Privacy amplification by public discussion
SIAM Journal on Computing - Special issue on cryptography
Experimental quantum cryptography
Journal of Cryptology - Eurocrypt '90
Secret-key reconciliation by public discussion
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
SIAM Journal on Computing
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
ACM SIGACT News - A special issue on cryptography
A quantum bit commitment scheme provably unbreakable by both parties
SFCS '93 Proceedings of the 1993 IEEE 34th Annual Foundations of Computer Science
Generalized privacy amplification
IEEE Transactions on Information Theory - Part 2
Classical cryptographic protocols in a quantum world
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
A new spin on quantum cryptography: avoiding trapdoors and embracing public keys
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Hi-index | 0.00 |
We show that claims of "perfect security" for keys produced by quantum key exchange (QKE) are limited to "privacy" and "integrity." Unlike a one-time pad, QKE does not necessarily enable Sender and Receiver to pretend later to have established a different key. This result is puzzling in light of Mayers' "No-Go" theorem showing the impossibility of quantum bit commitment. But even though a simple and intuitive application of Mayers' protocol transformation appears sufficient to provide deniability (else QBC would be possible), we show several reasons why such conclusions are ill-founded. Mayers' transformation arguments, while sound for QBC, are insufficient to establish deniability in QKE.Having shed light on several unadvertised pitfalls, we then provide a candidate deniable QKE protocol. This itself indicates further shortfalls in current proof techniques, including reductions that preserve privacy but fail to preserve deniability. In sum, purchasing undeniability with an off-the-shelf QKE protocol is significantly more expensive and dangerous than the mere optic fiber for which "perfect security" is advertised.