We give a new class of security definitions for authentication in the quantum setting. Our definitions capture and strengthen several existing definitions, including superposition attacks on classical authentication, as well as full authentication of quantum data. We argue that our definitions resolve some of the shortcomings of existing definitions. We then give several feasibility results for our strong definitions. As a consequence, we obtain several interesting results, including: (1) the classical Carter-Wegman authentication scheme with 3-universal hashing is secure against superposition attacks, as well as adversaries with quantum side information; (2) quantum authentication where the entire key can be reused if verification is successful; (3) conceptually simple constructions of quantum authentication; and (4) a conceptually simple QKD protocol.
View on arXiv