Anonymous Transmission: Difference between revisions

Line 16: Line 16:
==Properties==
==Properties==
Security of a anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender <math>S</math> or receiver <math>R</math> given all the classical and quantum information they have available at the end of the protocol.
Security of a anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender <math>S</math> or receiver <math>R</math> given all the classical and quantum information they have available at the end of the protocol.
'''Guessing probability'''
*'''Guessing probability''' Let <math>\mathcal{A}</math> be a subset of adversaries among <math>N</math> nodes. Let <math>C</math> be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
Let <math>\mathcal{A}</math> be a subset of adversaries among $N$ nodes. Let $C$ be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
<math> P_{\text{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [N]} P[S=i|S\notin \mathcal{A}] \text{Tr}[M^i \cdot \rho_{C|S=i} ],</math></br>
<math> P_{\tn{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [N]} P[S=i|S\notin \mathcal{A}] \Tr[M^i \cdot \rho_{C|S=i} ],</math></br>
where the maximization is taken over the set of POVMs <math>{\{M^i\}}</math> for the adversaries and <math>\rho_{C|S=i}</math> is the state of the adversaries at the end of the protocol, given that node <math>i</math> is the sender  
where the maximization is taken over the set of POVMs <math>{\{M^i\}}</math> for the adversaries and $\rho_{C|S=i}$ is the state of the adversaries at the end of the protocol, given that node <math>i</math> is the sender  
*'''Sender-security''' We say that an anonymous transmission protocol is ''sender-secure'' if, given that the sender is honest, the probability of the adversary guessing the sender is </br>
*'''Sender-security''' We say that an anonymous transmission protocol is \textit{sender-secure} if, given that the sender is honest, the probability of the adversary guessing the sender is </br>
<math>P_{\text{guess}}[S|C,S\notin \mathcal{A}] \leq \max_{i\in[N]} P[S=i|S\notin \mathcal{A}].</math></br>
<math>P_{\tn{guess}}[S|C,S\notin \mathcal{A}] \leq \max_{i\in[N]} P[S=i|S\notin \mathcal{A}].</math></br>
*'''Receiver-security''' We say that an anonymous transmission protocol is ''receiver-secure'' if, given that the receiver is honest, the probability of the adversary guessing the receiver is:</br>  
*'''Receiver-security''' We say that an anonymous transmission protocol is \textit{receiver-secure} if, given that the receiver is honest, the probability of the adversary guessing the receiver is:</br>  
<math>P_{\text{guess}}[R|C,R\notin \mathcal{A}] \leq \max_{i\in[N]} P[R=i|R\notin \mathcal{A}]</math>
<math>P_{\tn{guess}}[R|C,R\notin \mathcal{A}] \leq \max_{i\in[N]} P[R=i|R\notin \mathcal{A}]</math>
 
==Further Information==
==Further Information==
The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in (2). For device-independent quantum key distribution, attacks presented in (1) show that security can be compromised if the same devices are used to implement another instance of the protocol.
The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in (2). For device-independent quantum key distribution, attacks presented in (1) show that security can be compromised if the same devices are used to implement another instance of the protocol.
Write, autoreview, editor, reviewer
3,129

edits