Entropic security using conditional min-entropy
|
|
- Lewis Shields
- 6 years ago
- Views:
Transcription
1 Entropic security using conditional min-entropy Frédéric Dupuis and Simon Pierre Desrosiers March 4, Preliminary We will use the usual bra and ket notation for pure states where a unit length complex vector is written ψ = i α i i, where the i form a basis for the space in which the vector ψ is embeded and i α iα i = 11. A quantum state is axiomatically defined as a non-negative complex operator of trace equal to 1. By the spectral decomposition theorem ρ = i γ i r i r i, where the r i form a basis for the space in which the quantum state lives and the γ i are non-negative real numbers that sum up to one. This can be interpreted as saying that ρ is a source that will output with probability γ i the state r i if it is sampled in the base { r i }. By sampled, we meant the measurement of ρ in the eigen-basis of ρ. A special case for a basis is the computational basis. That is the set { i }, where i [a 1, a,..., a d ] T and for all j i we have that a j = 0 and a i = 1. If we take two quantum states, σ A and τ B, and put them side by side, the result is a state ρ AB which is equal to σ A σ B. The operator is the tensor operator which is defined for any two matrices X and Y as X 1,1 Y... X 1,n Y X Y = X m,1 Y... X m,n Y Note that the tensor product is not commutative in general. The partial trace is a kind of inverse to the tensor product operation. For any bi-partite state ρ AB, we have that ρ A = Tr A ρ AB ) ; the normal interpretation for such an operator is that if a physical state ρ AB lives in the space AB but one only has access to the space A to measure the state, then the statistics obtained can be explained using ρ B. 1 For a thorough introduction to quantum information theory, see [4]. We will present here only what is necessary to follow the proofs. To gain physical comprehension, the reader should refer himself to the provided reference. 1
2 Definitions Entropic security as introduced by Russel and Wang [6] and generalised by Dodis and Smith in [3] uses the definition of classical min-entropy to quantify the adversary s knowledge on the senders message space. Let M be a random variable that represent the message space and let M take value m with probability p m, where m p m = 1. Then the min entropy of M, written H M) is defined to be log max m p m ). Simon Pierre Desrosiers introduced in [] quantum versions of these security definition for the case where the eves dropper and the sender are not entangled. Then, the adversary s knowledge is represented by the quantum min-entropy of the adversary on the sender s state. The message space in this case is considered to be a valid interpretation {p i, σ i )} of a state ρ A = γ j j j = i p iσ i and where H ρ A ) = log max j γ j, where γ j j j is the spectral decomposition of ρ A. In this paper, we will show that we can fully generalise these security definition to a quantum setting. This time the only restriction on the adversary will be quantified by the following definition introduced by Renato Renner see [5]) in is proof that the BB84 scheme is secure in the most general setting! We shall make no other assumption on the sender-eves-dropper system than the eves dropper conditional min-entropy. Definition 1 Conditional min-entropie). For any valid state ρ shared between the eves-dropper and the sender, we define the conditional min-entropy of ρ relative to ρ E = Tr A ρ ) as H ρ ρ E ) = log λ, where λ is the minimum real number such that the Hermitian operator λi A ρ E ρ negative. is non Observe that the last operator is defined using the identity matrix on the A space and not the perfectly mixed state. We will also use the notation H A E) for H ρ ρ E ). One can prove a few properties about conditional min-entropy which will be handy later on. First, this Lemma : Lemma 1. Let the join state of the sender and the adversary be ρ AB = ρ A ρ B, then H AB B) = H ρ A ). Proof. The structure of ρ AB lets us write this equality. λi ρ B ρ AB = λi ρ A ) ρ B. We know that ρ B is positive, since it is a valid density operator, hence if we want this quantity to be positive, we need λi ρ A to be positive. This implies, since I commutes with everything, that λ = γ max, where γ max is the largest eigenvalue of ρ A. We can conclude from this lemma that if the sender and the adversary are not correlated, then the standard results of [] can be used. But there is a case which is still more general and yet implies no quantum correlation i.e. entanglement). We say a state ρ AB is separable if it can be written as ρ AB = i σa i τ B i. In this case, Lemma of Renato Renner s Ph.D Thesis [5] let s us conclude something interesting. This lemma tells us that??? blablabla confue mélangé besion d aide.
3 Lemma. For any bipartite state over we have H A E) t = Tr A [ρ ] t ρ E. Proof. H A E) t ρ t I ρ E Tr A [ρ ] t [ Tr A ρ I ρ E)] Tr A [ρ ] t ρ E Both [3] and [] presented security definitions equivalent in their respective models to the following two security definition. Definition Entropic Security). An encryption system E is t, ε)-entropically secure if for all states ρ such that H min ρ ρ E ) t, all interpretations {p j, σj )} and all adversaries A, there exists an A such that for all functions f, we have Pr[σ i )) = fσi )] Pr[A σi E ) = fσi )] ε. 1) Definition 3 Entropic Indistinguishability). An encryption system E is t, ɛ)-indistinguishable if for all states ρ such that H ρ ρ E ) t we have that: Eρ ) I ρ E < ɛ. ) 1 3 Equivalence between the two security definitions Theorem 1. t 1, ε/)-indistinguishability implies t, ε)-entropic security for all functions. Proof. Suppose there exists an adversary B, a state ρ such that H min ρ ρ E ) t, an interpretation { p j, σj ) } for ρ and a function f such that Pr[BEσi )) fσi )] Pr[B ρ E ) fσi )] > ε 3) for all adversaries B. Then we know that there exists another adversary and a predicate h such that t, ε/)-entropic security is violated. Let s call this adversary A and let ut define the sets E 0 and E 1 as follows: E 0 = { i hσ i ) = 0 } 4) E 1 = { i hσ i ) = 1 }. 5) 3
4 Let r 0 = p i, i E 0 r 1 = p i, i E 1 τ0 = 1 p i σi r 0 i E 0 ) and ) τ1 = 1 p i σi. r 1 i E 1 Note that ρ = r 0 τ 0 + r 1 τ 1. Now, define the following states: where, as usual, τ E i = Tr A [τ i ]. Lemma 3. H min τ 0 τ E 0 ) t 1, and H min τ 1 τ E 1 ) t 1. Proof. First, it is clear that τ E 0 = τ E 1 = ρ E. We then have First observe that max ψ ψ τ 0 ψ ψ I ρ E ψ r 0 max ψ max ψ τ 0 = r 0 τ 0 + r 1 I τ E 1 6) τ 1 = r 1 τ 1 + r 0 I τ E 0, 7) ψ τ0 ψ ψ τ0 + r1 ψ I ρ E max ψ ψ ψ τ0 ψ ψ I ρ E ψ + r ψ I d 1 max A τ1 E ψ ψ ψ I ρ E ψ. 1 ψ ψ I ρ E 1 t. ψ r 0 r 0 τ Second, using theorem from Renato Renner s thesis and the previous observation, we get max ψ ψ I τ1 E ψ ψ τ1 ψ ψ I ρ E max ψ ψ ψ I ρ E ψ 1 t. r 1 Combining these two results, we obtain max ψ ψ τ 0 ψ ψ I ρ E ψ t = t 1). Of course, an identical calculation yields the same result for τ 1. 4
5 To finish the proof, we need to show that A can distinguish E τ 0 ) from E τ 1 ). Assume that A can distinguish Eτ0 ) from Eτ1 ) in a r 0, r 1 mixture with probability η. Now assume that we feed it Eτ0 ) with probability 1/ and Eτ1 ) with probability 1/. Observe that this is exactly as if we gave it an r 0, r 1 mixture of Eτ0 ) and Eτ1 ) with probability 1/ and an r 1, r 0 mixture I of τ0 E and I τ1 E with probability 1/. Let s call the optimal probability of distinguishing these last two states α. We then have that the probability of distinguishing E τ 0 ) from E τ 1 ) using A is at least 1 η α) = η α). But we know that η α = Pr[τ i )) = i] max Pr[A τ E A i ) = i] > ε/. Hence, the probability of distinguishing E τ 0 ) from E τ 1 ) is at least 1/ + ε/4, which implies that E τ 0 ) E τ 1 ) > ε and therefore that there exists a state ω with H A E) t such that Eω ) I ω E > ε/. Theorem. t, ε)-entropic security implies t 1, 6ε)-indistinguishability as long as t n A 1. Proof. We will prove the contrapositive. Let ρ be a state such that H min ρ ρ E ) t 1 and Eρ ) I ρ E > 6ε. Consider the following state ρ = 1 3 ρ + I ρ E. 3 We can easily show that H min ρ ρ E ) = H min ρ ρ E ) t: ψ ρ ψ ψ I ρ E ψ = 1 ψ ρ ψ 3 ψ I ρ E ψ + ψ I ρ E ψ 3 ψ I ρ E ψ 1 3 t 1) = 3 t + 1 ) ) t + t 3 = t. 5
6 Since Eρ ) I ρ E > 6ε, we know that there exists an adversary that can distinguish Eρ ) from I ρ E with probability at least ε. Let s call this adversary A, and let s assume that it gives the right answer with probability η 1 when it is given Eρ ) and with probability η when it is given I ρ E. We then have 1 η 1 + η ) > ε. Let I 0 and I 1 be two states such that I 0 +I 1 )/ = I ρ E and I 0 I ρ E I1, I ρ E, Tr A I 0 ) = Tr A I 1 ) = ρ E. It is clear that ρ = 1 3 ρ I I 1. 8) Now, let s define a function h such that hρ ) = 0, hi 0 ) = 1, and hi 1 ) =. We will show that A violates entropic security on ρ, the interpretation given in 8) and the function h. First of all, it is clear that by having access only to Eve s system, no adversary can guess the value of h with a probability greater than 1/3. Let us now determine what A can do by having access to the encrypted version of ρ. When 0, we have: Pr[σ i )) = hσ i )] = 1 3 η 1 + η 3 = 1 3 η 1 + η ) > ε) 3 = ε. We then finally get Pr[σ i)) = hσ i )] 1 3 > ε which violates entropic security. 4 Two encryption schemes We shall first show a technical lemma which will be useful as an intermediate step for both encryption schemes. Lemma 4. For any valid bipartite state ρ, where Tr A [ρ ] = ρ E we have where is the dimension of the A space. [ ) ] [ Tr A ρ IA ρ E = Tr A ρ ] 1 ρ E, 6
7 Proof. By definition we have [ Tr A ρ I ) ] ρ E = Tr A [ρ ] [ )] I Tr A ρ ρ E + 1 ρ E. 9) Let us concentrate ourselves on the middle term of the right hand side. By the spectral decomposition theorem, there exists basis r i and j such that ρ E = i λ i r i r i and I ρ E = λ i i,j j j r i r i. So [ )] I Tr A ρ ρ E = Tr A ρ λ i j j r i r i d i,j A λ i = Tr A ρ j j r i r i d i A j = λ i [ Tr A ρ I A r i r i )] d i A = 1 λ i ρ E r i r i = ρe. Plugging this result in equation 9, we get the Lemma. i 4.1 A scheme based on delta-biased space We shall show that if HA E) t, then the Ambainis-Smith scheme, introduced in [1], is ε-secure using n A t + log n A + log 1 ε ) bits of key. To prove this, we first need to prove a few technical lemmas. Lemma 5. Tr A ρ Tr A ρ. Proof. Since the square root operator is concave and that a density operator is a convex combination of operators, we can conclude that for all projector P we have that P ρ P P ρ P. Hence, Tr A ρ = i I) ρ i I) i I)ρ i I) 1 = i I)ρ E i I) A 1 i I)ρ i I) = Tr A ρ 7
8 Lemma 6. For every hermitian matrix M on H A H E, Tr A [M ] = 1 Tr A [X u Z v I)M] Tr A [X u Z v I)M] Proof. We can easily show that u,v Tr A [M ] = ij Tr A [ i j A I E )M] Tr A [ i j A I E )M] Let s define a column vector of matrices W such that W m = Tr A [ i j A I E )M] where i = m and j = m mod n A. We now have Tr A [M ] = W W = W F F W, where F is a unitary matrix on vectors of dimension d A. In particular, we can choose F to be the unitary transformation i j 1 da X i Z j. This matrix exists since the Pauli matrices form an orthonormal basis for BH A ), as do the i j. Now, let s define W = F W. We then have W m = 1 da Tr A [X i Z j I E )M] and the statement immediately follows from the fact that Tr A [M ] = W F F W = W W. 0 n A 0 n A 0 n A 0 n A 0 n A 0 0 n A ca marche bien sur la ligne normal. Mais il n y a que 4 sortes de taille de police en mode math. Et donc dans le dernier cas, la taille pour n et pour A est la memes. En mettant des espaces negatifs, on obtient quelque chose de pas mal n A n A genre. Lemma 7. Tr A [Eρ ) I ρ E ) ] δ Tr A [ρ ]. Proof. Tr A [Eρ ) I ρ E ) ] = Tr A [Eρ ) ] 1 ρ E by lemma 4 = 1 = 1 u,v Tr A [X u Z v I)Eρ )] Tr A [X u Z v I)Eρ )] 1 ρ E uv 0 n A 0 n E δ uv 0 n A 0 n E δ uv = δ Tr A [ρ ]. Tr A [X u Z v I)Eρ )] Tr A [X u Z v I)Eρ )] Tr A [X u Z v I)ρ ] Tr A [X u Z v I)ρ ] Tr A [X u Z v I)ρ ] Tr A [X u Z v I)ρ ] 8
9 Lemma 8. Eρ ) I ρ E δ da t. Proof. Eρ ) I ρ E = Tr[Tr A[ Eρ ) I ρ d E ) ]] A Tr[ Tr A [Eρ ) I ρ d E ) ]] A Tr[ δ Tr A [ρ ]] = δ Tr[ Tr A [ρ ]]. Using Lemma we continue as follows: Eρ ) I ρ E δ Tr[ t ρ E ] = δ t Tr[ρ E ] = δ t. We are now ready to prove the main theorem: Theorem 3. If H A E) t, then the Ambainis-Smith scheme is ε-secure using n A t+ log n A + log 1 ε ) bits of key, where n A = log. Proof. If we choose δ ε/ n A t)/, we obtain log 1 ε ) bits of key. Eρ ) I ρ E ε with na t + log n A + 4. A scheme based on XOR-universal permutations Definition 4. Let H n = {h i } i I be a family of permutations over n bit strings. Consider the event A = h i x) h i y). We say the family H n is strongly-xor-universal if for all x, y and all a 0 we have Pr i I [A = a] 1 n. The family proposed in [3] naturally possesses this property. Notice that the probability of seeing A = a = 0 can be much larger than 1/ n : in fact it is equal to the collision probability of the input. 9
10 Proposition 1. Let H n be a strongly-xor-family of permutations. Consider the super-operator E k ρ) = i, X a Z b I E )ρ Z b X a I E ), where i is chosen at random uniformly over n bit strings and a b = h i k), where k is the secret key a b denotes the concatenation of the strings a and b). Then E is a quantum cipher. Theorem 4. The cipher of proposition 1 is t, ɛ)-indistinguishable for all state ρ H ρ ρ E ) t as long as H K) + H ρ ρ E ) n A + log1/ɛ). such that We will need the following lemma to complete the proof. Lemma 9. For a cipher as defined in Proposition 1, we have Tr A [ Eρ ) ] 1 I 1 [ K Tr A ρ ] + 1 ρ E Proof. The adversary s view can be written this way: ρ = Eρ) = E k,i [ i i X a Z b ρz b X a ], we have dropped the I E and the to simplify notation. Note that is the dimension of the input to E, but the output dimention is I. We are interested in the following quantity Tr Eρ) ). First note that Tr i i j j ) = δ ij, the diract function, and Tr A B) = Tr A) Tr B), for any operator A and B. SO Tr A Eρ) ) = 1 I Tr A Ek,k,i[X a Z b ρz b X a X c Z d ρz d X c ] ) 10) = 1 I Tr A Ek,k,i[Z d X c X a Z b ρz b X a X c Z d ρ] ) 11) = 1 I Tr A = 1 I Tr A = 1 I Tr A Ek,k,i[ 1) d c 1) d a X c X a Z d Z b ρz b X a X c Z d ρ] ) 1) Ek,k,i[ 1) d c ) 1) d a ) X c X a Z d Z b ρz b Z d X a X c ρ] ) 13) Eef,i [X e Z f ρz f X e ρ] ) 14) where a b = h i k) and c d = h i k ) and where k and k are independent instances of the key. Also e f = a c) b d) = a b) c d). By Definition 4, we know that the probability of seeing any string e f, different from zero, is bounded above by 1/ n. Let us divide Equation 14) into two terms, one for e f = 0 and the other for all the e f 0. Let us introduce the following notations: ρ ef instead of X e Z f ρz f X e and p ef for the probability that e f is observed. Thus, we can rewrite everything like this : Tr A Eρ) ) = 1 I Tr ρ A K + e,f where e f 0 ). p ef ρ ef ρ. 15) Observe two things: for all e f 0 we know that p ef 1/ n and 1 ef ρ n ef = I A / ρ E. Quantum mechanic also tells us that Tr ρσ) is the expectation of the observed eigenvalue if one X a Z b = X a 1Z b 1 X an Z bn if a = a 1... a n and b = b 1... b n. 10
11 measures the observable ρ on the state σ. A specific case is Tr I n ρ ) = 1/ n, since all eigenvalues of the perfectly mixed state are equal to 1/ n, the average can not be different from this number. Let A be the positive operator e,f p ef ρ ef. From the previous observations, we can conclude e f 0 that there exists a positive operator B such that A + B = I A / ρ E, i.e. B = e,f 1 p n ef )ρ ef and p 0 0 = 0. Therefore Tr A A + B)ρ) 1 ρ E, thus Tr A Aρ) + Tr A Bρ) 1 ρ E and finally Tr A Aρ) 1 ρ E. So we can rewrite Equation 15) this way: Tr A Eρ ) ) 1 I Which is equivalent to the lemma statement. Tr A Corollary 1. For a cipher as defined in Proposition 1, we have [ Tr A Eρ ) I ) ] ρ E 1 I K Tr Aρ ). ) ) ρ + 1 ρ E. 16) K Proof. This is easily proved by using Lemma 4 which says in our case: [ ) ] [ Tr A Eρ ) IA ρ E = Tr A Eρ ) ] 1 I Using the result of the previous Lemma 9), we get the result. 1 ρ E, And finaly we can prove Theorem 4. Proof. Well, trivially, we have Eρ ) I ρ E = Tr[Tr A[ Eρ ) I ρ d E ) ]] A Tr[ I Tr A [Eρ ) I ρ d E ) ]] A Tr[ K Tr A[ρ ]] = K Tr[ Tr A [ρ ]]. 11
12 Using Lemma we continue as follows: Eρ ) I ρ E = = K Tr[ t ρ E ] t Tr[ρ E ] K t. K Now, by hypothesis, we have H K) + H ρ ρ E ) n A + log1/ɛ), which can be transformed into log log K ) t log ɛ. Getting rid of the logs gives us t K ɛ. This in turn implies that Eρ ) I ρ E t ɛ, K which is the desired result. If one factors out log K in the last equation, we get n A t+ log 1 ɛ ) log K ). So, as long as the key length is larger than n A t+ log 1/ɛ), the scheme of Proposition 1 is a t, ɛ)-indistinguishable scheme. 5 Minimum requirement for the key length We can generalize the proof for the lower bound on the key length found in [3] to the quantum world and the conditional min entropy definition. Theorem 5. Any quantum encryption scheme which is t, ɛ)-entropically secure for inputs of length n requires a key of length at least n t 1. Proof. Let the ψ be a Bell state on n t qubits. So, by definition, assuming dimension of the A space is equal to the E space, we have that Tr A ψ ) = IE d E, where d E = n t)/. Let the input to the cipher be the state Tr ) B ψ U n+t, where U n+t simply a uniform classical random variable over n + t)/ bits. So is ρ = ψ ψ U A n+t. 1
13 Computing the conditional min-entropy is easy: H ρ ρ E ) = n t)/ + n + t)/ = t. We also know that for such a state, E A I E ) ψ U A n+t ) is statistically indistinguishable from I A Tr ) A ψ. It is well known that such a channel requires at least n t)/ 1 bits of key the minus one comes from the statistical relaxation to the security, where entanglement is present). Sadly, the proof of [3] for scheme using public coins, as 1, cannot be similarly generalised. References [1] Andris Ambainis andam Smith. Small pseudo-random families of matrices: Derandomizing approximate quantum encryption. In Klaus Jansen, Sanjeev Khanna, José D. P. Rolim, and Dana Ron, editors, APPROX-RANDOM, volume 31 of Lecture Notes in Computer Science, pages Springer, 004. [] Simon Pierre Desrosiers. Entropic security in quantum cryptography. quanthph, 007. [3] Yevgeniy Dodis andam Smith. Entropic security and the encryption of high entropy messages. Cryptology eprint Archive, Report 004/19, 004. urlhttp://eprint.iacr.org/. [4] M. A. Nielsen and Isaac L. Chuang. Quantum computation and quantum information. Cambridge University Press, New York, NY, USA, 000. [5] Renato Renner. Security of Quantum Key Distribution. PhD thesis, Swiss Federal Institute of Technology, 005. [6] Alexander Russell and Hong Wang. How to fool an unbounded adversary with a short key. In EUROCRYPT 0: Proceedings of the International Conference on the Theory anpplications of Cryptographic Techniques, pages , London, UK, 00. Springer-Verlag. 13
Entanglement: concept, measures and open problems
Entanglement: concept, measures and open problems Division of Mathematical Physics Lund University June 2013 Project in Quantum information. Supervisor: Peter Samuelsson Outline 1 Motivation for study
More informationIntroduction to Quantum Computing
Introduction to Quantum Computing Petros Wallden Lecture 3: Basic Quantum Mechanics 26th September 2016 School of Informatics, University of Edinburgh Resources 1. Quantum Computation and Quantum Information
More informationRandomness Extraction via δ-biased Masking in the Presence of a Quantum Attacker
Randomness Extraction via δ-iased Masking in the Presence of a Quantum Attacker Serge Fehr and Christian Schaffner CWI Amsterdam, The Netherlands {S.Fehr,C.Schaffner}@cwi.nl Abstract. Randomness extraction
More informationEFFICIENT SIMULATION FOR QUANTUM MESSAGE AUTHENTICATION
EFFICIENT SIMULATION FOR QUANTUM MESSAGE AUTHENTICATION Evelyn Wainewright Thesis submitted to the Faculty of Graduate and Postgraduate Studies in partial fulfillment of the requirements for the degree
More informationQUANTUM INFORMATION -THE NO-HIDING THEOREM p.1/36
QUANTUM INFORMATION - THE NO-HIDING THEOREM Arun K Pati akpati@iopb.res.in Instititute of Physics, Bhubaneswar-751005, Orissa, INDIA and Th. P. D, BARC, Mumbai-400085, India QUANTUM INFORMATION -THE NO-HIDING
More informationQuantum Entanglement- Fundamental Aspects
Quantum Entanglement- Fundamental Aspects Debasis Sarkar Department of Applied Mathematics, University of Calcutta, 92, A.P.C. Road, Kolkata- 700009, India Abstract Entanglement is one of the most useful
More informationLecture 4: Postulates of quantum mechanics
Lecture 4: Postulates of quantum mechanics Rajat Mittal IIT Kanpur The postulates of quantum mechanics provide us the mathematical formalism over which the physical theory is developed. For people studying
More informationEntropy in Classical and Quantum Information Theory
Entropy in Classical and Quantum Information Theory William Fedus Physics Department, University of California, San Diego. Entropy is a central concept in both classical and quantum information theory,
More informationConcentration of Measure Effects in Quantum Information. Patrick Hayden (McGill University)
Concentration of Measure Effects in Quantum Information Patrick Hayden (McGill University) Overview Superdense coding Random states and random subspaces Superdense coding of quantum states Quantum mechanical
More informationLecture: Quantum Information
Lecture: Quantum Information Transcribed by: Crystal Noel and Da An (Chi Chi) November 10, 016 1 Final Proect Information Find an issue related to class you are interested in and either: read some papers
More informationMP 472 Quantum Information and Computation
MP 472 Quantum Information and Computation http://www.thphys.may.ie/staff/jvala/mp472.htm Outline Open quantum systems The density operator ensemble of quantum states general properties the reduced density
More informationChapter 5. Density matrix formalism
Chapter 5 Density matrix formalism In chap we formulated quantum mechanics for isolated systems. In practice systems interect with their environnement and we need a description that takes this feature
More informationEntanglement Manipulation
Entanglement Manipulation Steven T. Flammia 1 1 Perimeter Institute for Theoretical Physics, Waterloo, Ontario, N2L 2Y5 Canada (Dated: 22 March 2010) These are notes for my RIT tutorial lecture at the
More informationMaximal Entanglement A New Measure of Entanglement
1 Maximal Entanglement A New Measure of Entanglement Salman Beigi School of Mathematics, Institute for Research in Fundamental Sciences IPM, Tehran, Iran arxiv:1405.50v1 [quant-ph] 11 May 014 Abstract
More informationPrivate quantum subsystems and error correction
Private quantum subsystems and error correction Sarah Plosker Department of Mathematics and Computer Science Brandon University September 26, 2014 Outline 1 Classical Versus Quantum Setting Classical Setting
More informationBasics on quantum information
Basics on quantum information Mika Hirvensalo Department of Mathematics and Statistics University of Turku mikhirve@utu.fi Thessaloniki, May 2016 Mika Hirvensalo Basics on quantum information 1 of 52 Brief
More informationLecture 14: Quantum information revisited
CPSC 59/69: Quantum Computation John Watrous, University of Calgary Lecture 4: Quantum information revisited March 4, 006 So far, this course has focused almost entirely on quantum algorithms The next
More informationBasics on quantum information
Basics on quantum information Mika Hirvensalo Department of Mathematics and Statistics University of Turku mikhirve@utu.fi Thessaloniki, May 2014 Mika Hirvensalo Basics on quantum information 1 of 49 Brief
More informationLecture Notes. Quantum Cryptography Week 2: The Power of Entanglement
Lecture Notes Quantum Cryptography Week : The Power of Entanglement This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Licence. Contents.1 Entanglement
More informationLecture 2: Perfect Secrecy and its Limitations
CS 4501-6501 Topics in Cryptography 26 Jan 2018 Lecture 2: Perfect Secrecy and its Limitations Lecturer: Mohammad Mahmoody Scribe: Mohammad Mahmoody 1 Introduction Last time, we informally defined encryption
More informationCS120, Quantum Cryptography, Fall 2016
CS10, Quantum Cryptography, Fall 016 Homework # due: 10:9AM, October 18th, 016 Ground rules: Your homework should be submitted to the marked bins that will be by Annenberg 41. Please format your solutions
More informationCS 290G (Fall 2014) Introduction to Cryptography Oct 23rdd, Lecture 5: RSA OWFs. f N,e (x) = x e modn
CS 290G (Fall 2014) Introduction to Cryptography Oct 23rdd, 2014 Instructor: Rachel Lin 1 Recap Lecture 5: RSA OWFs Scribe: Tiawna Cayton Last class we discussed a collection of one-way functions (OWFs),
More informationSecurity of Random Feistel Schemes with 5 or more Rounds
Security of Random Feistel Schemes with 5 or more Rounds Jacques Patarin Université de Versailles 45 avenue des Etats-Unis 78035 Versailles Cedex - France Abstract. We study cryptographic attacks on random
More informationA Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes
A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes Stefan Dziembowski Department of Computer Science University of Rome, La Sapienza Abstract. Forward-Secure Storage
More informationInvertible Quantum Operations and Perfect Encryption of Quantum States
Invertible Quantum Operations and Perfect Encryption of Quantum States Ashwin Naya U. Waterloo & Perimeter Pranab Sen TIFR September 20, 2006 Abstract In this note, we characterize the form of an invertible
More informationAn Introduction to Quantum Information. By Aditya Jain. Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata
An Introduction to Quantum Information By Aditya Jain Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata 1. Introduction Quantum information is physical information that is held in the state of
More informationQuantum Statistics -First Steps
Quantum Statistics -First Steps Michael Nussbaum 1 November 30, 2007 Abstract We will try an elementary introduction to quantum probability and statistics, bypassing the physics in a rapid first glance.
More informationQuantum entanglement and symmetry
Journal of Physics: Conference Series Quantum entanglement and symmetry To cite this article: D Chrucisi and A Kossaowsi 2007 J. Phys.: Conf. Ser. 87 012008 View the article online for updates and enhancements.
More informationIntroduction to Cryptology. Lecture 3
Introduction to Cryptology Lecture 3 Announcements No Friday Office Hours. Instead will hold Office Hours on Monday, 2/6 from 3-4pm. HW1 due on Tuesday, 2/7 For problem 1, can assume key is of length at
More informationQuantum Computing: Foundations to Frontier Fall Lecture 3
Quantum Computing: Foundations to Frontier Fall 018 Lecturer: Henry Yuen Lecture 3 Scribes: Seyed Sajjad Nezhadi, Angad Kalra Nora Hahn, David Wandler 1 Overview In Lecture 3, we started off talking about
More informationDECAY OF SINGLET CONVERSION PROBABILITY IN ONE DIMENSIONAL QUANTUM NETWORKS
DECAY OF SINGLET CONVERSION PROBABILITY IN ONE DIMENSIONAL QUANTUM NETWORKS SCOTT HOTTOVY Abstract. Quantum networks are used to transmit and process information by using the phenomena of quantum mechanics.
More informationDynamics and Quantum Channels
Dynamics and Quantum Channels Konstantin Riedl Simon Mack 1 Dynamics and evolutions Discussing dynamics, one has to talk about time. In contrast to most other quantities, time is being treated classically.
More information9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance.
9. Distance measures 9.1 Classical information measures How similar/close are two probability distributions? Trace distance Fidelity Example: Flipping two coins, one fair one biased Head Tail Trace distance
More informationLecture 4: Perfect Secrecy: Several Equivalent Formulations
Cryptology 18 th August 015 Lecture 4: Perfect Secrecy: Several Equivalent Formulations Instructor: Goutam Paul Scribe: Arka Rai Choudhuri 1 Notation We shall be using the following notation for this lecture,
More informationDensity Operators and Ensembles
qitd422 Density Operators and Ensembles Robert B. Griffiths Version of 30 January 2014 Contents 1 Density Operators 1 1.1 Introduction.............................................. 1 1.2 Partial trace..............................................
More informationQuantum Hashing for Finite Abelian Groups arxiv: v1 [quant-ph] 7 Mar 2016
Quantum Hashing for Finite Abelian Groups arxiv:1603.02209v1 [quant-ph] 7 Mar 2016 Alexander Vasiliev Abstract We propose a generalization of the quantum hashing technique based on the notion of the small-bias
More informationCLASSIFICATION OF COMPLETELY POSITIVE MAPS 1. INTRODUCTION
CLASSIFICATION OF COMPLETELY POSITIVE MAPS STEPHAN HOYER ABSTRACT. We define a completely positive map and classify all completely positive linear maps. We further classify all such maps that are trace-preserving
More informationExplicit bounds on the entangled value of multiplayer XOR games. Joint work with Thomas Vidick (MIT)
Explicit bounds on the entangled value of multiplayer XOR games Jop Briët Joint work with Thomas Vidick (MIT) Waterloo, 2012 Entanglement and nonlocal correlations [Bell64] Measurements on entangled quantum
More informationQuantum Entanglement and Error Correction
Quantum Entanglement and Error Correction Fall 2016 Bei Zeng University of Guelph Course Information Instructor: Bei Zeng, email: beizeng@icloud.com TA: Dr. Cheng Guo, email: cheng323232@163.com Wechat
More informationQuantum Entanglement, Quantum Cryptography, Beyond Quantum Mechanics, and Why Quantum Mechanics Brad Christensen Advisor: Paul G.
Quantum Entanglement, Quantum Cryptography, Beyond Quantum Mechanics, and Why Quantum Mechanics Brad Christensen Advisor: Paul G. Kwiat Physics 403 talk: December 2, 2014 Entanglement is a feature of compound
More informationThe Principles of Quantum Mechanics: Pt. 1
The Principles of Quantum Mechanics: Pt. 1 PHYS 476Q - Southern Illinois University February 15, 2018 PHYS 476Q - Southern Illinois University The Principles of Quantum Mechanics: Pt. 1 February 15, 2018
More informationIntroduction to Quantum Information Hermann Kampermann
Introduction to Quantum Information Hermann Kampermann Heinrich-Heine-Universität Düsseldorf Theoretische Physik III Summer school Bleubeuren July 014 Contents 1 Quantum Mechanics...........................
More informationEnsembles and incomplete information
p. 1/32 Ensembles and incomplete information So far in this course, we have described quantum systems by states that are normalized vectors in a complex Hilbert space. This works so long as (a) the system
More informationPseudorandom Generators
Outlines Saint Petersburg State University, Mathematics and Mechanics 2nd April 2005 Outlines Part I: Main Approach Part II: Blum-Blum-Shub Generator Part III: General Concepts of Pseudorandom Generator
More informationMultipartite entanglement in fermionic systems via a geometric
Multipartite entanglement in fermionic systems via a geometric measure Department of Physics University of Pune Pune - 411007 International Workshop on Quantum Information HRI Allahabad February 2012 In
More informationNotes for Lecture 27
U.C. Berkeley CS276: Cryptography Handout N27 Luca Trevisan April 30, 2009 Notes for Lecture 27 Scribed by Madhur Tulsiani, posted May 16, 2009 Summary In this lecture we begin the construction and analysis
More informationLecture Notes. edx Quantum Cryptography: Week 3
Lecture Notes edx Quantum Cryptography: Week 3 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Licence. Contents 3.1 When are two quantum states almost
More information)j > Riley Tipton Perry University of New South Wales, Australia. World Scientific CHENNAI
Riley Tipton Perry University of New South Wales, Australia )j > World Scientific NEW JERSEY LONDON. SINGAPORE BEIJING SHANSHAI HONG K0N6 TAIPEI» CHENNAI Contents Acknowledgments xi 1. Introduction 1 1.1
More informationLecture 19 October 28, 2015
PHYS 7895: Quantum Information Theory Fall 2015 Prof. Mark M. Wilde Lecture 19 October 28, 2015 Scribe: Mark M. Wilde This document is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike
More informationUnitary Process Discrimination with Error Margin
Unitary Process Discrimination with Error Margin DEX-SMI Workshop on Quantum Statistical Inference March 2-4, 2009, National Institute of Informatics (NII), Tokyo A. Hayashi (Fukui) T. Hashimoto (Fukui),
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationLecture Notes on Secret Sharing
COMS W4261: Introduction to Cryptography. Instructor: Prof. Tal Malkin Lecture Notes on Secret Sharing Abstract These are lecture notes from the first two lectures in Fall 2016, focusing on technical material
More informationMathematical Methods for Quantum Information Theory. Part I: Matrix Analysis. Koenraad Audenaert (RHUL, UK)
Mathematical Methods for Quantum Information Theory Part I: Matrix Analysis Koenraad Audenaert (RHUL, UK) September 14, 2008 Preface Books on Matrix Analysis: R. Bhatia, Matrix Analysis, Springer, 1997.
More informationIntroduction to Quantum Key Distribution
Fakultät für Physik Ludwig-Maximilians-Universität München January 2010 Overview Introduction Security Proof Introduction What is information? A mathematical concept describing knowledge. Basic unit is
More informationAdaptive Security of Compositions
emester Thesis in Cryptography Adaptive ecurity of Compositions Patrick Pletscher ETH Zurich June 30, 2005 upervised by: Krzysztof Pietrzak, Prof. Ueli Maurer Email: pat@student.ethz.ch In a recent paper
More informationLecture 11 September 30, 2015
PHYS 7895: Quantum Information Theory Fall 015 Lecture 11 September 30, 015 Prof. Mark M. Wilde Scribe: Mark M. Wilde This document is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike
More informationFourier analysis of boolean functions in quantum computation
Fourier analysis of boolean functions in quantum computation Ashley Montanaro Centre for Quantum Information and Foundations, Department of Applied Mathematics and Theoretical Physics, University of Cambridge
More informationQuantum boolean functions
Quantum boolean functions Ashley Montanaro 1 and Tobias Osborne 2 1 Department of Computer Science 2 Department of Mathematics University of Bristol Royal Holloway, University of London Bristol, UK London,
More informationBy allowing randomization in the verification process, we obtain a class known as MA.
Lecture 2 Tel Aviv University, Spring 2006 Quantum Computation Witness-preserving Amplification of QMA Lecturer: Oded Regev Scribe: N. Aharon In the previous class, we have defined the class QMA, which
More informationQuantum Information Types
qitd181 Quantum Information Types Robert B. Griffiths Version of 6 February 2012 References: R. B. Griffiths, Types of Quantum Information, Phys. Rev. A 76 (2007) 062320; arxiv:0707.3752 Contents 1 Introduction
More informationRANKS OF QUANTUM STATES WITH PRESCRIBED REDUCED STATES
RANKS OF QUANTUM STATES WITH PRESCRIBED REDUCED STATES CHI-KWONG LI, YIU-TUNG POON, AND XUEFENG WANG Abstract. Let M n be the set of n n complex matrices. in this note, all the possible ranks of a bipartite
More informationQubits vs. bits: a naive account A bit: admits two values 0 and 1, admits arbitrary transformations. is freely readable,
Qubits vs. bits: a naive account A bit: admits two values 0 and 1, admits arbitrary transformations. is freely readable, A qubit: a sphere of values, which is spanned in projective sense by two quantum
More informationIntroduction to Quantum Mechanics
Introduction to Quantum Mechanics R. J. Renka Department of Computer Science & Engineering University of North Texas 03/19/2018 Postulates of Quantum Mechanics The postulates (axioms) of quantum mechanics
More informationOn the Relation between Quantum Discord and Purified Entanglement
On the Relation between Quantum Discord and Purified Entanglement by Eric Webster A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics
More informationThe Indistinguishability of the XOR of k permutations
The Indistinguishability of the XOR of k permutations Benoit Cogliati, Rodolphe Lampe, Jacques Patarin University of Versailles, France Abstract. Given k independent pseudorandom permutations f 1,...,
More informationarxiv:quant-ph/ v2 11 Jan 2006
Locking of accessible information and implications for the security of quantum cryptography Robert König and Renato Renner Centre for Quantum Computation University of Cambridge United Kingdom Andor Bariska
More informationPseudorandom Generators
Principles of Construction and Usage of Pseudorandom Generators Alexander Vakhitov June 13, 2005 Abstract In this report we try to talk about the main concepts and tools needed in pseudorandom generators
More informationQuantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139
Quantum Error Correcting Codes and Quantum Cryptography Peter Shor M.I.T. Cambridge, MA 02139 1 We start out with two processes which are fundamentally quantum: superdense coding and teleportation. Superdense
More informationEntanglement Measures and Monotones
Entanglement Measures and Monotones PHYS 500 - Southern Illinois University March 30, 2017 PHYS 500 - Southern Illinois University Entanglement Measures and Monotones March 30, 2017 1 / 11 Quantifying
More informationHomework 3 - Solutions
Homework 3 - Solutions The Transpose an Partial Transpose. 1 Let { 1, 2,, } be an orthonormal basis for C. The transpose map efine with respect to this basis is a superoperator Γ that acts on an operator
More informationQuantum security proofs using semi-classical oracles
Quantum security proofs using semi-classical oracles Andris Ambainis University of Latvia Mike amburg Rambus Security Division September 24, 2018 Dominique Unruh University of Tartu Abstract We present
More informationMultivariate trace inequalities. David Sutter, Mario Berta, Marco Tomamichel
Multivariate trace inequalities David Sutter, Mario Berta, Marco Tomamichel What are trace inequalities and why we should care. Main difference between classical and quantum world are complementarity and
More informationQuantum Computation. Alessandra Di Pierro Computational models (Circuits, QTM) Algorithms (QFT, Quantum search)
Quantum Computation Alessandra Di Pierro alessandra.dipierro@univr.it 21 Info + Programme Info: http://profs.sci.univr.it/~dipierro/infquant/ InfQuant1.html Preliminary Programme: Introduction and Background
More informationEntropic Security and the Encryption of High Entropy Messages
Entropic Security and the Encryption of High Entropy Messages Yevgeniy Dodis New York University dodis@cs.nyu.edu Adam Smith Massachusetts Insitute of Technology asmith@theory.csail.mit.edu September 1,
More informationShift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3
Shift Cipher For 0 i 25, the ith plaintext character is shifted by some value 0 k 25 (mod 26). E.g. k = 3 a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y
More informationMajorization-preserving quantum channels
Majorization-preserving quantum channels arxiv:1209.5233v2 [quant-ph] 15 Dec 2012 Lin Zhang Institute of Mathematics, Hangzhou Dianzi University, Hangzhou 310018, PR China Abstract In this report, we give
More informationQuantum Entanglement and the Bell Matrix
Quantum Entanglement and the Bell Matrix Marco Pedicini (Roma Tre University) in collaboration with Anna Chiara Lai and Silvia Rognone (La Sapienza University of Rome) SIMAI2018 - MS27: Discrete Mathematics,
More informationQuantum Computing Lecture 2. Review of Linear Algebra
Quantum Computing Lecture 2 Review of Linear Algebra Maris Ozols Linear algebra States of a quantum system form a vector space and their transformations are described by linear operators Vector spaces
More informationThe query register and working memory together form the accessible memory, denoted H A. Thus the state of the algorithm is described by a vector
1 Query model In the quantum query model we wish to compute some function f and we access the input through queries. The complexity of f is the number of queries needed to compute f on a worst-case input
More informationError Reconciliation in QKD. Distribution
Error Reconciliation in Quantum Key Distribution Richard P. Brent MSI, ANU 1 October 2009 Abstract The problem of "error reconciliation" arises in Quantum Cryptography, which is more accurately described
More informationSome Introductory Notes on Quantum Computing
Some Introductory Notes on Quantum Computing Markus G. Kuhn http://www.cl.cam.ac.uk/~mgk25/ Computer Laboratory University of Cambridge 2000-04-07 1 Quantum Computing Notation Quantum Computing is best
More informationQuantum NP - Cont. Classical and Quantum Computation A.Yu Kitaev, A. Shen, M. N. Vyalyi 2002
Quantum NP - Cont. Classical and Quantum Computation A.Yu Kitaev, A. Shen, M. N. Vyalyi 2002 1 QMA - the quantum analog to MA (and NP). Definition 1 QMA. The complexity class QMA is the class of all languages
More informationEntanglement and Symmetry in Multiple-Qubit States: a geometrical approach
Entanglement and Symmetry in Multiple-Qubit States: a geometrical approach Gregg Jaeger Quantum Imaging Laboratory and College of General Studies Boston University, Boston MA 015 U. S. A. Abstract. The
More informationInformation quantique, calcul quantique :
Séminaire LARIS, 8 juillet 2014. Information quantique, calcul quantique : des rudiments à la recherche (en 45min!). François Chapeau-Blondeau LARIS, Université d Angers, France. 1/25 Motivations pour
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationPhysics 239/139 Spring 2018 Assignment 2 Solutions
University of California at San Diego Department of Physics Prof. John McGreevy Physics 39/139 Spring 018 Assignment Solutions Due 1:30pm Monday, April 16, 018 1. Classical circuits brain-warmer. (a) Show
More informationPh 219/CS 219. Exercises Due: Friday 20 October 2006
1 Ph 219/CS 219 Exercises Due: Friday 20 October 2006 1.1 How far apart are two quantum states? Consider two quantum states described by density operators ρ and ρ in an N-dimensional Hilbert space, and
More informationEME : extending EME to handle arbitrary-length messages with associated data
EME : extending EME to handle arbitrary-length messages with associated data (Preliminiary Draft) Shai Halevi May 18, 2004 Abstract We describe a mode of oepration EME that turns a regular block cipher
More informationEntanglement and information
Ph95a lecture notes for 0/29/0 Entanglement and information Lately we ve spent a lot of time examining properties of entangled states such as ab è 2 0 a b è Ý a 0 b è. We have learned that they exhibit
More informationIntroduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871
Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871 Lecture 1 (2017) Jon Yard QNC 3126 jyard@uwaterloo.ca TAs Nitica Sakharwade nsakharwade@perimeterinstitute.ca
More informationCPA-Security. Definition: A private-key encryption scheme
CPA-Security The CPA Indistinguishability Experiment PrivK cpa A,Π n : 1. A key k is generated by running Gen 1 n. 2. The adversary A is given input 1 n and oracle access to Enc k, and outputs a pair of
More informationQuantum Data Compression
PHYS 476Q: An Introduction to Entanglement Theory (Spring 2018) Eric Chitambar Quantum Data Compression With the basic foundation of quantum mechanics in hand, we can now explore different applications.
More informationQuantum Symmetrically-Private Information Retrieval
Quantum Symmetrically-Private Information Retrieval Iordanis Kerenidis UC Berkeley jkeren@cs.berkeley.edu Ronald de Wolf CWI Amsterdam rdewolf@cwi.nl arxiv:quant-ph/0307076v 0 Jul 003 Abstract Private
More informationPing Pong Protocol & Auto-compensation
Ping Pong Protocol & Auto-compensation Adam de la Zerda For QIP seminar Spring 2004 02.06.04 Outline Introduction to QKD protocols + motivation Ping-Pong protocol Security Analysis for Ping-Pong Protocol
More informationOn the pseudo-random generator ISAAC
On the pseudo-random generator ISAAC Jean-Philippe Aumasson FHNW, 5210 Windisch, Switzerland Abstract. This paper presents some properties of he deterministic random bit generator ISAAC (FSE 96), contradicting
More informationThe BB84 cryptologic protocol
The cryptologic protocol of quantum key distribution Dimitri Petritis Institut de recherche mathématique de Rennes Université de Rennes 1 et CNRS (UMR 6625) Vernam s ciphering Principles of coding and
More informationTeleportation of Quantum States (1993; Bennett, Brassard, Crepeau, Jozsa, Peres, Wootters)
Teleportation of Quantum States (1993; Bennett, Brassard, Crepeau, Jozsa, Peres, Wootters) Rahul Jain U. Waterloo and Institute for Quantum Computing, rjain@cs.uwaterloo.ca entry editor: Andris Ambainis
More informationStop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)
Journal of Computer Science 3 (6): 44-49, 7 ISSN 549-3636 7 Science Publications Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography) Iyed Ben Slimen, Olfa Trabelsi, Houria
More informationApplications of Semidefinite Programming in Quantum Cryptography
Applications of Semidefinite Programming in Quantum Cryptography by Jamie W. J. Sikora A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master
More informationQuantum Setting with Applications
in the Quantum Setting with Applications Frédéric Dupuis 1 Serge Fehr 2 Philippe Lamontagne 3 Louis Salvail 3 2 CWI, Amsterdam, The Netherlands 1 Faculty of Informatics, Masaryk University, Brno, Czech
More information