Stelvio Cimato

Gabriele Gianini, Stelvio Cimato, Jianyi Lin et al.

Quantum encrypted cloning shows that an unknown quantum state can be distributed into multiple encrypted copies without contradicting the no-cloning theorem: each copy is unusable on its own, but can be redeemed together with a suitable quantum key. Recent work has related canonical encrypted-cloning protocols to particular forms of quantum secret sharing. Here we take the converse perspective: instead of mapping a given encrypted-cloning protocol into QSS, we use QSS access structures as a design library from which encrypted-cloning schemes can be extracted. The criterion is access-structural. A QSS scheme supports a quantum encrypted-cloning structure whenever it contains a family of qualified sets with a non-qualified common intersection. The common subsystem is interpreted as the key, while the non-common parts are interpreted as encrypted clones relative to that key. Thus quantum encrypted cloning does not require a new notion of recoverability beyond QSS; what changes is the operational reading of QSS constituents as a mechanism for delayed and alternative redemption opportunities. This viewpoint separates redemption from perfect secrecy. Perfect QSS yields encrypted-cloning schemes with forbidden non-qualified subsystems, whereas ramp QSS naturally allows intermediate, partially informative non-redeeming subsystems. The resulting framework broadens quantum encrypted cloning from a specific protocol to a general access-structure primitive. We illustrate the extraction principle with threshold-like, ramp, hierarchical, and compartmented architectures, showing how encrypted clones may be symmetric or asymmetric, individual or composite, perfectly hidden or leaky. Equivalently, these constructions can be viewed as overlapping erasure-recovery regions of an isometric quantum code. This establishes secret sharing as a systematic design language for encrypted quantum redundancy.

Gabriele Gianini, Omar Hasan, Corrrado Mio et al.

Encrypted cloning enables the redundant storage of an unknown qubit while remaining compatible with the no-cloning theorem, since only one clone can later be recovered through key-consuming decryption. Because encryption in this protocol is introduced to enable cloning-compatible redundancy rather than to guarantee confidentiality by design, its secrecy properties must be assessed explicitly. Here we classify the subsets of the encrypted-clone storage register into authorized, completely non-informative, and partially informative sets. We show that intermediate non-authorized subsets may retain only a restricted residual dependence on the input state, and we characterize exactly when this dependence occurs. The resulting leakage pattern is parity-dependent, revealing a structural confidentiality limitation of encrypted cloning.

Carlo Blundo, Stelvio Cimato

Role Based Access Control (RBAC) is a very popular access control model, for long time investigated and widely deployed in the security architecture of different enterprises. To implement RBAC, roles have to be firstly identified within the considered organization. Usually the process of (automatically) defining the roles in a bottom up way, starting from the permissions assigned to each user, is called {\it role mining}. In literature, the role mining problem has been formally analyzed and several techniques have been proposed in order to obtain a set of valid roles. Recently, the problem of defining different kind of constraints on the number and the size of the roles included in the resulting role set has been addressed. In this paper we provide a formal definition of the role mining problem under the cardinality constraint, i.e. restricting the maximum number of permissions that can be included in a role. We discuss formally the computational complexity of the problem and propose a novel heuristic. Furthermore we present experimental results obtained after the application of the proposed heuristic on both real and synthetic datasets, and compare the resulting performance to previous proposals