| Cryptography is the key technique for privacy protection.However,with the development of quantum algorithms and quantum computation,many existing cryptosystems,especially the public key cryptosystems,will suffer great security threat.Today,the cryptosystems robust against quantum computation attack are eagerly expected.Quantum cryptography is exactly one of such cryptosystems.Its security is protected by the laws of quantum physics and irrelevant to the adversaries' computation ability.After the first quantum key distribution(QKD)protocol is proposed in 1984,people realized that quantum cryptography has the ability to achieve the information theoretic security,so they put great enthusiasm into this research since then on.Many quantum cryptographic protocols were proposed in succession,including quantum key distribution,quantum private comparison,quantum secret sharing,quantum bit commitment,quantum signature and so on.In some communication scenarios,people want to protect not only the transmitted information against outside adversaries but also the participants' privacy against each other.Symmetrically private information retrieval(SPIR)is exactly one of such fundamental cryptographic tasks.It aims to protect both parties' privacy in the database retrieval.That is,when the user Alice retrieves from a database held by Bob to obtain one database entry,the position of the retrieved entry(i.e.the retrieval address)may reveal the interest/privacy of Alice,so she does not want any one including Bob to obtain it.On the other hand,Bob hopes that Alice cannot obtain any other database entry expect for her wanted one.In this thesis,we mainly study the quantum version of SPIR,i.e.,quantum private query(QPQ).Though many quantum cryptographic protocols have been proposed,the overwhelming majority of them(except for QKD)are impractical for certain reasons such as their intolerance of channel loss and noise,which cannot satisfy the requirement of establishing full-featured quantum communication networks.Besides key distribution,a full-featured communication network should also have the functions of secure information retrieval,digital signature and so on.Luckily,QPQ shows great potential in practicality,that is,it can be realized with current QKD technique and can tolerate the channel loss and imperfect source.Therefore,studying QPQ will probably bring a breakthrough in the practical quantum cryptographic protocols and supply the quantum communication network with another kind of practical quantum cryptographic protocol.Besides,QPQ is a variant of "many to 1" oblivious transfer(OT).As OT can realize various secure multiparty computation tasks in classical cryptography,we hope that QPQ can also be used to implement some other cryptographic tasks,thus arming more cryptographic protocols with the quantum mechanics to improve their security.We here study several problems concerning the security,practicality and application of QPQ.Details are as follows.Firstly,we propose a "prior commitment" technique,and then give a method to resist a kind of participant attack in QPQ,i.e.,the dishonest measurement attack of the user.That is,once the measurement of qubits is completed,the user Alice is required to give commitment values according to all of her measurement results,so that subsequently the database owner Bob can choose part of them to check Alice's honesty.This method can prevent Alice from delaying the measurement,as a result,Alice cannot conduct the dishonest measurement any more.Compared to previous methods,our method is more secure and practical,because it reduces the difficulty of the user's operations,increases the secure transmission distance and does not introduce the threat of Trojan horse attack.Secondly,we propose a low-shift-addition technique and then solve the problem that "higher database security and lower failure probability cannot be obtained simultaneously" in previous practical QPQ protocols We first analyze the round-robin-differential-phase-shift-QKD-based private query(RRDPS-PQ)protocol,then use the low-shift-addition technique to give an improved and more practical version,which can realize ideal database security and zero failure(IDS-ZF)via transmitting the sequences of short coherent pulses under weak coherent source.On this basis,we give a generic construction of practical QPQ protocols with characteristic of“IDS-ZF".Thirdly,we give a practical QPQ protocol which not only can significantly reduce the error rate of the retrieved database entry but also can protect the privacy of both sides in the noisy environment.First,we analyze the only two existing practical QPQ protocols aiming to correct errors and find that both of them are insecure,that is,one party can reveal the privacy of the other in the disguise of noise.On this basis,we find that the reliability of retrieved entries,database security and user privacy are pairwise in a "trade-off" relationship.By balancing these three factors,we propose a QPQ protocol which can be used in noisy case.Besides,the error tolerance bound can be estimated if the concrete security requirements are given.Fourthly,we analyze and solve certain problems in the application of QPQ,then exploit a new application of it,i.e.designing a quantum anonymous authenticated key exchange(QAAKE)protocol.We first utilize RRDPS-PQ protocol to propose a QAAKE protocol,which can distinguish the outside attacks with the inner cheatings and realize various security properties.Then,we give a quantum oblivious block transfer protocol by filtering errors with the parity check code and recovering the transmitted information by the Lagrange interpolation method.This protocol not only can tolerate slight channel noise,but also can realize exact "N to 1" oblivious transfer with overwhelming probability,that is,the receiver Bob can obtain only one message from the N transmitted messages and the probability for him to obtain more than one message can be restricted to a very small value.On this basis,we give a QAAKE protocol which realizes the mutual authentication,user anonymity and confidentiality of the session key.The result shows that,though quantum oblivious transfer is not ideal,it still has the potential to construct other cryptographic protocols in quantum cryptography. |
PDF Full Text Request