Device-independent two-party cryptography secure against sequential attacks

TL;DR

This paper develops a device-independent protocol for two-party cryptography in the noisy-storage model, proving security against sequential attacks even with untrusted devices, and establishes a link between Bell inequality violations and security guarantees.

Contribution

It introduces a practical protocol for weak string erasure secure against sequential attacks with untrusted devices, and provides a novel analysis connecting Bell violations to security.

Findings

Security achieved for arbitrarily small Bell violations.

Protocol secure against sequential attacks with untrusted devices.

Explicit relation between Bell violation and uncertainty in cryptography.

Abstract

The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. Device-independent two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse the case of memoryless devices (for which sequential attacks are optimal) and the case of sequential attacks for arbitrary devices. The key ingredient of the proof, which might be of independent interest, is an explicit (and tight) relation between the violation of the Clauser-Horne-Shimony-Holt inequality observed by Alice and Bob and uncertainty generated by Alice against Bob who is forced to measure his system before finding out Alice's setting (guessing with postmeasurement information). In particular, we show that security is possible for arbitrarily small violation.