Pseudo-Secret Random Qubit Generator (PSQRG): Difference between revisions

Line 58: Line 58:
#Client: instructs the Server to measure all the qubits (except the last one) of the first register in the  basis. Server obtains the outcomes b = (b1,··· ,bn−1) and returns the result b to the Client
#Client: instructs the Server to measure all the qubits (except the last one) of the first register in the  basis. Server obtains the outcomes b = (b1,··· ,bn−1) and returns the result b to the Client
#Client: using the trapdoor tk computes x,x0. Then check if the nth bit of x and x0 (corresponding to the y received in stage 1) are the same or different. If they are the same, returns abort, otherwise, obtains the classical description of the Server’s state.
#Client: using the trapdoor tk computes x,x0. Then check if the nth bit of x and x0 (corresponding to the y received in stage 1) are the same or different. If they are the same, returns abort, otherwise, obtains the classical description of the Server’s state.
==Definitions (informal)==
*''Quantum-Safe'' A protocol/function is quantum-safe (also known as post-quantum secure), if all its properties remain valid when the adversaries are quantum polynomial-time (QPT).
*''One-Way'' A family of functions <math>\{f_k : D \rightarrow R\}_{k\epsilon \{0,1\}}</math> is one-way if there exists a QPT algorithm that can compute <math>f_k(x)</math> for any k, any input x ∈ D, and any QPT algorithm can invert <math>f_k</math> with at most negligible probability over the choice of k.
*''Second pre-image Resistant'' A family of functions <math>\{f_k : D \rightarrow R\}_{k\epsilon \{0,1\}}</math> is second pre-image resistant if there exists a QPT algorithm that can compute <math>f_k(x)</math> for any index function k, any input x ∈ D, and given an input x, it can find a different input <math>x_0</math> such that <math>f_k(x) = f_k(x')</math> with at most negligible probability over the choice of k.
*''Collision Resistant'' A family of functions <math>\{f_k : D \rightarrow R\}_{k\epsilon \{0,1\}}</math> is collision resistant if there exists a QPT algorithm that can compute <math>f_k(x)</math> for any index function k, any input <math>x \epsilon D</math>, any QPT algorithm can find two inputs <math>x \neq x'</math> such that <math>f_k(x) = f_k(x')</math> with at most negligible probability over the choice of k.
*''Two-regular'' A deterministic function <math>\{f_k : D \rightarrow R\}_{k\epsilon \{0,1\}}</math> is two-regular if <math>\forall y \epsilon Im(f)</math>, we have <math>|f^{-1}(y)| = 2</math>
*''Trapdoor Function'' A family of functions <math>\{f_k : D \rightarrow R\}_{k\epsilon \{0,1\}}</math> is a trapdoor function if there exists a QPT algorithm Gen which on input <math>1^n</math> outputs <math>(k,t_k)</math>, where k represents the index of a function, <math>\{f_k : D \rightarrow R\}_{k\epsilon \{0,1\}}</math>, where <math>f_k</math> is a one-way function, then there exists a QPT algorithm Inv, which on inputs <math>t_k</math> (which is called the trapdoor information) which was output by Gen(<math>1^n</math>), and <math>y = f_k(x)</math> can invert y (by returning all pre-images of y with non-negligible probability over the choice of <math>(k,t_k)</math> and uniform choice of x.


==Relevant Papers==
==Relevant Papers==
Write, autoreview, editor, reviewer
3,129

edits