Results 1 
5 of
5
Tight finitekey analysis for quantum cryptography
, 2011
"... Despite enormous theoretical and experimental progress in quantum cryptography, the security of most current implementations of quantum key distribution is still not rigorously established. one significant problem is that the security of the final key strongly depends on the number, M, of signals ex ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Despite enormous theoretical and experimental progress in quantum cryptography, the security of most current implementations of quantum key distribution is still not rigorously established. one significant problem is that the security of the final key strongly depends on the number, M, of signals exchanged between the legitimate parties. Yet, existing security proofs are often only valid asymptotically, for unrealistically large values of M. Another challenge is that most security proofs are very sensitive to small differences between the physical devices used by the protocol and the theoretical model used to describe them. Here we show that these gaps between theory and experiment can be simultaneously overcome by using a recently developed proof technique based on the uncertainty relation for smooth entropies.
Key recycling in authentication
, 2012
"... In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a onetime pad. They argue that because the onetime pad is perfectly hiding, the hash function used remai ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a onetime pad. They argue that because the onetime pad is perfectly hiding, the hash function used remains completely unknown to the adversary. Since their proof is not composable, we revisit it using a universally composable framework. It turns out that the above argument is insufficient: information about the hash function is in fact leaked in every round to the adversary, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small, and Wegman and Carter’s protocol is still εsecure, if εalmost strongly universal2 hash functions are used. This implies that the secret key corresponding to the choice of hash function can be recycled for any task without any additional error than this ε. We illustrate this by applying it to quantum key distribution (QKD): if the same hash function is recycled to authenticate the classical communication in every round of a QKD protocol, and used ℓ times per round, the total error after r rounds is upper bounded by r(ℓε + ε ′), where ε ′ is the error of one round of QKD given an authentic channel. 1