Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Noise-Tolerant Quantum Tokens for MAC

Amit Behera, Or Sattath, Uriel Shinar

TL;DR

The paper develops noise-tolerant tokenized MACs (TMACs) based on BB84-like conjugate coding, enabling limited, revocable signing with quantum tokens. It introduces a 1-bit, noise-tolerant CTMAC construction CTMAC^η, proves unforgeability against single-token attacks, and shows a lifting framework to full-length TMACs that preserve noise tolerance under post-quantum one-way function assumptions. The security analysis combines reductions to Quantum Encryption with Certified Deletion and weak certified deletion SDP bounds, yielding a 14% noise-tolerant instantiation (CTMAC^0.07) with existential unforgeability. The work further connects TMACs to practical applications like one-time memories in stateless hardware and private quantum money, and discusses fundamental limits such as the impossibility of unconditional security for polynomial tokens. Overall, the results bring practical, noise-resilient quantum signing tokens closer to feasibility while clarifying the computational assumptions and the scope of applicability to quantum money and memory devices.

Abstract

Message Authentication Code or MAC, is a well-studied cryptographic primitive that is used in order to authenticate communication between two parties sharing a secret key. A Tokenized MAC or TMAC is a related cryptographic primitive, introduced by Ben-David & Sattath (QCrypt'17) which allows limited signing authority to be delegated to third parties via the use of single-use quantum signing tokens. These tokens can be issued using the secret key, such that each token can be used to sign at most one document. We provide an elementary construction for TMAC based on BB84 states. Our construction can tolerate up to 14% noise, making it the first noise-tolerant TMAC construction. The simplicity of the quantum states required for our construction combined with its noise tolerance, makes it practically more feasible than the previous TMAC construction. The TMAC is existentially unforgeable against adversaries with signing and verification oracles (i.e., analogous to EUF-CMA security for MAC), assuming post-quantum one-way functions exist.

Noise-Tolerant Quantum Tokens for MAC

TL;DR

The paper develops noise-tolerant tokenized MACs (TMACs) based on BB84-like conjugate coding, enabling limited, revocable signing with quantum tokens. It introduces a 1-bit, noise-tolerant CTMAC construction CTMAC^η, proves unforgeability against single-token attacks, and shows a lifting framework to full-length TMACs that preserve noise tolerance under post-quantum one-way function assumptions. The security analysis combines reductions to Quantum Encryption with Certified Deletion and weak certified deletion SDP bounds, yielding a 14% noise-tolerant instantiation (CTMAC^0.07) with existential unforgeability. The work further connects TMACs to practical applications like one-time memories in stateless hardware and private quantum money, and discusses fundamental limits such as the impossibility of unconditional security for polynomial tokens. Overall, the results bring practical, noise-resilient quantum signing tokens closer to feasibility while clarifying the computational assumptions and the scope of applicability to quantum money and memory devices.

Abstract

Message Authentication Code or MAC, is a well-studied cryptographic primitive that is used in order to authenticate communication between two parties sharing a secret key. A Tokenized MAC or TMAC is a related cryptographic primitive, introduced by Ben-David & Sattath (QCrypt'17) which allows limited signing authority to be delegated to third parties via the use of single-use quantum signing tokens. These tokens can be issued using the secret key, such that each token can be used to sign at most one document. We provide an elementary construction for TMAC based on BB84 states. Our construction can tolerate up to 14% noise, making it the first noise-tolerant TMAC construction. The simplicity of the quantum states required for our construction combined with its noise tolerance, makes it practically more feasible than the previous TMAC construction. The TMAC is existentially unforgeable against adversaries with signing and verification oracles (i.e., analogous to EUF-CMA security for MAC), assuming post-quantum one-way functions exist.

Paper Structure

This paper contains 50 sections, 39 theorems, 84 equations, 2 figures, 1 table, 12 algorithms.

Table of Contents

  1. Introduction
  2. Notions of Security.
  3. Our Contributions.
  4. Construction.
  5. Proof Techniques.
  6. Related Works.
  7. Organization.
  8. Notations and Definitions
  9. Notations
  10. Tokens for MAC
  11. Definition and Correctness
  12. Notions of Security
  13. Sabotage Attacks
  14. Main Result
  15. Construction of a 1-Restricted TMAC Based on Conjugate Coding States
  16. ...and 35 more sections

Key Result

Theorem 1

LetThe value of $\alpha$ was computed numerically, the numerical error was relatively large and differed between engines (of magnitude $10^{-5}$ on the "sedumi" solver and $10^{-3}$ on the "SDPT3" solver), leaving some room for doubt if $\alpha$ is exactly $\cos^2(\frac{\pi}{8})$, or a slightly larg

Figures (2)

  • Figure 1: The above diagram summarizes the main stages of the proof of \ref{['thm:Pi^t_W is secure']}.
  • Figure 2: The above diagram summarizes the expansion to a full blown scheme showing the different steps in our construction and the reductions in the security proofs. Each node represents a result, and two arrows arising from two different nodes pointing at the same destination node means that the results in the two nodes together imply the result in the destination node. For any $\eta\leq0.07$, all the $\mathsf{TMAC}\xspace$ schemes in the diagram above are $2c\eta\textit{-}\mathsf{noise}\textit{-}\mathsf{tolerant}\xspace$, for every $0\leq c<1$. The bolded arrow is the main technical novelty of this work, and is expanded upon in \ref{['fig:proof idea']}.

Theorems & Definitions (86)

  • Theorem 1
  • Definition 1: Tokenized MAC
  • Definition 2: Length-Restricted $\Tmac$
  • Definition 3: Noise model $\mathsf{Noise(p)}\xspace$
  • Definition 4: Noise-tolerant scheme and noise-tolerance preserving lift
  • Definition 5
  • Definition 6
  • Theorem 1
  • proof
  • Proposition 1
  • ...and 76 more