Simulatable security for quantum protocols

Simulatable security for quantum protocolsD. Unruh (report, 2004).  [eprint]

Abstract: The notion of simulatable security (reactive simulatability, universal composability) is a powerful tool for allowing the modular design of cryptographic protocols (composition of protocols) and showing the security of a given protocol embedded in a larger one. Recently, these methods have received much attention in the quantum cryptographic community.

We give a short introduction to simulatable security in general and proceed by sketching the many different definitional choices together with their advantages and disadvantages.

Based on the reactive simulatability modelling of Backes, Pfitzmann and Waidner we then develop a quantum security model. By following the BPW modelling as closely as possible, we show that composable quantum security definitions for quantum protocols can strongly profit from their classical counterparts, since most of the definitional choices in the modelling are independent of the underlying machine model.

In particular, we give a proof for the simple composition theorem in our framework.