Pseudo-Secret Random Qubit Generator (PSQRG): Difference between revisions

Line 33: Line 33:


== Properties ==
== Properties ==
===Parameters===
*<math>f_k</math>, the function with required properties (see Setup Assumptions)
*fk, the function with required properties (see Setup Assumptions)
*n, number of qubits in the control register
*n, number of qubits in the control register
===Adversarial Assumption===
*This protocol assumes an honest Client and proves security only for an adversarial Server.
*This protocol assumes an honest Client and proves security only for an adversarial Server.
*This protocol takes the assumption of a Quantum Honest But Curious (QHBC) adversary setting i.e. the protocol is secure against an honest Server who just wants to know Client’s hidden data but not modify it without Client’s consent.
*This protocol takes the assumption of a Quantum Honest But Curious (QHBC) adversary setting i.e. the protocol is secure against an honest Server who just wants to know Client’s hidden data but not modify it without Client’s consent.
===Setup Assumptions===
*The function used for the protocol is required to satisfy the following properties: one-way, trapdoor, two-regular, collision resistance, quantum-safe (See Definitions).
*The function used for the protocol is required to satisfy the following properties: one-way, trapdoor, two-regular, collision resistance, quantum-safe (See Definitions).
*This protocol is secure under learning with errors assumption i.e. it relies on assumption over a quantum Server to be unable solve a computationally hard problem.
*This protocol is secure under learning with errors assumption i.e. it relies on assumption over a quantum Server to be unable solve a computationally hard problem.
*The protocol assumes that all quantum operators are described by polynomially-sized circuits.
*The protocol assumes that all quantum operators are described by polynomially-sized circuits.
===Security/ Theorems===
*The randomness of the output qubit is due to the (fundamental) randomness of quantum measurements that are part of the instructions that the Client gives.
*The randomness of the output qubit is due to the (fundamental) randomness of quantum measurements that are part of the instructions that the Client gives.
*The Server cannot guess the state any better than if he had just received that state directly from the Client (up to negligible probability).
*The Server cannot guess the state any better than if he had just received that state directly from the Client (up to negligible probability).
*''Correctness'' If both the Client and the Server follow the protocol, the protocol aborts when {missing equation}, while otherwise the Server ends up with the output (single) qubit being in the state  ), where θ is given by Eq.1 (see Pseudo Code).
*''Correctness'' If both the Client and the Server follow the protocol, the protocol aborts when {missing equation}, while otherwise the Server ends up with the output (single) qubit being in the state  ), where <math>\theta</math> is given by [[equation|equation]] (see Pseudo Code).
* The single qubit state generated by the protocol remains private against a QHBC Server
* The single qubit state generated by the protocol remains private against a QHBC Server


Write, autoreview, editor, reviewer
3,129

edits