Quantum to Classical Randomness Extractors
Size: px
Start display at page:

Download "Quantum to Classical Randomness Extractors"

Transcription

1 Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, Stephanie Wehner - Full version preprint available at arxiv: v3 08/23/ CRYPTO University of California, Santa Barbara

2 Outline (Classical to Classical) Randomness Extractors

3 Outline (Classical to Classical) Randomness Extractors Main Contribution: Quantum to Classical Randomness Extractors

4 Outline (Classical to Classical) Randomness Extractors Main Contribution: Quantum to Classical Randomness Extractors Application: Security in the oisy-storage Model

5 Outline (Classical to Classical) Randomness Extractors Main Contribution: Quantum to Classical Randomness Extractors Application: Security in the oisy-storage Model Entropic Uncertainty Relations with Quantum Side Information

6 Outline (Classical to Classical) Randomness Extractors Main Contribution: Quantum to Classical Randomness Extractors Application: Security in the oisy-storage Model Entropic Uncertainty Relations with Quantum Side Information Conclusions / Open Problems

7 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q

8 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,...

9 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,... Function: f( = 1,..., q )=M

10 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,... Function: f( = 1,..., q )=M Ex: Pr[ i = 0] = 2 3 Pr[ i = 1] = 1 3 M = f( )= mod 2 Pr[M = 0] 0.52

11 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,... Function: f( = 1,..., q )=M Ex: Pr[ i = 0] = 2 3 Pr[ i = 1] = 1 3 M = f( )= mod 2 Pr[M = 0] 0.52 Only minimal guarantee about the randomness of the source, high minentropy: H min () P = log max. n P (n) = log p guess () P

12 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,... Function: f( = 1,..., q )=M Ex: Pr[ i = 0] = 2 3 Pr[ i = 1] = 1 3 M = f( )= mod 2 Pr[M = 0] 0.52 Only minimal guarantee about the randomness of the source, high minentropy: H min () P = log max. n P (n) = log p guess () P ot possible to obtain randomness using a deterministic function, invest a small amount of perfect randomness: f Seed M = f ()

13 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,... Function: f( = 1,..., q )=M Ex: Pr[ i = 0] = 2 3 Pr[ i = 1] = 1 3 M = f( )= mod 2 Pr[M = 0] 0.52 Only minimal guarantee about the randomness of the source, high minentropy: H min () P = log max. n P (n) = log p guess () P ot possible to obtain randomness using a deterministic function, invest a small amount of perfect randomness: f Seed Lost randomness? Strong extractors: (M,) are jointly uniform. M = f ()

14 Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source = 1, 2,..., q Ex: Pr[ 1 = 0] = , Pr[ 2 = 0] = ,... Function: f( = 1,..., q )=M Ex: Pr[ i = 0] = 2 3 Pr[ i = 1] = 1 3 M = f( )= mod 2 Pr[M = 0] 0.52 Only minimal guarantee about the randomness of the source, high minentropy: H min () P = log max. n P (n) = log p guess () P ot possible to obtain randomness using a deterministic function, invest a small amount of perfect randomness: f Seed Lost randomness? Strong extractors: (M,) are jointly uniform. Applications in information theory, cryptography and computational complexity theory [1,2]. M = f () [1] isan and Zuckerman, JCSS 52:43, 1996 [2] Vadhan,

15 Classical to Classical (CC)-Randomness Extractors (II) eal with prior knowledge (trivial for classical side information [3]), in general problematic for quantum side information [4]! Source described by classical-quantum (cq)- state: E = X n p n nihn n E. [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007

16 Classical to Classical (CC)-Randomness Extractors (II) eal with prior knowledge (trivial for classical side information [3]), in general problematic for quantum side information [4]! Source described by classical-quantum (cq)- state: E = X n p n nihn n E. f Mix iscard M E E k ME E = X n id p n nihn n E id M M Ek 1 apple " kxk 1 =tr[ p X X] [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007

17 Classical to Classical (CC)-Randomness Extractors (II) eal with prior knowledge (trivial for classical side information [3]), in general problematic for quantum side information [4]! Source described by classical-quantum (cq)- state: E = X n p n nihn n E. f Mix iscard M E E k ME E = X n id p n nihn n E id M M Ek 1 apple " kxk 1 =tr[ p X X] Guarantee about conditional min-entropy of the source: H min ( E) = log p guess ( E). [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007

18 Classical to Classical (CC)-Randomness Extractors (II) eal with prior knowledge (trivial for classical side information [3]), in general problematic for quantum side information [4]! Source described by classical-quantum (cq)- state: E = X n p n nihn n E. f Mix iscard M E E k ME E = X n id p n nihn n E id M M Ek 1 apple " kxk 1 =tr[ p X X] Guarantee about conditional min-entropy of the source: H min ( E) = log p guess ( E). Ex: Two-universal hashing / privacy amplification [5]. For all cq-states E with, we have for M =2 k " 2. id M H min ( E) k k ME M Ek 1 apple " Strong (k, ") extractor (against quantum side information), = O(). [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007 [5] Renner, Ph Thesis, ETHZ, 2005

19 Quantum to Classical (QC)-Randomness Extractors - efinition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source?

20 Quantum to Classical (QC)-Randomness Extractors - efinition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source? E E Measure M Mix id M Measurement iscard k ME id M M Ek 1 apple " M E

21 Quantum to Classical (QC)-Randomness Extractors - efinition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source? E E Measure M Mix id M Measurement iscard k ME id M M Ek 1 apple " M E Idea: Same setup as in the classical case (no control of the source)! Only guarantee about the conditional min-entropy [6]: X H min ( E) = log max E! 0 F ( 0, (id E! 0)( E )) i 0 = 1 p n=1 F (, )=k p p k 2 1 ni ni 0 [6] König et al., IEEE TIT 55:4674, 2009

22 Quantum to Classical (QC)-Randomness Extractors - efinition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source? E E Measure M Mix id M Measurement iscard k ME id M M Ek 1 apple " M E Idea: Same setup as in the classical case (no control of the source)! Only guarantee about the conditional min-entropy [6]: X H min ( E) = log max E! 0 F ( 0, (id E! 0)( E )) i 0 = 1 p Can get negative for entangled input states, in fact for MES: H min ( E) = log. [6] König et al., IEEE TIT 55:4674, 2009 n=1 F (, )=k p p k 2 1 ni ni 0

23 Quantum to Classical (QC)-Randomness Extractors - efinition (II) Mix Meas. (M, \M ) isc. M

24 Quantum to Classical (QC)-Randomness Extractors - efinition (II) Mix Meas. (M, \M ) isc. M U d!m (.) = X m2m,j2 \M hmj (.) mji mihm M

25 Quantum to Classical (QC)-Randomness Extractors - efinition (II) Mix Meas. (M, \M ) isc. M U d!m (.) = X m2m,j2 \M hmj (.) mji mihm M efinition: A set of unitaries {U 1,...,U } defines a strong (k, ") qc-extractor (against quantum side information) if for any state E with H min ( E) k, k 1 X!M (U i E U i ) iihi i=1 id M M Ek 1 apple ".

26 Quantum to Classical (QC)-Randomness Extractors - efinition (II) Mix Meas. (M, \M ) isc. M U d!m (.) = X m2m,j2 \M hmj (.) mji mihm M efinition: A set of unitaries {U 1,...,U } defines a strong (k, ") qc-extractor (against quantum side information) if for any state E with H min ( E) k, k 1 X!M (U i E U i ) iihi i=1 id M M Ek 1 apple ". Without side information, this corresponds to -metric uncertainty relations [7]. " [7] Fawzi et al., STOC, 2011

27 Quantum to Classical (QC)-Randomness Extractors - efinition (II) Mix Meas. (M, \M ) isc. M U d!m (.) = X m2m,j2 \M hmj (.) mji mihm M efinition: A set of unitaries {U 1,...,U } defines a strong (k, ") qc-extractor (against quantum side information) if for any state E with H min ( E) k, k 1 X!M (U i E U i ) iihi i=1 Without side information, this corresponds to -metric uncertainty relations [7]. Fully quantum versions of this: decoupling theorems (quantum coding theory) [8], quantum state randomization [9], quantum extractors [10]: quantum to quantum (qq)-randomness extractors! id M M Ek 1 apple ". " M [7] Fawzi et al., STOC, 2011 [8] upuis, Ph Thesis, McGill, 2009 [9] Hayden et al., CMP 250:371, 2004 [10] Ben-Aroya et al., TOC 6:47, 2010

28 Quantum to Classical (QC)-Randomness Extractors - Parameters Mix Meas. (M, \M ) isc. M U i Probabilistic construction (random unitaries).

29 Quantum to Classical (QC)-Randomness Extractors - Parameters Mix Meas. (M, \M ) isc. M U i Output size: M =min{, 2 k 4 } Seed size: = M log " 4 Probabilistic construction (random unitaries).

30 Quantum to Classical (QC)-Randomness Extractors - Parameters Mix Meas. (M, \M ) isc. M U i Output size: M =min{, 2 k 4 } Seed size: = M log " 4 Converse bounds. Probabilistic construction (random unitaries).

31 Quantum to Classical (QC)-Randomness Extractors - Parameters Mix Meas. (M, \M ) isc. M U i Output size: M =min{, 2 k 4 } Seed size: = M log " 4 Converse bounds. Probabilistic construction (random unitaries). Output size:, where (smooth entropies [5,11]). Seed size: " 1 M apple 2 k " 2 k " = H min( E) " = max H min( E) 2B " ( ) [5] Renner, Ph Thesis, ETHZ, 2005 [11] Tomamichel, Ph Thesis ETHZ, 2012

32 Quantum to Classical (QC)-Randomness Extractors - Parameters Mix Meas. (M, \M ) isc. M U i Output size: M =min{, 2 k 4 } Seed size: = M log " 4 Converse bounds. Probabilistic construction (random unitaries). Output size:, where (smooth entropies [5,11]). Seed size: " 1 M apple 2 k " 2 k " = H min( E) " = max H min( E) 2B " ( ) Huge gap! We know that our proof technique can only yield " 2 min{ 2 k 1,M/4} [12]. [5] Renner, Ph Thesis, ETHZ, 2005 [11] Tomamichel, Ph Thesis ETHZ, 2012 [12] Fawzi, Ph Thesis, McGill, 2012

33 Quantum to Classical (QC)-Randomness Extractors - Parameters Mix Meas. (M, \M ) isc. M U i Output size: M =min{, 2 k 4 } Seed size: = M log " 4 Converse bounds. Probabilistic construction (random unitaries). Output size:, where (smooth entropies [5,11]). Seed size: " 1 M apple 2 k " 2 k " = H min( E) " = max H min( E) 2B " ( ) Find explicit constructions! Huge gap! We know that our proof technique can only yield " 2 min{ 2 k 1,M/4} [12]. [5] Renner, Ph Thesis, ETHZ, 2005 [11] Tomamichel, Ph Thesis ETHZ, 2012 [12] Fawzi, Ph Thesis, McGill, 2012

34 Quantum to Classical (QC)-Randomness Extractors - Explicit Constructions Mix Meas. (M, \M ) isc. M U i

35 Quantum to Classical (QC)-Randomness Extractors - Explicit Constructions Mix Meas. (M, \M ) isc. M U i (Almost) unitary two-designs reproduce second moment of random unitaries [8,13]: M =min{, 2 k 2 } = O( 4 ) [8] upuis, Ph Thesis, McGill, 2009 [13] Szehr et al., arxiv: v1

36 Quantum to Classical (QC)-Randomness Extractors - Explicit Constructions Mix Meas. (M, \M ) isc. M U i (Almost) unitary two-designs reproduce second moment of random unitaries [8,13]: M =min{, 2 k 2 } = O( 4 ) Set of unitaries defined by a full set of mutually unbiased bases together with two-wise independent permutations: M =min{, 2 k 2 } = ( + 1) 2 [8] upuis, Ph Thesis, McGill, 2009 [13] Szehr et al., arxiv: v1

37 Quantum to Classical (QC)-Randomness Extractors - Explicit Constructions Mix Meas. (M, \M ) isc. M U i (Almost) unitary two-designs reproduce second moment of random unitaries [8,13]: M =min{, 2 k 2 } = O( 4 ) Set of unitaries defined by a full set of mutually unbiased bases together with two-wise independent permutations: M =min{, 2 k 2 } = ( + 1) 2 Bitwise qc-extractors! Let =2 n,m =2 m. Set of unitaries defined by a full set of mutually unbiased bases for each qubit, { X, Y, Z} n, together with two-wise independent permutations: M = O( log 3 1 " 4 ) min{1, 2 k } = ( 1) 3 log [8] upuis, Ph Thesis, McGill, 2009 [13] Szehr et al., arxiv: v1

38 Application: Two-Party Cryptography Example: secure function evaluation. x y f f(x,y)

39 Application: Two-Party Cryptography Example: secure function evaluation.?????? x y f Should not learn y f(x,y) Should not learn x

40 Application: Two-Party Cryptography Example: secure function evaluation.?????? x y f Should not learn y ot possible to solve without assumptions [17]. f(x,y) Should not learn x [17] Lo, PRA 56:1154, 1997

41 Application: Two-Party Cryptography Example: secure function evaluation.?????? x y f f(x,y) Should not learn x Should not learn y ot possible to solve without assumptions [17]. Classical assumptions are typically computational assumptions (e.g. factoring is hard). [17] Lo, PRA 56:1154, 1997

42 Application: Two-Party Cryptography Example: secure function evaluation.?????? x y f Should not learn y ot possible to solve without assumptions [17]. f(x,y) Should not learn x Classical assumptions are typically computational assumptions (e.g. factoring is hard). Physical assumption: bounded quantum storage [18], secure function evaluation becomes possible [19]. [17] Lo, PRA 56:1154, 1997 [18] amgård et al., CRYPTO, 2007 [19] König et al., IEEE TIT 58:1962, 2012

43 Application: Security in the oisy- Storage Model [20] What the adversary can do: computationally all powerful, unlimited classical storage, actions are instantaneous, BUT noisy (bounded) quantum storage. [20] Wehner et al., PRL 100:220502, 2008

44 Application: Security in the oisy- Storage Model [20] What the adversary can do: computationally all powerful, unlimited classical storage, actions are instantaneous, BUT noisy (bounded) quantum storage. [20] Wehner et al., PRL 100:220502, 2008

45 Application: Security in the oisy- Storage Model [20] What the adversary can do: computationally all powerful, unlimited classical storage, actions are instantaneous, BUT noisy (bounded) quantum storage. Basic idea: protocol will have have waiting times, in which noisy storage must be used! [20] Wehner et al., PRL 100:220502, 2008

46 Application: Security in the oisy- Storage Model [20] What the adversary can do: computationally all powerful, unlimited classical storage, actions are instantaneous, BUT noisy (bounded) quantum storage. Basic idea: protocol will have have waiting times, in which noisy storage must be used! Implement task weak string erasure (sufficient [21]). Using bitwise qc-randomness extractors, we can link security to the entanglement fidelity (quantum capacity) of the noisy quantum storage (improves [19,22])! [20] Wehner et al., PRL 100:220502, 2008 [21] Kilian, STOC, 1998 [19] König et al., IEEE TIT 58:1962, 2012 [22] B. et al., IEEE ISIT, 2012

47 Entropic Uncertainty Relations with Quantum Side Information Review article [14]. Given a quantum state these relations usually take the form (where H(K ) = 1 X H(K i = i) const(k). i=1 {K 1,...,K } H(.) and a set of measurements denotes e.g. the Shannon entropy): [14] Wehner and Winter., JP 12:025009, 2010

48 Entropic Uncertainty Relations with Quantum Side Information Review article [14]. Given a quantum state these relations usually take the form (where H(K ) = 1 {K 1,...,K } H(.) and a set of measurements denotes e.g. the Shannon entropy): Idea of [15]: add quantum side information! Start with a bipartite quantum state and a set of measurements {K 1,...,K } on A: H(K E)= 1 here H(A) = tr[ A log A ], the von eumann entropy, and its conditional version H(A B) = H(AB) X H(K i = i) const(k). i=1 X H(K i E = i) const(k)+h(a E), i=1 H(B) (which can get negative for entangled input states!). AE [14] Wehner and Winter., JP 12:025009, 2010 [15] B. et al., P 6:659, 2010

49 Entropic Uncertainty Relations with Quantum Side Information Review article [14]. Given a quantum state these relations usually take the form (where H(K ) = 1 {K 1,...,K } H(.) and a set of measurements denotes e.g. the Shannon entropy): Idea of [15]: add quantum side information! Start with a bipartite quantum state and a set of measurements {K 1,...,K } on A: H(K E)= 1 here H(A) = tr[ A log A ], the von eumann entropy, and its conditional version H(A B) = H(AB) X H(K i = i) const(k). i=1 X H(K i E = i) const(k)+h(a E), i=1 H(B) (which can get negative for entangled input states!). QC-extractors (against quantum side information) give entropic uncertainty relations with quantum side information! Entropic uncertainty relations with quantum side information together with ccextractors give qc-extractors (against quantum side information) [16]! AE [14] Wehner and Winter., JP 12:025009, 2010 [15] B. et al., P 6:659, 2010 [16] B./Wehner/Coles, unpublished

50 Conclusions / Open Problems efinition of quantum to classical (qc)-randomness extractors. Probabilistic and explicit constructions as well as converse bounds. Security in the noisy-storage model linked to the quantum capacity. Close relation to entropic uncertainty relations with quantum side information.

51 Conclusions / Open Problems efinition of quantum to classical (qc)-randomness extractors. Probabilistic and explicit constructions as well as converse bounds. Security in the noisy-storage model linked to the quantum capacity. Close relation to entropic uncertainty relations with quantum side information. Relation between qq-, qc-, and cc-extractors?

52 Conclusions / Open Problems efinition of quantum to classical (qc)-randomness extractors. Probabilistic and explicit constructions as well as converse bounds. Security in the noisy-storage model linked to the quantum capacity. Close relation to entropic uncertainty relations with quantum side information. Relation between qq-, qc-, and cc-extractors? Seed length:. We believe that at least = polylog() might be possible (cf. cc-extractors against quantum side information [23]). However, our proof technique can only yield " 2 min{ 2 k 1,M/4}[12]. " 1 apple apple M log " 4 [23] Ve et al., arxiv: v3 [12] Fawzi, Ph Thesis, McGill, 2012

53 Conclusions / Open Problems efinition of quantum to classical (qc)-randomness extractors. Probabilistic and explicit constructions as well as converse bounds. Security in the noisy-storage model linked to the quantum capacity. Close relation to entropic uncertainty relations with quantum side information. Relation between qq-, qc-, and cc-extractors? Seed length:. We believe that at least = polylog() might be possible (cf. cc-extractors against quantum side information [23]). However, our proof technique can only yield " 2 min{ 2 k 1,M/4}[12]. " 1 apple apple M log " 4 Bitwise qc-randomness extractor for { X, Z} n (BB84) encoding? Improve bound for { X, Y, Z} n (six-state) encoding for large n? [23] Ve et al., arxiv: v3 [12] Fawzi, Ph Thesis, McGill, 2012

Similar documents

Classical and Quantum Channel Simulations

Classical and Quantum Channel Simulations Classical and Quantum Channel Simulations Mario Berta (based on joint work with Fernando Brandão, Matthias Christandl, Renato Renner, Joseph Renes, Stephanie Wehner, Mark Wilde) Outline Classical Shannon

More information

Quantum Technologies for Cryptography

Quantum Technologies for Cryptography University of Sydney 11 July 2018 Quantum Technologies for Cryptography Mario Berta (Department of Computing) marioberta.info Quantum Information Science Understanding quantum systems (e.g., single atoms

More information

Quantum Bilinear Optimisation

Quantum Bilinear Optimisation Quantum Bilinear Optimisation ariv:1506.08810 Mario Berta (IQIM Caltech), Omar Fawzi (ENS Lyon), Volkher Scholz (Ghent University) March 7th, 2016 Louisiana State University Quantum Bilinear Optimisation

More information

Entropy Accumulation in Device-independent Protocols

Entropy Accumulation in Device-independent Protocols Entropy Accumulation in Device-independent Protocols QIP17 Seattle January 19, 2017 arxiv: 1607.01796 & 1607.01797 Rotem Arnon-Friedman, Frédéric Dupuis, Omar Fawzi, Renato Renner, & Thomas Vidick Outline

More information

Transmitting and Hiding Quantum Information

Transmitting and Hiding Quantum Information 2018/12/20 @ 4th KIAS WORKSHOP on Quantum Information and Thermodynamics Transmitting and Hiding Quantum Information Seung-Woo Lee Quantum Universe Center Korea Institute for Advanced Study (KIAS) Contents

More information

Quantum rate distortion, reverse Shannon theorems, and source-channel separation

Quantum rate distortion, reverse Shannon theorems, and source-channel separation Quantum rate distortion, reverse Shannon theorems, and source-channel separation ilanjana Datta, Min-Hsiu Hsieh, Mark Wilde (1) University of Cambridge,U.K. (2) McGill University, Montreal, Canada Classical

More information

ACENTRAL goal of information theory is the (quantitative)

ACENTRAL goal of information theory is the (quantitative) IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 55, NO. 9, SEPTEMBER 2009 4337 The Operational Meaning of Min- and Max-Entropy Robert König, Renato Renner, and Christian Schaffner Abstract In this paper,

More information

ASPECIAL case of the general key agreement scenario defined

ASPECIAL case of the general key agreement scenario defined IEEE TRANSACTIONS ON INFORMATION THEORY, VOL 49, NO 4, APRIL 2003 839 Secret-Key Agreement Over Unauthenticated Public Channels Part III: Privacy Amplification Ueli Maurer, Fellow, IEEE, and Stefan Wolf

More information

Converse bounds for private communication over quantum channels

Converse bounds for private communication over quantum channels Converse bounds for private communication over quantum channels Mark M. Wilde (LSU) joint work with Mario Berta (Caltech) and Marco Tomamichel ( Univ. Sydney + Univ. of Technology, Sydney ) arxiv:1602.08898

More information

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Tutorial: Device-independent random number generation. Roger Colbeck University of York Tutorial: Device-independent random number generation Roger Colbeck University of York Outline Brief motivation of random number generation Discuss what we mean by a random number Discuss some ways of

More information

Information-theoretic Secrecy A Cryptographic Perspective

Information-theoretic Secrecy A Cryptographic Perspective Information-theoretic Secrecy A Cryptographic Perspective Stefano Tessaro UC Santa Barbara WCS 2017 April 30, 2017 based on joint works with M. Bellare and A. Vardy Cryptography Computational assumptions

More information

Introduction to Quantum Key Distribution

Introduction to Quantum Key Distribution Fakultät für Physik Ludwig-Maximilians-Universität München January 2010 Overview Introduction Security Proof Introduction What is information? A mathematical concept describing knowledge. Basic unit is

More information

Quantum Information Theory and Cryptography

Quantum Information Theory and Cryptography Quantum Information Theory and Cryptography John Smolin, IBM Research IPAM Information Theory A Mathematical Theory of Communication, C.E. Shannon, 1948 Lies at the intersection of Electrical Engineering,

More information

Practical quantum-key. key- distribution post-processing

Practical quantum-key. key- distribution post-processing Practical quantum-key key- distribution post-processing processing Xiongfeng Ma 马雄峰 IQC, University of Waterloo Chi-Hang Fred Fung, Jean-Christian Boileau, Hoi Fung Chau arxiv:0904.1994 Hoi-Kwong Lo, Norbert

More information

Minentropy and its Variations for Cryptography

Minentropy and its Variations for Cryptography 1 Minentropy and its Variations for Cryptography Leonid Reyzin May 23, 2011 5 th International Conference on Information Theoretic Security 2 guessability and entropy Many ays to measure entropy If I ant

More information

Uncertainty relations for multiple measurements with applications

Uncertainty relations for multiple measurements with applications Uncertainty relations for multiple measurements with applications arxiv:08.598v [quant-ph] 9 Aug 0 Omar Fawzi School of Computer Science McGill University, Montréal August, 0 A thesis submitted to McGill

More information

arxiv:quant-ph/ v2 11 Jan 2006

arxiv:quant-ph/ v2 11 Jan 2006 Locking of accessible information and implications for the security of quantum cryptography Robert König and Renato Renner Centre for Quantum Computation University of Cambridge United Kingdom Andor Bariska

More information

Entropy in Classical and Quantum Information Theory

Entropy in Classical and Quantum Information Theory Entropy in Classical and Quantum Information Theory William Fedus Physics Department, University of California, San Diego. Entropy is a central concept in both classical and quantum information theory,

More information

arxiv:quant-ph/ v2 11 Jan 2006

arxiv:quant-ph/ v2 11 Jan 2006 Diss. ETH No. 16242 Security of Quantum Key Distribution arxiv:quant-ph/0512258v2 11 Jan 2006 A dissertation submitted to SWISS FEDERAL INSTITUTE OF TECHNOLOGY ZURICH for the degree of Doctor of Natural

More information

A semi-device-independent framework based on natural physical assumptions

A semi-device-independent framework based on natural physical assumptions AQIS 2017 4-8 September 2017 A semi-device-independent framework based on natural physical assumptions and its application to random number generation T. Van Himbeeck, E. Woodhead, N. Cerf, R. García-Patrón,

More information

Quantum Key Distribution. The Starting Point

Quantum Key Distribution. The Starting Point Quantum Key Distribution Norbert Lütkenhaus The Starting Point Quantum Mechanics allows Quantum Key Distribution, which can create an unlimited amount of secret key using -a quantum channel -an authenticated

More information

Lecture 2: Quantum bit commitment and authentication

Lecture 2: Quantum bit commitment and authentication QIC 890/891 Selected advanced topics in quantum information Spring 2013 Topic: Topics in quantum cryptography Lecture 2: Quantum bit commitment and authentication Lecturer: Gus Gutoski This lecture is

More information

Asymptotic Analysis of a Three State Quantum Cryptographic Protocol

Asymptotic Analysis of a Three State Quantum Cryptographic Protocol Asymptotic Analysis of a Three State Quantum Cryptographic Protocol Walter O. Krawec walter.krawec@gmail.com Iona College Computer Science Department New Rochelle, NY USA IEEE ISIT July, 2016 Quantum Key

More information

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139 Quantum Error Correcting Codes and Quantum Cryptography Peter Shor M.I.T. Cambridge, MA 02139 1 We start out with two processes which are fundamentally quantum: superdense coding and teleportation. Superdense

More information

Privacy Amplification in the Isolated Qubits Model

Privacy Amplification in the Isolated Qubits Model Privacy Amplification in the Isolated Qubits Model Yi-Kai Liu Applied and Computational Mathematics Division National Institute of Standards and Technology Gaithersburg, MD, USA yi-kai.liu@nist.gov Abstract.

More information

A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes

A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes Stefan Dziembowski Department of Computer Science University of Rome, La Sapienza Abstract. Forward-Secure Storage

More information

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1 Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption

More information

Strong converse theorems using Rényi entropies

Strong converse theorems using Rényi entropies Strong converse theorems using Rényi entropies Felix Leditzky joint work with Mark M. Wilde and Nilanjana Datta arxiv:1506.02635 5 January 2016 Table of Contents 1 Weak vs. strong converse 2 Rényi entropies

More information

Entropic Formulation of Heisenberg s Measurement-Disturbance Relation

Entropic Formulation of Heisenberg s Measurement-Disturbance Relation Entropic Formulation of Heisenberg s Measurement-Disturbance Relation arxiv:1311.7637 QPL 2014, Kyoto, 6. June 2014 Fabian Furrer Joint work with: Patrick Coles @ Different Uncertainty Trade-Offs Uncertainty

More information

Multivariate trace inequalities. David Sutter, Mario Berta, Marco Tomamichel

Multivariate trace inequalities. David Sutter, Mario Berta, Marco Tomamichel Multivariate trace inequalities David Sutter, Mario Berta, Marco Tomamichel What are trace inequalities and why we should care. Main difference between classical and quantum world are complementarity and

More information

Belief propagation decoding of quantum channels by passing quantum messages

Belief propagation decoding of quantum channels by passing quantum messages Belief propagation decoding of quantum channels by passing quantum messages arxiv:67.4833 QIP 27 Joseph M. Renes lempelziv@flickr To do research in quantum information theory, pick a favorite text on classical

More information

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols Walter O. Krawec walter.krawec@gmail.com Iona College Computer Science Department New Rochelle, NY USA IEEE WCCI July, 2016

More information

Efficient achievability for quantum protocols using decoupling theorems

Efficient achievability for quantum protocols using decoupling theorems Efficient achievability for quantum protocols using decoupling theorems Christoph Hirche and Ciara Morgan Institut für Theoretische Physik Leibniz Universität Hannover Appelstraße, D-3067 Hannover, Germany

More information

On Composite Quantum Hypothesis Testing

On Composite Quantum Hypothesis Testing University of York 7 November 207 On Composite Quantum Hypothesis Testing Mario Berta Department of Computing with Fernando Brandão and Christoph Hirche arxiv:709.07268 Overview Introduction 2 Composite

More information

Randomness Extraction via δ-biased Masking in the Presence of a Quantum Attacker

Randomness Extraction via δ-biased Masking in the Presence of a Quantum Attacker Randomness Extraction via δ-iased Masking in the Presence of a Quantum Attacker Serge Fehr and Christian Schaffner CWI Amsterdam, The Netherlands {S.Fehr,C.Schaffner}@cwi.nl Abstract. Randomness extraction

More information

arxiv: v2 [quant-ph] 17 Nov 2016

arxiv: v2 [quant-ph] 17 Nov 2016 Improved Uncertainty Relation in the Presence of Quantum Memory Yunlong Xiao, 1, Naihuan Jing, 3,4 Shao-Ming Fei, 5, and Xianqing Li-Jost 1 School of Mathematics, South China University of Technology,

More information

Security Issues Associated With Error Correction And Privacy Amplification In Quantum Key Distribution

Security Issues Associated With Error Correction And Privacy Amplification In Quantum Key Distribution Security Issues Associated With Error Correction And Privacy Amplification In Quantum Key Distribution Horace P. Yuen arxiv:1411.2310v1 [quant-ph] 10 Nov 2014 Department of Electrical Engineering and Computer

More information

Optimal bounds for quantum bit commitment

Optimal bounds for quantum bit commitment Optimal bounds for quantum bit commitment André Chailloux LRI Université Paris-Sud andre.chailloux@gmail.fr Iordanis Kerenidis CNRS - LIAFA Université Paris 7 jkeren@liafa.jussieu.fr 1 Introduction Quantum

More information

Ping Pong Protocol & Auto-compensation

Ping Pong Protocol & Auto-compensation Ping Pong Protocol & Auto-compensation Adam de la Zerda For QIP seminar Spring 2004 02.06.04 Outline Introduction to QKD protocols + motivation Ping-Pong protocol Security Analysis for Ping-Pong Protocol

More information

Quantum Hadamard channels (II)

Quantum Hadamard channels (II) Quantum Hadamard channels (II) Vlad Gheorghiu Department of Physics Carnegie Mellon University Pittsburgh, PA 15213, USA August 5, 2010 Vlad Gheorghiu (CMU) Quantum Hadamard channels (II) August 5, 2010

More information

Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source

Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source Jan Bouda, Marcin Paw lowski, Matej Pivoluska, Martin Plesch 6.6.2014 J. B., M. P. 3 DI Extraction from min-entropy sources

More information

Contents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge

Contents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge Contents Introduction... 3 Quantis TRNG... 3 Quantifying Randomness... 4 Randomness Extractor... 4 Randomness Extraction in the Quantis Software Package... 5 Conclusion... 7 References... 7 ID Quantique

More information

Lecture 3: Randomness in Computation

Lecture 3: Randomness in Computation Great Ideas in Theoretical Computer Science Summer 2013 Lecture 3: Randomness in Computation Lecturer: Kurt Mehlhorn & He Sun Randomness is one of basic resources and appears everywhere. In computer science,

More information

Quantum Sphere-Packing Bounds and Moderate Deviation Analysis for Classical-Quantum Channels

Quantum Sphere-Packing Bounds and Moderate Deviation Analysis for Classical-Quantum Channels Quantum Sphere-Packing Bounds and Moderate Deviation Analysis for Classical-Quantum Channels (, ) Joint work with Min-Hsiu Hsieh and Marco Tomamichel Hao-Chung Cheng University of Technology Sydney National

More information

Non-Malleable Extractors with Shorter Seeds and Their Applications

Non-Malleable Extractors with Shorter Seeds and Their Applications Non-Malleable Extractors with Shorter Seeds and Their Applications Yanqing Yao 1, and Zhoujun Li 1, 1 School of Computer Science and Engineering, Beihang University, Beijing, China Beijing Key Laboratory

More information

EXPONENTIAL SEPARATION FOR ONE-WAY QUANTUM COMMUNICATION COMPLEXITY, WITH APPLICATIONS TO CRYPTOGRAPHY

EXPONENTIAL SEPARATION FOR ONE-WAY QUANTUM COMMUNICATION COMPLEXITY, WITH APPLICATIONS TO CRYPTOGRAPHY EXPONENTIAL SEPARATION FOR ONE-WAY QUANTUM COMMUNICATION COMPLEXITY, WITH APPLICATIONS TO CRYPTOGRAPHY DMITRY GAVINSKY, JULIA KEMPE, IORDANIS KERENIDIS, RAN RAZ, AND RONALD DE WOLF Abstract. We give an

More information

Extractors and the Leftover Hash Lemma

Extractors and the Leftover Hash Lemma 6.889 New Developments in Cryptography March 8, 2011 Extractors and the Leftover Hash Lemma Instructors: Shafi Goldwasser, Yael Kalai, Leo Reyzin, Boaz Barak, and Salil Vadhan Lecturer: Leo Reyzin Scribe:

More information

On Perfect and Adaptive Security in Exposure-Resilient Cryptography. Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT

On Perfect and Adaptive Security in Exposure-Resilient Cryptography. Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT On Perfect and Adaptive Security in Exposure-Resilient Cryptography Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT 1 Problem: Partial Key Exposure Alice needs to store a cryptographic

More information

Verification of quantum computation

Verification of quantum computation Verification of quantum computation THOMAS VIDICK, CALIFORNIA INSTITUTE OF TECHNOLOGY Presentation based on the paper: Classical verification of quantum computation by U. Mahadev (IEEE symp. on Foundations

More information

Lecture 18: Quantum Information Theory and Holevo s Bound

Lecture 18: Quantum Information Theory and Holevo s Bound Quantum Computation (CMU 1-59BB, Fall 2015) Lecture 1: Quantum Information Theory and Holevo s Bound November 10, 2015 Lecturer: John Wright Scribe: Nicolas Resch 1 Question In today s lecture, we will

More information

BOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES AN IMPROVED ROBUST FUZZY EXTRACTOR

BOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES AN IMPROVED ROBUST FUZZY EXTRACTOR BOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES AN IMPROVED ROBUST FUZZY EXTRACTOR by BHAVANA KANUKURTHI B.E., Anna University, 2005 Submitted in partial fulfillment of the requirements for the

More information

Noisy Diffie-Hellman protocols

Noisy Diffie-Hellman protocols Noisy Diffie-Hellman protocols Carlos Aguilar 1, Philippe Gaborit 1, Patrick Lacharme 1, Julien Schrek 1 and Gilles Zémor 2 1 University of Limoges, France, 2 University of Bordeaux, France. Classical

More information

Statistical Security Conditions for Two-Party Secure Function Evaluation

Statistical Security Conditions for Two-Party Secure Function Evaluation Statistical Security Conditions for Two-Party Secure Function Evaluation Claude Crépeau 1 and Jürg Wullschleger 2 1 McGill University, Montréal, QC, Canada crepeau@cs.mcgill.ca 2 University of Bristol,

More information

Bound Information: The Classical Analog to Bound Quantum Entanglement

Bound Information: The Classical Analog to Bound Quantum Entanglement Bound Information: The Classical Analog to Bound Quantum Entanglement Nicolas Gisin, Renato Renner and Stefan Wolf Abstract. It was recently pointed out that there is a close connection between information-theoretic

More information

Efficient Protocols Achieving the Commitment Capacity of Noisy Correlations

Efficient Protocols Achieving the Commitment Capacity of Noisy Correlations Efficient Protocols Achieving the Commitment Capacity of Noisy Correlations Hideki Imai, Kirill Morozov, Anderson C. A. Nascimento, Andreas Winter Department of Electrical, Electronic and Communication

More information

Separating Sources for Encryption and Secret Sharing

Separating Sources for Encryption and Secret Sharing Separating Sources for Encryption and Secret Sharing Yevgeniy Dodis 1, Krzysztof Pietrzak, and Bartosz Przydatek 1 Department of Computer Science, New York University New York, NY, USA dodis@cs.nyu.edu

More information

Quantum Supremacy and its Applications

Quantum Supremacy and its Applications Quantum Supremacy and its Applications HELLO HILBERT SPACE Scott Aaronson (University of Texas at Austin) USC, October 11, 2018 Based on joint work with Lijie Chen (CCC 2017, arxiv:1612.05903) and on forthcoming

More information

Security of Quantum Key Distribution with Imperfect Devices

Security of Quantum Key Distribution with Imperfect Devices Security of Quantum Key Distribution with Imperfect Devices Hoi-Kwong Lo Dept. of Electrical & Comp. Engineering (ECE); & Dept. of Physics University of Toronto Email:hklo@comm.utoronto.ca URL: http://www.comm.utoronto.ca/~hklo

More information

Cryptography In the Bounded Quantum-Storage Model

Cryptography In the Bounded Quantum-Storage Model Cryptography In the Bounded Quantum-Storage Model Ivan B. Damgård Serge Fehr Louis Salvail Christian Schaffner August 30, 005 Abstract We initiate the study of two-party cryptographic primitives with unconditional

More information

Security Implications of Quantum Technologies

Security Implications of Quantum Technologies Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu

More information

Secure Identification and QKD in the Bounded-Quantum-Storage Model

Secure Identification and QKD in the Bounded-Quantum-Storage Model Secure Identification and QKD in the Bounded-Quantum-Storage Model Ivan B. Damgård 1, Serge Fehr 2, Louis Salvail 1, and Christian Schaffner 2 1 BRICS, FICS, Aarhus University, Denmark {ivan salvail}@brics.dk

More information

Simple extractors via crypto pseudo-random generators

Simple extractors via crypto pseudo-random generators Simple extractors via crypto pseudo-random generators Marius Zimand (Towson University) Extractors vs. Pseudo-Rand. Generators Fundamental primitives in derandomization, cryptography,... They manufacture

More information

How many rounds can Random Selection handle?

How many rounds can Random Selection handle? How many rounds can Random Selection handle? Shengyu Zhang Abstract The construction of zero-knowledge proofs can be greatly simplified if the protocol is only required be secure against the honest verifier.

More information

Lecture 3: Lower bound on statistically secure encryption, extractors

Lecture 3: Lower bound on statistically secure encryption, extractors CS 7880 Graduate Cryptography September, 015 Lecture 3: Lower bound on statistically secure encryption, extractors Lecturer: Daniel Wichs Scribe: Giorgos Zirdelis 1 Topics Covered Statistical Secrecy Randomness

More information

Quantum Correlations as Necessary Precondition for Secure Communication

Quantum Correlations as Necessary Precondition for Secure Communication Quantum Correlations as Necessary Precondition for Secure Communication Phys. Rev. Lett. 92, 217903 (2004) quant-ph/0307151 Marcos Curty 1, Maciej Lewenstein 2, Norbert Lütkenhaus 1 1 Institut für Theoretische

More information

Cryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University

Cryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley dbrumley@cmu.edu Carnegie Mellon University The Landscape Jargon in Cryptography 2 Good News: OTP has perfect secrecy Thm:

More information

Lecture 21: Quantum communication complexity

Lecture 21: Quantum communication complexity CPSC 519/619: Quantum Computation John Watrous, University of Calgary Lecture 21: Quantum communication complexity April 6, 2006 In this lecture we will discuss how quantum information can allow for a

More information

T Cryptography: Special Topics. February 24 th, Fuzzy Extractors: Generating Strong Keys From Noisy Data.

T Cryptography: Special Topics. February 24 th, Fuzzy Extractors: Generating Strong Keys From Noisy Data. February 24 th, 2005 Fuzzy Extractors: Generating Strong Keys From Noisy Data Helsinki University of Technology mkivihar@cc.hut.fi 1 Overview Motivation and introduction Preliminaries and notation General

More information

Realization of B92 QKD protocol using id3100 Clavis 2 system

Realization of B92 QKD protocol using id3100 Clavis 2 system Realization of B92 QKD protocol using id3100 Clavis 2 system Makhamisa Senekane 1, Abdul Mirza 1, Mhlambululi Mafu 1 and Francesco Petruccione 1,2 1 Centre for Quantum Technology, School of Chemistry and

More information

Uniformly Additive Entropic Formulas

Uniformly Additive Entropic Formulas Uniformly Additive Entropic Formulas Andrew Cross, Ke Li, Graeme Smith JILA and Department of Physics, University of Colorado Boulder QMATH2016 Georgia Tech October 9, 2016 Information theory: optimal

More information

Information-theoretic treatment of tripartite systems and quantum channels. Patrick Coles Carnegie Mellon University Pittsburgh, PA USA

Information-theoretic treatment of tripartite systems and quantum channels. Patrick Coles Carnegie Mellon University Pittsburgh, PA USA Information-theoretic treatment of tripartite systems and quantum channels Patrick Coles Carnegie Mellon University Pittsburgh, PA USA ArXiv: 1006.4859 a c b Co-authors Li Yu Vlad Gheorghiu Robert Griffiths

More information

arxiv:quant-ph/ v1 13 Jan 2003

arxiv:quant-ph/ v1 13 Jan 2003 Deterministic Secure Direct Communication Using Ping-pong protocol without public channel Qing-yu Cai Laboratory of Magentic Resonance and Atom and Molecular Physics, Wuhan Institute of Mathematics, The

More information

COS598D Lecture 3 Pseudorandom generators from one-way functions

COS598D Lecture 3 Pseudorandom generators from one-way functions COS598D Lecture 3 Pseudorandom generators from one-way functions Scribe: Moritz Hardt, Srdjan Krstic February 22, 2008 In this lecture we prove the existence of pseudorandom-generators assuming that oneway

More information

Bit-Commitment and Coin Flipping in a Device-Independent Setting

Bit-Commitment and Coin Flipping in a Device-Independent Setting Bit-Commitment and Coin Flipping in a Device-Independent Setting J. Silman Université Libre de Bruxelles Joint work with: A. Chailloux & I. Kerenidis (LIAFA), N. Aharon (TAU), S. Pironio & S. Massar (ULB).

More information

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles Device-independent Quantum Key Distribution and Randomness Generation Stefano Pironio Université Libre de Bruxelles Tropical QKD, Waterloo, June 14-17, 2010 Device-independent security proofs establish

More information

On the Security of Hash Functions Employing Blockcipher Post-processing

On the Security of Hash Functions Employing Blockcipher Post-processing On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1, Mridul Nandi 2, Moti Yung 3 1 National Institute of Standards and Technology (NIST), USA 2 C R Rao AIMSCS, Hyderabad,

More information

Fundamental rate-loss tradeoff for optical quantum key distribution

Fundamental rate-loss tradeoff for optical quantum key distribution Fundamental rate-loss tradeoff for optical quantum key distribution Masahiro Takeoka (NICT) Saikat Guha (BBN) Mark M. Wilde (LSU) Quantum Krispy Kreme Seminar @LSU January 30, 2015 Outline Motivation Main

More information

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley Challenges in Quantum Information Science Umesh V. Vazirani U. C. Berkeley 1 st quantum revolution - Understanding physical world: periodic table, chemical reactions electronic wavefunctions underlying

More information

Constant-Round Oblivious Transfer in the Bounded Storage Model

Constant-Round Oblivious Transfer in the Bounded Storage Model Constant-Round Oblivious Transfer in the Bounded Storage Model Yan Zong Ding 1, Danny Harnik 2, Alon Rosen 3 and Ronen Shaltiel 4 1 College of Computing, Georgia Institute of Technology. 801 Atlantic Drive,

More information

The Complexity of the Matroid-Greedoid Partition Problem

The Complexity of the Matroid-Greedoid Partition Problem The Complexity of the Matroid-Greedoid Partition Problem Vera Asodi and Christopher Umans Abstract We show that the maximum matroid-greedoid partition problem is NP-hard to approximate to within 1/2 +

More information

Why is Deep Random suitable for cryptology

Why is Deep Random suitable for cryptology Why is Deep Random suitable for cryptology Thibault de Valroger (*) Abstract We present a new form of randomness, called «Deep Randomness», generated in such a way that probability distribution of the

More information

Chapter 2 : Perfectly-Secret Encryption

Chapter 2 : Perfectly-Secret Encryption COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 2 : Perfectly-Secret Encryption 1 2.1 Definitions and Basic Properties We refer to probability

More information

Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014

Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014 Untrusted quantum devices Yaoyun Shi University of Michigan updated Feb. 1, 2014 Quantum power is incredible! Quantum power is incredible! Quantum power is incredible! Spooky action at a distance Quantum

More information

arxiv: v2 [quant-ph] 17 Feb 2015

arxiv: v2 [quant-ph] 17 Feb 2015 uantum-proof randomness extractors via operator space theory Mario Berta, 1, Omar Fawzi, 2,3,4, and Volkher B. Scholz 4, 1 Institute for uantum Information and Matter, Caltech, Pasadena, CA 91125, USA

More information

Randomness in nonlocal games between mistrustful players

Randomness in nonlocal games between mistrustful players Randomness in nonlocal games between mistrustful players Carl A. Miller and Yaoyun Shi* Source paper: Forcing classical behavior for quantum players by C. Miller and Y. Shi (2016), attached. One of the

More information

arxiv: v1 [quant-ph] 3 Jan 2008

arxiv: v1 [quant-ph] 3 Jan 2008 A paradigm for entanglement theory based on quantum communication Jonathan Oppenheim 1 1 Department of Applied Mathematics and Theoretical Physics, University of Cambridge U.K. arxiv:0801.0458v1 [quant-ph]

More information

9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance.

9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance. 9. Distance measures 9.1 Classical information measures How similar/close are two probability distributions? Trace distance Fidelity Example: Flipping two coins, one fair one biased Head Tail Trace distance

More information

A Hierarchy of Information Quantities for Finite Block Length Analysis of Quantum Tasks

A Hierarchy of Information Quantities for Finite Block Length Analysis of Quantum Tasks A Hierarchy of Information Quantities for Finite Block Length Analysis of Quantum Tasks Marco Tomamichel, Masahito Hayashi arxiv: 1208.1478 Also discussing results of: Second Order Asymptotics for Quantum

More information

Secret Sharing CPT, Version 3

Secret Sharing CPT, Version 3 Secret Sharing CPT, 2006 Version 3 1 Introduction In all secure systems that use cryptography in practice, keys have to be protected by encryption under other keys when they are stored in a physically

More information

Fang Song. Joint work with Sean Hallgren and Adam Smith. Computer Science and Engineering Penn State University

Fang Song. Joint work with Sean Hallgren and Adam Smith. Computer Science and Engineering Penn State University Fang Song Joint work with Sean Hallgren and Adam Smith Computer Science and Engineering Penn State University Are classical cryptographic protocols secure against quantum attackers? 2 Are classical cryptographic

More information

Sending Quantum Information with Zero Capacity Channels

Sending Quantum Information with Zero Capacity Channels Sending Quantum Information with Zero Capacity Channels Graeme Smith IM Research KITP Quantum Information Science Program November 5, 2009 Joint work with Jon and John Noisy Channel Capacity X N Y p(y

More information

Inaccessible Entropy and its Applications. 1 Review: Psedorandom Generators from One-Way Functions

Inaccessible Entropy and its Applications. 1 Review: Psedorandom Generators from One-Way Functions Columbia University - Crypto Reading Group Apr 27, 2011 Inaccessible Entropy and its Applications Igor Carboni Oliveira We summarize the constructions of PRGs from OWFs discussed so far and introduce the

More information

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3 Outline Computer Science 48 More on Perfect Secrecy, One-Time Pad, Mike Jacobson Department of Computer Science University of Calgary Week 3 2 3 Mike Jacobson (University of Calgary) Computer Science 48

More information

1 Cryptographic hash functions

1 Cryptographic hash functions CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 24 October 2012 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length

More information

Near-Optimal Secret Sharing and Error Correcting Codes in AC 0

Near-Optimal Secret Sharing and Error Correcting Codes in AC 0 Near-Optimal Secret Sharing and Error Correcting Codes in AC 0 Kuan Cheng Yuval Ishai Xin Li December 18, 2017 Abstract We study the question of minimizing the computational complexity of (robust) secret

More information

Single-shot security for one-time memories in the isolated qubits model

Single-shot security for one-time memories in the isolated qubits model Single-shot security for one-time memories in the isolated qubits model Yi-Kai Liu Applied and Computational Mathematics Division National Institute of Standards and Technology (NIST) Gaithersburg, MD,

More information

Exponential separation for one-way quantum communication complexity, with applications to cryptography

Exponential separation for one-way quantum communication complexity, with applications to cryptography Exponential separation for one-way quantum communication complexity, with applications to cryptography Dmitry Gavinsky IQC, University of Waterloo Iordanis Kerenidis CNRS & LRI Univ. de Paris-Sud, Orsay

More information

An Introduction to Quantum Computation and Quantum Information

An Introduction to Quantum Computation and Quantum Information An to and Graduate Group in Applied Math University of California, Davis March 13, 009 A bit of history Benioff 198 : First paper published mentioning quantum computing Feynman 198 : Use a quantum computer

More information

Lecture Notes. Quantum Cryptography Week 4: From imperfect information to (near) perfect security

Lecture Notes. Quantum Cryptography Week 4: From imperfect information to (near) perfect security Lecture Notes Quantum Cryptography Week 4: From imperfect information to (near) perfect security cbea This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 40 International

More information

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3 Shift Cipher For 0 i 25, the ith plaintext character is shifted by some value 0 k 25 (mod 26). E.g. k = 3 a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback