Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Robust Quantum Public-Key Encryption with Applications to Quantum Key Distribution

Giulio Malavolta, Michael Walter

TL;DR

The paper establishes that two-message quantum key distribution with everlasting security is possible under the assumption of quantum-secure one-way functions by introducing a robust quantum public-key encryption framework. It provides two QPKE instantiations—one achieving everlasting security with a single public key copy and another offering computational security with multiple copies—then leverages these to construct a two-message QKD protocol where only the first message is quantum. A central technical component is a QPKE design built on one-time signatures and, in the computational variant, a PRF derived from a quantum-secure one-way function; the security arguments proceed via careful hybrid reductions and a no-forgery property of the signature scheme. The work also discusses attacker models, open problems (notably noise tolerance and qubit-by-qubit implementations), and situates itself relative to concurrent results, highlighting its contributions to round-optimal QKD and cryptographic design with certified properties over quantum channels.

Abstract

Quantum key distribution (QKD) allows Alice and Bob to agree on a shared secret key, while communicating over a public (untrusted) quantum channel. Compared to classical key exchange, it has two main advantages: (i) The key is unconditionally hidden to the eyes of any attacker, and (ii) its security assumes only the existence of authenticated classical channels which, in practice, can be realized using Minicrypt assumptions, such as the existence of digital signatures. On the flip side, QKD protocols typically require multiple rounds of interactions, whereas classical key exchange can be realized with the minimal amount of two messages using public-key encryption. A long-standing open question is whether QKD requires more rounds of interaction than classical key exchange. In this work, we propose a two-message QKD protocol that satisfies everlasting security, assuming only the existence of quantum-secure one-way functions. That is, the shared key is unconditionally hidden, provided computational assumptions hold during the protocol execution. Our result follows from a new construction of quantum public-key encryption (QPKE) whose security, much like its classical counterpart, only relies on authenticated classical channels.

Robust Quantum Public-Key Encryption with Applications to Quantum Key Distribution

TL;DR

The paper establishes that two-message quantum key distribution with everlasting security is possible under the assumption of quantum-secure one-way functions by introducing a robust quantum public-key encryption framework. It provides two QPKE instantiations—one achieving everlasting security with a single public key copy and another offering computational security with multiple copies—then leverages these to construct a two-message QKD protocol where only the first message is quantum. A central technical component is a QPKE design built on one-time signatures and, in the computational variant, a PRF derived from a quantum-secure one-way function; the security arguments proceed via careful hybrid reductions and a no-forgery property of the signature scheme. The work also discusses attacker models, open problems (notably noise tolerance and qubit-by-qubit implementations), and situates itself relative to concurrent results, highlighting its contributions to round-optimal QKD and cryptographic design with certified properties over quantum channels.

Abstract

Quantum key distribution (QKD) allows Alice and Bob to agree on a shared secret key, while communicating over a public (untrusted) quantum channel. Compared to classical key exchange, it has two main advantages: (i) The key is unconditionally hidden to the eyes of any attacker, and (ii) its security assumes only the existence of authenticated classical channels which, in practice, can be realized using Minicrypt assumptions, such as the existence of digital signatures. On the flip side, QKD protocols typically require multiple rounds of interactions, whereas classical key exchange can be realized with the minimal amount of two messages using public-key encryption. A long-standing open question is whether QKD requires more rounds of interaction than classical key exchange. In this work, we propose a two-message QKD protocol that satisfies everlasting security, assuming only the existence of quantum-secure one-way functions. That is, the shared key is unconditionally hidden, provided computational assumptions hold during the protocol execution. Our result follows from a new construction of quantum public-key encryption (QPKE) whose security, much like its classical counterpart, only relies on authenticated classical channels.
Paper Structure (30 sections, 7 theorems, 46 equations)

This paper contains 30 sections, 7 theorems, 46 equations.

Table of Contents

  1. Introduction
  2. Our Results
  3. Everlasting Security.
  4. Concurrent Work
  5. Open Problems
  6. Overview of the Solution
  7. Constructing QPKE.
  8. From QPKE to QKD.
  9. Organization of this Paper
  10. Preliminaries
  11. Quantum Information
  12. Quantum Algorithms.
  13. Distinguishing Implies Swapping.
  14. Information Theory
  15. Pseudorandom Functions
  16. ...and 15 more sections

Key Result

Theorem 2.1

Let $\ket{\Psi}$ and $\ket{\Phi}$ be orthogonal $n$-qubit states, and suppose that a QPT distinguisher $\mathcal{A}_\lambda$ distinguishes $\ket{\Psi}$ and $\ket{\Phi}$ with advantage $\delta$ without using any ancilla qubits. Then, there exists a polynomial-time computable unitary $U$ over $n$-qubi Moreover, if $\mathcal{A}_\lambda$ does not act on some qubits, then $U$ also does not act on those

Theorems & Definitions (25)

  • Theorem 2.1: Distinguishing Implies Swapping distswap
  • Definition 2.2: Average Conditional Min-Entropy
  • Definition 2.3: Extractor
  • Lemma 2.4: Leftover Hash Lemma
  • Definition 2.5: One-Time Signature
  • Definition 2.6: Strong Existential Unforgeability
  • Lemma 2.7
  • proof
  • Definition 3.1: QPKE
  • Definition 3.2: Everlasting Security
  • ...and 15 more