# Nonmalleable encryption of quantum information

@article{Ambainis2009NonmalleableEO, title={Nonmalleable encryption of quantum information}, author={Andris Ambainis and Jan Bouda and Andreas J. Winter}, journal={Journal of Mathematical Physics}, year={2009}, volume={50}, pages={042106} }

We introduce the notion of nonmalleability of a quantum state encryption scheme (in dimension d): in addition to the requirement that an adversary cannot learn information about the state, here we demand that no controlled modification of the encrypted state can be effected. We show that such a scheme is equivalent to a unitary 2-design [Dankert, et al., e-print arXiv:quant-ph/0606161], as opposed to normal encryption which is a unitary 1-design. Our other main results include a new proof of…

## 27 Citations

### Quantum Non-malleability and Authentication

- Computer Science, MathematicsCRYPTO
- 2017

It is proved that quantum non-malleability implies secrecy; this is in stark contrast to the classical setting, where the two properties are completely independent.

### Unforgeable Quantum Encryption

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

The problem of encrypting and authenticating quantum data in the presence of adversaries making adaptive chosen plaintext and chosen ciphertext queries is studied, and a new definition of one-time quantum authentication is given which authenticates ciphertexts rather than plaintexts.

### Pseudo-randonmess and Learning in Quantum Computation

- Mathematics, Computer Science
- 2009

It is shown that for a natural model of a random quantum circuit, the distribution of random circuits quickly converges to a 2-design, and many large deviation bound results for Haar random unitaries carry over to k-designs for k = poly(n).

### Weak approximate unitary designs and applications to quantum encryption

- MathematicsQuantum
- 2020

This work gives a partially derandomized construction of a quantum encryption scheme that has roughly the same key size and security as the quantum one-time pad, but possesses the additional property of being non-malleable against adversaries without quantum side information.

### Quantum private broadcasting

- Computer SciencePhysical Review A
- 2022

This work gives three solutions to t-recipient Quantum Private Broadcasting (t-QPB) and compares them in terms of key lengths, and shows that the key length can be decreased to be logarithmic in t by using unitary t-designs.

### Characterization of the Relations between Information-Theoretic Non-malleability, Secrecy, and Authenticity

- Computer Science, MathematicsICITS
- 2011

It is shown that information-theoretic perfect non-malleability is equivalent to perfect secrecy of two different messages, which implies that for n-bit messages a shared secret key of length roughly 2n is necessary to achieve non-Malleability, which meets the previously known upper bound.

### Catalytic Quantum Randomness

- Computer SciencePhysical Review X
- 2018

This work investigates how much randomness is required to transform a given quantum state into another one and finds that in order to implement any noisy transition on a $d$-dimensional quantum system it is necessary and sufficient to have a quantum source of randomness of dimension d or a classical one of dimension $d$.

### Non-malleability for quantum public-key encryption

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work generalizes one of the equivalent classical definitions, comparison-based non-malleability, and shows how it can be fulfilled in the setting of quantum public-key encryption.

### The Clifford group fails gracefully to be a unitary 4-design

- Mathematics
- 2016

A unitary t-design is a set of unitaries that is "evenly distributed" in the sense that the average of any t-th order polynomial over the design equals the average over the entire unitary group. In…

### Block encryption of quantum messages

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

Block encryption is a fundamental cryptographic primitive in modern cryptography. However, it is impossible for block encryption to achieve the same security as one-time pad. Quantum mechanics has…

## References

SHOWING 1-10 OF 22 REFERENCES

### Randomizing Quantum States: Constructions and Applications

- Computer Science
- 2004

It is shown that there exists a set of roughly d’log d unitary operators whose average effect on every input pure state is almost perfectly randomizing, as compared to the d2 operators required to randomize perfectly.

### Authentication of quantum messages

- Computer ScienceThe 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings.
- 2002

A non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m+s qubits, where the error probability decreases exponentially in the security parameter s, and a lower bound of 2m key bits for authenticating m qubits is given, which makes the protocol asymptotically optimal.

### Unconditionally secure key distribution in higher dimensions by depolarization

- Computer ScienceIEEE Transactions on Information Theory
- 2005

This paper presents a prepare-and-measure scheme using N-dimensional quantum particles as information carriers where N is a prime power and proves that this scheme is unconditionally secure against all attacks allowed by the laws of quantum physics.

### Small Pseudo-random Families of Matrices: Derandomizing Approximate Quantum Encryption

- Computer ScienceAPPROX-RANDOM
- 2004

A quantum encryption scheme (also called private quantum channel, or state randomization protocol) is a one-time pad for quantum messages that leaks a non-zero (though small) amount of information but require a shorter shared random key.

### Nonmalleable Cryptography

- Computer Science, MathematicsSIAM Rev.
- 2000

The cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.

### Approximate Randomization of Quantum States With Fewer Bits of Key

- Computer Science, Mathematics
- 2006

An improved, efficient construction of an approximately randomizing map that uses O(d/epsilon^2) Pauli operators to map any d-dimensional state to a state that is within trace distance epsilon of the completely mixed state.

### Quantum error correction via codes over GF(4)

- Computer Science, PhysicsProceedings of IEEE International Symposium on Information Theory
- 1997

In the present paper the problem of finding quantum-error-correcting codes is transformed into one of finding additive codes over the field GF(4) which are self-orthogonal with respect to a certain trace inner product.

### Private quantum channels

- Computer ScienceProceedings 41st Annual Symposium on Foundations of Computer Science
- 2000

It is shown that in order to transmit n qubits privately, 2n bits of shared private key are necessary and sufficient and may be viewed as the quantum analogue of the classical one-time pad encryption scheme.

### Exact and approximate unitary 2-designs and their application to fidelity estimation

- Mathematics
- 2009

We develop the concept of a unitary $t$-design as a means of expressing operationally useful subsets of the stochastic properties of the uniform (Haar) measure on the unitary group $U({2}^{n})$ on…

### Strong converse for identification via quantum channels

- MathematicsIEEE Trans. Inf. Theory
- 2002

We present a simple proof of the strong converse for identification via discrete memoryless quantum channels, based on a novel covering lemma. The new method is a generalization to quantum…