rely on the asymptotic hardness of a computational problem. Instead, one proves a finite reduction: if an adversary can distinguish the constructed (real) channel from the ideal one (for some fixed security parameters), then she can solve a finite instance of some computational problem. Such a finite statement is needed to make security claims about concrete implementations.

We then prove that (slightly modified versions of) protocols proposed in the literature satisfy these composable definitions. And finally, we study the relations between some game-based definitions and our composable ones. In particular, we look at notions of quantum authenticated encryption and \(\mathsf{QCCA2}\), and show that they suffer from the same issues as their classical counterparts: they exclude certain protocols which are arguably secure.



CP acknowledges support from the Zurich Information Security and Privacy Center.


  1. 1.
    Alagic, G., Broadbent, A., Fefferman, B., Gagliardoni, T., Schaffner, C., Jules, M.S.: Computational security of quantum encryption. In: International Conference on Information Theoretic Security. pp. 47–71. Springer (2016)Google Scholar
  2. 2.
    Alagic, Gorjan, Gagliardoni, Tommaso, Majenz, Christian: Unforgeable Quantum Encryption. In: Nielsen, Jesper Buus, Rijmen, Vincent (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 489–519. Springer, Cham (2018). Scholar
  3. 3.
    Backes, Michael, Pfitzmann, Birgit, Waidner, Michael: A General Composition Theorem for Secure Reactive Systems. In: Naor, Moni (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004). Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: The reactive simulatability (RSIM) framework for asynchronous systems. Information and Computation 205(12), 1685–1720 (2007), extended version of [35]MathSciNetCrossRefGoogle Scholar
  5. 5.
    Banfi, F., Maurer, U., Portmann, C., Zhu, J.: Composable and finite computational security of quantum message transmission. IACR Cryptology ePrint Archive 2019, 914 (2019)Google Scholar
  6. 6.
    Barnum, H., Crépeau, C., Gottesman, D., Smith, A., Tapp, A.: Authentication of quantum messages. In: Proceedings of the 43rd Symposium on Foundations of Computer Science, FOCS ’02. pp. 449–458. IEEE (2002)Google Scholar
  7. 7.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science. pp. 394–403. FOCS ’97, IEEE Computer Society (1997)Google Scholar
  8. 8.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Advances in Cryptology - CRYPTO ’98. pp. 26–45. Springer (1998)Google Scholar
  9. 9.
    Bellare, Mihir, Namprempre, Chanathip: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, Tatsuaki (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). Scholar
  10. 10.
    Ben-Or, Michael, Horodecki, Michał, Leung, Debbie W., Mayers, Dominic, Oppenheim, Jonathan: The Universal Composable Security of Quantum Key Distribution. In: Kilian, Joe (ed.) TCC 2005. LNCS, vol. 3378, pp. 386–406. Springer, Heidelberg (2005). Scholar
  11. 11.
    Broadbent, Anne, Jeffery, Stacey: Quantum Homomorphic Encryption for Circuits of Low T-gate Complexity. In: Gennaro, Rosario, Robshaw, Matthew (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 609–629. Springer, Heidelberg (2015). Scholar
  12. 12.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd Symposium on Foundations of Computer Science, FOCS ’01. pp. 136–145. IEEE (2001)Google Scholar
  13. 13.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2013),, updated version of [12]
  14. 14.
    Canetti, Ran, Dodis, Yevgeniy, Pass, Rafael, Walfish, Shabsi: Universally Composable Security with Global Setup. In: Vadhan, Salil P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). Scholar
  15. 15.
    Canetti, Ran, Krawczyk, Hugo, Nielsen, Jesper B.: Relaxing Chosen-Ciphertext Security. In: Boneh, Dan (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003). Scholar
  16. 16.
    Chiribella, G., D’Ariano, G.M., Perinotti, P.: Theoretical framework for quantum networks. Physical Review A 80, 022339 (2009)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Coretti, S., Maurer, U., Tackmann, B.: Constructing confidential channels from authenticated channels–public-key encryption revisited. In: Sako, K., Sarkar, P. (eds.) Advances in Cryptology - ASIACRYPT 2013. pp. 134–153. Springer (2013)Google Scholar
  18. 18.
    Dunjko, Vedran, Fitzsimons, Joseph F., Portmann, Christopher, Renner, Renato: Composable Security of Delegated Quantum Computation. In: Sarkar, Palash, Iwata, Tetsu (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 406–425. Springer, Heidelberg (2014). Scholar
  19. 19.
    Gutoski, G.: On a measure of distance for quantum strategies. Journal of Mathematical Physics 53(3), 032202 (2012)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Gutoski, G., Watrous, J.: Toward a general theory of quantum games. In: Proceedings of the 39th Symposium on Theory of Computing, STOC ’07. pp. 565–574. ACM (2007)Google Scholar
  21. 21.
    Hardy, L.: Reformulating and reconstructing quantum theory (2011),, eprint
  22. 22.
    Hardy, L.: The operator tensor formulation of quantum theory. Philosophical Transactions of the Royal Society of London A: Mathematical, Physical and Engineering Sciences 370(1971), 3385–3417 (2012)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Hardy, L.: Quantum theory with bold operator tensors. Philosophical Transactions of the Royal Society of London A: Mathematical, Physical and Engineering Sciences 373(2047) (2015)CrossRefGoogle Scholar
  24. 24.
    Katz, J., Yung, M.: Characterization of security notions for probabilistic private-key encryption. Journal of Cryptology 19(1), 67–95 (2006)MathSciNetCrossRefGoogle Scholar
  25. 25.
    König, R., Renner, R., Bariska, A., Maurer, U.: Small accessible quantum information does not imply security. Physical Review Letters 98, 140502 (2007)CrossRefGoogle Scholar
  26. 26.
    Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Advances in Cryptology - CRYPTO 2001. Lecture Notes in Computer Science, vol. 2139, pp. 310–331. Springer (2001). DOI: Scholar
  27. 27.
    Maurer, U.: Indistinguishability of random systems. In: International Conference on the Theory and Applications of Cryptographic Techniques. pp. 110–132. Springer (2002)Google Scholar
  28. 28.
    Maurer, U.: Constructive cryptography–a new paradigm for security definitions and proofs. In: Proceedings of Theory of Security and Applications, TOSCA 2011. Lecture Notes in Computer Science, vol. 6993, pp. 33–56. Springer (2012)Google Scholar
  29. 29.
    Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability amplification. In: Annual International Cryptology Conference. pp. 130–149. Springer (2007)Google Scholar
  30. 30.
    Maurer, U., Renner, R.: Abstract cryptography. In: Proceedings of Innovations in Computer Science, ICS 2011. pp. 1–21. Tsinghua University Press (2011)Google Scholar
  31. 31.
    Maurer, Ueli, Renner, Renato: From Indifferentiability to Constructive Cryptography (and Back). In: Hirt, Martin, Smith, Adam (eds.) TCC 2016. LNCS, vol. 9985, pp. 3–24. Springer, Heidelberg (2016). Scholar
  32. 32.
    Maurer, U., Rüedlinger, A., Tackmann, B.: Confidentiality and integrity: A constructive perspective. In: Cramer, R. (ed.) Theory of Cryptography, pp. 209–229. Springer, Berlin Heidelberg, Berlin, Heidelberg (2012)CrossRefGoogle Scholar
  33. 33.
    Maurer, U., Tackmann, B.: On the soundness of authenticate-then-encrypt: Formalizing the malleability of symmetric encryption. In: Proceedings of the 17th ACM Conference on Computer and Communication Security. pp. 505–515. ACM (2010)Google Scholar
  34. 34.
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CSS ’00. pp. 245–254. ACM (2000)Google Scholar
  35. 35.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy. pp. 184–200. IEEE (2001)Google Scholar
  36. 36.
    Portmann, Christopher: Quantum Authentication with Key Recycling. In: Coron, Jean-Sébastien, Nielsen, Jesper Buus (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 339–368. Springer, Cham (2017). Scholar
  37. 37.
    Portmann, C., Matt, C., Maurer, U., Renner, R., Tackmann, B.: Causal boxes: Quantum information-processing systems closed under composition. IEEE Transactions on Information Theory 63(5), 3277–3305 (2017)MathSciNetzbMATHGoogle Scholar
  38. 38.
    Portmann, C., Renner, R.: Cryptographic security of quantum key distribution (2014),, eprint
  39. 39.
    Renner, R.: Security of Quantum Key Distribution. Ph.D. thesis, Swiss Federal Institute of Technology (ETH) Zurich (Sep 2005)Google Scholar
  40. 40.
    Scarani, V., Bechmann-Pasquinucci, H., Cerf, N.J., Dušek, M., Lütkenhaus, N., Peev, M.: The security of practical quantum key distribution. Reviews of Modern Physics 81, 1301–1350 (2009)CrossRefGoogle Scholar
  41. 41.
    Shrimpton, T.: A characterization of authenticated-encryption as a form of chosen-ciphertext security. IACR Cryptology ePrint Archive 2004, 272 (2004)Google Scholar
  42. 42.
    Tomamichel, M., Leverrier, A.: A largely self-contained and complete security proof for quantum key distribution. Quantum 1, 14 (2017)CrossRefGoogle Scholar
  43. 43.
    Unruh, Dominique: Universally Composable Quantum Multi-party Computation. In: Gilbert, Henri (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010). Scholar
  44. 44.
    Vilasini, V., Portmann, C., del Rio, L.: Composable security in relativistic quantum cryptography. New J. Phys. 21, 043057 (2019). Scholar
  45. 45.
    Zhandry, M.: How to construct quantum random functions. In: Proceedings of the 43rd Symposium on Foundations of Computer Science, FOCS ’12. pp. 679–687. IEEE (2012)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations