Paper 2017/102

Quantum Authentication and Encryption with Key Recycling

Serge Fehr and Louis Salvail


We propose an information-theoretically secure encryption scheme for classical messages with quantum ciphertexts that offers *detection* of eavesdropping attacks, and *re-usability of the key* in case no eavesdropping took place: the entire key can be securely re-used for encrypting new messages as long as no attack is detected. This is known to be impossible for fully classical schemes, where there is no way to detect plain eavesdropping attacks. This particular application of quantum techniques to cryptography was originally proposed by Bennett, Brassard and Breidbart in 1982, even before proposing quantum-key-distribution, and a simple candidate scheme was suggested but no rigorous security analysis was given. The idea was picked up again in 2005, when Damgard, Pedersen and Salvail suggested a new scheme for the same task, but now with a rigorous security analysis. However, their scheme is much more demanding in terms of quantum capabilities: it requires the users to have a *quantum computer*. In contrast, and like the original scheme by Bennett et al, our new scheme merely requires the preparation of BB84 qubits. As such, we not only show a provably-secure scheme that is within reach of current technology, but we also confirm Bennett et al's original intuition that a scheme in the spirit of their original construction is indeed secure.

Available format(s)
Publication info
Published by the IACR in EUROCRYPT 2017
Quantum cryptography
Contact author(s)
serge fehr @ cwi nl
2017-02-13: received
Short URL
Creative Commons Attribution


      author = {Serge Fehr and Louis Salvail},
      title = {Quantum Authentication and Encryption with Key Recycling},
      howpublished = {Cryptology ePrint Archive, Paper 2017/102},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.