Search

US-12621137-B2 - Systems and methods for conducting composable quantum oblivious transfer over noisy quantum channels

US12621137B2US 12621137 B2US12621137 B2US 12621137B2US-12621137-B2

Abstract

Systems and methods for conducting composable quantum oblivious transfer over noisy quantum channels are disclosed. Embodiments provide a method for constructing a quantum oblivious transfer (QOT) protocol using noisy quantum channels and devices through the use of a quantum-hard one-way function. This construction allows the construction of QOT protocols that achieve simulator security, allowing them to be used in a black-box fashion as part of other cryptographic constructions, including arbitrary secure multiparty computations.

Inventors

  • Omar AMER
  • Marco Pistoia

Assignees

  • JPMORGAN CHASE BANK, N.A.

Dates

Publication Date
20260505
Application Date
20221011

Claims (20)

  1. 1 . A method for conducting sequentially composable quantum oblivious transfer over noisy quantum channels, comprising: defining, by a committer computer program executed by a committer electronic device and with a receiver computer program executed by a receiver electronic device, to a maximal quantum bit error rate over a quantum communication channel; verifying, by the committer computer program, that a current quantum bit error rate for a quantum communication between the committer electronic device and the receiver electronic device is no larger than the maximal quantum bit error rate; restricting, by the committer computer program, a first committer bitstring and a second committer bitstring to a first set of indices; sending, by the committer computer program, the second committer bitstring to the receiver computer program; committing, by the committer computer program, to the first committer bitstring and the second committer bitstring using a statistically hiding or binding bit commitment scheme; choosing, by the committer computer program, a random permutation on the first committer bitstring; partitioning, by the committer computer program, the first committer bitstring into a plurality of equal length substrings; and applying, by the committer computer program, a random hash function to each of the equal length substrings and masking a value of a commitment bit using an output of the random hash functions.
  2. 2 . The method of claim 1 , further comprising: sending, by the committer computer program, a sequence of qubit states to the receiver computer program as determined by the first committer bitstring and a second committer bitstring.
  3. 3 . The method of claim 1 , further comprising: opening, by the committer computer program, commitments to the first committer bitstring and the second committer bitstring; and sending, by the committer computer program, the committed bit to the receiver computer program.
  4. 4 . The method of claim 1 , further comprising: sending, by the committer computer program, the random hash functions and the receiver masked value to the receiver computer program; wherein the receiver computer program is configured to permute the first receiver bitstring according to the random permutation, compute a receiver masked value for the committed bit using the first receiver bitstring and the random hash function, verify that the receiver masked value for the committed bit is consistent with the masked value received from the committer computer program, and verify that the committer bitstring is consistent with the receiver bitstring at indices in the first set of indices where basis choices match.
  5. 5 . The method of claim 1 , wherein the maximal quantum bit error rate dictates an amount of practical noise allowed over the quantum communication channel.
  6. 6 . The method of claim 1 , wherein the committer computer program commits to the first committer bitstring and the second committer bitstring using a statistically hiding or binding bit commitment scheme.
  7. 7 . The method of claim 1 , further comprising: receiving, by the committer computer program and from the receiver computer program, two second sets of indices; correcting, by the committer computer program, up to the maximal quantum bit error rate in partitioned bits for the first receiver bitstring by constructing a plurality of syndromes that are partitioned by the two second sets of indices; sending, by the committer computer program, the plurality of syndromes to the receiver computer program, wherein the receiver computer program is configured to correct errors in a first receiver bitstring; and permuting, by the committer computer program, the first committer bitstring using the random permutation.
  8. 8 . The method of claim 7 , wherein the plurality of syndromes comprise information that configures the receiver computer program to use a decoding technique to correct errors in the first receiver bitstring.
  9. 9 . A method for conducting sequentially composable quantum oblivious transfer over noisy quantum channels, comprising: defining, by a receiver computer program executed by a committer electronic device and with a committer computer program executed by a receiver electronic device, to a maximal quantum bit error rate over a quantum communication channel; measuring, by the receiver computer program, a first receiver bitstring by measuring a state received from the committer computer program over the quantum communication channel; restricting, by the receiver computer program, a first receiver bitstring and a second receiver bitstring to a first set of indices; receiving, by the receiver computer program, a random permutation from the committer computer program; constructing, by the receiver computer program, two second sets of indices; sending, by the receiver computer program, the two second sets of indices to the committer computer program; receiving, by the receiver computer program, a plurality of syndromes that are partitioned by the two second sets of indices; correcting, by the receiver computer program, the measured state using the plurality of syndromes; and receiving, by the receiver computer program, a plurality of hash functions and masked values for a committed bit that are masked with an output of the plurality of hash functions from the committer computer program.
  10. 10 . The method of claim 9 , further comprising: receiving, by the receiver computer program, a value for the committed bit; and confirming the value of the committed by calculating, by the receiver computer program, the value for the committed bit using the plurality of hash functions and the masked value.
  11. 11 . The method of claim 9 , wherein the state received from the committer computer program comprises a first committer bitstring and a second committer bitstring.
  12. 12 . The method of claim 9 , further comprising: permuting, by the receiver computer program, the first receiver bitstring according to the random permutation; computing, by the receiver computer program, a receiver masked value for the committed bit using the first receiver bitstring and the plurality of hash functions; verifying, by the receiver computer program, that the receiver masked value for the committed bit is consistent with the masked value received from the committer computer program; and verifying, by the receiver computer program, that the committer bitstring is consistent with the receiver bitstring at indices in the first set of indices where basis choices match.
  13. 13 . The method of claim 9 , wherein the maximal quantum bit error rate dictates an amount of practical noise allowed over the quantum communication channel to be withstood while maintaining a desired security level.
  14. 14 . The method of claim 9 , wherein the state received from plurality of syndromes comprise information that configures the receiver computer program to use a decoding technique to correct errors in the first receiver bitstring.
  15. 15 . A system, comprising: a committer electronic device executing a committer computer program; a receiver electronic device executing a receiver computer program; and a quantum communication channel over which the committer electronic device and the receiver electronic device communicate quantum information; wherein: the committer computer program and the receiver computer program define a maximal quantum bit error rate over a quantum communication channel; the receiver computer program measures a first receiver bitstring by measuring a state received from the committer computer program over the quantum communication channel; the committer computer program verifies that a current quantum bit error rate for the quantum communication channel is no larger than the maximal quantum bit error rate; the committer computer program restricts a first committer bitstring and a second committer bitstring to a first set of indices; the committer computer program sends the second committer bitstring to the receiver computer program; the committer computer program commits to the first committer bitstring and the second committer bitstring using a statistically hiding or binding bit commitment scheme; the committer computer program chooses a random permutation on the first committer bitstring; the receiver computer program constructs and sends two sets of second indices to the committer computer program; the committer computer program corrects partitioned bits for the first receiver bitstring up to the maximal quantum bit error rate by constructing a plurality of syndromes that are partitioned by the two sets of second of indices; the committer computer program sends the plurality of syndromes to the receiver computer program; the receiver computer program corrects errors in a first receiver bitstring using the plurality of syndromes; the committer computer program permutes the first committer bitstring using the random permutation; the committer computer program partitions the first committer bitstring into a plurality of equal length substrings; and the committer computer program applies a random hash function to each of the equal length substrings and masking a value of a commitment bit using an output of the random hash functions.
  16. 16 . The system of claim 15 , wherein the committer computer program sends a qubit state to the receiver computer program comprising the first committer bitstring and a second committer bitstring.
  17. 17 . The system of claim 15 , wherein the committer computer program opens commitments to the first committer bitstring and the second committer bitstring and sends the committed bit to the receiver computer program.
  18. 18 . The system of claim 15 , wherein the receiver computer program receives a plurality of hash functions and masked values for a committed bit that are masked with an output of the plurality of hash functions from the committer computer program.
  19. 19 . The system of claim 18 , wherein the committer computer program sends the random hash functions and the receiver masked value to the receiver computer program, and the receiver computer program permutes the first receiver bitstring according to the random permutation, computes a receiver masked value for the committed bit using the first receiver bitstring and the plurality of hash functions, verifies that the receiver masked value for the committed bit is consistent with the masked value received from the committer computer program, and verifies that the committer bitstring is consistent with the receiver bitstring at indices where basis choices match.
  20. 20 . The system of claim 15 , wherein the maximal quantum bit error rate dictates an amount of practical noise allowed over the quantum communication channel.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention Embodiments are generally related to systems and methods for conducting composable quantum oblivious transfer over noisy quantum channels. 2. Description of the Related Art Oblivious transfer is a cryptographic primitive known to be universal for all secure multiparty computations (MPC), including many other common cryptographic protocols such as key-exchange and bit-commitment. There are a number of impossibility results, classically, regarding the construction of oblivious transfer from other cryptographic primitives; namely, they cannot be constructed from bit-commitment, nor from one-way functions. This impossibility, however, is not true in the context of quantum communication, where one may construct an oblivious transfer protocol given a quantum-hard one-way function. Examples of quantum enabled oblivious transfer are described in J. Bartusek, A. Coladangelo, D. Khurana, et al., “One-way functions imply secure computation in a quantum world,” in Annual International Cryptology Conference, Springer, pp. 467-496 (2021), C. Crépeau and J. Kilian. “Achieving oblivious transfer using weakened security assumptions (extended abstract)”. In 29th FOCS, pages 42-52. IEEE Computer Society Press, October 1988, C. Bennett, G. Brassard, C. Crépeau, and M. Skubiszewska. “Practical quantum oblivious transfer.” In Joan Feigenbaum, editor, CRYPTO′91, volume 576 of LNCS, pages 351-366. Springer, Heidelberg, August 1992, and M. Naor. “Bit commitment using pseudorandomness.” Journal of Cryptology, 4 (2): 151-158, January 1991. The disclosures of these documents are hereby incorporated, by reference, in their entireties. SUMMARY OF THE INVENTION Systems and methods for conducting composable quantum oblivious transfer over noisy quantum channels are disclosed. In one embodiment, a method for conducting sequentially composable quantum oblivious transfer over noisy quantum channels may include: (1) defining, by a committer computer program executed by a committer electronic device and with a receiver computer program executed by a receiver electronic device, to a maximal quantum bit error rate over a quantum communication channel; (2) verifying, by the committer computer program, that a current quantum bit error rate for a quantum communication between the committer electronic device and the receiver electronic device is no larger than the maximal quantum bit error rate; (3) restricting, by the committer computer program, a first committer bitstring and a second committer bitstring to a first set of indices; (4) sending, by the committer computer program, the second committer bitstring to the receiver computer program; (5) committing, by the committer computer program, to the first committer bitstring and the second committer bitstring using a statistically hiding or binding bit commitment scheme; (6) choosing, by the committer computer program, a random permutation on the first committer bitstring; (7) partitioning, by the committer computer program, the first committer bitstring into a plurality of equal length substrings; and (8) applying, by the committer computer program, a random hash function to each of the equal length substrings and masking a value of a commitment bit using an output of the random hash functions. In one embodiment, the method may also include sending, by the committer computer program, a sequence of qubit states to the receiver computer program as determined by the first committer bitstring and a second committer bitstring. In one embodiment, the method may also include opening, by the committer computer program, commitments to the first committer bitstring and the second committer bitstring; and sending, by the committer computer program, the committed bit to the receiver computer program. In one embodiment, the method may also include sending, by the committer computer program, the random hash functions and the receiver masked value to the receiver computer program, and the receiver computer program is configured to permute the first receiver bitstring according to the random permutation, compute a receiver masked value for the committed bit using the first receiver bitstring and the hash functions, verify that the receiver masked value for the committed bit is consistent with the masked value received from the committer computer program, and verify that the committer bitstring is consistent with the receiver bitstring at indices in the first set of indices where basis choices match. In one embodiment, the maximal quantum bit error rate dictates an amount of practical noise allowed over the quantum communication channel. In one embodiment, the committer computer program commits to the first committer bitstring and the second committer bitstring using a statistically hiding or binding bit commitment scheme. In one embodiment, the method may also include receiving, by the committer computer program and from the receiver computer program, two seco