Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocol...Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.展开更多
Recently,a round-robin differential phase-shift(RRDPS) protocol was proposed[Nature 509,475(2014)],in which the amount of leakage is bounded without monitoring the signal disturbance.Introducing states of the phas...Recently,a round-robin differential phase-shift(RRDPS) protocol was proposed[Nature 509,475(2014)],in which the amount of leakage is bounded without monitoring the signal disturbance.Introducing states of the phase-encoded Bennett-Brassard 1984 protocol(PE-BB84) to the RRDPS,this paper presents another quantum key distribution protocol called round-robin differential quadrature phase-shift(RRDQPS) quantum key distribution.Regarding a train of many pulses as a single packet,the sender modulates the phase of each pulse by one of {0,π/2,π,3π/2},then the receiver measures each packet with a Mach-Zehnder interferometer having a phase basis of 0 or π/2.The RRDQPS protocol can be implemented with essential similar hardware to the PE-BB84,so it has great compatibility with the current quantum system.Here we analyze the security of the RRDQPS protocol against the intercept-resend attack and the beam-splitting attack.Results show that the proposed protocol inherits the advantages arising from the simplicity of the RRDPS protocol and is more robust against these attacks than the original protocol.展开更多
AEZ is an AES-based authenticated encryption submitted to the ongoing CAESAR competition and was presented at Eurocrypt2015 with AEZ v3. There are three models for AEZ, AEZ-core, AEZ-tiny and AEZ-prf. In this paper, w...AEZ is an AES-based authenticated encryption submitted to the ongoing CAESAR competition and was presented at Eurocrypt2015 with AEZ v3. There are three models for AEZ, AEZ-core, AEZ-tiny and AEZ-prf. In this paper, we consider the security of AEZprf for AEZ v4.2, the latest version of AEZ.Our major finding is a collision of any 256-bit associated data for AES-prf. Then we launch collision attacks in a quantum setting and a classical setting respectively under different assumptions. In the quantum setting, by Simon's quantum algorithm, we amount a forgery with O(n) quantum superposition queries and an overwhelming probability close to 1.In the classical setting, one with the key of AEZ-prf can also construct the forgeries. Our results show that the AEZ-prf models of AEZ v4.2 is not secure in both the quantum setting and classical world. Furthermore, our results can also be applied to AEZ v3, which has been published on Eurocrypt 2015. As far as we know, no cryptanalysis of AEZ v4.2 has been published so far.展开更多
With recent advances of quantum computanon, new threats key cryptosystems. In order to build more secure bit commitment schemes, this paper gave a survey of the new coming braid-based cryptography and then brought for...With recent advances of quantum computanon, new threats key cryptosystems. In order to build more secure bit commitment schemes, this paper gave a survey of the new coming braid-based cryptography and then brought forward the first braid-based bit commitment protocol. The security proof manifests that the proposed protocol is computationally binding and information-theoretically hiding. Furthermore, the proposed protocol is also invulnerable to currently known quantum attacks.展开更多
Our aim is to determine the conditions for quantum computing technology to give rise to the security risks associated with quantum Bitcoin mining.Specifically,we determine the speed and energy efficiency a quantum com...Our aim is to determine the conditions for quantum computing technology to give rise to the security risks associated with quantum Bitcoin mining.Specifically,we determine the speed and energy efficiency a quantum computer needs to offer an advantage over classical mining.We analyze the setting in which the Bitcoin network is entirely classical except for a single quantum miner with a small hash rate compared to the network.We develop a closed-form approximation for the probability that the quantum miner successfully mines a block,with this probability dependent on the number of Grover iterations the quantum miner applies before making a measurement.Next,we show that for a quantum miner that is“peaceful”,this success probability is maximized if the quantum miner applies Grover iterations for 16 min before measuring,which is surprising,as the network mines blocks every 10 min on average.Using this optimal mining procedure,we show that the quantum miner outperforms a classical computer in efficiency(cost per block)if the condition Q<Crb is satisfied,where Q is the cost of a Grover iteration,C is the cost of a classical hash,r is the quantum miner's speed in Grover iterations per second,and b is a factor that attains its maximum if the quantum miner uses our optimal mining procedure.This condition lays the foundation for determining when quantum mining and the known security risks associated with it will arise.展开更多
Advanced Encryption Standard(AES)is one of the most widely used block ciphers nowadays,and has been established as an encryption standard in 2001.Here we design AES-128 and the sample-AES(S-AES)quantum circuits for de...Advanced Encryption Standard(AES)is one of the most widely used block ciphers nowadays,and has been established as an encryption standard in 2001.Here we design AES-128 and the sample-AES(S-AES)quantum circuits for deciphering.In the quantum circuit of AES-128,we perform an affine transformation for the SubBytes part to solve the problem that the initial state of the output qubits in SubBytes is not the|0⟩⊗8 state.After that,we are able to encode the new round sub-key on the qubits encoding the previous round sub-key,and this improvement reduces the number of qubits used by 224 compared with Langenberg et al.’s implementation.For S-AES,a complete quantum circuit is presented with only 48 qubits,which is already within the reach of existing noisy intermediate-scale quantum computers.展开更多
The first quantum private comparison(QPC) protocol via cavity quantum electrodynamics(QED) is proposed in this paper by making full use of the evolution law of atom via cavity QED, where the third party(TP) is allowed...The first quantum private comparison(QPC) protocol via cavity quantum electrodynamics(QED) is proposed in this paper by making full use of the evolution law of atom via cavity QED, where the third party(TP) is allowed to misbehave on his own but cannot conspire with either of the two users. The proposed protocol adopts two-atom product states rather than entangled states as the initial quantum resource, and only needs single-atom measurements for two users. Both the unitary operations and the quantum entanglement swapping operation are not necessary for the proposed protocol. The proposed protocol can compare the equality of one bit from each user in each round comparison with one two-atom product state. The proposed protocol can resist both the outside attack and the participant attack.Particularly, it can prevent TP from knowing two users' secrets. Furthermore, the qubit efficiency of the proposed protocol is as high as 50%.展开更多
基金Korean Government (Ministry of Science and ICT)through the National Research Foundation of Korea (NRF)Grant 2021R1A2C1010481.
文摘Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61505261 and 11304397)the National Basic Research Program of China(Grant No.2013CB338002)
文摘Recently,a round-robin differential phase-shift(RRDPS) protocol was proposed[Nature 509,475(2014)],in which the amount of leakage is bounded without monitoring the signal disturbance.Introducing states of the phase-encoded Bennett-Brassard 1984 protocol(PE-BB84) to the RRDPS,this paper presents another quantum key distribution protocol called round-robin differential quadrature phase-shift(RRDQPS) quantum key distribution.Regarding a train of many pulses as a single packet,the sender modulates the phase of each pulse by one of {0,π/2,π,3π/2},then the receiver measures each packet with a Mach-Zehnder interferometer having a phase basis of 0 or π/2.The RRDQPS protocol can be implemented with essential similar hardware to the PE-BB84,so it has great compatibility with the current quantum system.Here we analyze the security of the RRDQPS protocol against the intercept-resend attack and the beam-splitting attack.Results show that the proposed protocol inherits the advantages arising from the simplicity of the RRDPS protocol and is more robust against these attacks than the original protocol.
基金supported by the National Natural Science Foundation of China (Grant No.61572516, No.61272041 and No.61272488)
文摘AEZ is an AES-based authenticated encryption submitted to the ongoing CAESAR competition and was presented at Eurocrypt2015 with AEZ v3. There are three models for AEZ, AEZ-core, AEZ-tiny and AEZ-prf. In this paper, we consider the security of AEZprf for AEZ v4.2, the latest version of AEZ.Our major finding is a collision of any 256-bit associated data for AES-prf. Then we launch collision attacks in a quantum setting and a classical setting respectively under different assumptions. In the quantum setting, by Simon's quantum algorithm, we amount a forgery with O(n) quantum superposition queries and an overwhelming probability close to 1.In the classical setting, one with the key of AEZ-prf can also construct the forgeries. Our results show that the AEZ-prf models of AEZ v4.2 is not secure in both the quantum setting and classical world. Furthermore, our results can also be applied to AEZ v3, which has been published on Eurocrypt 2015. As far as we know, no cryptanalysis of AEZ v4.2 has been published so far.
文摘With recent advances of quantum computanon, new threats key cryptosystems. In order to build more secure bit commitment schemes, this paper gave a survey of the new coming braid-based cryptography and then brought forward the first braid-based bit commitment protocol. The security proof manifests that the proposed protocol is computationally binding and information-theoretically hiding. Furthermore, the proposed protocol is also invulnerable to currently known quantum attacks.
文摘Our aim is to determine the conditions for quantum computing technology to give rise to the security risks associated with quantum Bitcoin mining.Specifically,we determine the speed and energy efficiency a quantum computer needs to offer an advantage over classical mining.We analyze the setting in which the Bitcoin network is entirely classical except for a single quantum miner with a small hash rate compared to the network.We develop a closed-form approximation for the probability that the quantum miner successfully mines a block,with this probability dependent on the number of Grover iterations the quantum miner applies before making a measurement.Next,we show that for a quantum miner that is“peaceful”,this success probability is maximized if the quantum miner applies Grover iterations for 16 min before measuring,which is surprising,as the network mines blocks every 10 min on average.Using this optimal mining procedure,we show that the quantum miner outperforms a classical computer in efficiency(cost per block)if the condition Q<Crb is satisfied,where Q is the cost of a Grover iteration,C is the cost of a classical hash,r is the quantum miner's speed in Grover iterations per second,and b is a factor that attains its maximum if the quantum miner uses our optimal mining procedure.This condition lays the foundation for determining when quantum mining and the known security risks associated with it will arise.
基金support from the National Natural Science Foundation of China under Grant Nos.11974205 and 11774197,the National Key Research and Development Program of China(No.2017YFA0303700)the Key Research and Development Program of Guangdong province(No.2018B030325002)+1 种基金and Beijing Advanced Innovation Center for Future Chip(ICFC).S.W.also acknowledges the China Postdoctoral Science Foundation(No.2020M670172)the National Natural Science Foundation of China under Grant No.12005015.
文摘Advanced Encryption Standard(AES)is one of the most widely used block ciphers nowadays,and has been established as an encryption standard in 2001.Here we design AES-128 and the sample-AES(S-AES)quantum circuits for deciphering.In the quantum circuit of AES-128,we perform an affine transformation for the SubBytes part to solve the problem that the initial state of the output qubits in SubBytes is not the|0⟩⊗8 state.After that,we are able to encode the new round sub-key on the qubits encoding the previous round sub-key,and this improvement reduces the number of qubits used by 224 compared with Langenberg et al.’s implementation.For S-AES,a complete quantum circuit is presented with only 48 qubits,which is already within the reach of existing noisy intermediate-scale quantum computers.
基金Supported by the National Natural Science Foundation of China under Grant No.61402407
文摘The first quantum private comparison(QPC) protocol via cavity quantum electrodynamics(QED) is proposed in this paper by making full use of the evolution law of atom via cavity QED, where the third party(TP) is allowed to misbehave on his own but cannot conspire with either of the two users. The proposed protocol adopts two-atom product states rather than entangled states as the initial quantum resource, and only needs single-atom measurements for two users. Both the unitary operations and the quantum entanglement swapping operation are not necessary for the proposed protocol. The proposed protocol can compare the equality of one bit from each user in each round comparison with one two-atom product state. The proposed protocol can resist both the outside attack and the participant attack.Particularly, it can prevent TP from knowing two users' secrets. Furthermore, the qubit efficiency of the proposed protocol is as high as 50%.
