liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Direct proof of security of Wegman-Carter authentication with partially known key
Linköpings universitet, Institutionen för systemteknik, Informationskodning. Linköpings universitet, Tekniska högskolan.
Linköpings universitet, Institutionen för systemteknik, Informationskodning. Linköpings universitet, Tekniska högskolan.ORCID-id: 0000-0002-1082-8325
2014 (Engelska)Ingår i: Quantum Information Processing, ISSN 1570-0755, E-ISSN 1573-1332, Vol. 13, nr 10, s. 2155-2170Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman& Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability ε and the authentication key has an ε´ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic message-tag pair is only bounded by ε +|Ƭ|ε´, where |Ƭ| is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to |Ƭ|ε´ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than ε + ε´. This proves that the scheme is (ε + ε´)-UC-secure, without using the composability theorem.

Ort, förlag, år, upplaga, sidor
Springer, 2014. Vol. 13, nr 10, s. 2155-2170
Nyckelord [en]
Authentication, Strongly Universal hash functions, Partially known key, Trace distance, Universal Composability, Quantum Key Distribution.
Nationell ämneskategori
Elektroteknik och elektronik
Identifikatorer
URN: urn:nbn:se:liu:diva-91264DOI: 10.1007/s11128-013-0641-6ISI: 000341842000002OAI: oai:DiVA.org:liu-91264DiVA, id: diva2:616699
Projekt
ICG QCTillgänglig från: 2013-04-18 Skapad: 2013-04-18 Senast uppdaterad: 2017-12-06Bibliografiskt granskad
Ingår i avhandling
1. Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions
Öppna denna publikation i ny flik eller fönster >>Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions
2013 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Quantum Key Distribution (QKD) is a secret key agreement technique that consists of two parts: quantum transmission and measurement on a quantum channel, and classical post-processing on a public communication channel. It enjoys provable unconditional security provided that the public communication channel is immutable. Otherwise, QKD is vulnerable to a man-in-the-middle attack. Immutable public communication channels, however, do not exist in practice. So we need to use authentication that implements the properties of an immutable channel as well as possible. One scheme that serves this purpose well is the Wegman-Carter authentication (WCA), which is built upon Almost Strongly Universal2 (ASU2) hashing. This scheme uses a new key in each authentication attempt to select a hash function from an ASU2 family, which is then used to generate the authentication tag for a message.

The main focus of this dissertation is on authentication in the context of QKD. We study ASU2 hash functions, security of QKD that employs a computationally secure authentication, and also security of authentication with a partially known key. Specifically, we study the following.

First, Universal hash functions and their constructions are reviewed, and as well as a new construction of ASU2 hash functions is presented. Second, security of QKD that employs a specific computationally secure authentication is studied. We present detailed attacks on various practical implementations of QKD that employs this authentication. We also provide countermeasures and prove necessary and sufficient conditions for upgrading the security of the authentication to the level of unconditional security. Third, Universal hash function based multiple authentication is studied. This uses a fixed ASU2 hash function followed by one-time pad encryption, to keep the hash function secret. We show that the one-time pad is necessary in every round for the authentication to be unconditionally secure. Lastly, we study security of the WCA scheme, in the case of a partially known authentication key. Here we prove tight information-theoretic security bounds and also analyse security using witness indistinguishability as used in the Universal Composability framework.

Ort, förlag, år, upplaga, sidor
Linköping: Linköping University Electronic Press, 2013. s. 55
Serie
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1517
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:liu:diva-91265 (URN)978-91-7519-625-1 (ISBN)
Disputation
2013-05-17, Visionen, B-huset, Campus Valla, Linköpings universitet, Linköping, 13:15 (Engelska)
Opponent
Handledare
Projekt
ICG QC
Tillgänglig från: 2013-04-18 Skapad: 2013-04-18 Senast uppdaterad: 2016-08-31Bibliografiskt granskad

Open Access i DiVA

fulltext(387 kB)247 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 387 kBChecksumma SHA-512
69f1ad486b8b3eed0fd59dba84a4bb737ff6d7bd8e5649a4f98cf79282ca57695cb928c0444b639833a796d3e1d3a13819e9e27383b5394f8b24028c0ed70738
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Personposter BETA

Abidin, AysajanLarsson, Jan-Åke

Sök vidare i DiVA

Av författaren/redaktören
Abidin, AysajanLarsson, Jan-Åke
Av organisationen
InformationskodningTekniska högskolan
I samma tidskrift
Quantum Information Processing
Elektroteknik och elektronik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 247 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 1064 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf