secure bit commitment from relativistic constraints
play

Secure bit commitment from relativistic constraints Jed Kaniewski - PowerPoint PPT Presentation

Sep 14, 2022 •641 likes •1.54k views

Secure bit commitment from relativistic constraints Jed Kaniewski Centre for Quantum Technologies National University of Singapore joint work with Marco Tomamichel, Esther H anggi and Stephanie Wehner [ arXiv: 1206.1740 ] QCrypt 2012,

  1. Secure bit commitment from relativistic constraints Jed Kaniewski Centre for Quantum Technologies National University of Singapore joint work with Marco Tomamichel, Esther H¨ anggi and Stephanie Wehner [ arXiv: 1206.1740 ] QCrypt 2012, Singapore Jed Kaniewski Secure relativistic bit commitment

  2. Outline Two-party cryptographic primitives Classical and quantum bit commitment Relativistic setting Relativistic bit commitment protocol [Kent’11] Security proof Summary and open questions Jed Kaniewski Secure relativistic bit commitment

  3. Two-party crypto – concept both honest = ⇒ protocol goes through and result is as expected ( q ( Jed Kaniewski Secure relativistic bit commitment

  4. Two-party crypto – concept Alice is honest = ⇒ she is protected against dishonest Bob (e.g. she catches him cheating, aborts the protocol or he remains ignorant about her input) and vice versa Jed Kaniewski Secure relativistic bit commitment

  5. Two-party crypto – examples coin flip secure function evaluation (trusted, unbiased randomness) oblivious transfer commitment schemes Jed Kaniewski Secure relativistic bit commitment

  6. Auction – motivation for commitment schemes Auctioning is easy if a trusted third-party is available.( Jed Kaniewski Secure relativistic bit commitment

  7. Auction – motivation for commitment schemes ??? What if there is no trusted third-party? Be paranoid, trust nobody! Jed Kaniewski Secure relativistic bit commitment

  8. Auction – motivation for commitment schemes ??? We could do it if we had a perfect [information-theoretic] safe. Jed Kaniewski Secure relativistic bit commitment

  9. Auction – motivation for commitment schemes [MLC'97] ??? Is this it? ( Jed Kaniewski Secure relativistic bit commitment

  10. Outline Two-party cryptographic primitives Classical and quantum bit commitment Relativistic setting Relativistic bit commitment protocol [Kent’11] Security proof Summary and open questions Jed Kaniewski Secure relativistic bit commitment

  11. Bit commitment – ideal functionality Commit phase Jed Kaniewski Secure relativistic bit commitment

  12. Bit commitment – ideal functionality Commit phase Jed Kaniewski Secure relativistic bit commitment

  13. Bit commitment – ideal functionality Commit phase Jed Kaniewski Secure relativistic bit commitment

  14. Bit commitment – ideal functionality Commit phase Jed Kaniewski Secure relativistic bit commitment

  15. Bit commitment – ideal functionality Commit phase Jed Kaniewski Secure relativistic bit commitment

  16. Bit commitment – ideal functionality Commit phase Open phase Jed Kaniewski Secure relativistic bit commitment

  17. Bit commitment – ideal functionality Commit phase Open phase Jed Kaniewski Secure relativistic bit commitment

  18. Bit commitment – ideal functionality Commit phase Open phase Jed Kaniewski Secure relativistic bit commitment

  19. Bit commitment – ideal functionality Commit phase Open phase Jed Kaniewski Secure relativistic bit commitment

  20. Cheating objectives The commit phase is over... Jed Kaniewski Secure relativistic bit commitment

  21. Cheating objectives Alice goes mad! Jed Kaniewski Secure relativistic bit commitment

  22. Cheating objectives She wants to break the safe and read the message! Jed Kaniewski Secure relativistic bit commitment

  23. Cheating objectives Bob goes mad! Jed Kaniewski Secure relativistic bit commitment

  24. Cheating objectives He wants to influence the message, he wants to be uncommitted! Jed Kaniewski Secure relativistic bit commitment

  25. Security criteria The scheme should be hiding . p guess – probability that Alice guesses the commited bit correctly after the commit phase is over Definition A bit commitment protocol is δ -hiding if the fact that Bob is honest implies p guess ≤ 1 2 + δ. Jed Kaniewski Secure relativistic bit commitment

  26. Security criteria The scheme should be binding . Bob should not be able to change his mind after the commit phase is over. Jed Kaniewski Secure relativistic bit commitment

  27. Security criteria 0 1 Dishonest Bob will have two different keys... Jed Kaniewski Secure relativistic bit commitment

  28. Security criteria unveil 1 please… no problemo 0 man! 1 External verifier Victor asks him to unveil 1.q Jed Kaniewski Secure relativistic bit commitment

  29. Security criteria unveil 1 please… no problemo 0 man! 1 Bob attempts to unveil 1. Jed Kaniewski Secure relativistic bit commitment

  30. Security criteria unveil 1 please… no problemo 0 man! 1 p 1 is the probability that Alice accepts the unveiling. Jed Kaniewski Secure relativistic bit commitment

  31. Security criteria Definition A bit commitment protocol is ǫ -binding if the fact that Alice is honest implies that there exists a bit c ∈ { 0 , 1 } such that p c ≤ ǫ . What about superposition commitment? For any protocol Bob can commit to an honest superposition and achieve p 0 = p 1 = 1 2 . Not satisfiable in the quantum world... Jed Kaniewski Secure relativistic bit commitment

  32. Security criteria Definition A bit commitment protocol is ǫ -binding if the fact that Alice is honest implies that there exists a bit c ∈ { 0 , 1 } such that p c ≤ ǫ . What about superposition commitment? For any protocol Bob can commit to an honest superposition and achieve p 0 = p 1 = 1 2 . Not satisfiable in the quantum world... Jed Kaniewski Secure relativistic bit commitment

  33. Security criteria Definition A bit commitment protocol is ǫ -binding if the fact that Alice is honest implies that there exists a bit c ∈ { 0 , 1 } such that p c ≤ ǫ . What about superposition commitment? For any protocol Bob can commit to an honest superposition and achieve p 0 = p 1 = 1 2 . Not satisfiable in the quantum world... Jed Kaniewski Secure relativistic bit commitment

  34. Security criteria Definition A bit commitment protocol is ǫ -binding if the fact that Alice is honest implies that there exists a bit c ∈ { 0 , 1 } such that p c ≤ ǫ . Definition A bit commitment protocol is ǫ -weakly binding if the fact that Alice is honest implies that p 0 + p 1 ≤ 1 + ǫ . Composability? forget it... Jed Kaniewski Secure relativistic bit commitment

  35. Security criteria Definition A bit commitment protocol is ǫ -binding if the fact that Alice is honest implies that there exists a bit c ∈ { 0 , 1 } such that p c ≤ ǫ . Definition A bit commitment protocol is ǫ -weakly binding if the fact that Alice is honest implies that p 0 + p 1 ≤ 1 + ǫ . Composability? forget it... Jed Kaniewski Secure relativistic bit commitment

  36. Security criteria Definition A bit commitment protocol is ǫ -binding if the fact that Alice is honest implies that there exists a bit c ∈ { 0 , 1 } such that p c ≤ ǫ . Definition A bit commitment protocol is ǫ -weakly binding if the fact that Alice is honest implies that p 0 + p 1 ≤ 1 + ǫ . Composability? forget it... Jed Kaniewski Secure relativistic bit commitment

  37. Outline Two-party cryptographic primitives Classical and quantum bit commitment Relativistic setting Relativistic bit commitment protocol [Kent’11] Security proof Summary and open questions Jed Kaniewski Secure relativistic bit commitment

  38. Relativistic setting t t 0 P x Jed Kaniewski Secure relativistic bit commitment

  39. Relativistic setting ' ' t ' ' ' ' t 1 Q R t 0 P x Jed Kaniewski Secure relativistic bit commitment

  40. Relativistic setting Phase 1 Jed Kaniewski Secure relativistic bit commitment

  41. Relativistic setting Phase 1 Phase 2 ' ' Jed Kaniewski Secure relativistic bit commitment

  42. Relativistic setting Phase 1 Phase 2 ' Jed Kaniewski Secure relativistic bit commitment

  43. Relativistic setting Phase 1 Phase 2 commit open ' , ' agree on a bit reveal the bit independently (in a consistent way) Jed Kaniewski Secure relativistic bit commitment

  44. Relativistic setting Phase 1 Phase 2 commit open ' , ' agree on a bit reveal the bit independently (in a consistent way) Jed Kaniewski Secure relativistic bit commitment

  45. Local vs. global command unveil 1 lah! Jed Kaniewski Secure relativistic bit commitment

  46. Local vs. global command unveil 1 ' lah! Jed Kaniewski Secure relativistic bit commitment

  47. Local vs. global command unveil 1 ' ' lah! i've got moves like Jagger you've got moves like Jagger i've got mooooooo… Jed Kaniewski Secure relativistic bit commitment

  48. Local vs. global command unveil 1 ' ' lah! i've got moves like Jagger you've got moves like Jagger i've got mooooooo… local command global command Jed Kaniewski Secure relativistic bit commitment

  49. Local vs. global command unveil 1 ' ' lah! i've got moves like Jagger you've got moves like Jagger i've got mooooooo… local command global command trivial protocol is secure no classical protocol (directly from no-signalling) can be secure Jed Kaniewski Secure relativistic bit commitment

Recommend

Relativistic Effects Relativistic Bit . . . Can Keep Data Secret: Relativistic Bit . . . Why

Relativistic Effects Relativistic Bit . . . Can Keep Data Secret: Relativistic Bit . . . Why

Computer Security . . . Computer Security . . . Main Idea Newtonian . . . Relativistic Effects Relativistic Bit . . . Can Keep Data Secret: Relativistic Bit . . . Why This Works A Simple Scheme Limitations of This . . . Second Algorithm

356 views • 13 slides
Relativistic effects and non-collinear DFT What is relativistic effects? Dirac equation

Relativistic effects and non-collinear DFT What is relativistic effects? Dirac equation

Relativistic effects and non-collinear DFT What is relativistic effects? Dirac equation Relativistic effects in an atom Spin-orbit coupling Hunds 3 rd rule Orbital magnetic moment Non-collinear DFT

851 views • 28 slides
New forms of non-relativistic and relativistic hydrodynamic equations as derived by the RG method

New forms of non-relativistic and relativistic hydrodynamic equations as derived by the RG method

New forms of non-relativistic and relativistic hydrodynamic equations as derived by the RG method Teiji Kunihiro (Kyoto) in collaboration with K. Tsumura (Fujifilm co.) YITP workshop on Nonequilibrium Dynamics in Astrophysics and Material

282 views • 27 slides
Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic

Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic

Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic heavy-ion reactions A. Krasznahorkay, ATOMKI, Debrecen Introduction The neutronskin thickness ( r )

873 views • 30 slides
Secure Data Outsourcing with Adversarial Data Dependency Constraints BigDataSecurity 2016

Secure Data Outsourcing with Adversarial Data Dependency Constraints BigDataSecurity 2016

Secure Data Outsourcing with Adversarial Data Dependency Constraints BigDataSecurity 2016 Boxiang Dong Wendy Hui Wang Jie Yang Department of Computer Science School of Software Engineering Stevens Institute of Technology South China

641 views • 22 slides
Considerations for Implementing a Facility Quality Forum 1. Secure the commitment of the facility

Considerations for Implementing a Facility Quality Forum 1. Secure the commitment of the facility

Considerations for Implementing a Facility Quality Forum 1. Secure the commitment of the facility administrator, director of nursing, medical director. The administrative team ultimately makes the difference in implementing changes in policy

333 views • 4 slides
Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1

Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1

ICTP-IAEA College on Plasma Physics, 2016 Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1 Universidad Adolfo Ib a nez, Chile Part I: Non-relativistic and Special relativistic Plasmas Part II:

460 views • 21 slides
Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1

Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1

ICTP-IAEA College on Plasma Physics, 2016 Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1 Universidad Adolfo Ib a nez, Chile Part I: Non-relativistic and Special relativistic Plasmas Part II:

842 views • 37 slides
Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1

Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1

ICTP-IAEA College on Plasma Physics, 2016 Some aspects of Vorticity fields in Relativistic and Quantum Plasmas Felipe A. Asenjo 1 Universidad Adolfo Ib a nez, Chile Part I: Non-relativistic and Special relativistic Plasmas Part II:

389 views • 35 slides
Yet More Ado About Nothing: The Remarkable Relativistic Vacuum State Stephen J. Summers

Yet More Ado About Nothing: The Remarkable Relativistic Vacuum State Stephen J. Summers

Relativistic Vacuum State Yet More Ado About Nothing: The Remarkable Relativistic Vacuum State Stephen J. Summers University of Florida Page 1 Relativistic Vacuum State What is the vacuum in modern science? Roughly speaking, it is that which

639 views • 34 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Commitment Schemes A commitment scheme CS = ( P , C , V ) is a triple of algorithms P

Commitment Schemes A commitment scheme CS = ( P , C , V ) is a triple of algorithms P

Commitment Schemes A commitment scheme CS = ( P , C , V ) is a triple of algorithms P COMMITMENT SCHEMES EXAMPLE M C C K V 0/1 Parameter generation algorithm P is run once by a trusted party to produce public parameters . Mihir

1.22k views • 6 slides
Working Energy Commitment Working Energy Commitment Founding Members Working Energy Commitment

Working Energy Commitment Working Energy Commitment Founding Members Working Energy Commitment

Working Energy Commitment Working Energy Commitment Founding Members Working Energy Commitment Statement of Principles Operate safely and responsibly Meet or exceed all environmental standards Act with integrity Continually

766 views • 18 slides
This Talks Three Key Takeaways Relativistic time dilation is incompatible with

This Talks Three Key Takeaways Relativistic time dilation is incompatible with

This Talks Three Key Takeaways Relativistic time dilation is incompatible with Newtons Second Law . However fixing to unity the g 00 metric component for a dust ball extinguishes relativistic time dilation and produces Friedmanns

281 views • 12 slides
Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Constraint Logic Programming Chapter 1: Constraints What are they, what do they do and what can I use them for. 1 Constraints What are constraints? Modelling problems Constraint solving Tree constraints Other constraint

205 views • 19 slides
LOCAL DECAY IN NON-RELATIVISTIC QED T. CHEN, J. FAUPIN, J. FR OHLICH, AND I. M. SIGAL Abstract.

LOCAL DECAY IN NON-RELATIVISTIC QED T. CHEN, J. FAUPIN, J. FR OHLICH, AND I. M. SIGAL Abstract.

LOCAL DECAY IN NON-RELATIVISTIC QED T. CHEN, J. FAUPIN, J. FR OHLICH, AND I. M. SIGAL Abstract. We prove the limiting absorption principle for a dressed electron at a fixed total momentum in the standard model of non-relativistic quantum elec-

592 views • 44 slides
Relativistic Hydrodynamic Fluctuations M. Stephanov with X. An, G. Basar and H.-U. Yee,

Relativistic Hydrodynamic Fluctuations M. Stephanov with X. An, G. Basar and H.-U. Yee,

Relativistic Hydrodynamic Fluctuations M. Stephanov with X. An, G. Basar and H.-U. Yee, 1902.09517 M. Stephanov Relativistic Hydrodynamic Fluctuations QM 2019 1 / 14 Critical point: intriguing hints Equilibrium 4 vs T and B : Where on

440 views • 31 slides
EFFECTIVE DYNAMICS OF AN ELECTRON COUPLED TO AN EXTERNAL POTENTIAL IN NON-RELATIVISTIC QED VOLKER

EFFECTIVE DYNAMICS OF AN ELECTRON COUPLED TO AN EXTERNAL POTENTIAL IN NON-RELATIVISTIC QED VOLKER

EFFECTIVE DYNAMICS OF AN ELECTRON COUPLED TO AN EXTERNAL POTENTIAL IN NON-RELATIVISTIC QED VOLKER BACH, THOMAS CHEN, J ER EMY FAUPIN, J URG FR OHLICH, AND ISRAEL MICHAEL SIGAL Abstract. In the framework of non-relativistic QED, we show

591 views • 22 slides
Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe.

Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe.

Commitment Schemes Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe. Commitment Schemes Commitment Schemes Digital analogue of a safe. Definition 1 (Commitment scheme) An efficient two-stage

605 views • 23 slides
Non-linear perturbations in relativistic cosmology David Langlois (APC & IAP, Paris) In

Non-linear perturbations in relativistic cosmology David Langlois (APC & IAP, Paris) In

Non-linear perturbations in relativistic cosmology David Langlois (APC & IAP, Paris) In collaboration with Filippo Vernizzi PRL 05 PRD 05 JCAP 06 astro-ph/0610064 Motivations Linear theory of relativistic

688 views • 23 slides
To J urg Fr ohlich whose vision and ideas shaped the non-relativistic quantum

To J urg Fr ohlich whose vision and ideas shaped the non-relativistic quantum

To J urg Fr ohlich whose vision and ideas shaped the non-relativistic quantum electrodynamics ON RAYLEIGH SCATTERING IN NON-RELATIVISTIC QUANTUM ELECTRODYNAMICS J ER EMY FAUPIN AND ISRAEL MICHAEL SIGAL Abstract. We consider a

798 views • 41 slides
MAXIMAL VELOCITY OF PHOTONS IN NON-RELATIVISTIC QED OIS BONY, J ER JEAN-FRANC EMY FAUPIN,

MAXIMAL VELOCITY OF PHOTONS IN NON-RELATIVISTIC QED OIS BONY, J ER JEAN-FRANC EMY FAUPIN,

MAXIMAL VELOCITY OF PHOTONS IN NON-RELATIVISTIC QED OIS BONY, J ER JEAN-FRANC EMY FAUPIN, AND ISRAEL MICHAEL SIGAL Abstract. We consider the problem of propagation of photons in the quantum theory of non-relativistic matter coupled to

346 views • 24 slides
Car-Like Robot: e.g., lie in free space How to Park a Car? Differential constraints: ff

Car-Like Robot: e.g., lie in free space How to Park a Car? Differential constraints: ff

2/14/2012 Types of Path Constraints Local constraints: Car-Like Robot: e.g., lie in free space How to Park a Car? Differential constraints: ff e.g., have bounded curvature (Nonholonomic Planning) Global constraints: e.g., have

252 views • 4 slides
On the Infrared Problem for the Dressed Non-Relativistic Electron in a Magnetic Field Laurent

On the Infrared Problem for the Dressed Non-Relativistic Electron in a Magnetic Field Laurent

On the Infrared Problem for the Dressed Non-Relativistic Electron in a Magnetic Field Laurent Amour, J er emy Faupin, Beno t Gr ebert, and Jean-Claude Guillot Abstract. We consider a non-relativistic electron interacting with a

460 views • 23 slides

More recommend