Quantum cryptography beyond quantum key distribution

设为首页

收藏本站

网站地图 | English | 公务邮箱

About the library

Background
History
Leadership
Organization

Readers' Guide

Opening Hours
Collections
Help Via Email

Publications

Electronic Information Resources

Quantum cryptography beyond quantum key distribution

详细信息查看全文

作者：Anne Broadbent ; Christian Schaffner
关键词：Conjugate coding ; Delegated quantum computation ; Limited ; quantum ; storage models ; Quantum money ; Quantum two ; party computation ; Survey ; 94A60 ; 81P94
刊名：Designs, Codes and Cryptography
出版年：2016
出版时间：January 2016
年：2016
卷：78
期：1
页码：351-382
全文大小：801 KB
参考文献：1.Aaronson S.: Quantum copy-protection and quantum money. In: CCC 2009, pp. 229–242 (2009). doi:10.1109/CCC.2009.42 .
2.Aaronson S., Christiano P.: Quantum money from hidden subspaces. In: STOC 2012, pp. 41–60 (2012). doi:10.1145/2213977.2213983 .
3.Aaronson S., Farhi E., Gosset D., Hassidim A., Kelner J., Lutomirski A.: Quantum money. Commun. ACM, 55(8), 84–92 (2012). doi:10.1145/2240236.2240258 .
4.Aharonov D., Ta-Shma A., Vazirani U., Yao A.: Quantum bit escrow. In: STOC 2000, pp. 705–714 (2000). doi:10.1145/335305.335404 .
5.Aharonov D., Ben-Or M., Eban E.: Interactive proofs for quantumcomputations. In: ICS 2010, pp. 453–469 (2010). arXiv:0810.5375 .
6.Aharonov D., Chailloux A., Ganz M., Kerenidis I., Magnin L.: A simpler proof of existence of quantum weak coin flipping with arbitrarily small bias (2014). arXiv:1402.7166 .
7.Ajtai M.: Generating hard instances of lattice problems. In: STOC 1996, pp. 99–108 (1996). doi:10.1145/237814.237838 .
8.Alléaume R., Branciard C., Bouda J., Debuisschert T., Dianati M., Gisin N., Godfrey M., Grangier P., Länger T., Lütkenhaus N., Monyk P.P.C., Peev M., Poppe A., Pornin T., Rarity J., Renner R., Ribordy G., Riguidel M., Salvail L., Shields A., Weinfurter H., Zeilinger A.: Using quantum key distribution for cryptographic purposes: a survey. Theor. Comput. Sci. 560, 62–81 (2014). doi:10.1016/j.tcs.2014.09.018 .
9.Ambainis A., Mosca M., Tapp A., de Wolf R.: Private quantum channels. In: FOCS 2000, pp. 547–553 (2000). doi:10.1109/SFCS.2000.892142 .
10.Ambainis A., Buhrman H., Dodis Y., Röhrig H.: Multiparty quantum coin flipping. In: CCC 2004, pp. 250–259 (2004). http://dl.acm.org/citation.cfm?id=1009561 .
11.Ambainis A., Rosmanis A., Unruh D.: Quantum attacks on classical proof systems: the hardness of quantum rewinding. In: FOCS 2014, pp. 474–483 (2014). doi:10.1109/FOCS.2014.57 .
12.Arrighi P., Salvail L.: Blind quantum computation. Int. J. Quantum Inf. 4(5), 883–898 (2006). doi:10.1142/S0219749906002171 .
13.Bacon D., van Dam W.: Recent progress in quantum algorithms. Commun. ACM 53(2), 84–93 (2010). doi:10.1145/1646353.1646375 .
14.Barak B., Goldreich O., Impagliazzo R., Rudich S., Sahai A., Vadhan S., Yang K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6:1–6:48 (2012). doi:10.1145/2160158.2160159 .
15.Barnum H., Crépeau C., Gottesman D., Smith A., Tapp A.: Authentication of quantum messages. In: FOCS 2002, pp. 449–458 (2002). doi:10.1109/SFCS.2002.1181969 .
16.Barrett J., Hardy L., Kent A.: No signaling and quantum key distribution. Phys. Rev. Lett. 95(1), 010503 (2005). doi:10.1103/physrevlett.95.010503 .
17.Barz S., Kashefi E., Broadbent A., Fitzsimons J.F., Zeilinger A., Walther P.: Demonstration of blind quantum computing. Science 335(6066), 303–308 (2012). doi:10.1126/science.1214707 .
18.Barz S., Fitzsimons J.F., Kashefi E., Walther P.: Experimental verification of quantum computation. Nat. Phys. 9(11), 727–731 (2013). doi:10.1038/nphys2763 .
19.Beigi S., König R.: Simplified instantaneous non-local quantum computation with applications to position-based cryptography. New J. Phys. 13(9), 093036 (2011). doi:10.1088/1367-2630/13/9/093036 .
20.Bell J.S.: On the Einstein-Podolsky-Rosen paradox. Physics 1, 195–200 (1964). http://cds.cern.ch/record/111654/files/vol1p195-200_001.pdf .
21.Ben-Or M., Goldwasser S., Kilian J., Widgerson A.: Multi-prover interactive proofs: how to remove intractability assumptions. In: STOC 1988, pp. 113–131 (1988). doi:10.1145/62212.62223 .
22.Ben-Or M., Crépeau C., Gottesman D., Hassidim A., Smith A.: Secure multiparty quantum computation with (only) a strict honest majority. In: FOCS 2006, pp. 249–260 (2006). doi:10.1109/FOCS.2006.68 .
23.Bennett C.H.: Quantum cryptography: uncertainty in the service of privacy. Science 257(5071), 752–753 (1992). doi:10.1126/science.257.5071.752 .
24.Bennett C.H., Brassard G.: Quantum cryptography: public key distribution and coin tossing. In: International Conference on Computers, Systems and Signal Processing, pp. 175–179 (1984).
25.Bennett C.H., Brassard G.: Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014). doi:10.1016/j.tcs.2014.05.025 .
26.Bennett C.H., Brassard G., Breidbart S., Wiesner S.: Quantum cryptography, or unforgeable subway tokens. In: CRYPTO 1982, pp. 267–275 (1982). doi:10.1007/978-1-4757-0602-4_26 .
27.Bennett C.H., Bessette F., Brassard G., Salvail L., Smolin J.: Experimental quantum cryptography. J. Cryptol. 5(1), 3–28 (1992). doi:10.1007/bf00191318 .
28.Bennett C.H., Brassard G., Mermin N.D.: Quantum cryptography without Bell’s theorem. Phys. Rev. Lett. 68(5), 557–559 (1992). doi:10.1103/physrevlett.68.557 .
29.Bennett C.H., Brassard G., Crépeau C., Skubiszewska M.-H.: Practical quantum oblivious transfer. In: CRYPTO 1991, pp. 351–366 (2001). doi:10.1007/3-540-46766-1_29 .
30.Bennett C.H., Brassard G., Breidbart S.: Quantum cryptography ii: how to re-use a one-time pad safely even if P=NP. Nat. Comput. 13(4), 453–458 (2014). doi:10.1007/s11047-014-9453-6 .
31.Berlín G., Brassard G., Bussières F., Slater J.A., Tittel W.: Experimental loss-tolerant quantum coin flipping. Nat. Commun. 2, 561 (2011). doi:10.1038/ncomms1572 .
32.Bernstein D.J., Buchmann J., Dahmen E. (eds.): Post-quantum Cryptography. Springer, Berlin (2009). doi:10.1007/978-3-540-88702-7 .
33.Bernstein D.J., Jeffery S., Lange T., Meurer A.: Quantum algorithms for the subset-sum problem. In: PQCrypto 2013, pp. 16–33 (2013). doi:10.1007/978-3-642-38616-9_2 .
34.Berta M., Brandão F.G.S.L., Christandl M., Wehner S.: Entanglement cost of quantum channels. IEEE Trans. Inf. Theory 59(10), 6779–6795 (2013). doi:10.1109/TIT.2013.2268533 .
35.Berta M., Fawzi O., Wehner S.: Quantum to classical randomness extractors. IEEE Trans. Inf. Theory 60(2), 1168–1192 (2014). doi:10.1109/TIT.2013.2291780 .
36.Blum M.: Coin flipping by telephone a protocol for solving impossible problems. ACM SIGACT News 15(1), 23–27 (1983). doi:10.1145/1008908.1008911 .
37.Boneh D., Zhandry M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: CRYPTO 2013, pp. 361–379 (2013). doi:10.1007/978-3-642-40084-1_21 .
38.Boneh D., Dagdelen Ö., Fischlin M., Lehmann A., Schaffner C., Zhandry M.: Random oracles in a quantum world. In: ASIACRYPT 2011, pp. 41–69 (2011). doi:10.1007/978-3-642-25385-0_3 .
39.Bouman N.J., Fehr S., González-Guillén C., Schaffner C.: An all-but-one entropic uncertainty relation, and application to password-based identification. In: TQC 2012, pp. 29–44 (2013).doi:10.1007/978-3-642-35656-8_3 .
40.Boyer M., Brassard G., Høyer P., Tapp A.: Tight bounds on quantum searching. Fortsch. Phys. 46(4–5), 493–505 (1998). doi:10.1002/(sici)1521-3978(199806)46:4/5\(<\) 3.0.co;2-p.
41.Boykin P.O., Roychowdhury V.: Optimal encryption of quantum bits. Phys. Rev. A 67(4), 042317 (2003). doi:10.1103/PhysRevA.67.042317 .
42.Brands S., Chaum D.: Distance-bounding protocols. In: EUROCRYPT 1993, pp. 344–359 (1993). doi:10.1007/3-540-48285-7_30 .
43.Brassard G.: Brief history of quantum cryptography: a personal perspective. In: IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, pp. 19–23 (2005). doi:10.1109/ITWTPI.2005.1543949 .
44.Brassard G., Crépeau C.: Quantum bit commitment and coin tossing protocols. In: CRYPTO 1990, pp. 49–61 (1991). doi:10.1007/3-540-38424-3_4 .
45.Brassard G., Crépeau C.: 25 years of quantum cryptography. ACM SIGACT News 27(3), 13–24 (1996). doi:10.1145/235666.235669 .
46.Brassard G., Crépeau C., Jozsa R., Langlois D.: A quantum bit commitment scheme provably unbreakable by both parties. In: FOCS 1993, pp. 362–371 (1993). doi:10.1109/SFCS.1993.366851 .
47.Brassard G., Crépeau C., Mayers D., Salvail L.: A brief review on the impossibility of quantum bit commitment (1997). arXiv:quant-ph/9712023 .
48.Brassard G., Høyer P., Mosca M., Tapp A.: Quantum amplitude amplification and estimation. Quantum Comput. Quantum Inf. 305, 53–74 (2000). arXiv:quant-ph/0005055 .
49.Brassard G., Broadbent A., Fitzsimons J., Gambs S., Tapp A.: Anonymous quantum communication. In: ASIACRYPT 2007, vol. 4833, pp. 460–473 (2007). doi:10.1007/978-3-540-76900-2_28 .
50.Brassard G., Høyer P., Kalach K., Kaplan M., Laplante S., Salvail L.: Merkle puzzles in a quantum world. In: CRYPTO 2011, pp. 391–410 (2011). doi:10.1007/978-3-642-22792-9_22 .
51.Broadbent A.: Delegating private quantum computations. Can. J. Phys. 93(9), 941–946 (2015). doi:10.1139/cjp-2015-0030 .
52.Broadbent A., Jeffery S.: Quantum homomorphic encryption for circuits of low T-gate complexity. In: CRYPTO 2015, pp. 609–629 (2015). doi:10.1007/978-3-662-48000-7_30 .
53.Broadbent A., Fitzsimons J., Kashefi E.: Universal blind quantum computation. In: FOCS 2009, pp. 517–526 (2009). doi:10.1109/FOCS.2009.36 .
54.Broadbent A., Gutoski G., Stebila D.: Quantum one-time programs. In: CRYPTO 2013, pp. 344–360 (2013). doi:10.1007/978-3-642-40084-1_20 .
55.Brodutch A., Nagaj D., Sattath O., Unruh D.: An adaptive attack on Wiesner’s quantum money (2014). arXiv:1404.1507 .
56.Bruß D., Erdélyi G., Meyer T., Riege T., Rothe J.: Quantum cryptography: a survey. CSUR 39(2), 6 (2007). doi:10.1145/1242471.1242474 .
57.Buhrman H., Christandl M., Hayden P., Lo H.-K., Wehner S.: Possibility, impossibility, and cheat sensitivity of quantum-bit string commitment. Phys. Rev. A 78(2), 022316 (2008). doi:10.1103/physreva.78.022316 .
58.Buhrman H., Christandl M., Schaffner C.: Complete insecurity of quantum protocols for classical two-party computation. Phys. Rev. Lett. 109(16), 160501 (2012). doi:10.1103/physrevlett.109.160501 .
59.Buhrman H., Fehr S., Schaffner C., Speelman F.: The garden-hose model. In: ITCS 2013, pp. 145–158 (2013). doi:10.1145/2422436.2422455 .
60.Buhrman H., Chandran N., Fehr S., Gelles R., Goyal V., Ostrovsky R., Schaffner C.: Position-based quantum cryptography: impossibility and constructions. SIAM J. Comput. 43(1), 150–178 (2014). doi:10.1137/130913687 .
61.Bussard L.: Trust establishment protocols for communicating devices. PhD Thesis, Eurecom-ENST. (2004). http://www.eurecom.fr/publication/1519 .
62.Cachin C., Maurer U.: Unconditional security against memory-bounded adversaries. In: CRYPTO 1997, pp. 292–306 (1997). doi:10.1007/BFb0052243 .
63.Canetti R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145 (2001). doi:10.1109/SFCS.2001.959888 .
64.Capkun S., Hubaux J.-P.: Secure positioning of wireless devices with application to sensor networks. In: INFOCOM 2005, pp. 1917–1928 (2005). doi:10.1109/INFCOM.2005.1498470 .
65.Čapkun S., Čagalj M., Srivastava M.: Secure localization with hidden and mobile base stations. In: INFOCOM 2006, pp. 1–10 (2006). doi:10.1109/INFOCOM.2006.302 .
66.Chailloux A., Kerenidis I.: Optimal quantum strong coin flipping. In: FOCS 2009, pp. 527–533 (2009). doi:10.1109/FOCS.2009.71 .
67.Chailloux A., Kerenidis I.: Optimal bounds for quantum bit commitment. In: FOCS 2011, pp. 354–362. (2011). doi:10.1109/FOCS.2011.42 .
68.Chandran N., Fehr S., Gelles R., Goyal V., Ostrovsky R.: Position-based quantum cryptography (2010). arXiv:1005.1750 .
69.Chandran N., Goyal V., Moriarty R., Ostrovsky R.: Position based cryptography. In: CRYPTO 2009, pp. 391–407 (2009). doi:10.1007/978-3-642-03356-8_23 .
70.Childs A.M.: Secure assisted quantum computation. Quantum Inf. Comput. 5(6), 456–466 (2005). arXiv:quant-ph/0111046 .
71.Childs A., Jao D., Soukharev V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1–29 (2013). doi:10.1515/jmc-2012-0016 .
72.Chiribella G., D’Ariano G.M., Perinotti P., Schlingemann D., Werner R.: A short impossibility proof of quantum bit commitment. Phys. Rev. Lett. 377(15), 1076–1087 (2013). doi:10.1016/j.physleta.2013.02.045 .
73.Chiu W.Y., Szegedy M., Wang C., Xu Y.: The garden hose complexity for the equality function. In: Algorithmic Aspects of Information and Management, pp. 112–123 (2014). doi:10.1007/978-3-319-07956-1_11 .
74.Christandl M., Wehner S.: Quantum anonymous transmissions. In: ASIACRYPT 2005, pp. 217–235 (2005). doi:10.1007/11593447_12 .
75.Christensen B.G., McCusker K.T., Altepeter J.B., Calkins B., Gerrits T., Lita A.E., Miller A., Shalm L.K., Zhang Y., Nam S.W., Brunner N., Lim C.C.W., Gisin, N., Kwiat, P.G.: Detection-loophole-free test of quantum nonlocality, and applications. Phys. Rev. Lett. 111(13), 130406 (2013). doi:10.1103/physrevlett.111.130406 .
76.Clauser J.F., Horne M.A., Shimony A., Holt R.A.: Proposed experiment to test local hidden-variable theories. Phys. Rev. Lett. 23(15), 880–884 (1969). doi:10.1103/PhysRevLett.23.880 .
77.Cleve R., Gottesman D., Lo H.-K.: How to share a quantum secret. Phys. Rev. Lett. 83(3), 648–651 (1999). doi:10.1103/PhysRevLett.83.648 .
78.Colbeck R.: Quantum and relativistic protocols for secure multi-party computation. PhD Thesis, University of Cambridge, UK (2006). arXiv:0911.3814 .
79.Colbeck R.: Impossibility of secure two-party classical computation. Phys. Rev. A 76(6), 062308 (2007). doi:10.1103/physreva.76.062308 .
80.Colbeck R., Renner R.: Free randomness can be amplified. Nat. Phys. 8, 450–453 (2012). doi:10.1038/nphys2300 .
81.Crépeau C.: Equivalence between two flavours of oblivious transfers. In: CRYPTO 1987, pp. 350–354 (1988). doi:10.1007/3-540-48184-2_30 .
82.Crépeau C., Kilian J.: Achieving oblivious transfer using weakened security assumptions. In: FOCS 1988, pp. 42–52 (1988). doi:10.1109/SFCS.1988.21920 .
83.Crépeau C., Savvides G., Schaffner C., Wullschleger J.: Information-theoretic conditions for two-party secure function evaluation. In: EUROCRYPT 2006, pp. 538–554 (2006). doi:10.1007/11761679_32 .
84.Crépeau C., Salvail L., Simard J.-R., Tapp A.: Two provers in isolation. In: ASIACRYPT 2011, pp. 407–430 (2011). doi:10.1007/978-3-642-25385-0_22 .
85.Damgård I., Fehr S., Salvail L.: Zero-knowledge proofs and string commitments withstanding quantum attacks. In: CRYPTO 2004, pp. 254–272 (2004).
86.Damgård I., Fehr S., Salvail L., Schaffner C.: Cryptography in the bounded quantum-storage model. In: FOCS 2005, pp. 449–458 (2005). doi:10.1109/SFCS.2005.30 .
87.Damgård I., Pedersen T.B., Salvail L.: A quantum cipher with near optimal key-recycling. In: CRYPTO 2005, pp. 494–510 (2005). doi:10.1007/11535218_30 .
88.Damgård I.B., Fehr S., Renner R., Salvail L., Schaffner C.: A tight high-order entropic quantum uncertainty relation with applications. In: CRYPTO 2007, pp. 360–378 (2007). doi:10.1007/978-3-540-74143-5_20 .
89.Damgård I.B., Fehr S., Salvail L., Schaffner C.: Secure identification and QKD in the bounded-quantum-storage model. In: CRYPTO 2007, vol. 4622, pp. 342–359 (2007). doi:10.1007/978-3-540-74143-5_19 .
90.Damgård I.B., Fehr S., Salvail L., Schaffner C.: Cryptography in the bounded-quantum-storage model. SIAM J. Comput. 37(6), 1865–1890 (2008). doi:10.1137/060651343 .
91.Damgård I., Fehr S., Lunemann C., Salvail L., Schaffner C.: Improving the security of quantum protocols via commit-and-open. In: CRYPTO 2009, pp. 408–427 (2009). doi:10.1007/978-3-642-03356-8_24 .
92.Damgård I., Funder J., Nielsen J.B., Salvail L.: Superposition attacks on cryptographic protocols. In: Information Theoretic Security, pp. 142–161 (2014). doi:10.1007/978-3-319-04268-8_9 .
93.Damgård I., Dupuis F., Nielsen J.B.: On the orthogonal vector problem and the feasibility of unconditionally secure leakage-resilient computation. In: Information Theoretic Security, pp. 87–104 (2015). doi:10.1007/978-3-319-17470-9_6 .
94.de Martini F., Monroe C.: Experimental Quantum Computation and Information. International School of Physics Enrico Fermi. IOS Press, Amsterdam (2003). https://books.google.ca/books?id=7xrvAgAAQBAJ .
95.Desrosiers S.P.: Entropic security in quantum cryptography. Quantum Inf. Process. 8(4), 331–345 (2009). doi:10.1007/s11128-009-0111-3 .
96.Desrosiers S.P., Dupuis F.: Quantum entropic security and approximate quantum encryption. IEEE Trans. Inf. Theory 56(7), 3455–3464 (2010). doi:10.1109/TIT.2010.2048488 .
97.Dunjko V., Fitzsimons J.F., Portmann C., Renner R.: Composable security of delegated quantum computation. In: ASIACRYPT 2014, pp. 406–425 (2014). doi:10.1007/978-3-662-45608-8_22 .
98.Dupuis F., Nielsen J.B., Salvail L.: Secure two-party quantum evaluation of unitaries against specious adversaries. In: CRYPTO 2010, pp. 685–706 (2010). doi:10.1007/978-3-642-14623-7_37 .
99.Dupuis F., Nielsen J.B., Salvail L.: Actively secure two-party evaluation of any quantum operation. In: CRYPTO 2012, pp. 794–811 (2012). doi:10.1007/978-3-642-32009-5_46 .
100.Dupuis F., Fawzi O., Wehner S.: Entanglement sampling and applications. IEEE Trans. Inf. Theory 61(2), 1093–1112 (2015). doi:10.1109/TIT.2014.2371464 .
101.Dziembowski S., Maurer U.: On generating the initial key in the bounded-storage model. In: CRYPTO 2004, pp. 126–137 (2004). doi:10.1007/978-3-540-24676-3_8 .
102.Dziembowski S., Maurer U.: The bare bounded-storage model: the tight bound on the storage requirement for key agreement. IEEE Trans. Inf. Theory 54(6), 2790–2792 (2008). doi:10.1109/TIT.2008.921864 .
103.Einstein A., Podolsky B., Rosen N.: Can quantum-mechanical description of physical reality be considered complete? Phys. Rev. Lett. 47(10), 777–780 (1935). doi:10.1103/physrev.47.777 .
104.Ekert A.K.: Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett. 67(6), 661–663 (1991). doi:10.1103/PhysRevLett.67.661 .
105.Erven C., Ng N., Gigov N., Laflamme R., Wehner S., Weihs G.: An experimental implementation of oblivious transfer in the noisy storage model. Nat. Commun., 5, 3418 (2014). doi:10.1038/ncomms4418 .
106.Even S., Goldreich O., Lempel A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985). doi:10.1145/3812.3818 .
107.Farhi E., Gosset D., Hassidim A., Lutomirski A., Shor P.W.: Quantum money from knots. In: ITCS 2012, pp. 276–289 (2012). doi:10.1145/2090236.2090260 .
108.Farhi E., Gosset D., Hassidimand A., Lutomirski A., Nagaj D., Shor P.: Quantum state restoration and single-copy tomography for ground states of hamiltonians. Phys. Rev. Lett. 105(19), 190503 (2010). doi:10.1103/physrevlett.105.190503 .
109.Fehr S.: Quantum cryptography. Found. Phys. 40(5), 494–531 (2010). doi:10.1007/s10701-010-9408-4 .
110.Fehr S., Fillinger M.: Multi-prover commitments against non-signaling attacks. In: CRYPTO 2015, pp. 403–421 (2015). doi:10.1007/978-3-662-48000-7_20 .
111.Fehr S., Schaffner C.: Composing quantum protocols in a classical environment. In: Theory of Cryptography, pp. 350–367 (2009). doi:10.1007/978-3-642-00457-5_21 .
112.Fehr S., Gelles R., Schaffner C.: Security and composability of randomness expansion from Bell inequalities. Phys. Rev. A 87(1), 012335 (2013). doi:10.1103/physreva.87.012335 .
113.Fehr S., Katz J., Song F., Zhou H., Zikas V.: Feasibility and completeness of cryptographic tasks in the quantum world. In: Theory of Cryptography, pp. 281–296 (2013). doi:10.1007/978-3-642-36594-2_16 .
114.Fisher K.A.G., Broadbent A., Shalm L.K., Yan Z., Lavoie J., Prevedel R., Jennewein T., Resch K.J.: Quantum computing on encrypted data. Nat. Commun. 5, 3074 (2014). doi:10.1038/ncomms4074 .
115.Garg S., Gentry C., Halevi S., Raykova M., Sahai A., Waters B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS 2013, pp. 40–49 (2013). doi:10.1109/FOCS.2013.13 .
116.Gavinsky D.: Quantum money with classical verification. In: CCC 2012, pp. 42–52 (2012). doi:10.1109/CCC.2012.10 .
117.Gentry C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009, pp. 169–178 (2009). doi:10.1145/1536414.1536440 .
118.Giovannetti V., Lloyd S., Maccone L.: Quantum private queries. Phys. Rev. Lett. 100(23), 230502 (2008). doi:10.1103/physrevlett.100.230502 .
119.Giovannetti V., Lloyd S., Maccone L.: Quantum private queries: security analysis. IEEE Trans. Inf. Theory 56(7), 3465–3477 (2010). doi:10.1109/tit.2010.2048446 .
120.Gisin N., Ribordy G., Tittel W., Zbinden H.: Quantum cryptography. Rev. Mod. Phys. 74(1), 145–195 (2002). doi:10.1103/revmodphys.74.145 .
121.Goldreich O.: Zero-knowledge twenty years after its invention (2002). www.wisdom.weizmann.ac.il/~oded/PSX/zk-tut02v3.pdf .
122.Goldreich O., Micali S., Wigderson A.: Proofs that yield nothing but their validity for all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 690–728 (1991). doi:10.1145/116825.116852 .
123.Goldwasser S., Micali S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). doi:10.1016/0022-0000(84)90070-9 .
124.Goldwasser S., Micali S., Rackoff C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). doi:10.1137/0218012 .
125.Gottesman D.: Uncloneable encryption. Quantum Inf. Comput. 3(6), 581–602 (2003). arXiv:quant-ph/0210062 .
126.Grover L.K.: A fast quantum mechanical algorithm for database search. In: STOC 1996, pp. 212–219 (1996). doi:10.1145/237814.237866 .
127.Hallgren S.: Fast quantum algorithms for computing the unit group and class group of a number field. In: STOC 2005, pp. 468–474 (2005). doi:10.1145/1060590.1060660 .
128.Hallgren S.: Polynomial-time quantum algorithms for Pell’s equation and the principal ideal problem. J. ACM 54(1), 4:1–4:19 (2007).
129.Hallgren S., Smith A., Song F.: Classical cryptographic protocols in a quantum world. In: Advances in Cryptology—CRYPTO 2011, pp. 411–428 (2011). doi:10.1007/978-3-642-22792-9_23 .
130.Hänggi E., Wullschleger J.: Tight bounds for classical and quantum coin flipping. In: Theory of Cryptography, pp. 468–485 (2011). doi:10.1007/978-3-642-19571-6_28 .
131.Hänggi E., Renner R., Wolf S.: Efficient device-independent quantum key distribution. In: EUROCRYPT 2010, vol. 6110, pp. 216–234 (2010). doi:10.1007/978-3-642-13190-5_11 .
132.Hardy L., Kent A.: Cheat sensitive quantum bit commitment. Phys. Rev. Lett. 92(15), 157901 (2004). doi:10.1103/physrevlett.92.157901 .
133.Hayashi M., Tsurumaru T.: Concise and tight security analysis of the Bennett-Brassard 1984 protocol with finite key lengths. New J. Phys. 14(9), 093014 (2012). doi:10.1088/1367-2630/14/9/093014 .
134.Hayden P., Leung D., Shor P.W., Winter A.: Randomizing quantum states: constructions and applications. Commun. Math. Phys. 250(2), 371–391 (2004). doi:10.1007/s00220-004-1087-6 .
135.Heisenberg W.: Schwankungserscheinungen und quantenmechanik. Zeit. Phys. 40(7), 501–506 (1927). doi:10.1007/BF01440827 .
136.Hofheinz D., Müller-Quade J., Unruh D.: On the (im-)possibility of extending coin toss. In: EUROCRYPT 2006, pp. 504–521 (2006). doi:10.1007/11761679_30 .
137.Jakobi M., Simon C., Gisin N., Bancal J.-D., Branciard C., Walenta N., Zbinden H.: Practical private database queries based on a quantum-key-distribution protocol. Phys. Rev. A 83(2), 022301 (2011). doi:10.1103/physreva.83.022301 .
138.Liu, Y.K.: Building one-time memories from isolated qubits. In: ITCS 2014, pp. 269–286 (2014). doi:10.1145/2554797.2554823 .
139.Kalai Y.T., Raz R., Rothblum R.D.: How to delegate computations: the power of no-signaling proofs. In: STOC 2014, pp. 485–494 (2014). doi:10.1145/2591796.2591809 .
140.Katz J., Lindell Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC Cryptography and Network Security Series. Chapman & Hall/CRC, Boca Raton (2007).
141.Kaye P., Laflamme R., Mosca M.: An Introduction to Quantum Computing. Oxford University Press, New York (2007).
142.Kent A.: Unconditionally secure bit commitment. Phys. Rev. Lett. 83(7), 1447–1450 (1999). doi:10.1103/PhysRevLett.83.1447 .
143.Kent A., Munro W., Spiller T., Beausoleil R.: Tagging systems (2006) US patent US 10/903,220. https://www.google.com/patents/US20060022832 .
144.Kent A., Munro W.J., Spiller T.P.: Quantum tagging: authenticating location via quantum information and relativistic signaling constraints. Phys. Rev. A 84(1), 012326 (2011). doi:10.1103/PhysRevA.84.012326 .
145.Kilian J.: Founding cryptography on oblivious transfer. In: STOC 1988, pp. 20–31 (1988). doi:10.1145/62212.62215 .
146.Kitaev A.: Quantum coin flipping. In: Talk at the 6th Workshop on Quantum Information Processing—QIP (2003).
147.Klauck H., Podder S.: New bounds for the garden-hose model. In: FSTTCS 2014, pp. 481–492 (2014). doi:10.4230/LIPIcs.FSTTCS.2014.481 .
148.Koashi M.: Simple security proof of quantum key distribution based on complementarity. New J. Phys. 11(4), 045018 (2009). http://stacks.iop.org/1367-2630/11/i=4/a=045018 .
149.Kuwakado H., Morii M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: ISIT 2010, pp. 2682–2685 (2010). doi:10.1109/isit.2010.5513654 .
150.Laarhoven T., Mosca M., van de Pol J.: Solving the shortest vector problem in lattices faster using quantum search. In: PQCrypto 2013, pp. 83–101 (2013). doi:10.1007/978-3-642-38616-9_6 .
151.Lacerda F.G., Renes J.M., Renner R.: Classical leakage resilience from fault-tolerant quantum computation (2014). arXiv:1404.7516 .
152.Lau H.-K., Lo H.-K.: Insecurity of position-based quantum-cryptography protocols against entanglement attacks. Phys. Rev. A 83(1), 012322 (2011). doi:10.1103/PhysRevA.83.012322 .
153.Leung D.W.: Quantum Vernam cipher. Quantum Inf. Comput. 2(1), 14–34 (2002). arXiv:quant-ph/0012077 .
154.Liu Y.-K.: Single-shot security for one-time memories in the isolated qubits model. In: CRYPTO 2014, pp. 19–36 (2014). doi:10.1007/978-3-662-44381-1_2 .
155.Liu Y.-K.: Privacy amplification in the isolated qubits model. In: EUROCRYPT 2015, pp. 785–814 (2015). doi:10.1007/978-3-662-46803-6_26 .
156.Lo H.-K.: Insecurity of quantum secure computations. Phys. Rev. A 56(2), 1154–1162 (1997). doi:10.1103/PhysRevA.56.1154 .
157.Lo H.-K., Chau H.F.: Is quantum bit commitment really possible? Phys. Rev. Lett. 78(17), 3410–3413 (1997). doi:10.1103/PhysRevLett.78.3410 .
158.Lo H.-K., Chau H.F.: Unconditional security of quantum key distribution over arbitrarily long distances. Science 283(5410), 2050–2056 (1999). doi:10.1126/science.283.5410.2050 .
159.Lunghi T., Kaniewski J., Bussières F., Houlmann R., Tomamichel M., Kent A., Gisin N., Wehner S., Zbinden H.: Experimental bit commitment based on quantum communication and special relativity. Phys. Rev. Lett. 111(18), 180504 (2013). doi:10.1103/physrevlett.111.180504 .
160.Lunghi T., Kaniewski J., Bussières F., Houlmann R., Tomamichel M., Wehner S., Zbinden H.: Practical relativistic bit commitment. Phys. Rev. Lett. 115(03), 030502 (2015). doi:10.1103/PhysRevLett.115.030502 .
161.Lydersen L., Wiechers C., Wittmann C., Elser D., Skaar J., Makarov V.: Hacking commercial quantum cryptography systems by tailored bright illumination. Nat. Photon. 4, 696–689 (2010). doi:10.1038/nphoton.2010.214 .
162.Maassen H., Uffink J.B.M.: Generalized entropic uncertainty relations. Phys. Rev. Lett. 60(12), 1103–1106 (1988). doi:10.1103/PhysRevLett.60.1103 .
163.Magniez F., Dominic M., Mosca M., Ollivier H.: Self-testing of quantum circuits. In: Automata, Languages and Progamming, pp. 72–83 (2006). doi:10.1007/11786986_8 .
164.Malaney R.A.: Location-dependent communications using quantum entanglement. Phys. Rev. Lett. 81(4), 042319 (2010). doi:10.1103/PhysRevA.81.042319 .
165.Malaney R.A.: Quantum location verification in noisy channels. In: Proceedings of the Global Communications Conference—GLOBECOM 2010, pp. 1–6. IEEE, Miami (2010). doi:10.1109/GLOCOM.2010.5684009 .
166.Masanes L., Pironio S., Acin A.: Secure device-independent quantum key distribution with causally independent measurement devices. Nat. Commun. 2, 238 (2011). doi:10.1038/ncomms1244 .
167.Maurer U.M.: Protocols for secret key agreement by public discussion based on common information. In: CRYPTO 1992, pp. 461–470 (1992). doi:10.1007/3-540-48071-4_32 .
168.Mayers D.: Quantum key distribution and string oblivious transfer in noisy channels. In: CRYPTO 1996, pp. 343–357 (1996). doi:10.1007/3-540-68697-5_26 .
169.Mayers D.: The trouble with quantum bit commitment (1996). arXiv:quant-ph/9603015 .
170.Mayers D.: Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett. 78(17), 3414–3417 (1997). doi:10.1103/PhysRevLett.78.3414 .
171.Mayers D.: Unconditional security in quantum cryptography. J. ACM 48(3), 351–406 (2001). doi:10.1145/382780.382781 .
172.Mayers D., Salvail L.: Quantum oblivious transfer is secure against all individual measurements. In: Workshop on Physics and Computation. PhysComp 1994, pp. 69–77 (1994). doi:10.1109/PHYCMP.1994.363696 .
173.Mayers D., Yao A.: Quantum cryptography with imperfect apparatus. In: FOCS 1998, pp. 503–509. (1998). doi:10.1109/SFCS.1998.743501 .
174.Mayers D., Yao A.: Self testing quantum apparatus. Quantum Inf. Comput. 4(4):273–286. (2004). http://dl.acm.org/citation.cfm?id=2011827.2011830 .
175.McKague M., Yang T.H., Scarani V.: Robust self-testing of the singlet. J. Phys. A 45(45), 455304 (2012). doi:10.1088/1751-8113/45/45/455304 .
176.Merkle R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978). doi:10.1145/359460.359473 .
177.Mermin N.D.: Quantum computer science: an introduction. Cambridge University Press, New York (2007).
178.Miller C.A., Shi Y.: Optimal robust self-testing by binary nonlocal XOR games. In: TQC 2013, pp. 254–262 (2013). doi:10.4230/LIPIcs.TQC.2013.254 .
179.Miller C.A., Shi Y.: Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices. In: STOC 2014, pp. 417–426 (2014). doi:10.1145/2591796.2591843 .
180.Mochon C.: Quantum weak coin flipping with arbitrarily small bias (2007). arXiv:0711.4114 .
181.Molina A., Vidick T., Watrous J.: Optimal counterfeiting attacks and generalizations for Wiesner’s quantum money. In: Theory of Quantum Computation, Communication, and Cryptography—TQC 2012, pp. 45–64 (2013). doi:10.1007/978-3-642-35656-8_4 .
182.Molina-Terriza G., Vaziri A., Ursin R., Zeilinger A.: Experimental quantum coin tossing. Phys. Rev. Lett. 94(4), 040501 (2005). doi:10.1103/PhysRevLett.94.040501 .
183.Moore C., Russell A., Vazirani U.: A classical one-way function to confound quantum adversaries (2007). arXiv:quant-ph/0701115 .
184.Mosca M.: Quantum algorithms. In: Encyclopedia of Complexity and Systems Science, pp. 7088–7118. (2009). doi:10.1007/978-0-387-30440-3_423 .
185.Mosca M., Stebila D.: Quantum coins. Error Correct. Codes Finite Geom. Cryptogr. 523, 35–47 (2010). arXiv:0911.1295 .
186.Müller-Quade J.: Quantum cryptography beyond key exchange. Informatik Forsch. Entw. 21(1), 39–54 (2006). doi:10.1007/s00450-006-0011-z .
187.Ng N.H.Y., Berta M., Wehner S.: Min-entropy uncertainty relation for finite-size cryptography. Phys. Rev. A 86(4), 042315 (2012). doi:10.1103/physreva.86.042315 .
188.Ng N.H.Y., Joshi S.K., Chen Ming C., Kurtsiefer C., Wehner S.: Experimental implementation of bit commitment in the noisy-storage model. Nat. Commun. 3, 1326 (2012). doi:10.1038/ncomms2268 .
189.Nguyen A.T., Frison J., Huy K.P., Massar S.: Experimental quantum tossing of a single coin. New J. Phys. 10(8), 083037 (2008). doi:10.1088/1367-2630/10/8/083037 .
190.Nielsen M.A., Chuang I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000).
191.Pastawski F., Yao N.Y., Jiang L., Lukin M.D., Cirac J.I.: Unforgeable noise-tolerant quantum tokens. Proc. Natl Acad. Sci. USA 109(40), 16079–16082 (2012). doi:10.1073/pnas.1203552109 .
192.Peikert C.: A decade of lattice cryptography. Cryptology ePrint Archive, Report 2015/939 (2015). http://eprint.iacr.org/2015/939 .
193.Pironio S., Massar S.: Security of practical private randomness generation. Phys. Rev. A 87(1), 012336 (2013). doi:10.1103/physreva.87.012336 .
194.Pironio S., Acín A., Massar S., de la Giroday A.B., Matsukevich D.N., Maunz P., Olmschenk S., Hayes D., Luo L., Manning T.A., Monroe C.: Random numbers certified by Bell’s theorem. Nature 464, 1021–1024 (2010). doi:10.1038/nature09008 .
195.Rabin M.: How to exchange secrets by oblivious transfer. Technical Report TR-81. Harvard University, Cambridge (1981).
196.Regev O.: Quantum computation and lattice problems. SIAM J. Comput. 33(3), 738–760 (2004). doi:10.1137/S0097539703440678 .
197.Reichardt B.W., Unger F., Vazirani U.: Classical command of quantum systems. Nature 496, 456–460 (2013). doi:10.1038/nature12035 .
198.Renner R.: Security of quantum key distribution. Int. J. Quantum Inf. 06(01), 1–127 (2005). doi:10.1142/S0219749908003256 .
199.Rivest R.L., Adleman L., Dertouzos M.L.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–177 (1978). https://people.csail.mit.edu/rivest/pubs/RAD78.pdf .
200.Rivest R.L., Shamir A., Adleman L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). doi:10.1145/359340.359342 .
201.Salvail L.: Quantum bit commitment from a physical assumption. In: CRYPTO 1998, pp. 338–353 (1998). doi:10.1007/BFb0055740 .
202.Salvail L., Schaffner C., Sotáková M.: Quantifying the leakage of quantum protocols for classical two-party cryptography. Int. J. Quantum Inf. 13(04), 1450041 (2014). doi:10.1142/s0219749914500415 .
203.Sastry N., Shankar U., Wagner D.: Secure verification of location claims. In: WiSe 2003, pp. 1–10. (2003). doi:10.1145/941311.941313 .
204.Scarani V., Renner R.: Quantum cryptography with finite resources: unconditional security bound for discrete-variable protocols with one-way postprocessing. Phys. Rev. Lett. 100(20), 200501 (2008). doi:10.1103/physrevlett.100.200501 .
205.Schaffner C.: Cryptography in the bounded-quantum-storage model. PhD Thesis, University of Aarhus (2007). arXiv:0709.0289 .
206.Shor P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: FOCS 1994, pp. 124–134. IEEE, Los Alamitos (1994). doi:10.1109/SFCS.1994.365700 .
207.Shor P.W., Preskill J.: Simple proof of security of the BB84 quantum key distribution protocol. Phys. Rev. Lett. 85(2), 441–444 (2000). doi:10.1103/physrevlett.85.441 .
208.Simon C., Afzelius M., Appel J., Boyer De La Giroday A., Dewhurst S.J., Gisin N., Hu C.Y., Jelezko F., Kröll S., Müller J.H., Nunn J., Polzik E.S., Rarity J.G., De Riedmatten H., Rosenfeld W., Shields A.J., Sköld N., Stevenson R.M., Thew R., Weber I.A.M.C., Weinfurter H., Wrachtrup J., Young R.J.: Quantum memories: a review based on the European integrated project “qubit applications (QAP)”. Eur. Phys. J. D 58(1), 1–22 (2010). doi:10.1140/epjd/e2010-00103-y .
209.Singelee D., Preneel B.: s using secure distance bounding protocols. In: MASS 2005, vol. 7, pp.–840 (2005). doi:10.1109/MAHSS.2005.1542879 .
210.Song F.: A note on quantum security for post-quantum cryptography. In: PQCrypto 2014, pp. 246–265 (2014). doi:10.1007/978-3-319-11659-4_15 .
211.Stebila D., Mosca M., Lütkenhaus N.: The case for quantum key distribution. In: Quantum Communication and Quantum Networking, vol. 36, pp. 283–296 (2010). doi:10.1007/978-3-642-11731-2_35 .
212.Tittel W., Zbinden H., Gisin N.: Experimental demonstration of quantum secret sharing. Phys. Rev. A 63, 042301 (2001). doi:10.1103/PhysRevA.63.042301 .
213.Tomamichel M., Leverrier A.: A rigorous and complete proof of finite key security of quantum key distribution (2015). arXiv:1506.08458 .
214.Tomamichel M., Lim C.C.W., Gisin N., Renner R.: Tight finite-key analysis for quantum cryptography. Nat. Commun. 3, 634 (2012). doi:10.1038/ncomms1631 .
215.Uhlmann A.: The transition probability in the state space of a *-algebra. Rep. Math. Phys. 9(2):273–279 (1976). doi:10.1016/0034-4877(76)90060-4 .
216.Unruh D.: Universally composable quantum multi-party computation. In: EUROCRYPT 2010, pp. 486–505 (2010). doi:10.1007/978-3-642-13190-5_25 .
217.Unruh D.: Concurrent composition in the bounded quantum storage model. In: EUROCRYPT 2011, pp. 467–486 (2011). doi:10.1007/978-3-642-20465-4_26 .
218.Unruh D.: Quantum proofs of knowledge. In: EUROCRYPT 2012, pp. 135–152 (2012). doi:10.1007/978-3-642-29011-4_10 .
219.Unruh D.: Everlasting multi-party computation. In: CRYPTO 2013, pp. 380–397 (2013). doi:10.1007/978-3-642-40084-1_22 .
220.Unruh D.: Quantum position verification in the random oracle model. In: EUROCRYPT 2014, pp. 1–18 (2014). doi:10.1007/978-3-662-44381-1_1 .
221.Unruh D.: Revocable quantum timed-release encryption. In: EUROCRYPT 2014, pp. 129–146 (2014). doi:10.1007/978-3-642-55220-5_8 .
222.Unruh D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: EUROCRYPT 2015, pp. 755–784 (2015). doi:10.1007/978-3-662-46803-6_25 .
223.van de Graaf J.: Towards a formal definition of security for quantum protocols. PhD Thesis, Université de Montréal (1997). http://www.collectionscanada.gc.ca/obj/s4/f2/dsk2/ftp03/NQ35648.pdf .
224.Vazirani U.V., Vidick T.: Certifiable quantum dice: or, true random number generation secure against quantum adversaries. In: STOC 2012, pp. 61–76 (2012). doi:10.1145/2213977.2213984 .
225.Vazirani U.V., Vidick T.: Robust device independent quantum key distribution. In: ITCS 2014, pp. 35–36 (2014). doi:10.1145/2554797.2554802 .
226.Vora A., Nesterenko M.: Secure location verification using radio broadcast. Trans. Dependable Secur. Comput. 3(4), 377–385 (2006). doi:10.1109/TDSC.2006.57 .
227.Watrous J.: Zero-knowledge against quantum attacks. In: STOC 2006, pp. 296–305 (2006). doi:10.1145/1132516.1132560 .
228.Watrous J.: Theory of quantum information (2015). https://cs.uwaterloo.ca/~watrous/TQI/ .
229.Wehner S., Winter A.: Entropic uncertainty relations- a survey. New J. Phys. 12(2), 025009 (2010). doi:10.1088/1367-2630/12/2/025009 .
230.Wehner S., Wullschleger J.: Composable security in the bounded-quantum-storage model. In: Automata, Languages and Programming, pp. 604–615 (2008). doi:10.1007/978-3-540-70583-3_49 .
231.Wehner S., Schaffner C., Terhal B.M.: Cryptography from noisy storage. Phys. Rev. Lett. 100(22), 220502 (2008). doi:10.1103/PhysRevLett.100.220502 .
232.Wehner S., Curty M., Schaffner C., Lo H.-K.: Implementation of two-party protocols in the noisy-storage model. Phys. Rev. A 81(5), 052336 (2010). doi:10.1103/physreva.81.052336 .
233.Wiesner S.: Conjugate coding. ACM SIGACT News 15(1), 78–88 (1983). doi:10.1145/1008908.1008920 .
234.Wilde M.M.: Quantum Information Theory. Cambridge University Press, New York (2013).
235.Winkler S., Tomamichel M., Hengl S., Renner R.: Impossibility of growing quantum bit commitments. Phys. Rev. Lett. 107(9), 090502 (2011). doi:10.1103/PhysRevLett.107.090502 .
236.Wootters W.K., Zurek W.H.: A single quantum cannot be cloned. Nature 299, 802–803 (1982). doi:10.1038/299802a0 .
237.Yao A.C.: Protocols for secure computations. In: FOCS 1982, pp. 160–164 (1982). doi:10.1109/SFCS.1982.38 .
238.Yao A.C.-C.: Security of quantum protocols against coherent measurements. In: STOC 1995, pp. 67–75. (1995). doi:10.1145/225058.225085 .
239.Yu L., Pérez-Delgado C.A., Fitzsimons J.F.: Limitations on information-theoretically-secure quantum homomorphic encryption. Phys. Rev. A 90(5), 050303 (2014). doi:10.1103/physreva.90.050303 .
240.Zhandry M.: How to construct quantum random functions. In: FOCS 2012, pp. 679–687 (2012). doi:10.1109/FOCS.2012.37 .
241.Zhang Y., Liu W., Fang Y., Wu D.: Secure localization and authentication in ultra-wideband sensor networks. IEEE J. Sel. Areas Commun. 24(4), 829–835 (2006). doi:10.1109/JSAC.2005.863855 .
作者单位：Anne Broadbent (1)
Christian Schaffner (2)

1. Department of Mathematics and Statistics, University of Ottawa, Ottawa, Canada
2. Institute for Logic, Language and Computation (ILLC), University of Amsterdam, and Centrum Wiskunde & Informatica (CWI), Amsterdam, The Netherlands
刊物类别：Mathematics and Statistics
刊物主题：Mathematics
Combinatorics
Coding and Information Theory
Data Structures, Cryptology and Information Theory
Data Encryption
Discrete Mathematics in Computer Science
Information, Communication and Circuits
出版者：Springer Netherlands
ISSN：1573-7586

文摘

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries—including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD. Keywords Conjugate coding Delegated quantum computation Limited-quantum-storage models Quantum money Quantum two-party computation Survey