-
Long-term secure distributed storage using quantum key distribution network with third-party verification
Authors:
Mikio Fujiwara,
Ryo Nojima,
Toyohiro Tsurumaru,
Shiho Moriai,
Masahiro Takeoka,
Masahide Sasaki
Abstract:
The quantum key distribution network with Vernam's One Time Pad encryption and secret sharing are powerful security tools to realize an information theoretically secure distributed storage system. In our previous work, a single-password-authenticated secret sharing scheme based on the QKD network and Shamir's secret sharing was experimentally demonstrated; it confirmed ITS data transmission, stora…
▽ More
The quantum key distribution network with Vernam's One Time Pad encryption and secret sharing are powerful security tools to realize an information theoretically secure distributed storage system. In our previous work, a single-password-authenticated secret sharing scheme based on the QKD network and Shamir's secret sharing was experimentally demonstrated; it confirmed ITS data transmission, storage, authentication, and integrity. To achieve data integrity, an ITS message authentication code tag is employed and a data owner of the secret sharing performs both the MAC tag generation and verification. However, for a scenario in which the data owner and end users are different entities, the above approach may not work since the data owner can cheat the end users. In this paper, we resolve this problem by proposing an ITS integrity protection scheme employing a third-party verification with time-stamp.
△ Less
Submitted 22 December, 2021;
originally announced December 2021.
-
The Present and Future of Discrete Logarithm Problems on Noisy Quantum Computers
Authors:
Yoshinori Aono,
Sitong Liu,
Tomoki Tanaka,
Shumpei Uno,
Rodney Van Meter,
Naoyuki Shinohara,
Ryo Nojima
Abstract:
The discrete logarithm problem (DLP) is the basis for several cryptographic primitives. Since Shor's work, it has been known that the DLP can be solved by combining a polynomial-size quantum circuit and a polynomial-time classical post-processing algorithm. Evaluating and predicting the instance size that quantum devices can solve is an emerging research topic. In this paper, we propose a quantita…
▽ More
The discrete logarithm problem (DLP) is the basis for several cryptographic primitives. Since Shor's work, it has been known that the DLP can be solved by combining a polynomial-size quantum circuit and a polynomial-time classical post-processing algorithm. Evaluating and predicting the instance size that quantum devices can solve is an emerging research topic. In this paper, we propose a quantitative measure based on the success probability of the post-processing algorithm to determine whether an experiment on a quantum device (or a classical simulator) succeeded. We also propose a procedure to modify bit strings observed from a Shor circuit to increase the success probability of a lattice-based post-processing algorithm. We report preliminary experiments conducted on IBM-Quantum quantum computers and near-future predictions based on noisy-device simulations. We conducted our experiments with the ibm_kawasaki device and discovered that the simplest circuit (7 qubits) from a 2-bit DLP instance achieves a sufficiently high success probability to proclaim the experiment successful. Experiments on another circuit from a slightly harder 2-bit DLP instance, on the other hand, did not succeed, and we determined that reducing the noise level by half is required to achieve a successful experiment. Finally, we give a near-term prediction based on required noise levels to solve some selected small DLP and integer factoring instances.
△ Less
Submitted 11 November, 2021;
originally announced November 2021.
-
Designing a Location Trace Anonymization Contest
Authors:
Takao Murakami,
Hiromi Arai,
Koki Hamada,
Takuma Hatano,
Makoto Iguchi,
Hiroaki Kikuchi,
Atsushi Kuromasa,
Hiroshi Nakagawa,
Yuichi Nakamura,
Kenshiro Nishiyama,
Ryo Nojima,
Hidenobu Oguri,
Chiemi Watanabe,
Akira Yamada,
Takayasu Yamaguchi,
Yuji Yamaoka
Abstract:
For a better understanding of anonymization methods for location traces, we have designed and held a location trace anonymization contest that deals with a long trace (400 events per user) and fine-grained locations (1024 regions). In our contest, each team anonymizes her original traces, and then the other teams perform privacy attacks against the anonymized traces. In other words, both defense a…
▽ More
For a better understanding of anonymization methods for location traces, we have designed and held a location trace anonymization contest that deals with a long trace (400 events per user) and fine-grained locations (1024 regions). In our contest, each team anonymizes her original traces, and then the other teams perform privacy attacks against the anonymized traces. In other words, both defense and attack compete together, which is close to what happens in real life. Prior to our contest, we show that re-identification alone is insufficient as a privacy risk and that trace inference should be added as an additional risk. Specifically, we show an example of anonymization that is perfectly secure against re-identification and is not secure against trace inference. Based on this, our contest evaluates both the re-identification risk and trace inference risk and analyzes their relationship. Through our contest, we show several findings in a situation where both defense and attack compete together. In particular, we show that an anonymization method secure against trace inference is also secure against re-identification under the presence of appropriate pseudonymization. We also report defense and attack algorithms that won first place, and analyze the utility of anonymized traces submitted by teams in various applications such as POI recommendation and geo-data analysis.
△ Less
Submitted 5 September, 2022; v1 submitted 21 July, 2021;
originally announced July 2021.
-
On Induction for Twisted Representations of Conformal Nets
Authors:
Ryo Nojima
Abstract:
For a given finite index inclusion of conformal nets $\mathcal{B}\subset \mathcal{A}$ and a group $G < \mathrm{Aut}(\mathcal{A}, \mathcal{B})$, we consider the induction and the restriction procedures for $G$-twisted representations. We define two induction procedures for $G$-twisted representations, which generalize the $α^{\pm}$-induction for DHR endomorphisms. One is defined with the opposite b…
▽ More
For a given finite index inclusion of conformal nets $\mathcal{B}\subset \mathcal{A}$ and a group $G < \mathrm{Aut}(\mathcal{A}, \mathcal{B})$, we consider the induction and the restriction procedures for $G$-twisted representations. We define two induction procedures for $G$-twisted representations, which generalize the $α^{\pm}$-induction for DHR endomorphisms. One is defined with the opposite braiding on the category of $G$-twisted representations as in $α^-$-induction. The other is also defined with the braiding, but additionally with the $G$-equivariant structure on the Q-system associated with $\mathcal{B}\subset \mathcal{A}$ and the action of $G$. We derive some properties and formulas for these induced endomorphisms in a similar way to the case of ordinary $α$-induction. We also show the version of $ασ$-reciprocity formula for our setting.
△ Less
Submitted 15 February, 2020;
originally announced February 2020.
-
Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing
Authors:
Mikio Fujiwara,
Atsushi Waseda,
Ryo Nojima,
Shiho Moriai,
Wakaha Ogata,
Masahide Sasaki
Abstract:
Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them…
▽ More
Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area.
△ Less
Submitted 2 July, 2016;
originally announced July 2016.