Uncloneable encryption (pp581-602)
        D. Gottesman
          doi: https://doi.org/10.26421/QIC3.6-2
Abstracts: Quantum states cannot be cloned. I show how to extend this property to classical messages encoded using quantum states, a task I call ``uncloneable encryption.'' An uncloneable encryption scheme has the property that an eavesdropper Eve not only cannot read the encrypted message, but she cannot copy it down for later decoding. She could steal it, but then the receiver Bob would not receive the message, and would thus be alerted that something was amiss. I prove that any authentication scheme for quantum states acts as a secure uncloneable encryption scheme. Uncloneable encryption is also closely related to quantum key distribution (QKD), demonstrating a close connection between cryptographic tasks for quantum states and for classical messages. Thus, studying uncloneable encryption and quantum authentication allows for some modest improvements in QKD protocols. While the main results apply to a one-time key with unconditional security, I also show uncloneable encryption remains secure with a pseudorandom key. In this case, to defeat the scheme, Eve must break the computational assumption behind the pseudorandom sequence before Bob receives the message, or her opportunity is lost. This means uncloneable encryption can be used in a non-interactive setting, where QKD is not available, allowing Alice and Bob to convert a temporary computational assumption into a permanently secure message.
Key words: encryption