Blue Eye
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 54, NO. 4, APRIL 2008
1735
[31] V. Vovk, “Competitive on-line statistics,” Int. Stat. Rev., vol. 69, pp. 213–248, 2001. [32] M. H. Wegkamp, “Model selection in nonparametric regression,” Ann. Statist., vol. 31, pp. 252–273, 2003. [33] K. Yamanishi, “Minimax relative loss analysis for sequential prediction algorithms using parametric hypotheses,” in Proc. COLT 98, 1998, pp. 32–43, ACM Press. [34] Y. Yang, “Adaptive estimation in pattern recognition by combining different procedures,” Statistica Sinica, vol. 10, pp. 1069–1089, 2000. [35] Y. Yang, “Adaptive regression by mixing,” J. Amer. Statist. Assoc., vol. 96, pp. 574–588, 2001. [36] Y. Yang, “Aggregating regression procedures for a better performance,” Bernoulli, vol. 10, pp. 25–47, 2004. [37] Y. Yang, “Combining forecasting procedures: Some theoretical results,” Econometric Theory, vol. 20, pp. 176–222, 2004.
Security Aspects of the Authentication Used in Quantum Cryptography
Jörgen Cederlöf and Jan-Åke Larsson
Abstract—Unconditionally secure message authentication is an important part of quantum cryptography (QC). In this correspondence, we analyze security effects of using a key obtained from QC for authentication purposes in later rounds of QC. In particular, the eavesdropper gains partial knowledge on the key in QC that may have an effect on the security of the authentication in the later round. Our initial analysis indicates that this partial knowledge has little effect on the authentication part of the system, in agreement with previous results on the issue. However, when taking the full QC protocol into account, the picture is different. By accessing the quantum channel used in QC, the attacker can change the message to be authenticated. This, together with partial knowledge of the key, does incur a security weakness of the authentication. The underlying reason for this is that the authentication used, which is insensitive to such message changes
1735
[31] V. Vovk, “Competitive on-line statistics,” Int. Stat. Rev., vol. 69, pp. 213–248, 2001. [32] M. H. Wegkamp, “Model selection in nonparametric regression,” Ann. Statist., vol. 31, pp. 252–273, 2003. [33] K. Yamanishi, “Minimax relative loss analysis for sequential prediction algorithms using parametric hypotheses,” in Proc. COLT 98, 1998, pp. 32–43, ACM Press. [34] Y. Yang, “Adaptive estimation in pattern recognition by combining different procedures,” Statistica Sinica, vol. 10, pp. 1069–1089, 2000. [35] Y. Yang, “Adaptive regression by mixing,” J. Amer. Statist. Assoc., vol. 96, pp. 574–588, 2001. [36] Y. Yang, “Aggregating regression procedures for a better performance,” Bernoulli, vol. 10, pp. 25–47, 2004. [37] Y. Yang, “Combining forecasting procedures: Some theoretical results,” Econometric Theory, vol. 20, pp. 176–222, 2004.
Security Aspects of the Authentication Used in Quantum Cryptography
Jörgen Cederlöf and Jan-Åke Larsson
Abstract—Unconditionally secure message authentication is an important part of quantum cryptography (QC). In this correspondence, we analyze security effects of using a key obtained from QC for authentication purposes in later rounds of QC. In particular, the eavesdropper gains partial knowledge on the key in QC that may have an effect on the security of the authentication in the later round. Our initial analysis indicates that this partial knowledge has little effect on the authentication part of the system, in agreement with previous results on the issue. However, when taking the full QC protocol into account, the picture is different. By accessing the quantum channel used in QC, the attacker can change the message to be authenticated. This, together with partial knowledge of the key, does incur a security weakness of the authentication. The underlying reason for this is that the authentication used, which is insensitive to such message changes
References: [1] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proc. IEEE Int. Conf. Comput. Syst. Signal Process., Bangalore, India, 1984, pp. 175–179. [2] A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett., vol. 67, pp. 661–663, 1991. [3] C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, “Experimental quantum cryptography,” J. Cryptol., vol. 5, pp. 3–28, 1992. [4] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys., vol. 74, pp. 145–195, 2002. [5] J. S. Bell, “On the Einstein-Podolsky-Rosen paradox,” Physics, vol. 1, pp. 195–200, 1964. [6] J. F. Clauser, “Experimental distinction between the quantum and classical field-theoretic predictions for the photoelectric effect,” Phys. Rev. D, Part. Fields, vol. 9, pp. 853–860, 1974. [7] W. K. Wooters and W. H. Zurek, “A single quantum cannot be cloned,” Nature, vol. 299, pp. 802–803, 1982. [8] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, pp. 120–126, 1978. [9] D. Mayers, “Quantum key distribution and string oblivious transfer in noisy channels,” in Advances in Cryptology—Proceedings of Crypto’96, ser. Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 1996, pp. 343–357.