Add to Watchlist

Superposition attacks on cryptographic protocols


Citation of segment
Embed Code
Purchasing a DVD Cite video

For this video, there are no automatic analysis results.

Analysis results are only provided—where legally permissible—for videos from the realms of technology/engineering, architecture, chemistry, information technology, mathematics, and physics.


Formal Metadata

Title Superposition attacks on cryptographic protocols
Title of Series The Annual Conference on Quantum Cryptography (QCRYPT) 2012
Number of Parts 30
Author Funder, Jakob
Contributors Centre for Quantum Technologies (CQT)
National University of Singapore (NUS)
Damgard, Ivan
Buus Nielsen, Jesper
Salvail, Louis
License CC Attribution - NonCommercial - NoDerivatives 2.5 Switzerland:
You are free to use, copy, distribute and transmit the work or content in unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
DOI 10.5446/36681
Publisher Eidgenössische Technische Hochschule (ETH) Zürich
Release Date 2012
Language English

Content Metadata

Subject Area Information technology
Abstract Attacks on cryptographic protocols are usually modeled by allowing an adversary to ask queries to an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece of information. Even if the protocol is quantum, the queries are typically classical, such as a choice of subset of players to corrupt. In this paper, we introduce a fundamentally new model of quantum attacks on protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold t in the standard model is secure against superposition attacks if and only if the threshold is lowered to t/2. This holds for all classical as well as a large class of quantum secret sharing schemes. We then consider zero-knowledge and first show that known protocols are not, in general, secure in our model by designing a superposition attack on the well-known zero-knowledge protocol for graph isomorphism. We then use our secret-sharing result to design zero-knowledge proofs for all of NP in the common reference string model. While our protocol is classical, it is sound against a cheating unbounded quantum prover and computational zero-knowledge even if the verifier is allowed a superposition attack. Finally, we consider multiparty computation and give a characterization of a class of protocols that can be shown secure, though not necessarily with efficient simulation. We show that this class contains non-trivial protocols that cannot be shown secure by running a classical simulator in superposition.


AV-Portal 3.5.0 (cb7a58240982536f976b3fae0db2d7d34ae7e46b)


  275 ms - page object