Two-way Unclonable Encryption with a vulnerable sender

Unclonable Encryption, introduced by Gottesman in 2003, is a quantum protocol that guarantees the secrecy of a successfully transferred classical message even when all keys leak at a later time. We propose an Unclonable Encryption protocol with the additional property that the sender's key material is allowed to leak even in the case of an unsuccessful run. This extra feature makes it possible to achieve secure quantum encryption even when one of the parties is unable to protect its keys against after-protocol theft. Such an asymmetry occurs e.g. in case of server-client scenarios, where the client device is resource-constrained and/or located in a hostile environment. Our protocol makes use of a bidirectional quantum channel in a manner similar to the two-way protocol LM05. Bob sends random qubit states to Alice. Alice flips the states in a way that depends on the message and a shared key, and sends the resulting states back to Bob. Bob recovers Alice's message by measuring the flips. We prove that our protocol satisfies the definition of unclonable encryption and additionally that the message remains secure even if all of Alice's keys leak after the protocol. Furthermore, we show that some of the key material can be safely re-used. Our security proof is formulated in terms of diamond norms, which makes it composable, and allows for noisy quantum channels. We work out the details only for the asymptotics in the limit of long messages. As a side result we construct a two-way QKD scheme with a high key rate. We show that its key rate is higher than the rate of the two-way QKD scheme LM05 proven for the case of independent channel noise.