Search

Your search keyword '"Fehr, Serge"' showing total 328 results
Start Over Author "Fehr, Serge"

Refine your results

more »

more »

more »

more »
328 results on '"Fehr, Serge"'

1. On the (In)Security of the BUFF Transform

Author

Don, Jelle, Fehr, Serge, Huang, Yu-Hsuan, Struck, Patrick, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Reyzin, Leonid, editor, and Stebila, Douglas, editor

Published
2024
Full Text
View/download PDF

2. Adaptive versus Static Multi-oracle Algorithms, and Quantum Security of a Split-key PRF

Author

Don, Jelle, Fehr, Serge, and Huang, Yu-Hsuan

Subjects
Computer Science - Cryptography and Security, Quantum Physics
Abstract

In the first part of the paper, we show a generic compiler that transforms any oracle algorithm that can query multiple oracles adaptively, i.e., can decide on which oracle to query at what point dependent on previous oracle responses, into a static algorithm that fixes these choices at the beginning of the execution. Compared to naive ways of achieving this, our compiler controls the blow-up in query complexity for each oracle individually, and causes a very mild blow-up only. In the second part of the paper, we use our compiler to show the security of the very efficient hash-based split-key PRF proposed by Giacon, Heuer and Poettering (PKC 2018), in the quantum random-oracle model. Using a split-key PRF as the key-derivation function gives rise to a secure KEM combiner. Thus, our result shows that the hash-based construction of Giacon et al. can be safely used in the context of quantum attacks, for instance to combine a well-established but only classically-secure KEM with a candidate KEM that is believed to be quantum-secure. Our security proof for the split-key PRF crucially relies on our adaptive-to-static compiler, but we expect our compiler to be useful beyond this particular application. Indeed, we discuss a couple of other, known results from the literature that would have profitted from our compiler, in that these works had to go though serious complications in order to deal with adaptivity.

Published
2022

3. Efficient NIZKs and Signatures from Commit-and-Open Protocols in the QROM

Author

Don, Jelle, Fehr, Serge, Majenz, Christian, and Schaffner, Christian

Subjects
Computer Science - Cryptography and Security, Quantum Physics
Abstract

Commit-and-open Sigma-protocols are a popular class of protocols for constructing non-interactive zero-knowledge arguments and digital-signature schemes via the Fiat-Shamir transformation. Instantiated with hash-based commitments, the resulting non-interactive schemes enjoy tight online-extractability in the random oracle model. Online extractability improves the tightness of security proofs for the resulting digital-signature schemes by avoiding lossy rewinding or forking-lemma based extraction. In this work, we prove tight online extractability in the quantum random oracle model (QROM), showing that the construction supports post-quantum security. First, we consider the default case where committing is done by element-wise hashing. In a second part, we extend our result to Merkle-tree based commitments. Our results yield a significant improvement of the provable post-quantum security of the digital-signature scheme Picnic. Our analysis makes use of a recent framework by Chung et al. [arXiv:2010.11658] for analysing quantum algorithms in the QROM using purely classical reasoning. Therefore, our results can to a large extent be understood and verified without prior knowledge of quantum information science.

Published
2022

4. Online-Extractability in the Quantum Random-Oracle Model

Author

Don, Jelle, Fehr, Serge, Majenz, Christian, and Schaffner, Christian

Subjects
Computer Science - Cryptography and Security, Quantum Physics
Abstract

We show the following generic result. Whenever a quantum query algorithm in the quantum random-oracle model outputs a classical value $t$ that is promised to be in some tight relation with $H(x)$ for some $x$, then $x$ can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts $x$. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open $\Sigma$-protocols in the quantum setting, and we offer the first non-asymptotic post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e, without adjustments to facilitate the proof., Comment: Improvement of the bound in the FO reduction, fixed a few minor technical issues, added Appendix A

Published
2021

6. On Fully-Secure Honest Majority MPC Without Round Overhead

Author

Escudero, Daniel, Fehr, Serge, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Aly, Abdelrahaman, editor, and Tibouchi, Mehdi, editor

Published
2023
Full Text
View/download PDF

7. On the Quantum Security of HAWK

Author

Fehr, Serge, Huang, Yu-Hsuan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Johansson, Thomas, editor, and Smith-Tone, Daniel, editor

Published
2023
Full Text
View/download PDF

8. Fixing and Mechanizing the Security Proof of Fiat-Shamir with Aborts and Dilithium

Author

Barbosa, Manuel, Barthe, Gilles, Doczkal, Christian, Don, Jelle, Fehr, Serge, Grégoire, Benjamin, Huang, Yu-Hsuan, Hülsing, Andreas, Lee, Yi, Wu, Xiaodi, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Handschuh, Helena, editor, and Lysyanskaya, Anna, editor

Published
2023
Full Text
View/download PDF

9. On the Compressed-Oracle Technique, and Post-Quantum Security of Proofs of Sequential Work

Author

Chung, Kai-Min, Fehr, Serge, Huang, Yu-Hsuan, and Liao, Tai-Ning

Subjects
Quantum Physics, Computer Science - Computational Complexity, Computer Science - Cryptography and Security
Abstract

We revisit the so-called compressed oracle technique, introduced by Zhandry for analyzing quantum algorithms in the quantum random oracle model (QROM). To start off with, we offer a concise exposition of the technique, which easily extends to the parallel-query QROM, where in each query-round the considered algorithm may make several queries to the QROM in parallel. This variant of the QROM allows for a more fine-grained query-complexity analysis. Our main technical contribution is a framework that simplifies the use of (the parallel-query generalization of) the compressed oracle technique for proving query complexity results. With our framework in place, whenever applicable, it is possible to prove quantum query complexity lower bounds by means of purely classical reasoning. More than that, for typical examples the crucial classical observations that give rise to the classical bounds are sufficient to conclude the corresponding quantum bounds. We demonstrate this on a few examples, recovering known results (like the optimality of parallel Grover), but also obtaining new results (like the optimality of parallel BHT collision search). Our main target is the hardness of finding a $q$-chain with fewer than $q$ parallel queries, i.e., a sequence $x_0, x_1,\ldots, x_q$ with $x_i = H(x_{i-1})$ for all $1 \leq i \leq q$. The above problem of finding a hash chain is of fundamental importance in the context of proofs of sequential work. Indeed, as a concrete cryptographic application of our techniques, we prove that the "Simple Proofs of Sequential Work" proposed by Cohen and Pietrzak remains secure against quantum attacks. Such an analysis is not simply a matter of plugging in our new bound; the entire protocol needs to be analyzed in the light of a quantum attack. Thanks to our framework, this can now be done with purely classical reasoning.

Published
2020

10. The Measure-and-Reprogram Technique 2.0: Multi-Round Fiat-Shamir and More

Author

Don, Jelle, Fehr, Serge, and Majenz, Christian

Subjects
Computer Science - Cryptography and Security, Quantum Physics
Abstract

We revisit recent works by Don, Fehr, Majenz and Schaffner and by Liu and Zhandry on the security of the Fiat-Shamir transformation of $\Sigma$-protocols in the quantum random oracle model (QROM). Two natural questions that arise in this context are: (1) whether the results extend to the Fiat-Shamir transformation of multi-round interactive proofs, and (2) whether Don et al.'s $O(q^2)$ loss in security is optimal. Firstly, we answer question (1) in the affirmative. As a byproduct of solving a technical difficulty in proving this result, we slightly improve the result of Don et al., equipping it with a cleaner bound and an even simpler proof. We apply our result to digital signature schemes showing that it can be used to prove strong security for schemes like MQDSS in the QROM. As another application we prove QROM-security of a non-interactive OR proof by Liu, Wei and Wong. As for question (2), we show via a Grover-search based attack that Don et al.'s quadratic security loss for the Fiat-Shamir transformation of $\Sigma$-protocols is optimal up to a small constant factor. This extends to our new multi-round result, proving it tight up to a factor that depends on the number of rounds only, i.e. is constant for any constant-round interactive proof., Comment: 22 pages

Published
2020
Full Text
View/download PDF

12. Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

Author

Don, Jelle, Fehr, Serge, Majenz, Christian, and Schaffner, Christian

Subjects
Computer Science - Cryptography and Security, Quantum Physics
Abstract

The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any so-called sigma-protocol, into a non-interactive proof in the random-oracle model. We study this transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition. Our main result is a generic reduction that transforms any quantum dishonest prover attacking the Fiat-Shamir transformation in the quantum random-oracle model into a similarly successful quantum dishonest prover attacking the underlying sigma-protocol (in the standard model). Applied to the standard soundness and proof-of-knowledge definitions, our reduction implies that both these security properties, in both the computational and the statistical variant, are preserved under the Fiat-Shamir transformation even when allowing quantum attacks. Our result improves and completes the partial results that have been known so far, but it also proves wrong certain claims made in the literature. In the context of post-quantum secure signature schemes, our results imply that for any sigma-protocol that is a proof-of-knowledge against quantum dishonest provers (and that satisfies some additional natural properties), the corresponding Fiat-Shamir signature scheme is secure in the quantum random-oracle model. For example, we can conclude that the non-optimized version of Fish, which is the bare Fiat-Shamir variant of the NIST candidate Picnic, is secure in the quantum random-oracle model., Comment: 20 pages

Published
2019
Full Text
View/download PDF

16. Fiat-Shamir Transformation of Multi-round Interactive Proofs

Author

Attema, Thomas, Fehr, Serge, Klooß, Michael, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Kiltz, Eike, editor, and Vaikuntanathan, Vinod, editor

Published
2022
Full Text
View/download PDF

17. Parallel Repetition of -Special-Sound Multi-round Interactive Proofs

Author

Attema, Thomas, Fehr, Serge, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dodis, Yevgeniy, editor, and Shrimpton, Thomas, editor

Published
2022
Full Text
View/download PDF

18. Online-Extractability in the Quantum Random-Oracle Model

Author

Don, Jelle, Fehr, Serge, Majenz, Christian, Schaffner, Christian, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dunkelman, Orr, editor, and Dziembowski, Stefan, editor

Published
2022
Full Text
View/download PDF

19. A New Approach to Privacy-Preserving Clinical Decision Support Systems

Author

Attema, Thomas, Mancini, Emiliano, Spini, Gabriele, Abspoel, Mark, de Gier, Jan, Fehr, Serge, Veugen, Thijs, van Heesch, Maran, Worm, Daniël, De Luca, Andrea, Cramer, Ronald, and Sloot, Peter M. A.

Subjects
Computer Science - Cryptography and Security
Abstract

Background: Clinical decision support systems (CDSS) are a category of health information technologies that can assist clinicians to choose optimal treatments. These support systems are based on clinical trials and expert knowledge; however, the amount of data available to these systems is limited. For this reason, CDSSs could be significantly improved by using the knowledge obtained by treating patients. This knowledge is mainly contained in patient records, whose usage is restricted due to privacy and confidentiality constraints. Methods: A treatment effectiveness measure, containing valuable information for treatment prescription, was defined and a method to extract this measure from patient records was developed. This method uses an advanced cryptographic technology, known as secure Multiparty Computation (henceforth referred to as MPC), to preserve the privacy of the patient records and the confidentiality of the clinicians' decisions. Results: Our solution enables to compute the effectiveness measure of a treatment based on patient records, while preserving privacy. Moreover, clinicians are not burdened with the computational and communication costs introduced by the privacy-preserving techniques that are used. Our system is able to compute the effectiveness of 100 treatments for a specific patient in less than 24 minutes, querying a database containing 20,000 patient records. Conclusion: This paper presents a novel and efficient clinical decision support system, that harnesses the potential and insights acquired from treatment data, while preserving the privacy of patient records and the confidentiality of clinician decisions., Comment: 15 pages, 4 figures

Published
2018

20. Secure certification of mixed quantum states with application to two-party randomness generation

Author

Dupuis, Frédéric, Fehr, Serge, Lamontagne, Philippe, and Salvail, Louis

Subjects
Quantum Physics
Abstract

We investigate sampling procedures that certify that an arbitrary quantum state on $n$ subsystems is close to an ideal mixed state $\varphi^{\otimes n}$ for a given reference state $\varphi$, up to errors on a few positions. This task makes no sense classically: it would correspond to certifying that a given bitstring was generated according to some desired probability distribution. However, in the quantum case, this is possible if one has access to a prover who can supply a purification of the mixed state. In this work, we introduce the concept of mixed-state certification, and we show that a natural sampling protocol offers secure certification in the presence of a possibly dishonest prover: if the verifier accepts then he can be almost certain that the state in question has been correctly prepared, up to a small number of errors. We then apply this result to two-party quantum coin-tossing. Given that strong coin tossing is impossible, it is natural to ask "how close can we get". This question has been well studied and is nowadays well understood from the perspective of the bias of individual coin tosses. We approach and answer this question from a different---and somewhat orthogonal---perspective, where we do not look at individual coin tosses but at the global entropy instead. We show how two distrusting parties can produce a common high-entropy source, where the entropy is an arbitrarily small fraction below the maximum (except with negligible probability).

Published
2018

22. Compressing Proofs of k-Out-Of-n Partial Knowledge

Author

Attema, Thomas, Cramer, Ronald, Fehr, Serge, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Malkin, Tal, editor, and Peikert, Chris, editor

Published
2021
Full Text
View/download PDF

23. On the Compressed-Oracle Technique, and Post-Quantum Security of Proofs of Sequential Work

Author

Chung, Kai-Min, Fehr, Serge, Huang, Yu-Hsuan, Liao, Tai-Ning, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Canteaut, Anne, editor, and Standaert, François-Xavier, editor

Published
2021
Full Text
View/download PDF

25. Sublinear Bounds on the Distinguishing Advantage for Multiple Samples

Author

Fehr, Serge, Vaudenay, Serge, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Aoki, Kazumaro, editor, and Kanaoka, Akira, editor

Published
2020
Full Text
View/download PDF

26. On the Quantum Complexity of the Continuous Hidden Subgroup Problem

Author

de Boer, Koen, Ducas, Léo, Fehr, Serge, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Canteaut, Anne, editor, and Ishai, Yuval, editor

Published
2020
Full Text
View/download PDF

27. Quantum Authentication and Encryption with Key Recycling

Author

Fehr, Serge and Salvail, Louis

Subjects
Quantum Physics
Abstract

We propose an information-theoretically secure encryption scheme for classical messages with quantum ciphertexts that offers detection of eavesdropping attacks, and re-usability of the key in case no eavesdropping took place: the entire key can be securely re-used for encrypting new messages as long as no attack is detected. This is known to be impossible for fully classical schemes, where there is no way to detect plain eavesdropping attacks. This particular application of quantum techniques to cryptography was originally proposed by Bennett, Brassard and Breidbart in 1982, even before proposing quantum-key-distribution, and a simple candidate scheme was suggested but no rigorous security analysis was given. The idea was picked up again in 2005, when Damgard, Pedersen and Salvail suggested a new scheme for the same task, but now with a rigorous security analysis. However, their scheme is much more demanding in terms of quantum capabilities: it requires the users to have a quantum computer. In contrast, and like the original scheme by Bennett et al., our new scheme merely requires to prepare and measure single BB84 qubits. As such, we not only show a provably-secure scheme that is within reach of current technology, but we also confirm Bennett et al.'s original intuition that a scheme in the spirit of their original construction is indeed secure., Comment: This latest version fixes some minor mistakes of previous versions and contains a discussion on impersonation attacks (Section 4.6). A differently formatted version of (version v2 of) this article is available from the proceedings of Advances in Cryptology - EUROCRYPT 2017 (Springer-Verlag), or from http://eprint.iacr.org/2017/102

Published
2016

28. Adaptive Versus Non-Adaptive Strategies in the Quantum Setting with Applications

Author

Dupuis, Frédéric, Fehr, Serge, Lamontagne, Philippe, and Salvail, Louis

Subjects
Quantum Physics, Computer Science - Cryptography and Security
Abstract

We prove a general relation between adaptive and non-adaptive strategies in the quantum setting, i.e., between strategies where the adversary can or cannot adaptively base its action on some auxiliary quantum side information. Our relation holds in a very general setting, and is applicable as long as we can control the bit-size of the side information, or, more generally, its "information content". Since adaptivity is notoriously difficult to handle in the analysis of (quantum) cryptographic protocols, this gives us a very powerful tool: as long as we have enough control over the side information, it is sufficient to restrict ourselves to non-adaptive attacks. We demonstrate the usefulness of this methodology with two examples. The first is a quantum bit commitment scheme based on 1-bit cut-and-choose. Since bit commitment implies oblivious transfer (in the quantum setting), and oblivious transfer is universal for two-party computation, this implies the universality of 1-bit cut-and-choose, and thus solves the main open problem of [FKSZZ13]. The second example is a quantum bit commitment scheme proposed in 1993 by Brassard et al. It was originally suggested as an unconditionally secure scheme, back when this was thought to be possible. We partly restore the scheme by proving it secure in (a variant of) the bounded quantum storage model. In both examples, the fact that the adversary holds quantum side information obstructs a direct analysis of the scheme, and we circumvent it by analyzing a non-adaptive version, which can be done by means of known techniques, and applying our main result., Comment: 28 pages, 8 figures

Published
2016

34. On the Composition of Two-Prover Commitments, and Applications to Multi-Round Relativistic Commitments

Author

Fehr, Serge and Fillinger, Max

Subjects
Quantum Physics
Abstract

We consider the related notions of two-prover and of relativistic commitment schemes. In recent work, Lunghi et al. proposed a new relativistic commitment scheme with a multi-round sustain phase that enables to keep the binding property alive as long as the sustain phase is running. They prove security of their scheme against classical attacks; however, the proven bound on the error parameter is very weak: it blows up doubly exponentially in the number of rounds. In this work, we give a new analysis of the multi-round scheme of Lunghi et al., and we show a linear growth of the error parameter instead (also considering classical attacks only). Our analysis is based on a new and rather general composition theorem for two-prover commitment schemes. The proof of our composition theorem is based on a better understanding of the binding property of two-prover commitments that we provide in the form of new definitions and relations among them. These new insights are certainly of independent interest and are likely to be useful in other contexts as well. Finally, our work gives rise to several interesting open problems, for instance extending our results to the quantum setting, where the dishonest provers are allowed to perform measurements on an entangled quantum state in order to try to break the binding property., Comment: Independently and concurrently, Chakraborty, Chailloux, and Leverrier proved a similar bound on the Lunghi et al. scheme (https://arxiv.org/abs/1507.00239) with respect to a weaker notion of security. The latest revision also contains a tightness result similar to the one by Bricout and Chailloux (https://arxiv.org/abs/1608.03820), but with a different proof and a slightly better constant term

Published
2015

35. Multi-Prover Commitments Against Non-Signaling Attacks

Author

Fehr, Serge and Fillinger, Max

Subjects
Quantum Physics
Abstract

We reconsider the concept of multi-prover commitments, as introduced in the late eighties in the seminal work by Ben-Or et al. As was recently shown by Cr\'{e}peau et al., the security of known two-prover commitment schemes not only relies on the explicit assumption that the provers cannot communicate, but also depends on their information processing capabilities. For instance, there exist schemes that are secure against classical provers but insecure if the provers have quantum information processing capabilities, and there are schemes that resist such quantum attacks but become insecure when considering general so-called non-signaling provers, which are restricted solely by the requirement that no communication takes place. This poses the natural question whether there exists a two-prover commitment scheme that is secure under the sole assumption that no communication takes place; no such scheme is known. In this work, we give strong evidence for a negative answer: we show that any single-round two-prover commitment scheme can be broken by a non-signaling attack. Our negative result is as bad as it can get: for any candidate scheme that is (almost) perfectly hiding, there exists a strategy that allows the dishonest provers to open a commitment to an arbitrary bit (almost) as successfully as the honest provers can open an honestly prepared commitment, i.e., with probability (almost) 1 in case of a perfectly sound scheme. In the case of multi-round schemes, our impossibility result is restricted to perfectly hiding schemes. On the positive side, we show that the impossibility result can be circumvented by considering three provers instead: there exists a three-prover commitment scheme that is secure against arbitrary non-signaling attacks.

Published
2015

36. Towards Optimal Robust Secret Sharing with Security Against a Rushing Adversary

Author

Fehr, Serge, Yuan, Chen, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Pandu Rangan, C., Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Ishai, Yuval, editor, and Rijmen, Vincent, editor

Published
2019
Full Text
View/download PDF

37. On the Parallel Repetition of Multi-Player Games: The No-Signaling Case

Author

Buhrman, Harry, Fehr, Serge, and Schaffner, Christian

Subjects
Quantum Physics
Abstract

We consider the natural extension of two-player nonlocal games to an arbitrary number of players. An important question for such nonlocal games is their behavior under parallel repetition. For two-player nonlocal games, it is known that both the classical and the non-signaling value of any game converges to zero exponentially fast under parallel repetition, given that the game is non-trivial to start with (i.e., has classical/non-signaling value <1). Very recent results show similar behavior for the quantum value of a two-player game under parallel repetition. For nonlocal games with three or more players, very little is known up to present on their behavior under parallel repetition; this is true for the classical, the quantum and the non-signaling value. In this work, we show a parallel repetition theorem for the non-signaling value of a large class of multi-player games, for an arbitrary number of players. Our result applies to all multi-player games for which all possible combinations of questions have positive probability; this class in particular includes all free games, in which the questions to the players are chosen independently. Specifically, we prove that if the original game has a non-signaling value smaller than 1, then the non-signaling value of the $n$-fold parallel repetition is exponentially small in $n$. Our parallel repetition theorem for multi-player games is weaker than the known parallel repetition results for two-player games in that the rate at which the non-signaling value of the game decreases not only depends on the non-signaling value of the original game (and the number of possible responses), but on the complete description of the game. Nevertheless, we feel that our result is a first step towards a better understanding of the parallel repetition of nonlocal games with more than two players., Comment: 12 pages, v2: no technical changes, extended related work, added grant acknowledgments; to appear in Proceedings of TQC 2014

Published
2013
Full Text
View/download PDF

38. On quantum Renyi entropies: a new generalization and some properties

Author

Müller-Lennert, Martin, Dupuis, Frédéric, Szehr, Oleg, Fehr, Serge, and Tomamichel, Marco

Subjects
Quantum Physics, Computer Science - Information Theory, Mathematical Physics
Abstract

The Renyi entropies constitute a family of information measures that generalizes the well-known Shannon entropy, inheriting many of its properties. They appear in the form of unconditional and conditional entropies, relative entropies or mutual information, and have found many applications in information theory and beyond. Various generalizations of Renyi entropies to the quantum setting have been proposed, most notably Petz's quasi-entropies and Renner's conditional min-, max- and collision entropy. Here, we argue that previous quantum extensions are incompatible and thus unsatisfactory. We propose a new quantum generalization of the family of Renyi entropies that contains the von Neumann entropy, min-entropy, collision entropy and the max-entropy as special cases, thus encompassing most quantum entropies in use today. We show several natural properties for this definition, including data-processing inequalities, a duality relation, and an entropic uncertainty relation., Comment: v1: contains several conjectures; v2: conjectures are resolved - see also arXiv:1306.5358 and arXiv:1306.5920; v3: published version

Published
2013
Full Text
View/download PDF

39. Classical Proofs for the Quantum Collapsing Property of Classical Hash Functions

Author

Fehr, Serge, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Beimel, Amos, editor, and Dziembowski, Stefan, editor

Published
2018
Full Text
View/download PDF

41. A Monogamy-of-Entanglement Game With Applications to Device-Independent Quantum Cryptography

Author

Tomamichel, Marco, Fehr, Serge, Kaniewski, Jędrzej, and Wehner, Stephanie

Subjects
Quantum Physics
Abstract

We consider a game in which two separate laboratories collaborate to prepare a quantum system and are then asked to guess the outcome of a measurement performed by a third party in a random basis on that system. Intuitively, by the uncertainty principle and the monogamy of entanglement, the probability that both players simultaneously succeed in guessing the outcome correctly is bounded. We are interested in the question of how the success probability scales when many such games are performed in parallel. We show that any strategy that maximizes the probability to win every game individually is also optimal for the parallel repetition of the game. Our result implies that the optimal guessing probability can be achieved without the use of entanglement. We explore several applications of this result. First, we show that it implies security for standard BB84 quantum key distribution when the receiving party uses fully untrusted measurement devices, i.e. we show that BB84 is one-sided device independent. Second, we show how our result can be used to prove security of a one-round position-verification scheme. Finally, we generalize a well-known uncertainty relation for the guessing probability to quantum side information., Comment: also presented at EuroCrypt 2013

Published
2012
Full Text
View/download PDF

42. Security and Composability of Randomness Expansion from Bell Inequalities

Author

Fehr, Serge, Gelles, Ran, and Schaffner, Christian

Subjects
Quantum Physics, Computer Science - Cryptography and Security
Abstract

The nonlocal behavior of quantum mechanics can be used to generate guaranteed fresh randomness from an untrusted device that consists of two nonsignalling components; since the generation process requires some initial fresh randomness to act as a catalyst, one also speaks of randomness expansion. Colbeck and Kent proposed the first method for generating randomness from untrusted devices, however, without providing a rigorous analysis. This was addressed subsequently by Pironio et al. [Nature 464 (2010)], who aimed at deriving a lower bound on the min-entropy of the data extracted from an untrusted device, based only on the observed non-local behavior of the device. Although that article succeeded in developing important tools towards the acquired goal, it failed in putting the tools together in a rigorous and correct way, and the given formal claim on the guaranteed amount of min-entropy needs to be revisited. In this paper we show how to combine the tools provided by Pironio et al., as to obtain a meaningful and correct lower bound on the min-entropy of the data produced by an untrusted device, based on the observed non-local behavior of the device. Our main result confirms the essence of the improperly formulated claims of Pironio et al., and puts them on solid ground. We also address the question of composability and show that different untrusted devices can be composed in an alternating manner under the assumption that they are not entangled. This enables for superpolynomial randomness expansion based on two untrusted yet unentangled devices., Comment: 12 pages, v3: significant changes: security is proven against adversaries holding only classical side information

Published
2011
Full Text
View/download PDF

43. The Garden-Hose Model

Author

Buhrman, Harry, Fehr, Serge, Schaffner, Christian, and Speelman, Florian

Subjects
Quantum Physics, Computer Science - Cryptography and Security
Abstract

We define a new model of communication complexity, called the garden-hose model. Informally, the garden-hose complexity of a function f:{0,1}^n x {0,1}^n to {0,1} is given by the minimal number of water pipes that need to be shared between two parties, Alice and Bob, in order for them to compute the function f as follows: Alice connects her ends of the pipes in a way that is determined solely by her input x \in {0,1}^n and, similarly, Bob connects his ends of the pipes in a way that is determined solely by his input y \in {0,1}^n. Alice turns on the water tap that she also connected to one of the pipes. Then, the water comes out on Alice's or Bob's side depending on the function value f(x,y). We prove almost-linear lower bounds on the garden-hose complexity for concrete functions like inner product, majority, and equality, and we show the existence of functions with exponential garden-hose complexity. Furthermore, we show a connection to classical complexity theory by proving that all functions computable in log-space have polynomial garden-hose complexity. We consider a randomized variant of the garden-hose complexity, where Alice and Bob hold pre-shared randomness, and a quantum variant, where Alice and Bob hold pre-shared quantum entanglement, and we show that the randomized garden-hose complexity is within a polynomial factor of the deterministic garden-hose complexity. Examples of (partial) functions are given where the quantum garden-hose complexity is logarithmic in n while the classical garden-hose complexity can be lower bounded by n^c for constant c>0. Finally, we show an interesting connection between the garden-hose model and the (in)security of a certain class of quantum position-verification schemes., Comment: 19 pages, 1 figure, accepted at QCRYPT 2011. v2: fixed problem with missing references, no changes in content, v3: equivalent to final ITCS 2013 proceedings version. Substantial updates: re-ordering of subjects, introduction of randomized and quantum garden-hose models. Previous Section 3 regarding the optimality of a particular attack is removed but can be found in arxiv:1210.4353

Published
2011
Full Text
View/download PDF

44. An All-But-One Entropic Uncertainty Relation, and Application to Password-based Identification

Author

Bouman, Niek J., Fehr, Serge, González-Guillén, Carlos, and Schaffner, Christian

Subjects
Quantum Physics
Abstract

Entropic uncertainty relations are quantitative characterizations of Heisenberg's uncertainty principle, which make use of an entropy measure to quantify uncertainty. In quantum cryptography, they are often used as convenient tools in security proofs. We propose a new entropic uncertainty relation. It is the first such uncertainty relation that lower bounds the uncertainty in the measurement outcome for all but one choice for the measurement from an arbitrarily large (but specifically chosen) set of possible measurements, and, at the same time, uses the min-entropy as entropy measure, rather than the Shannon entropy. This makes it especially suited for quantum cryptography. As application, we propose a new quantum identification scheme in the bounded quantum storage model. It makes use of our new uncertainty relation at the core of its security proof. In contrast to the original quantum identification scheme proposed by Damg{\aa}rd et al., our new scheme also offers some security in case the bounded quantum storage assumption fails hold. Specifically, our scheme remains secure against an adversary that has unbounded storage capabilities but is restricted to non-adaptive single-qubit operations. The scheme by Damg{\aa}rd et al., on the other hand, completely breaks down under such an attack., Comment: 33 pages, v2

Published
2011

45. Position-Based Quantum Cryptography: Impossibility and Constructions

Author

Buhrman, Harry, Chandran, Nishanth, Fehr, Serge, Gelles, Ran, Goyal, Vipul, Ostrovsky, Rafail, and Schaffner, Christian

Subjects
Quantum Physics, Computer Science - Cryptography and Security
Abstract

In this work, we study position-based cryptography in the quantum setting. The aim is to use the geographical position of a party as its only credential. On the negative side, we show that if adversaries are allowed to share an arbitrarily large entangled quantum state, no secure position-verification is possible at all. We show a distributed protocol for computing any unitary operation on a state shared between the different users, using local operations and one round of classical communication. Using this surprising result, we break any position-verification scheme of a very general form. On the positive side, we show that if adversaries do not share any entangled quantum state but can compute arbitrary quantum operations, secure position-verification is achievable. Jointly, these results suggest the interesting question whether secure position-verification is possible in case of a bounded amount of entanglement. Our positive result can be interpreted as resolving this question in the simplest case, where the bound is set to zero. In models where secure positioning is achievable, it has a number of interesting applications. For example, it enables secure communication over an insecure channel without having any pre-shared key, with the guarantee that only a party at a specific location can learn the content of the conversation. More generally, we show that in settings where secure position-verification is achievable, other position-based cryptographic schemes are possible as well, such as secure position-based authentication and position-based key agreement., Comment: 27 pages, 5 figures. v4: improved proofs for the impossibility theorem and for the instantaneous computation theorem

Published
2010
Full Text
View/download PDF

46. Position-Based Quantum Cryptography

Author

Chandran, Nishanth, Fehr, Serge, Gelles, Ran, Goyal, Vipul, and Ostrovsky, Rafail

Subjects
Quantum Physics
Abstract

This paper is replaced by arXiv:1009.2490. The new paper includes a general impossibility result and restricted possibility results, and it has two additional authors., Comment: The paper arXiv:1009.2490 supersedes this paper

Published
2010

47. Sampling in a Quantum Population, and Applications

Author

Bouman, Niek J. and Fehr, Serge

Subjects
Quantum Physics
Abstract

We propose a framework for analyzing classical sampling strategies for estimating the Hamming weight of a large string, when applied to a multi-qubit quantum system instead. The framework shows how to interpret such a strategy and how to define its accuracy when applied to a quantum system. Furthermore, we show how the accuracy of any strategy relates to its accuracy in its classical usage, which is well understood for the important examples. We show the usefulness of our framework by using it to obtain new and simple security proofs for the following quantum-cryptographic schemes: quantum oblivious-transfer from bit-commitment, and BB84 quantum-key-distribution., Comment: [v5] Fixed a proof-technical issue related to abort in QOT, and rephrased some statements about composability; Proceedings CRYPTO 2010 (LNCS vol. 6223, Springer)

Published
2009

48. Improving the Security of Quantum Protocols via Commit-and-Open

Author

Damgaard, Ivan, Fehr, Serge, Lunemann, Carolin, Salvail, Louis, and Schaffner, Christian

Subjects
Quantum Physics
Abstract

We consider two-party quantum protocols starting with a transmission of some random BB84 qubits followed by classical messages. We show a general "compiler" improving the security of such protocols: if the original protocol is secure against an "almost honest" adversary, then the compiled protocol is secure against an arbitrary computationally bounded (quantum) adversary. The compilation preserves the number of qubits sent and the number of rounds up to a constant factor. The compiler also preserves security in the bounded-quantum-storage model (BQSM), so if the original protocol was BQSM-secure, the compiled protocol can only be broken by an adversary who has large quantum memory and large computing power. This is in contrast to known BQSM-secure protocols, where security breaks down completely if the adversary has larger quantum memory than expected. We show how our technique can be applied to quantum identification and oblivious transfer protocols., Comment: 21 pages; editorial change (reorganizing of several subsections in new section 5 about "extensions and generalizations"); added clarifications about efficient simulation; minor improvements

Published
2009

49. Composing Quantum Protocols in a Classical Environment

Author

Fehr, Serge and Schaffner, Christian

Subjects
Quantum Physics
Abstract

We propose a general security definition for cryptographic quantum protocols that implement classical non-reactive two-party tasks. The definition is expressed in terms of simple quantum-information-theoretic conditions which must be satisfied by the protocol to be secure. The conditions are uniquely determined by the ideal functionality F defining the cryptographic task to be implemented. We then show the following composition result. If quantum protocols pi_1,...,pi_k securely implement ideal functionalities F_1,...,F_k according to our security definition, then any purely classical two-party protocol, which makes sequential calls to F_1,...,F_k, is equally secure as the protocol obtained by replacing the calls to F_1,...,F_k with the respective quantum protocols pi_1,...,pi_k. Hence, our approach yields the minimal security requirements which are strong enough for the typical use of quantum protocols as subroutines within larger classical schemes. Finally, we show that recently proposed quantum protocols for oblivious transfer and secure identification in the bounded-quantum-storage model satisfy our security definition, and thus compose in the above sense., Comment: 24 pages. v2: 25 pages, minor improvements, added clarifications, updated references

Published
2008

Catalog

Books, media, physical & digital resources
See catalog results