Topic: |
Unforgeable Authentication and Signing of Quantum States |

Speaker: |
Dr. 托馬索 加萊多尼 (KS 密碼學專家) |

Date: |
2019-09-09 (Mon) 10:00 – 12:00 |

Location: |
Auditorium 101 at IIS new Building |

Host: |
Kai-Min Chung |

**Abstract:**
In this talk I will present recent results on the topic of

computationally secure transmission of quantum states. The Internet of

the future will arguably include both large-scale quantum computers and

high-capacity quantum channels. How will we securely transmit data

(including quantum states) over the resulting "quantum Internet?"

Entanglement-based methods (e.g., teleportation) are costly and

inefficient, both in terms of communication and storage complexity.

Encryption and authentication offer a non-interactive and efficient

alternative, with the basic features of Internet communication: (i.)

keys exchanged over public channels, (ii.) a short key suffices for

transmitting unlimited amount of data, and (iii.) security guarantees

are maximal for both secrecy and authenticity. However, encrypting,

authenticating, and signing quantum data requires understanding the

following core components, which have essentially not been studied in

the quantum setting: ciphertext authentication (even one-time), k-time

secret-key authentication (even for k = 2), unforgeability against

adaptive chosen message attacks, public-key verifiable signatures,

adaptive chosen-ciphertext security for encryption (CCA2), and

authenticated encryption. The lack of progress in this area has largely

been due to fundamental obstacles involving no-cloning and measurement,

which make it difficult even to formulate proper security definitions,

much less construct schemes or prove their security.

I will present recent results that make significant progress on each

component listed above. Starting with the symmetric-key case, the first

security definitions, constructions, security proofs, relations, and

separations are given. These results are then extended to the public-key

case. Herein, of particular interest are results regarding public-key

signatures on quantum states: first, a very strong impossibility result

convincingly shows that signatures only exist for purely classical data.

It is then shown that one can nonetheless sign quantum data, provided

that it is also encrypted. A thorough treatment of the theory of the

resulting "quantum signcryption" notion is finally provided.