Slide 1

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via -Biased Masking in the Presence of a Quantum Attacker TCC 2008, 21/3/2008 New York, USA TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AAAA A A A A

Slide 2

Agenda 2 Motivation Main Result Applications Related Work

Slide 3

3 X=01101001 Z =10011 Key K X=01101001 random source Motivating Example

Slide 4

4 X=01101001 Z =10011 Key K X=01101001 F(X)=0011.. H 1 (X|KZ) m Key K 2-universal F(X)=? Left-Over Hash Lemma F(X)=0011.. m F Key K can be reused!

Slide 5

5 Z =10011 imperfect random source X=01101011 Key K X=01111001 Imperfect Source

Slide 6

Information Reconciliation 6 X=01101011 Key K X=01111001 Z =10011 F(X)=0011.. decode C = Y X Y = X C F(X)=? C 2 R C X=01101011 Key K H 1 (X|KZ) m + |syn(X)|

Slide 7

Reusability Problem 7 X=01101011 Key K X=01111001 Z =10011 F(X)=0011.. decode C = Y X Y = X C F(X)=? C 2 R C X=01101011 Key K H 1 (X|KZ) m + |syn(X)| Problem: K cannot be reused!

Slide 8

Solution 8 X=01101011 Key K X=01111001 Z =10011 decode C = Y X Y = X C C 2 R C X=01101011 Key K H 1 (X|KZ) m + |syn(X)| K can be safely reused! Y = ? [Dodis, Smith 05]

Slide 9

The Quantum Case 9 ZZ imperfect random source X=01101011 Key K X=01111001 101

Slide 10

Two-Universal Hashing 10 X=01101011 Key K X=01111001 F(X)=0011.. decode C = Y X Y = X C F(X)=? C 2 R C X=01101011 Key K H 1 (X|K Z ) m + |syn(X)| ZZ 101

Slide 11

Problem 11 X=01101011 Key K X=01111001 decode C = Y X Y = X C C 2 R C X=01101011 Key K H 1 (X|K Z ) m + |syn(X)| K can be safely reused! Y = ? [Dodis, Smith 05] ZZ ? 101

Slide 12

Agenda 12 Motivation Main Result Applications Related Work

Slide 13

Classical Theorem 13 random variable A in {0,1} n is -biased if for all {A i } -biased family over {0,1} n joint distribution P XZ where X in {0,1} n and Z some side information Then, for uniform I [Dodis, Smith 05] {0,1} n = Z I,I, A I X = ?