Abstract
Quantum message authentication codes are families of keyed encoding and decoding maps that enable the detection of tampering on encoded quantum data. Here, we study a new class of simulators for quantum message authentication schemes, and show how they are applied in the context of two codes: the Clifford and the trap code. Our results show for the first time that these codes admit an efficient simulation (assuming that the adversary is efficient). Such efficient simulation is typically crucial in order to establish a composable notion of security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aharonov, D., Ben-Or, M., Eban, E.: Interactive proofs for quantum computations. In: Innovations in Computer Science–ICS 2010, pp. 453–469 (2010). arXiv:0810.5375
Barnum, H., Crépeau, C., Gottesman, D., Smith, A., Tapp, A.: Authentication of quantum messages. In: 43rd Annual Symposium on Foundations of Computer Science–FOCS 2002, pp. 449–458 (2002). doi:10.1109/SFCS.2002.1181969
Ben-Or, M., Crépeau, C., Gottesman, D., Hassidim, A., Smith, A.: Secure multiparty quantum computation with (only) a strict honest majority. In: 47th Annual Symposium on Foundations of Computer Science–FOCS 2006, pp. 249–260, (2006). doi:10.1109/FOCS.2006.68
Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: International Conference on Computers, Systems and Signal Processing, pp. 175–179 (1984)
Broadbent, A., Gutoski, G., Stebila, D.: Quantum one-time programs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 344–360. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40084-1_20
Broadbent, A., Schaffner, C.: Quantum cryptography beyond quantum key distribution. Des. Codes Crypt. 78, 351–382 (2016). doi:10.1007/s10623-015-0157-4
Bruß, D., Erdélyi, G., Meyer, T., Riege, T., Rothe, J.: Quantum cryptography: a survey. ACM Comput. Surv. (CSUR) 39(2) (2007). doi:10.1145/1242471.1242474
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science FOCS 2001, pp. 136–145 (2001). doi:10.1109/SFCS.2001.959888
Cleve, R., Gottesman, D., Lo, H.-K.: How to share a quantum secret. Phys. Rev. Lett. 83(3), 648–651 (1999). doi:10.1103/PhysRevLett.83.648
Dankert, C., Cleve, R., Emerson, J., Livine, E.: Exact and approximate unitary 2-designs and their application to fidelity estimation. Phys. Rev. A 80, 012304 (2009). doi:10.1103/PhysRevA.80.012304
Dupuis, F., Nielsen, J.B., Salvail, L.: Actively secure two-party evaluation of any quantum operation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 794–811. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_46
Fehr, S.: Quantum cryptography. Found. Phys. 40(5), 494–531 (2010). doi:10.1007/s10701-010-9408-4
Gottesman, D.: Stabilizer codes and quantum error correction. Ph.D. thesis, California Institute of Technology (1997). arXiv:quant-ph/9705052
Hayden, P., Leung, D., Mayers, D.: Universal composable security of quantum message authentication with key recycling. In: QCRYPT 2011 (2011)
Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000)
Unruh, D.: Universally composable quantum multi-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13190-5_25
Watrous, J.: Guest column: an introduction to quantum information and quantum circuits. ACM SIGACT News 42(2), 52–67 (2011). doi:10.1145/1998037.1998053
Acknowledgements
We would like to thank Florian Speelman for feedback on a prior version of this work, as well as the anonymous reviewers for useful corrections.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
Lemma A.1
For a fixed \(P \in {\mathbb {P}}_{3n}\), let \(\eta _P\) denote the number of permutations \(\pi \) of P such that \(\pi ^{\dagger }P\pi \in {\mathbb {P}}_{{\mathscr {E}}} \setminus {\mathbb {P}}_{{\mathscr {F}}}\) Then for all P:
An intuitive argument for the above lemma is that \(\eta _P\) can be upper-bounded by fixing a Pauli \(P \in \{I,X\}^{3n}\) of weight \(t+1\). We show that a Pauli with greater weight will have \(\le \eta _P\) possible allowed permutations. To find the number of possible allowed permutations, we will consider the first n positions, where we require at least \(t+1\) non-identity Paulis (for a total of \(\left( {\begin{array}{c}n\\ t+1\end{array}}\right) (t+1)!\) permutations). The remaining positions are then simply permuted, since we have used all of the non-identity Paulis already, contributing a multiplicative factor of \((3n-(t+1))!\) permutations. This is formalized below (where we also consider general attack Paulis consisting of combinations of X, Y and Z).
Proof
In order to find an upper bound for \(\eta _P\), we look to find the Pauli, P, that has the largest number of permutations, \(\pi \), such that \(\pi ^{\dagger }P \pi \in {\mathbb {P}}_{{\mathscr {E}}}\setminus {\mathbb {P}}_{{\mathscr {F}}}\).
For a Pauli P with \(\omega (P)=d\), we write \(d=d_x+d_y+d_z+x_1+y+z_1+x_2+z_2\) for values \(d_x, d_y, d_z, x_1, y, z_1, x_2, z_2\) as follows:
-
1.
\(d_x, d_y, d_z\) where \(d_x + d_y + d_z=t+1\). These are the \(t+1\) X, Y, and Z Paulis that must be applied to the first n qubits for the Pauli to be in \({\mathbb {P}}_{{\mathscr {E}}} \setminus {\mathbb {P}}_{{\mathscr {F}}}\).
-
2.
y where \(y+d_y\) is the total number of Y Paulis in P and y are the additional Y Paulis applied to the first n qubits. Note that Y Paulis cannot be applied to either set of traps without altering them.
-
3.
\(x_1, x_2\) where \(x_1+x_2 + d_x\) is the total number of X Paulis in P and \(x_1\) are the additional X Paulis applied to the first n qubits and \(x_2\) are the X Paulis applied to the \(|{+}\rangle \langle {+}|^{\otimes n}\) traps.
-
4.
\(z_1, z_2\) where \(z_1+z_2 + d_z\) is the total number of Z Paulis in P and \(z_1\) are the additional Z Paulis applied to the first n qubits and \(z_2\) are the Z Paulis applied to the \(|{0}\rangle \langle {0}|^{\otimes n}\) traps.
Then the possible permutations on P are found by multiplying the following terms:
-
1.
\(\left( {\begin{array}{c}n\\ d_x,d_y,d_z,n-t-1\end{array}}\right) d_x!d_y!d_z!\) Which is the number of ways to choose the required \(t+1\) spots for the minimum number of Paulis applied to the first n qubits, multiplied by the number of ways of permuting each of the sets of X, Y, and Z Paulis. Note that this term simplifies to \(\frac{n!}{(n-t-1)!}\),
-
2.
\(\left( {\begin{array}{c}n-t-1\\ x_1\end{array}}\right) x_1!\), the number of ways to apply \(x_1\) additional X Paulis to the first n qubits,
-
3.
\(\left( {\begin{array}{c}n-t-1-x_1\\ y\end{array}}\right) y!\), the number of ways to apply y additional Y Paulis to the first n qubits,
-
4.
\(\left( {\begin{array}{c}n-t-1-x_1-y\\ z_1\end{array}}\right) z_1!\), the number of ways to apply \(z_1\) additional Z Paulis to the first n qubits,
-
5.
\(\left( {\begin{array}{c}n\\ x_2\end{array}}\right) x_2!\), the number of ways to apply \(x_2\) X Paulis to the n traps that will not be changed by them,
-
6.
\(\left( {\begin{array}{c}n\\ z_2\end{array}}\right) z_2!\), the number of ways to apply \(z_2\) Z Paulis to the n traps that will not be changed by them, and
-
7.
\((3n-(d_x+d_y+d_z+x_1+y+z_1+x_2+z_2))!\) the number of ways to permute the remaining identity qubits, which simplifies to \((3n-d)!\).
The product, once simplified, is then:
Since t is fixed, in order to maximize the above expression, we need to minimize \(x_1, y, z_1, x_2, z_2\). This is achieved by setting \(x_1=y=z_1=x_2=z_2=0\), and therefore \(d=t+1\): we thus find that \(\eta _P \le \prod \limits _{n-t}^{n}i\prod \limits _{i=1}^{3n-t-1}i={n \atopwithdelims ()t+1}(t+1)!(3n-(t+1))!\). Â Â Â \(\square \)
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Broadbent, A., Wainewright, E. (2016). Efficient Simulation for Quantum Message Authentication. In: Nascimento, A., Barreto, P. (eds) Information Theoretic Security. ICITS 2016. Lecture Notes in Computer Science(), vol 10015. Springer, Cham. https://doi.org/10.1007/978-3-319-49175-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-49175-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49174-5
Online ISBN: 978-3-319-49175-2
eBook Packages: Computer ScienceComputer Science (R0)