Cryptography Reference
In-Depth Information
where ( x A ,y A ) is Alice's private-public key-pair and ( x B ,y B ) is Bob's private-
public key-pair. We will say more about asymmetric (public-key) cryptography
later on.
Definition 1 (In band/out of band). The term “in band” describes actions
carried out in the normal course of telecommunications strictly via remote sig-
nalling across communication channels. The term “out of band” is used to mean
“not in band” and describes communication via non-digital/manual means as
opposed to via standard telecommunication devices.
Remark 2 (Classical channel). Strictly speaking, there is no need for a dedi-
cated classical channel between Alice and Bob, since classical information can be
sent along the quantum channel. However, the well-known qke protocols (i.e.,
those based on the ones in Refs [12,13]) clearly distinguish the classical from the
quantum communication; in particular, it suces that only the classical commu-
nication is authenticated in order for the secret key to be authenticated at the end
of the protocol (whereas, one could imagine a quantum protocol where the quan-
tum communication also needs to be authenticated). In line with this distinction,
we assume separate quantum and classical channels.
A (point-to-point) uke system is defined similarly to an ake system, with only
the following differences:
Alice and Bob possess no initial keys and
the classical channel is assumed to be authenticated, i.e., Eve is assumed only
to passively monitor the classical channel (but she can still totally control
the quantum channel), and
π is a (point-to-point) uke protocol .
We also need to define conditions under which a key establishment protocol
is secure or, more specifically, quantum-resistant. We would like a definition
that applies equally well to both quantum and fully classical protocols, i.e., all
protocols allowed in the above frameworks. Since we take authentication for
granted (as explained above), the following security definition is sucient for
both ake and uke systems. Call a key establishment protocol perfectly secure
if, for any algorithm for Eve, we have that (1) s A
then
s A is uniformly distributed and independent of Eve's state, and (3) if Eve does
not interfere with the protocol (where we assume otherwise perfect channels),
then s A
= s B ,(2)if s A
=
be an ideal key establishment system that implements a
perfectly secure protocol. Let
=
.Let
I
( π )bea real key establishment system that uses
protocol π .Let n be the minimum length of the secret key s if Alice and Bob
do not abort. Consider a probabilistic-polynomial-time (quantum) distinguisher
running in time polynomial in n , that interacts with either
R
( π )andthen
outputs a guess bit B ; the distinguisher has access to Eve's system and the
outputs s A and s B .
I
or
R
Search WWH ::




Custom Search