TY - JOUR
T1 - Device-independent quantum key distribution from computational assumptions
AU - Metger, Tony
AU - Dulek, Yfke
AU - Coladangelo, Andrea
AU - Arnon-Friedman, Rotem
N1 - Publisher Copyright: © 2021 The Author(s). Published by IOP Publishing Ltd on behalf of the Institute of Physics and Deutsche Physikalische Gesellschaft
PY - 2021/12
Y1 - 2021/12
N2 - In device-independent quantum key distribution (DIQKD), an adversary prepares a device consisting of two components, distributed to Alice and Bob, who use the device to generate a secure key. The security of existing DIQKD schemes holds under the assumption that the two components of the device cannot communicate with one another during the protocol execution. This is called the no-communication assumption in DIQKD. Here, we show how to replace this assumption, which can be hard to enforce in practice, by a standard computational assumption from post-quantum cryptography: we give a protocol that produces secure keys even when the components of an adversarial device can exchange arbitrary quantum communication, assuming the device is computationally bounded. Importantly, the computational assumption only needs to hold during the protocol execution—the keys generated at the end of the protocol are information-theoretically secure as in standard DIQKD protocols.
AB - In device-independent quantum key distribution (DIQKD), an adversary prepares a device consisting of two components, distributed to Alice and Bob, who use the device to generate a secure key. The security of existing DIQKD schemes holds under the assumption that the two components of the device cannot communicate with one another during the protocol execution. This is called the no-communication assumption in DIQKD. Here, we show how to replace this assumption, which can be hard to enforce in practice, by a standard computational assumption from post-quantum cryptography: we give a protocol that produces secure keys even when the components of an adversarial device can exchange arbitrary quantum communication, assuming the device is computationally bounded. Importantly, the computational assumption only needs to hold during the protocol execution—the keys generated at the end of the protocol are information-theoretically secure as in standard DIQKD protocols.
UR - http://www.scopus.com/inward/record.url?scp=85122540584&partnerID=8YFLogxK
U2 - 10.1088/1367-2630/ac304b
DO - 10.1088/1367-2630/ac304b
M3 - مقالة
SN - 1367-2630
VL - 23
JO - New journal of physics.
JF - New journal of physics.
IS - 12
M1 - 123021
ER -