Corelab Seminar

Marios Georgiou (NTUA)
Quantum Fair Exchange

The Quantum analogue of the Fair Exchange cryptographic primitive is studied. In a Fair Exchange we want to guarantee that two parties either will exchange their secrets or neither will learn each other?s secret. More specifically, the two parties, say Alice and Bob, interact running a Fair-Exchange protocol. We require two properties:
1. Completeness: When both parties are honest, then at the end they successfully exchange their secrets.
2. Soundness: When a party is dishonest then, either both learn the secrets or neither does. In other words, even if Alice is cheating, Bob will never be disadvantaged.
Two different approaches to solve the problem are suggested.
In the first one a slightly different definition is used, that of Simultaneous Exchange. In such a protocol, we require the following: in every moment of the protocol, Alice?s probability of guessing Bob?s secret is almost the same as Bob?s probability of guessing Alice?s secret. In this case we can guarantee information theoretic security: we create a quantum protocol such that even a computationally unbounded adversary cannot break it.
In the second approach we use the definition of Coin Ripping. Now Alice wants to exchange money for some product. Using some recent results such as public Key Quantum Money and Quantum secure Zero-Knowledge Proofs we create a protocol such that:
1. If Alice is cheating then the best she can succeed is to take the product and prevent Bob from being paid, but she will surely lose her coin.
2. If Bob is cheating then the best he can succeed is to make Alice lose her coin, but he will surely not get the coin.
In other words, there is no strategy that they can use in their favor, but there is a strategy that can harm the honest one. In this case we can guarantee computational security: a polynomially bound adversary has negligible probability of breaking the protocol.