actively secure two party evaluation of any quantum
play

Actively secure two-party evaluation of any quantum operation Fr - PowerPoint PPT Presentation

Mar 04, 2024 •397 likes •625 views

Actively secure two-party evaluation of any quantum operation Fr ed eric Dupuis ETH Z urich Joint work with Louis Salvail (Universit e de Montr eal) Jesper Buus Nielsen (Aarhus Universitet) August 23, 2012 Fr ed eric

  1. Actively secure two-party evaluation of any quantum operation Fr´ ed´ eric Dupuis ETH Z¨ urich Joint work with Louis Salvail (Universit´ e de Montr´ eal) Jesper Buus Nielsen (Aarhus Universitet) August 23, 2012 Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 1 / 21

  2. Outline Introduction: Task to be solved Security definition “Baby version” (semi-honest adversaries) Semi-honest Ñ active adversaries (Very high-level) description of our protocol Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 2 / 21

  3. Introduction Alice and Bob want to execute a quantum circuit F : A A F B B For example: H R ‘ ‚ R ‚ X ‘ ‚ ‘ P ‘ Z ‚ P Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 3 / 21

  4. Introduction They want a protocol A A B B that imitates a black box: A A F B B Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 4 / 21

  5. Impossibility in the bare model Problem: This is impossible to achieve only by communication (quantum or classical). Why? Because it’s impossible classically. We will assume that Alice and Bob can do classical two-party computation for free. Hallgren, Smith and Song (2011) have shown that classical ideal functionalities can be replaced by computationally secure protocols if the computational assumptions hold against quantum adversaries. What we show: Classical two-party computation ñ quantum two-party computation Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 5 / 21

  6. Previous work Quantum multiparty computation: Cr´ epeau, Gottesman, Smith 2002: At most n { 6 cheaters. Ben-Or, Cr´ epeau, Gottesman, Hassidim, Smith 2008: Strict honest majority. Us, CRYPTO2010: Two-party computation, but against “specious” (semi-honest) adversaries. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 6 / 21

  7. Brief detour: Security definition We define security via simulation Problem: Player who goes last has an unavoidable advantage: He can prevent the other from getting his output. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 7 / 21

  8. Security definition: Dishonest Alice Real protocol: Alice input output Bob Simulation with ideal functionality: Simulator 0/1 output input Ideal func. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 8 / 21

  9. Security definition: Dishonest Bob Real protocol: Alice input output Bob Simulation with ideal functionality: 1 input output Ideal func. Simulator Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operationAugust 23, 2012 9 / 21

  10. Baby version: semi-honest adversaries First, represent F as a sequence of the following gates: | 0 y X Y Z ˆ ˙ ˆ ˙ ˆ ˙ ´ i ˆ ˙ 0 1 0 1 0 1 ´ 1 1 0 i 0 0 0 ‚ H P R ‘ ˆ ˙ ˆ ˙ ˆ 1 ˙ 1 1 1 0 0 ¨ ˛ 1 0 0 0 1 ? e iπ { 4 ´ 1 i 2 1 0 0 0 1 0 0 ˚ ‹ ˚ ‹ 0 0 0 1 ˝ ‚ 0 0 1 0 Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 10 / 21

  11. Baby version: semi-honest adversaries Suppose the adversaries are semi-honest [us, CRYPTO’10]. Then the protocol is as follows: Encrypt all the inputs with a quantum one-time pad. For each gate in the circuit, execute a subprotocol that performs the gates and updates the keys. All the gates can be done without communication except: Non-local CNOT: Need classical communication R -gate (non-Clifford): Need one oblivious transfer. Use a perfect SWAP gate to exchange the keys at the end. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 11 / 21

  12. From semi-honest to full security We need a way to force a dishonest adversaries to follow the protocol Solution: Instead of just encrypting, we authenticate all the inputs and ancillas. We check the authentication at every step to ensure compliance with the protocol. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 12 / 21

  13. Authenticating quantum states Auth p k q Test p k q | ψ y Attack Pass/Fail Reference should be equivalent to Auth p k q Destroy? Test p k q | ψ y Pass/Fail Reference Attack Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 13 / 21

  14. Clifford-based QAS: the Clifford group [Aharonov, Ben-Or, Eban 2008] Pauli group: any tensor product of ✶ , X, Y, Z . Clifford group: U is Clifford if for any Pauli P , UPU ˚ is also Pauli. Need O p n 2 q bits to identify a Clifford operator. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 14 / 21

  15. Clifford-based QAS To authenticate | ψ y , do the following: | ψ y Clifford | 0 y n . (Key) . . qubits | 0 y To check, undo the Clifford and measure the ancillas. If we don’t get all | 0 y ’s, declare an error. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 15 / 21

  16. Swaddling: double authentication | ψ y | 0 y K a n Alice . . . . . . qubits | 0 y . . . . . . K b Bob | 0 y n . . . . . . qubits | 0 y Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 16 / 21

  17. Our protocol Swaddle all the inputs and commit to the keys. Generate extra | 0 y and ensure that they are correct. For each gate, run a classical protocol that tells Alice and Bob how to execute the gates and update the keys. Verify the authentication whenever necessary. Open commitments (i.e. reveal all keys). Problem gate: the R -gate, the only non-Clifford gate in our set. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 17 / 21

  18. The R gate We can reduce the R gate to Clifford operations by the following trick: | ψ y ‘ M ‚ | M y e iπ { 4 XP ˚ R | ψ y 1 2 p | 0 y ` e iπ { 4 | 1 yq (“magic state”). where | M y “ ? Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 18 / 21

  19. The R gate We need to generate a supply of | M y states at the beginning. Have one player generate a large number of them, and the other player tests a random sample of them and aborts if any errors are found. This ensures a low error rate. We then use a distillation protocol by Bravyi and Kitaev to distill a smaller number of good | M y states. Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 19 / 21

  20. Conclusion Classical two-party computation ñ Quantum two-party computation Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 20 / 21

  21. Thank you Thank you! Fr´ ed´ eric Dupuis Actively secure two-party evaluation of any quantum operation August 23, 2012 21 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
2 Our Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 Our Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 Our Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively manage a diversified portfolio of quality Australian property assets , delivering long term benefits For our Investors We are a secure , reliable

518 views • 32 slides
2 GPT Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 GPT Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 GPT Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively manage a diversified portfolio of quality Australian property assets , delivering long term benefits For our Investors We are a secure , reliable

820 views • 33 slides
New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning a

New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning a

New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning a ard 1 Daniel Escudero 1 Tore Frederiksen 2 Marcel Keller 3 Peter Scholl 1 Ivan Damg Nikolaj Volgushev 2 May 19, 2019 1 Aarhus University, Denmark 2

711 views • 32 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL Contents Whats the problem? Whats everyone up to? Are

527 views • 33 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views • 25 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School in Computer Science 2016 Overview Lecture 1: Introduction to Secure Two-Party Computation Lecture 2: Private Set Intersection Lecture 3: Tools

935 views • 67 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
Adapting to Climate Change (within a new economic framework) Picking up the pieces Todays menu

Adapting to Climate Change (within a new economic framework) Picking up the pieces Todays menu

LSE, March 2010 Adapting to Climate Change (within a new economic framework) Picking up the pieces Todays menu Introduction Economic Context Climate Context Solutions & Pathways to Scale Who? 1 Who, what, why

680 views • 42 slides
Exascale Failure Modeling with CoFaCTOR Co rrelated Fa ilure C onsultation T ool for O perational R

Exascale Failure Modeling with CoFaCTOR Co rrelated Fa ilure C onsultation T ool for O perational R

Exascale Failure Modeling with CoFaCTOR Co rrelated Fa ilure C onsultation T ool for O perational R eliability PIs: Dave Bonnie, Dominic Manno, Wendy Poole, Brad Settlemyer May 21, 2019 Managed by Triad National Security, LLC for the U.S.

128 views • 8 slides
AMath 483/583 Lecture 27 Notes: Outline: Random walk solution of Poisson problem

AMath 483/583 Lecture 27 Notes: Outline: Random walk solution of Poisson problem

AMath 483/583 Lecture 27 Notes: Outline: Random walk solution of Poisson problem Using MPI with subroutines Python plus Fortran: f2py Notes and Sample codes: Class notes: Random numbers Class notes: Poisson problem

242 views • 5 slides
rt r t r

rt r t r

trt t r Prt t r tr rt r t r ts

601 views • 44 slides
Scalable deniable group key establishment Kashi Neupane Rainer

Scalable deniable group key establishment Kashi Neupane Rainer

Scalable deniable group key establishment Kashi Neupane Rainer Steinwandt Adriana Surez Corona FPS 2012, Montreal, 25 October 2012 Outline IntroducDon

497 views • 23 slides
IEEE PES SUBSTATIONS COMMITTEE ANNUAL MEETING MONTREAL May 17 - 20, 2010 2010 Substations

IEEE PES SUBSTATIONS COMMITTEE ANNUAL MEETING MONTREAL May 17 - 20, 2010 2010 Substations

IEEE PES SUBSTATIONS COMMITTEE ANNUAL MEETING MONTREAL May 17 - 20, 2010 2010 Substations Committee Status Report 1 SUBSTATIONS COMMITTEE OFFICERS (2009 2010) Chair Hermann J. Koch Siemens Vice Chair John D. Randolph Pacific

873 views • 27 slides
Formal Reasoning for Quantum Programs Yuxin Deng East China Normal University Thanks to Yuan

Formal Reasoning for Quantum Programs Yuxin Deng East China Normal University Thanks to Yuan

Formal Reasoning for Quantum Programs Yuxin Deng East China Normal University Thanks to Yuan Feng and Mingsheng Ying Outline Background Preliminaries on quantum mechanics Equivalences for quantum processes Symbolic semantics An algorithm

1.4k views • 100 slides
Randomized Composable Coreset for Matching and Vertex Cover Sepehr Assadi University of

Randomized Composable Coreset for Matching and Vertex Cover Sepehr Assadi University of

Randomized Composable Coreset for Matching and Vertex Cover Sepehr Assadi University of Pennsylvania Joint work with Sanjeev Khanna (Penn) Sepehr Assadi (Penn) SPAA 2017 Massive Graphs Massive graphs abound in variety of applications: web

1.9k views • 161 slides

More recommend