Noisy-storage model
It assumes that the quantum memory device of an attacker (adversary) trying to break the protocol is imperfect (noisy).
Quantum communication has proven to be extremely useful when it comes to distributing encryption keys.
It allows two distant parties Alice and Bob to expand a small initial secret key into an arbitrarily long secret key by sending qubits (quantum bits) to each other.
Most importantly, it can be shown that any eavesdropper trying to listen into their communication cannot intercept any information about the long key.
Yet, it has been shown that even quantum communication does not allow the secure implementation of many other two-party cryptographic tasks.
What sets these tasks apart from key distribution is that they aim to solve problems between two parties, Alice and Bob, who do not trust each other.
Unlike in quantum key distribution, Alice and Bob cannot collaborate to try and detect any eavesdropping activity.
Since tasks like secure identification are of practical interest, one is willing to make assumptions on how powerful the adversary can be.
Second, one assumes that the adversary has a limited amount of computing power, namely less than what is (thought to be) required to solve the chosen problem.
[6][7] Protocols are known that do (in principle) allow the secure implementation of any cryptographic task as long as the adversary's storage is small.
That is, the protocol effectively overflows his memory device leading to an inevitable lack on information for the adversary.
bits in order to execute it successfully can be broken by an adversary that can store more than about
Likewise, one now assumes that the adversary's quantum storage is limited to a certain number of qubits.
More generally, security is possible as long as the amount of information that the adversary can store in his memory device is limited.
In information theory such an imperfect memory device is also called a noisy channel.
introduced into the protocol, the adversary can only store quantum information in his noisy memory device.
For example, he can store an unlimited amount of classical information and perform any computation instantaneously.
The latter assumption also implies that he can perform any form of error correcting encoding before and after using the noisy memory device, even if it is computationally very difficult to do (i.e., it requires a long time).
It is furthermore experimentally relatively easy to create such qubits, making it possible to implement such protocols using currently available technology.
Techniques used depend on the protocol in question and include privacy amplification, error-correcting codes, min-entropy sampling, and interactive hashing.
To demonstrate that all two-party cryptographic tasks can be implemented securely, a common approach is to show that a simple cryptographic primitive can be implemented that is known to be universal for secure function evaluation.
In turn, oblivious transfer can be constructed from an even simpler building block known as weak string erasure in combination with cryptographic techniques such as privacy amplification.
All protocols proposed to date allow one of the parties (Alice) to have even an unlimited amount of noise-free quantum memory.
it is known that any two-party cryptographic task can be implemented securely by means of weak string erasure and oblivious transfer whenever any of the following conditions hold.
The three mutually unbiased bases are the same encodings as in the six-state protocol of quantum key distribution.
Using such basic primitives as building blocks is not always the most efficient way to solve a cryptographic task.
Specialized protocols targeted to solve specific problems are generally more efficient.
Examples of known protocols are The assumption of bounded-quantum-storage has also been applied outside the realm of secure function evaluation.
In particular, it has been shown that if the eavesdropper in quantum key distribution is memory bounded, higher bit error rates can be tolerated in an experimental implementation.
