量子防篡改加密与其他密码学概念的关系 (Relating Quantum Tamper-Evident Encryption to Other Cryptographic Notions)

A quantum tamper-evident encryption scheme is a non-interactive symmetric-key encryption scheme mapping classical messages to quantum ciphertexts such that an honest recipient of a ciphertext can detect with high probability any meaningful eavesdropping. This quantum cryptographic primitive was first introduced by Gottesman in 2003. Beyond formally defining this security notion, Gottesman's work had three main contributions: showing that any quantum authentication scheme is also a tamper-evident scheme, noting that a quantum key distribution scheme can be constructed from any tamper-evident scheme, and constructing a prepare-and-measure tamper-evident scheme using only Wiesner states inspired by Shor and Preskill's proof of security for the BB84 quantum key distribution scheme. In this work, we further our understanding of tamper-evident encryption by formally relating it to other cryptographic primitives in an information-theoretic setting. In particular, we show that tamper evidence implies encryption, answering a question left open by Gottesman, we show that it can be constructed from any encryption scheme with revocation and vice-versa, and we formalize an existing sketch of a construction of quantum money from any tamper-evident encryption scheme. These results also yield as a corollary that any scheme allowing the revocation of a message must be an encryption scheme. Finally, we show separations between tamper evidence and other primitives, notably that tamper evidence does not imply authentication and does not imply uncloneable encryption.

翻译：量子防篡改加密方案是一种非交互式对称密钥加密方案，它将经典消息映射为量子密文，使得密文的合法接收者能够以高概率检测到任何有意义的窃听行为。这一量子密码学原语最早由Gottesman于2003年提出。除了正式定义该安全概念外，Gottesman的工作主要有三个贡献：证明任何量子认证方案同时也是防篡改方案；指出可以从任何防篡改方案构建量子密钥分发方案；以及仅使用受Shor和Preskill对BB84量子密钥分发方案安全性证明启发的Wiesner态，构建了一种制备-测量型防篡改方案。在本工作中，我们通过在信息论框架下将其与其他密码学原语进行形式化关联，进一步深化对防篡改加密的理解。具体而言，我们证明防篡改性蕴含加密性，这回答了Gottesman遗留的一个开放问题；我们证明可以从任何具有撤销功能的加密方案构造防篡改方案，反之亦然；并且我们形式化了现有从任意量子防篡改加密方案构建量子货币的构造草图。这些结果还推导出一个推论：任何允许消息撤销的方案必须是加密方案。最后，我们展示了防篡改性与其他原语之间的分离性，特别指出防篡改性不蕴含认证性，也不蕴含不可克隆加密性。