**On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-way Quantum Transmission**

*Ivan Damgaard and Thomas Pedersen and Louis Salvail*

**Abstract: **We consider the scenario where Alice wants to send a secret(classical) $n$-bit message to Bob using a classical key, and where
only one-way transmission from Alice to Bob is possible. In this
case, quantum communication cannot help to obtain perfect secrecy
with key length smaller then $n$. We study the question of whether
there might still be fundamental differences between the case where
quantum as opposed to classical communication is used. In this
direction, we show that there exist ciphers with perfect security producing quantum ciphertext where, even if an adversary knows the
plaintext and applies an optimal measurement on the ciphertext, his
Shannon uncertainty about the key used is almost maximal. This is in
contrast to the classical case where the adversary always learns $n$
bits of information on the key in a known plaintext attack. We also
show that there is a limit to how different the classical and
quantum cases can be: the most probable key, given matching plain-
and ciphertexts, has the same probability in both the quantum and
the classical cases. We suggest an application of our results in
the case where only a short secret key is available and the message
is much longer.

**Category / Keywords: **secret-key cryptography / quantum ciphers, information theory, stream ciphers

**Publication Info: **Proc. of Eurcorypt'04, LNCS 3027, Springer-Verlag, pp. 91-108

**Date: **received 9 Jul 2004

**Contact author: **salvail at brics dk

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

**Note: **This is a corrected version of the paper published in the proc
of eurocrypt'04. Theorem 4 that appears in the proceeding version is wrong. This paper fixes it and gives a correct analysis for the composition of the proposed ciphers. Sections 1 to 6 are left unchanged.

**Version: **20040709:162044 (All versions of this report)

**Short URL: **ia.cr/2004/162

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]