Simulatable security for quantum protocols

TL;DR

This paper introduces a quantum security model based on reactive simulatability, adapting classical composable security concepts to quantum protocols, and demonstrates a simple composition theorem within this framework.

Contribution

It develops a quantum security model inspired by classical reactive simulatability, enabling modular analysis and proof of security for quantum protocols.

Findings

Quantum security definitions can leverage classical counterparts.

The model supports composability of quantum protocols.

A proof of the simple composition theorem is provided.

Abstract

The notion of simulatable security (reactive simulatability, universal composability) is a powerful tool for allowing the modular design of cryptographic protocols (composition of protocols) and showing the security of a given protocol embedded in a larger one. Recently, these methods have received much attention in the quantum cryptographic community. We give a short introduction to simulatable security in general and proceed by sketching the many different definitional choices together with their advantages and disadvantages. Based on the reactive simulatability modelling of Backes, Pfitzmann and Waidner we then develop a quantum security model. By following the BPW modelling as closely as possible, we show that composable quantum security definitions for quantum protocols can strongly profit from their classical counterparts, since most of the definitional choices in the modelling are independent of the underlying machine model. In particular, we give a proof for the simple composition theorem in our framework.