Latest revision |
Your text |
Line 3: |
Line 3: |
|
| |
|
| <!-- Intro: brief description of the protocol --> | | <!-- Intro: brief description of the protocol --> |
| This [https://arxiv.org/abs/1910.03551 example protocol] implements the functionality of Quantum Encryption with Certified Deletion using single-qubit state preparation and measurement. This scheme is limited to the single-use, private-key setting. | | This [https://arxiv.org/abs/1910.03551 example protocol] implements the functionality of Quantum Encryption with Certified Deletion using single-qubit state preparation and measurement. |
| <!--Tags: related pages or category --> | | <!--Tags: related pages or category --> |
|
| |
|
| ==Requirements== | | ==Assumptions== |
| * '''Network Stage: ''' [[:Category:Prepare and Measure Network Stage| Prepare and Measure]]
| | <!-- It describes the setting in which the protocol will be successful. --> |
|
| |
|
| ==Outline== | | ==Outline== |
Line 20: |
Line 20: |
| ==Notation== | | ==Notation== |
| <!-- Connects the non-mathematical outline with further sections. --> | | <!-- Connects the non-mathematical outline with further sections. --> |
| * For any string <math>x \in \{0,1\}^n</math> and set <math>\mathcal{I} \subseteq [n], x|_\mathcal{I}</math> denotes the string <math>x</math> restricted to the bits indexed by <math>\mathcal{I}</math>
| | |
| * For <math>x,\theta \in \{0,1\}^n, |x^\theta\rangle = H^\theta|x\rangle = H^{\theta_1}|x_1\rangle \otimes H^{\theta_2}|x_2\rangle \otimes ... \otimes H^{\theta_n}|x_n\rangle</math>
| |
| * <math>\mathcal{Q} := \mathbb{C}^2</math> denotes the state space of a single qubit,<math>\mathcal{Q}(n) := \mathcal{Q}^{\otimes n}</math>
| |
| * <math>\mathcal{D(H)}</math> denotes the set of density operators on a Hilbert space <math>\mathcal{H}</math>
| |
| * <math>\lambda</math>: Security parameter
| |
| * <math>n</math>: Length, in bits, of the message
| |
| * <math>\omega : \{0,1\} \rightarrow \mathbb{N}</math> : Hamming weight function
| |
| * <math>m = \kappa(\lambda)</math>: Total number of qubits sent from encrypting party to decrypting party
| |
| * <math>k</math>: Length, in bits, of the string used for verification of deletion
| |
| * <math>s = m - k</math>: Length, in bits, of the string used for extracting randomness
| |
| * <math>\tau = \tau(\lambda)</math>: Length, in bits, of error correction hash
| |
| * <math>\mu = \mu(\lambda)</math>: Length, in bits, of error syndrome
| |
| * <math>\theta</math>: Basis in which the encrypting party prepare her quantum state
| |
| * <math>\delta</math>: Threshold error rate for the verification test
| |
| * <math>\Theta</math>: Set of possible bases from which \theta is chosen
| |
| * <math>\mathfrak{H}_{pa}</math>: Universal<math>_2</math> family of hash functions used in the privacy amplification scheme
| |
| * <math>\mathfrak{H}_{ec}</math>: Universal<math>_2</math> family of hash functions used in the error correction scheme
| |
| * <math>H_{pa}</math>: Hash function used in the privacy amplification scheme
| |
| * <math>H_{ec}</math>: Hash function used in the error correction scheme
| |
| * <math>synd</math>: Function that computes the error syndrome
| |
| * <math>corr</math>: Function that computes the corrected string
| |
| <!--==Knowledge Graph== --> | | <!--==Knowledge Graph== --> |
| <!-- Add this part if the protocol is already in the graph --> | | <!-- Add this part if the protocol is already in the graph --> |
| <!-- {{graph}} --> | | <!-- {{graph}} --> |
| | |
| | ==Properties== |
| | <!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> |
|
| |
|
| ==Protocol Description== | | ==Protocol Description== |
Line 108: |
Line 91: |
| <!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | | <!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> |
|
| |
|
| ==Properties== | | ==Further Information== |
| <!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | | <!-- theoretical and experimental papers including requirements, security proof (important), which protocol does it implement, benchmark values... --> |
| This scheme has the following properties:
| | |
| *'''Correctness''': The scheme includes syndrome and correction functions and is thus robust against a certain amount of noise, i.e. below a certain noise threshold, the decryption circuit outputs the original message with high probability.
| |
| *'''Ciphertext Indistinguishability''': This notion implies that an adversary, given a ciphertext, cannot discern whether the original plaintext was a known message or a dummy plaintext <math>0^n</math>
| |
| *'''Certified Deletion Security''': After producing a valid deletion certificate, the adversary cannot obtain the original message, even if the key is leaked (after deletion).
| |
| ==References== | | ==References== |
| * The scheme along with its formal security definitions and their proofs can be found in [https://arxiv.org/abs/1910.03551 Broadbent & Islam (2019)]
| |
|
| |
| <div style='text-align: right;'>''*contributed by Chirag Wadhwa''</div>
| |