Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014
Size: px
Start display at page:

Download "Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014"

Transcription

1 Untrusted quantum devices Yaoyun Shi University of Michigan updated Feb. 1, 2014

2 Quantum power is incredible!

3 Quantum power is incredible!

4 Quantum power is incredible! Spooky action at a distance

5 Quantum power is incredible! simulating quantum physics Spooky action at a distance

6 Quantum power is incredible! simulating quantum physics Spooky action at a distance super-fast factoring

7 Quantum power is incredible! simulating quantum physics super-fast factoring Spooky action at a distance Unbreakable codes

8 Quantum power is incredible! simulating quantum physics super-fast factoring Spooky action at a distance Unbreakable codes Bla..bla..bla..

9

10

11 Do you believe in half-dead halfalive cats?

12 Do you believe in half-dead halfalive cats?! Quantum Poems, No. 4 by Smita Krishnaswamy A group of physicist perform a hoax about a cat half-alive half-dead in a box The equations so well worked out And observations to tout Only mathematicians fall for such jokes!!

13 Quantum power is incredible!

14 Quantum power is incredible! We are classical beings

15 Quantum power is incredible! We are classical beings

16 Quantum power is incredible! We are classical beings It s THE CAT!

17 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges

18 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges

19 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges

20 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges Entanglement experiments still have Loopholes

21 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges Entanglement experiments still have Loopholes Security concerns

22 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges Entanglement experiments still have Loopholes Security concerns

23 Quantum power is incredible! We are classical beings It s THE CAT! Technological challenges Entanglement experiments still have Loopholes Security concerns Certified by???

24

25 Can we still reap the quantum benefits without trusting the device?

26 Can we still reap the quantum benefits without trusting the device?

27 Can we still reap the quantum benefits without trusting the device? Untrusted-device quantum computation

28 Can we still reap the quantum benefits without trusting the device? Untrusted-device quantum computation Untrusted-device randomness extraction

29 Can we still reap the quantum benefits without trusting the device? Untrusted-device quantum computation Untrusted-device randomness extraction Untrusted-device key distribution

30

31 Foundation: Classical Test of a Quantum Duck

32 Foundation: Classical Test of a Quantum Duck

33 Foundation: Classical Test of a Quantum Duck Interrogate the device classically, check if behaving like the ideal q. device

34 Foundation: Classical Test of a Quantum Duck Interrogate the device classically, check if behaving like the ideal q. device Self-testing: if behaving exactly as ideal, then must be ideal

35 Foundation: Classical Test of a Quantum Duck Interrogate the device classically, check if behaving like the ideal q. device Self-testing: if behaving exactly as ideal, then must be ideal Robust Self-testing: if behaving close to ideal, then must be close to the ideal

36

37 Strategy: mixing work and play (test)

38 Strategy: mixing work and play (test)

39 Strategy: mixing work and play (test) The device can t tell if it s work or test

40 Strategy: mixing work and play (test) The device can t tell if it s work or test If trying to avoid work, will fail the test

41 Strategy: mixing work and play (test) The device can t tell if it s work or test If trying to avoid work, will fail the test Two guarantees

42 Strategy: mixing work and play (test) The device can t tell if it s work or test If trying to avoid work, will fail the test Two guarantees Completeness. On honest device (thus job well-done), accept w.h.p.

43 Strategy: mixing work and play (test) The device can t tell if it s work or test If trying to avoid work, will fail the test Two guarantees Completeness. On honest device (thus job well-done), accept w.h.p. Soundness. On any device, almost always reject or accept a welldone job

44 Strategy: mixing work and play (test) The device can t tell if it s work or test If trying to avoid work, will fail the test Two guarantees Completeness. On honest device (thus job well-done), accept w.h.p. Soundness. On any device, almost always reject or accept a welldone job Reject a malicious device w.h.p.

45 How could self-testing be possible? Do you love me, daughters? Dear father, we do! Impossible if no additional constraints on the device

46 Additional constraint: Spatial separation Communication impossible A B

47 Additional constraint: Spatial separation Communication impossible A B Device has multiple-parts

48 Additional constraint: Spatial separation Communication impossible A B Device has multiple-parts Spatially separated so that no communications allowed among parts within the testing time

49 The CHSH game x y A B a b

50 The CHSH game x y A B a b Each part receives a bit, outputs a bit

51 The CHSH game x y A B a b Each part receives a bit, outputs a bit Input bits are uniformly random

52 The CHSH game x y A B a b Each part receives a bit, outputs a bit Input bits are uniformly random Device wins if a b=x y

53 Classical strategies x y A B a b

54 Classical strategies x y A B a b

55 Classical strategies x y A B a b Each applies a deterministic function on his/her input

56 Classical strategies x y A B a b Each applies a deterministic function on his/her input Best classical winning prob: 3/4

57 Classical strategies x y A B a b Each applies a deterministic function on his/her input Best classical winning prob: 3/4 Bell-type inequality

58 Classical strategies x y A B a b Each applies a deterministic function on his/her input Best classical winning prob: 3/4 both output 0 on all inputs achieves 3/4 Bell-type inequality

59 Quantum strategies x y A B a b

60 Quantum strategies x y A B a b

61 Quantum strategies x y A B a b Share entanglement before game starts

62 Quantum strategies x y A B a b Share entanglement before game starts Each applies a local measurement chosen by the input

63 Quantum strategies x y A B a b Share entanglement before game starts Each applies a local measurement chosen by the input Best quantum winning prob: cos 2 ᴨ/8

64 Quantum strategies x y A B a b Share entanglement before game starts Each applies a local measurement chosen by the input Best quantum winning prob: cos 2 ᴨ/8 Achievable

65 Quantum strategies x y A B a b Share entanglement before game starts Each applies a local measurement chosen by the input Best quantum winning prob: cos 2 ᴨ/8 Achievable Tsirelsen-type inequality

66 CHSH is a strong self-test x y A B a b

67 CHSH is a strong self-test x y A B a b

68 CHSH is a strong self-test x y A B a b Self-test [Popescu,Rorhlick 1999]: Any q. strategy achieving cos 2 ᴨ/8 must be the ideal protocol (up to local isometry)

69 CHSH is a strong self-test x y A B a b Self-test [Popescu,Rorhlick 1999]: Any q. strategy achieving cos 2 ᴨ/8 must be the ideal protocol (up to local isometry) Robust self-test [McKague et al., Miller-S, Reichardt et al. 2012],: Any q. strategy achieving close to cos 2 ᴨ/8 must be close to ideal

70 CHSH is a strong self-test x y A B a b Self-test [Popescu,Rorhlick 1999]: Any q. strategy achieving cos 2 ᴨ/8 must be the ideal protocol (up to local isometry) Robust self-test [McKague et al., Miller-S, Reichardt et al. 2012],: Any q. strategy achieving close to cos 2 ᴨ/8 must be close to ideal Strong (robust) self-test [Miller-S, Reichardt et al. 2012]: ϵ-close in prob implies O( ϵ)-close to ideal (strongest possible)

71 Many other robust self-tests x y z A B C a b c

72 Many other robust self-tests x y z A B C a b c

73 Many other robust self-tests x y z A B C a b c GHZ-game: classical 3/4 vs quantum 1

74 Many other robust self-tests x y z A B C a b c GHZ-game: classical 3/4 vs quantum 1 Binary XOR games: input/output binary, XOR of output bits determines game outcome

75 Many other robust self-tests x y z A B C a b c GHZ-game: classical 3/4 vs quantum 1 Binary XOR games: input/output binary, XOR of output bits determines game outcome All strong delft-testing binary XOR games characterized in [Miller, Shi 2012]

76 Self-testing sequential CHSH [Reichardt, Unger, Vazirani 2012] x1 y1 A B a1 x2 a2 x3 A A B B b1 y2 b2 y3 time Theorem [RUV12] If an average game wins with very close to quantum optimal, a random block of significant length is close to ideal tensor a3 xn b3 yn strategy. A B an bn

77 Self-testing graph states [McKague 2013]

78 Self-testing graph states [McKague 2013] Graph states

79 Self-testing graph states [McKague 2013] Graph states Each vertex corresponds to a qubit

80 Self-testing graph states [McKague 2013] Graph states Each vertex corresponds to a qubit May be highly entangled

81 Self-testing graph states [McKague 2013] Graph states Each vertex corresponds to a qubit May be highly entangled Robust self-testing

82 Self-testing graph states [McKague 2013] Graph states Each vertex corresponds to a qubit May be highly entangled Robust self-testing translated error depends on vertex number linearly.

83 Toward untrusted-device quantum computation random bits deterministic Quantum resource restricted q. operations Randomized algorithm Quantum algorithm

84 Toward untrusted-device quantum computation random bits deterministic Quantum resource restricted q. operations Randomized algorithm Quantum algorithm Randomized algorithm = deterministic algorithm + random bits

85 Toward untrusted-device quantum computation random bits deterministic Quantum resource restricted q. operations Randomized algorithm Quantum algorithm Randomized algorithm = deterministic algorithm + random bits Quantum algorithm = quantum resources + restricted operations

86 Computation by Teleportation [Gottesman and Chuang 1999] EPR pairs Bell-measurements + single-qubit operations Quantum algorithm

87 UD quantum computation by Self-testing sequential CHSH [Reichardt, Unger, Vazirani 2012] B A Randomized classical Verifier

88 UD quantum computation by Self-testing sequential CHSH [Reichardt, Unger, Vazirani 2012] B A Mix sequential CHSH test with work for teleportation-based computation Randomized classical Verifier

89 UD quantum computation by Self-testing sequential CHSH [Reichardt, Unger, Vazirani 2012] B A Mix sequential CHSH test with work for teleportation-based computation Not following instruction risks failing the test Randomized classical Verifier

90 UD quantum computation by Self-testing sequential CHSH [Reichardt, Unger, Vazirani 2012] B Randomized classical Verifier A Mix sequential CHSH test with work for teleportation-based computation Not following instruction risks failing the test Honest device starts with EPR pairs, applies instructed measurements and single-qubit operations

91 UD quantum computation by Self-testing graph state [McKague 2013] Randomized classical Verifier

92 UD quantum computation by Self-testing graph state [McKague 2013] Each vertex is a device component Randomized classical Verifier

93 UD quantum computation by Self-testing graph state [McKague 2013] Each vertex is a device component No communications among them Randomized classical Verifier

94 UD quantum computation by Self-testing graph state [McKague 2013] Each vertex is a device component No communications among them A single message to and from each component Randomized classical Verifier

95 UD quantum computation by Self-testing graph state [McKague 2013] Each vertex is a device component No communications among them A single message to and from each component Mix test with work Randomized classical Verifier

96 UD quantum computation by Self-testing graph state [McKague 2013] Each vertex is a device component No communications among them A single message to and from each component Mix test with work Honest device stores the Randomized classical Verifier graph state, applies instructed measurements

97 Randomness is vital

98 Digital security Randomness is vital

99 Digital security Randomness is vital

100 Randomness is vital Digital security Randomized algorithms

101 Randomness is vital Digital security Randomized algorithms Scientific simulations

102 Randomness is vital Digital security Randomized algorithms Scientific simulations Gambling

103 Wish list for randomness

104 High quality Wish list for randomness

105 High quality Wish list for randomness

106 Wish list for randomness High quality close to uniform

107 Wish list for randomness High quality close to uniform secure

108 Wish list for randomness High quality close to uniform secure Crypto secure

109 Wish list for randomness High quality close to uniform secure Crypto secure Large quantity

110 Wish list for randomness High quality close to uniform secure Crypto secure Large quantity 1 trillion bits/day?

111 Wish list for randomness High quality close to uniform secure Crypto secure Large quantity 1 trillion bits/day? Minimum assumptions

112 Wish list for randomness High quality close to uniform secure Crypto secure Large quantity 1 trillion bits/day? Minimum assumptions least amount of trust

113 Widely used: Linux s random number generator system boot time current process id Deterministic Deterministic stretch On-chip circuit user input

114 The perils of the lack of randomness and blinded trust

115 The perils of the lack of randomness and blinded trust The lack of initial randomness has led to a large number of broken keys

116 The perils of the lack of randomness and blinded trust The lack of initial randomness has led to a large number of broken keys Backdoors built-in chips and standards

117 The perils of the lack of randomness and blinded trust The lack of initial randomness has led to a large number of broken keys Backdoors built-in chips and standards Security based on unproved computational assumptions

118 The perils of the lack of randomness and blinded trust The lack of initial randomness has led to a large number of broken keys Backdoors built-in chips and standards Security based on unproved computational assumptions vulnerable to advances in algorithms and technology

119

120 How can we be sure it s random?

121 How can we be sure it s random? How could fundamentally unpredictable events possible?

122

123 We can t be sure

124 We can t be sure without believing

125 We can t be sure without believing first of all its existence

126 How can we generate a large number of provably unconditional secure random bits with minimal assumptions?

127 Classical theory is inadequate: Independence requirement for minentropy sources Min-entropy source Min-entropy source Must be independent! deterministic

128 Classical theory is inadequate: Independence requirement for minentropy sources Min-entropy source Min-entropy source Must be independent! deterministic Classical theory of Randomness Extraction

129 Classical theory is inadequate: Independence requirement for minentropy sources Min-entropy source Min-entropy source Must be independent! deterministic Classical theory of Randomness Extraction Models weak source as min-entropy string

130 Classical theory is inadequate: Independence requirement for minentropy sources Min-entropy source Min-entropy source Must be independent! deterministic Classical theory of Randomness Extraction Models weak source as min-entropy string Min-entropy=k: adversary can t predict with > 2 -k prob

131 Classical theory is inadequate: Independence requirement for minentropy sources Min-entropy source Min-entropy source Must be independent! deterministic Classical theory of Randomness Extraction Models weak source as min-entropy string Min-entropy=k: adversary can t predict with > 2 -k prob Possible only when having 2 or more independent sources!

132 Classical theory is inadequate: Independence requirement for minentropy sources Min-entropy source Min-entropy source Must be independent! deterministic Classical theory of Randomness Extraction Models weak source as min-entropy string Min-entropy=k: adversary can t predict with > 2 -k prob Possible only when having 2 or more independent sources! How to be sure of independence? Impossible!

133 Can we get around the independence requirement?

134 Trusting quantum device solves almost all the problems

135 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness

136 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness Measuring the +> state gives 0/1 with equal prob

137 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness Measuring the +> state gives 0/1 with equal prob Commercial products available

138 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness Measuring the +> state gives 0/1 with equal prob Commercial products available Problem: Should we trust

139 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness Measuring the +> state gives 0/1 with equal prob Commercial products available Problem: Should we trust the device not malicious?

140 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness Measuring the +> state gives 0/1 with equal prob Commercial products available Problem: Should we trust the device not malicious? the device working properly?

141 Trusting quantum device solves almost all the problems Postulates of quantum mechanics promise true randomness Measuring the +> state gives 0/1 with equal prob Commercial products available Problem: Should we trust the device not malicious? the device working properly? trust the device maker and the certifying agency?

142 Randomness from untrusted quantum device

143 Randomness from untrusted quantum device Randomness Amplification [Colbeck and Renner 2012]

144 Randomness from untrusted quantum device Randomness Amplification [Colbeck and Renner 2012] SV-source untrusted q. devices one near perfect random bit

145 Randomness from untrusted quantum device Randomness Amplification [Colbeck and Renner 2012] SV-source untrusted q. devices one near perfect random bit SV source: each bit of constant bias conditioned on previous bits

146 Randomness from untrusted quantum device Randomness Amplification [Colbeck and Renner 2012] Randomness Expansion [Colbeck 2006; Colbeck and Kent 2011] SV-source untrusted q. devices one near perfect random bit SV source: each bit of constant bias conditioned on previous bits

147 Randomness from untrusted quantum device Randomness Amplification [Colbeck and Renner 2012] Randomness Expansion [Colbeck 2006; Colbeck and Kent 2011] SV-source untrusted q. devices one near perfect random bit SV source: each bit of constant bias conditioned on previous bits Perfect randomness untrusted q. devices more near perfect randomness

148 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Adversary Device A Device B deterministic min-entropy source almost perfect randomness

149 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Adversary Adversary: all powerful Device A Device B deterministic min-entropy source almost perfect randomness

150 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Adversary Adversary: all powerful prepares/may entangle with device Device A Device B deterministic min-entropy source almost perfect randomness

151 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Device Adversary Device Adversary: all powerful prepares/may entangle with device can t talk to/change device after protocol starts A B deterministic min-entropy source almost perfect randomness

152 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Device Adversary Device Adversary: all powerful prepares/may entangle with device can t talk to/change device after protocol starts Device: multi-component A B deterministic min-entropy source almost perfect randomness

153 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Device A Adversary Device B Adversary: all powerful prepares/may entangle with device can t talk to/change device after protocol starts Device: multi-component User: deterministic deterministic min-entropy source almost perfect randomness

154 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Device A Adversary Device B Adversary: all powerful prepares/may entangle with device can t talk to/change device after protocol starts Device: multi-component User: deterministic can restrict communication among device components deterministic min-entropy source almost perfect randomness

155 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Device A Adversary deterministic Device B Adversary: all powerful prepares/may entangle with device can t talk to/change device after protocol starts Device: multi-component User: deterministic can restrict communication among device components Min-entropy source min-entropy source almost perfect randomness

156 Framework for extracting untrusted quantum device [Chung, Shi, Wu 2014] Device A min-entropy source Adversary deterministic Device B almost perfect randomness Adversary: all powerful prepares/may entangle with device can t talk to/change device after protocol starts Device: multi-component User: deterministic can restrict communication among device components Min-entropy source necessary; otherwise Adversary can cheat

157 Amplification and expansion seen in the framework Adversary Device A Device B deterministic min-entropy source almost perfect randomness

158 Amplification and expansion seen in the framework Adversary Randomness Amplification: seedless extraction with an SV source Device A Device B deterministic min-entropy source almost perfect randomness

159 Amplification and expansion seen in the framework Adversary Randomness Amplification: seedless extraction with an SV source Device A Device B SV untrusted one bit deterministic min-entropy source almost perfect randomness

160 Amplification and expansion seen in the framework Adversary Randomness Amplification: seedless extraction with an SV source Device A deterministic Device B SV untrusted one bit Randomness Expansion: seeded extraction (classical source perfectly random) min-entropy source almost perfect randomness

161 Amplification and expansion seen in the framework Adversary Randomness Amplification: seedless extraction with an SV source Device A deterministic Device B SV untrusted one bit Randomness Expansion: seeded extraction (classical source perfectly random) min-entropy source almost perfect randomness Perfect untrusted more

162 Amplification and expansion seen in the framework Randomness to be extracted is in the device Adversary Randomness Amplification: seedless extraction with an SV source Device A deterministic Device B SV untrusted one bit Randomness Expansion: seeded extraction (classical source perfectly random) min-entropy source almost perfect randomness Perfect untrusted more

163 Amplification and expansion seen in the framework Randomness to be extracted is in the device Adversary Randomness Amplification: seedless extraction with an SV source Device A Used to unlock he randomness deterministic Device B SV untrusted one bit Randomness Expansion: seeded extraction (classical source perfectly random) min-entropy source almost perfect randomness Perfect untrusted more

164 Goals: basic list Adversary Device A Device B deterministic min-entropy source almost perfect randomness

165 Goals: basic list Adversary 1. Security: quantum Device A Device B deterministic min-entropy source almost perfect randomness

166 Goals: basic list Adversary 1. Security: quantum 2. Quality: negligible errors Device A Device B deterministic min-entropy source almost perfect randomness

167 Goals: basic list Adversary 1. Security: quantum 2. Quality: negligible errors Completeness error Device A Device B deterministic min-entropy source almost perfect randomness

168 Goals: basic list Device Adversary Device 1. Security: quantum 2. Quality: negligible errors Completeness error Soundness error, A B deterministic min-entropy source almost perfect randomness

169 Goals: basic list Device Adversary Device 1. Security: quantum 2. Quality: negligible errors Completeness error Soundness error, Cryptographic security A B deterministic min-entropy source almost perfect randomness

170 Goals: basic list Device A Adversary Device B 1. Security: quantum 2. Quality: negligible errors Completeness error Soundness error, Cryptographic security 3. Output length: extract full device capacity deterministic min-entropy source almost perfect randomness

171 Goals: basic list Device A Adversary deterministic Device B 1. Security: quantum 2. Quality: negligible errors Completeness error Soundness error, Cryptographic security 3. Output length: extract full device capacity 4. Classical source: arbitrary min-entropy source min-entropy source almost perfect randomness

172 Goals: Premium list critical for realization Adversary Device A Device B deterministic min-entropy source almost perfect randomness

173 Goals: Premium list critical for realization Adversary 5. Robustness: tolerate a constant-level device imprecision Device A Device B deterministic min-entropy source almost perfect randomness

174 Goals: Premium list critical for realization Device Adversary Device 5. Robustness: tolerate a constant-level device imprecision Model noise by deviation from ideal A B deterministic min-entropy source almost perfect randomness

175 Goals: Premium list critical for realization Device A Adversary Device B 5. Robustness: tolerate a constant-level device imprecision Model noise by deviation from ideal 6. Efficiency deterministic min-entropy source almost perfect randomness

176 Goals: Premium list critical for realization Device A Adversary Device B 5. Robustness: tolerate a constant-level device imprecision Model noise by deviation from ideal 6. Efficiency Minimize device number deterministic min-entropy source almost perfect randomness

177 Goals: Premium list critical for realization Device A Adversary Device B 5. Robustness: tolerate a constant-level device imprecision Model noise by deviation from ideal 6. Efficiency Minimize device number Computationally efficient deterministic min-entropy source almost perfect randomness

178 Goals: Premium list critical for realization Device A min-entropy source Adversary deterministic Device B almost perfect randomness 5. Robustness: tolerate a constant-level device imprecision Model noise by deviation from ideal 6. Efficiency Minimize device number Computationally efficient 7. Quantum memory: the smaller needed the better

179 Seeded extraction of Vazirani- Vidick [2012] and subsequent works N rounds of CHSH deterministic k uniform bits exp(k c )-bits exp(-k c ) error

180 Seeded extraction of Vazirani- Vidick [2012] and subsequent works N rounds of CHSH 1 device (2 components), play N sequential CHSH deterministic k uniform bits exp(k c )-bits exp(-k c ) error

181 Seeded extraction of Vazirani- Vidick [2012] and subsequent works N rounds of CHSH 1 device (2 components), play N sequential CHSH choose a small number of games for testing; others for generating deterministic k uniform bits exp(k c )-bits exp(-k c ) error

182 Seeded extraction of Vazirani- Vidick [2012] and subsequent works N rounds of CHSH 1 device (2 components), play N sequential CHSH choose a small number of games for testing; others for generating Test round: use random input Generating round: use constant deterministic k uniform bits exp(k c )-bits exp(-k c ) error

183 Seeded extraction of Vazirani- Vidick [2012] and subsequent works k uniform bits N rounds of CHSH deterministic exp(k c )-bits exp(-k c ) error 1 device (2 components), play N sequential CHSH choose a small number of games for testing; others for generating Test round: use random input Generating round: use constant Abort when losing too much in test rounds

184 Self-testing and generating random numbers x y A B a b

185 Self-testing and generating random numbers x y A B a b Optimal quantum strategy: a is uniform (to adversary)

186 Self-testing and generating random numbers x y A B a b Optimal quantum strategy: a is uniform (to adversary) by strong self-testing: close to optimal implies close to uniform

187 Intuition for why it should work

188 Intuition for why it should work A B A 0 0 B Te s t ing Generating

189 Intuition for why it should work A B A 0 0 B Te s t ing Generating Mix work and test: cheating on input 0 risks failing test

190 Intuition for why it should work A B A 0 0 B Te s t ing Generating Mix work and test: cheating on input 0 risks failing test Winning ratio of testing rounds good estimate for that of generating rounds

191 Intuition for why it should work A B A 0 0 B Te s t ing Mix work and test: cheating on input 0 risks failing test Winning ratio of testing rounds good estimate for that of generating rounds Generating Strong self-testing ensures randomness if many rounds strategy close to optimal

192 Intuition for why it should work A B A 0 0 B Te s t ing Mix work and test: cheating on input 0 risks failing test Winning ratio of testing rounds good estimate for that of generating rounds Generating Strong self-testing ensures randomness if many rounds strategy close to optimal Actual proof is very difficult

193 Intuition for why it should work A B really? A 0 0 B Te s t ing Mix work and test: cheating on input 0 risks failing test Winning ratio of testing rounds good estimate for that of generating rounds Generating Strong self-testing ensures randomness if many rounds strategy close to optimal Actual proof is very difficult

194 Seeded extraction of Miller-Shi [2014] N rounds of CHSH deterministic k uniform bits exp(k c )-bits exp(-k c ) error

195 Seeded extraction of Miller-Shi [2014] N rounds of CHSH Cryptographic security: errors = negligible in running time deterministic k uniform bits exp(k c )-bits exp(-k c ) error

196 Seeded extraction of Miller-Shi [2014] N rounds of CHSH Cryptographic security: errors = negligible in running time Robustness: OPT - constant winning prob. suffices deterministic k uniform bits exp(k c )-bits exp(-k c ) error

197 Seeded extraction of Miller-Shi [2014] N rounds of CHSH Cryptographic security: errors = negligible in running time Robustness: OPT - constant winning prob. suffices Constant size q. memory: allow inbetween-rounds communications deterministic k uniform bits exp(k c )-bits exp(-k c ) error

198 Seeded extraction of Miller-Shi [2014] N rounds of CHSH Cryptographic security: errors = negligible in running time Robustness: OPT - constant winning prob. suffices Constant size q. memory: allow inbetween-rounds communications Any strong self-test can be used (including CHSH and GHZ) deterministic k uniform bits exp(k c )-bits exp(-k c ) error

199 Seeded extraction of Miller-Shi [2014] N rounds of CHSH deterministic Cryptographic security: errors = negligible in running time Robustness: OPT - constant winning prob. suffices Constant size q. memory: allow inbetween-rounds communications Any strong self-test can be used (including CHSH and GHZ) Translates to QKD: exponential expansion at the same time k uniform bits exp(k c )-bits exp(-k c ) error

200 Seeded extraction of Miller-Shi [2014] k uniform bits N rounds of CHSH deterministic exp(k c )-bits exp(-k c ) error Cryptographic security: errors = negligible in running time Robustness: OPT - constant winning prob. suffices Constant size q. memory: allow inbetween-rounds communications Any strong self-test can be used (including CHSH and GHZ) Translates to QKD: exponential expansion at the same time Composed for unbounded expansion

201 Seeded extraction of Miller-Shi [2014] k uniform bits N rounds of CHSH deterministic Cryptographic security: errors = negligible in running time Robustness: OPT - constant winning prob. suffices Constant size q. memory: allow inbetween-rounds communications Any strong self-test can be used (including CHSH and GHZ) Translates to QKD: exponential expansion at the same time Composed for unbounded expansion exp(k c )-bits Proof quite involved exp(-k c ) error

202 Quantum-proof seeded extractors for min-entropy source [De et al. 2012] min-entropy source deterministic short seed near uniform

203 Quantum-proof seeded extractors for min-entropy source [De et al. 2012] min-entropy source deterministic short seed! Trevisan s Extractors still work against quantum adversaries near uniform

204 Quantum Somewhere Randomness [Chung, Shi, Wu 2014] Adversary Min-entropy Source X X X seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext y0 0 y1 0 y1 1

205 Quantum Somewhere Randomness [Chung, Shi, Wu 2014] Adversary Min-entropy Source X X X seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext y0 0 y1 0 y1 1 The average of y s is close to uniform to Adversary

206 Quantum Somewhere Randomness [Chung, Shi, Wu 2014] Adversary Min-entropy Source X X X seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext y0 0 y1 0 y1 1 The average of y s is close to uniform to Adversary A y in an unknown location is close to uniform to Adversary

207 Randomness Decoupling [Chung, Shi, Wu 2014] Adversary D X Y

208 Randomness Decoupling [Chung, Shi, Wu 2014] If: X uniformly random to Device Adversary D X Y

209 Randomness Decoupling [Chung, Shi, Wu 2014] Adversary If: X uniformly random to Device could be known completely to Adversary D X Y

210 Randomness Decoupling [Chung, Shi, Wu 2014] Adversary If: X uniformly random to Device could be known completely to Adversary Then: Y is close to uniform to all except Device D X Y

211 Randomness Decoupling [Chung, Shi, Wu 2014] X Adversary D Y If: X uniformly random to Device could be known completely to Adversary Then: Y is close to uniform to all except Device In particular Y is random to Adversary, even conditioned on X

212 Randomness Decoupling [Chung, Shi, Wu 2014] X Adversary D Y If: X uniformly random to Device could be known completely to Adversary Then: Y is close to uniform to all except Device In particular Y is random to Adversary, even conditioned on X Turn local randomness to global randomness

213 Seedless extraction of Chung-Shi-Wu [2014] Min-entropy Source X X X seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext G 1 0 Y 1 0 G 0 0 Y 0 0 G 1 1 Y 1 1 ^ Accept/Abort G Output Y

214 Seedless extraction of Chung-Shi-Wu [2014] X Min-entropy Source X X Input: arbitrary min-entropy source seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext G 1 0 Y 1 0 G 0 0 Y 0 0 G 1 1 Y 1 1 ^ Accept/Abort G Output Y

215 Seedless extraction of Chung-Shi-Wu [2014] Ext X seed=0 0 Min-entropy Source X X seed=1 0 Ext X Ext seed=1 1 Input: arbitrary min-entropy source Delicate composition of quantumproof extractors for min-entropy source and Randomness Decoupling G 1 0 Y 1 0 G 0 0 Y 0 0 G 1 1 Y 1 1 ^ Accept/Abort G Output Y

216 Seedless extraction of Chung-Shi-Wu [2014] Ext X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 X Y 1 0 Ext G 0 0 Y 0 0 G 1 1 Y 1 1 X seed=1 1 Input: arbitrary min-entropy source Delicate composition of quantumproof extractors for min-entropy source and Randomness Decoupling First create quantum somewhere randomness, then transformed to global randomness through Randomness Decoupling Accept/Abort G Output Y

217 Seedless extraction of Chung-Shi-Wu [2014] Ext X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 X Y 1 0 X random to device Ext G 0 0 Y 0 0 G 1 1 Y 1 1 seed=1 1 Input: arbitrary min-entropy source Delicate composition of quantumproof extractors for min-entropy source and Randomness Decoupling First create quantum somewhere randomness, then transformed to global randomness through Randomness Decoupling Accept/Abort G Output Y

218 Seedless extraction of Chung-Shi-Wu [2014] Ext X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 X Y 1 0 X random to device Ext random to all G 0 0 Y 0 0 G 1 1 Y 1 1 seed=1 1 Input: arbitrary min-entropy source Delicate composition of quantumproof extractors for min-entropy source and Randomness Decoupling First create quantum somewhere randomness, then transformed to global randomness through Randomness Decoupling Accept/Abort G Output Y

219 Seedless extraction of Chung-Shi-Wu [2014] Ext X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 Accept/Abort G X Y 1 0 X Output Y random to device Ext random to all G 0 0 Y 0 0 G 1 1 Y 1 1 seed=1 1 Input: arbitrary min-entropy source Delicate composition of quantumproof extractors for min-entropy source and Randomness Decoupling First create quantum somewhere randomness, then transformed to global randomness through Randomness Decoupling XORed with others still globally random

220 global-uniform Equivalence Lemma uniform to device [Chung, Shi, Wu 2014] Adversary Adversary X X Equivalent X Y X Y P works for global-uniform input if and only if P works for uniform-to-device input

221 global-uniform Equivalence Lemma uniform to device [Chung, Shi, Wu 2014] Adversary Adversary X X Equivalent X Y X Y P works for global-uniform input if and only if P works for uniform-to-device input Copying X to Adversary commutes with P: b/c no interaction between Adversary and Device

222 global-uniform Equivalence Lemma uniform to device [Chung, Shi, Wu 2014] Adversary Adversary X X Equivalent X Y X Y P works for global-uniform input if and only if P works for uniform-to-device input Copying X to Adversary commutes with P: b/c no interaction between Adversary and Device Uniform-to-device = Apply commuting operation on global-uniform

223 Implication of E.L: Instantiation of seedless extraction Min-entropy Source X X X seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext G 1 0 Y 1 0 G 0 0 Y 0 0 G 1 1 Y 1 1 ^ Accept/Abort G Output Y

224 Implication of E.L: Instantiation of seedless extraction X Min-entropy Source X X X needs only to have minentropy against Devices seed=0 0 X seed=1 0 seed=1 1 Ext Ext Ext G 1 0 Y 1 0 G 0 0 Y 0 0 G 1 1 Y 1 1 ^ Accept/Abort G Output Y

225 Implication of E.L: Instantiation of seedless extraction Ext X seed=0 0 Min-entropy Source X X seed=1 0 Ext X Ext seed=1 1 X needs only to have minentropy against Devices П can be any untrusted device expansion or KD protocol G 1 0 Y 1 0 G 0 0 Y 0 0 G 1 1 Y 1 1 ^ Accept/Abort G Output Y

226 Ext Implication of E.L: Instantiation of seedless extraction X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 X Y 1 0 Ext G 0 0 Y 0 0 G 1 1 Y 1 1 X seed=1 1 X needs only to have minentropy against Devices П can be any untrusted device expansion or KD protocol Vazirani-Vidick for expansion (not robust) Accept/Abort G Output Y

227 Ext Implication of E.L: Instantiation of seedless extraction X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 X Y 1 0 Ext G 0 0 Y 0 0 G 1 1 Y 1 1 X seed=1 1 X needs only to have minentropy against Devices П can be any untrusted device expansion or KD protocol Vazirani-Vidick for expansion (not robust) Miller-Shi (robust) Accept/Abort G Output Y

228 Ext Implication of E.L: Instantiation of seedless extraction X seed=0 0 Min-entropy Source X seed=1 0 Ext ^ G 1 0 X Y 1 0 Ext G 0 0 Y 0 0 G 1 1 Y 1 1 X seed=1 1 X needs only to have minentropy against Devices П can be any untrusted device expansion or KD protocol Vazirani-Vidick for expansion (not robust) Miller-Shi (robust) Vazirani-Vidick for KD (robust) Accept/Abort G Output Y

229 Unbounded Expansion

230 Unbounded Expansion!! Straightforward by sequential composition To get N bits need only O(log* N) applications of an exp expanding protocol Seed length independent of N Classically seed length >=log N Multiple-Device extraction Not surprising in our view since randomness comes from device

231 Unbounded Expansion X2,X4, X2N X1,X3,X5, X2N+1! X0 D0! Y0,Y2,Y4, Y2N Straightforward by sequential composition To get N bits need only O(log* N) applications of an exp expanding protocol Seed length independent of N Classically seed length >=log N Multiple-Device extraction Not surprising in our view since randomness comes from device D1 Y1,Y3,Y5, Y2N-1 Y2N+1

232 Unbounded Expansion X2,X4, X2N X1,X3,X5, X2N+1! X0 D0! Y0,Y2,Y4, Y2N Straightforward by sequential composition To get N bits need only O(log* N) applications of an exp expanding protocol Seed length independent of N Classically seed length >=log N Multiple-Device extraction Not surprising in our view since randomness comes from device!! D1 Y1,Y3,Y5, Y2N-1 Y2N+1 Reduce log*n to a constant? Crossfeeding composition problem: the output of D0 when used by D1 is not globaluniform [Fehr-Gelles-Schaffner 13] Constant-number-device Unbounded (non-robust) expansion first claimed by Coudron-Yuen [2013] Use sequential rigidity of CHSH [RUV] to transform device-uniform input to adversary-uniform output

233 Implication of E.L.: Unbounded Expansion using 2 devices and any sub-protocol

234 Implication of E.L.: Unbounded Expansion using 2 devices and any sub-protocol X2,X4, X2N X1,X3,X5, X2N+1 X0 Y2N+1 D0 Y0,Y2,Y4, Y2N D1 Y1,Y3,Y5, Y2N-1

235 Implication of E.L.: Unbounded Expansion using 2 devices and any sub-protocol X2,X4, X2N X1,X3,X5, X2N+1 X0 Y2N+1 D0 D1! Y0,Y2,Y4, Y2N Y1,Y3,Y5, Y2N-1! Each output is random to the other device, ensuring next output is globally random by E.L. Any expansion protocol can be used: Vazirani-Vidick (not robust) Miller-Shi (robust)

236 Put together MS and CSW many devices Adversary 2 devices k min-entropy CSW Θ(k)-bit local randomness MS for unbounded expansion N-bit exp(-k c )- close to uniform

237 Put together MS and CSW many devices Adversary 2 devices k min-entropy CSW Robust unbounded expansion from an arbitrary min-entropy source Θ(k)-bit local randomness MS for unbounded expansion N-bit exp(-k c )- close to uniform

238 Put together MS and CSW many devices Adversary 2 devices k min-entropy CSW Robust unbounded expansion from an arbitrary min-entropy source Θ(k)-bit local randomness MS for unbounded expansion Based on an arbitrary strong self-test N-bit exp(-k c )- close to uniform

239 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Y Y

240 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Coordinate through public channel Y Y

241 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Coordinate through public channel Not a problem by Equivalence Lemma Y Y

242 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Coordinate through public channel Not a problem by Equivalence Lemma Leakage due to classical post-processing Y Y

243 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Coordinate through public channel Not a problem by Equivalence Lemma Leakage due to classical post-processing Miller-Shi Y Y

244 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Coordinate through public channel Not a problem by Equivalence Lemma Leakage due to classical post-processing Miller-Shi expansion at the same time Y Y

245 Untrusted Device Key Distribution [Vazirani, Vidick 2013], [Miller, Shi 2014] Adversary public channel Alice X Bob Coordinate through public channel Not a problem by Equivalence Lemma Leakage due to classical post-processing Miller-Shi expansion at the same time Any strong self-test Y Y

246

247 Conclusions

248 Conclusions

249 Conclusions We may not want to trust quantum devices

250 Conclusions We may not want to trust quantum devices Yet we can still make them work their magic

251 Conclusions We may not want to trust quantum devices Yet we can still make them work their magic Many fundamental questions remain open

252 Open Problems on robust self-testing x y x1 y1 A a B b a1 x2 A B b1 y2 a2 x3 a3 xn an A A A B B B b2 y3 b3 yn bn time

253 Open Problems on robust self-testing x y x1 y1 A a B b a1 x2 A B b1 y2 A B Characterize all (robust) selftesting non-local games a2 x3 b2 y3 time A B a3 xn b3 yn A B an bn

254 Open Problems on robust self-testing x y x1 y1 A a B b a1 x2 A B b1 y2 A B Characterize all (robust) selftesting non-local games going beyond binary XOR games and graph states a2 x3 a3 xn A B b2 y3 b3 yn time A B an bn

255 Open Problems on robust self-testing x y x1 y1 A a B b a1 x2 A B b1 y2 A B Characterize all (robust) selftesting non-local games going beyond binary XOR games and graph states Characterize all sequentially self-testing games a2 x3 a3 xn an A A B B b2 y3 b3 yn bn time

256 Open Problems on untrusted device q. computation B A Randomized classical Verifier

257 Open Problems on untrusted device q. computation B A Robustness Randomized classical Verifier

258 Open Problems on untrusted device q. computation B A Robustness Quantum memory Randomized classical Verifier

259 Open Problems on untrusted device q. computation B A Robustness Quantum memory Broader class of games Randomized classical Verifier

260 Perfect Untrusted-Device Extractor?

261 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously?

262 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source

263 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest):

264 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest): Single (multi-part) device

265 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest): Single (multi-part) device Robust

266 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest): Single (multi-part) device Robust Constant quantum memory

267 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest): Single (multi-part) device Robust Constant quantum memory Output:

268 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest): Single (multi-part) device Robust Constant quantum memory Output: Exponential expanding (or even more?)

269 Perfect Untrusted-Device Extractor? Is there a untrusted device protocol achieving the following simultaneously? Classical source: arbitrary min-entropy source Device (honest): Single (multi-part) device Robust Constant quantum memory Output: Exponential expanding (or even more?) Quantum crypto security

270 Other open problems in untrusted-device extractors

271 Other open problems in untrusted-device extractors Parameter limits and tradeoffs in seeded extraction

272 Other open problems in untrusted-device extractors Parameter limits and tradeoffs in seeded extraction output length in terms of entanglement

273 Other open problems in untrusted-device extractors Parameter limits and tradeoffs in seeded extraction output length in terms of entanglement maximum output length for a fixed number of devices

274 Other open problems in untrusted-device extractors Parameter limits and tradeoffs in seeded extraction output length in terms of entanglement maximum output length for a fixed number of devices Security proof based only on non-signaling (local changes will not affect other systems local behavior)

275 Physical Extractors: a new paradigm for randomness extraction Min-entropy sources deterministic physical sources Near uniform bits Allow physical sources Base security of the validity of physical theory Any different systems?

Similar documents

Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices

Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices Carl A. Miller and Yaoyun Shi Department of Electrical Engineering and Computer Science University

More information

Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices

Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices Carl A. Miller and Yaoyun Shi Department of Electrical Engineering and Computer Science University

More information

Trustworthy Quantum Information. Yaoyun Shi University of Michigan

Trustworthy Quantum Information. Yaoyun Shi University of Michigan Trustworthy Quantum Information Yaoyun Shi University of Michigan QI 2.0 QI 2.0 Some hairy questions QI 1.0: using trusted q. device QI 2.0: using untrusted q. device The device(s) prove to you their trustworthiness

More information

Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source

Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source Jan Bouda, Marcin Paw lowski, Matej Pivoluska, Martin Plesch 6.6.2014 J. B., M. P. 3 DI Extraction from min-entropy sources

More information

Entropy Accumulation in Device-independent Protocols

Entropy Accumulation in Device-independent Protocols Entropy Accumulation in Device-independent Protocols QIP17 Seattle January 19, 2017 arxiv: 1607.01796 & 1607.01797 Rotem Arnon-Friedman, Frédéric Dupuis, Omar Fawzi, Renato Renner, & Thomas Vidick Outline

More information

Physical Randomness Extractors: Generating Random Numbers with Minimal Assumptions

Physical Randomness Extractors: Generating Random Numbers with Minimal Assumptions Physical Randomness Extractors: Generating Random Numbers with Minimal Assumptions Kai-Min Chung Yaoyun Shi Xiaodi Wu Abstract How to generate provably true randomness with minimal assumptions? This question

More information

Universal security for randomness expansion

Universal security for randomness expansion Universal security for randomness expansion Carl A. Miller and Yaoyun Shi Department of Electrical Engineering and Computer Science University of Michigan, Ann Arbor, MI 48109, USA carlmi,shiyy@umich.edu

More information

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Tutorial: Device-independent random number generation. Roger Colbeck University of York Tutorial: Device-independent random number generation Roger Colbeck University of York Outline Brief motivation of random number generation Discuss what we mean by a random number Discuss some ways of

More information

XXXX Robust Protocols for Securely Expanding Randomness and Distributing Keys Using Untrusted Quantum Devices

XXXX Robust Protocols for Securely Expanding Randomness and Distributing Keys Using Untrusted Quantum Devices XXXX Robust Protocols for Securely Expanding Randomness and Distributing Keys Using Untrusted Quantum Devices CARL A. MILLER, University of Michigan YAOYUN SHI, University of Michigan Randomness is a vital

More information

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles Device-independent Quantum Key Distribution and Randomness Generation Stefano Pironio Université Libre de Bruxelles Tropical QKD, Waterloo, June 14-17, 2010 Device-independent security proofs establish

More information

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley Challenges in Quantum Information Science Umesh V. Vazirani U. C. Berkeley 1 st quantum revolution - Understanding physical world: periodic table, chemical reactions electronic wavefunctions underlying

More information

Randomness in nonlocal games between mistrustful players

Randomness in nonlocal games between mistrustful players Randomness in nonlocal games between mistrustful players Carl A. Miller and Yaoyun Shi* Source paper: Forcing classical behavior for quantum players by C. Miller and Y. Shi (2016), attached. One of the

More information

Quantum Cryptography

Quantum Cryptography Quantum Cryptography Christian Schaffner Research Center for Quantum Software Institute for Logic, Language and Computation (ILLC) University of Amsterdam Centrum Wiskunde & Informatica Winter 17 QuantumDay@Portland

More information

Quantum Supremacy and its Applications

Quantum Supremacy and its Applications Quantum Supremacy and its Applications HELLO HILBERT SPACE Scott Aaronson (University of Texas, Austin) Simons Institute, Berkeley, June 12, 2018 Based on joint work with Lijie Chen (CCC 2017, arxiv: 1612.05903)

More information

Some limits on non-local randomness expansion

Some limits on non-local randomness expansion Some limits on non-local randomness expansion Matt Coudron and Henry Yuen December 12, 2012 1 Introduction God does not play dice. Albert Einstein Einstein, stop telling God what to do. Niels Bohr One

More information

Quantum Supremacy and its Applications

Quantum Supremacy and its Applications Quantum Supremacy and its Applications HELLO HILBERT SPACE Scott Aaronson (University of Texas at Austin) USC, October 11, 2018 Based on joint work with Lijie Chen (CCC 2017, arxiv:1612.05903) and on forthcoming

More information

Bit-Commitment and Coin Flipping in a Device-Independent Setting

Bit-Commitment and Coin Flipping in a Device-Independent Setting Bit-Commitment and Coin Flipping in a Device-Independent Setting J. Silman Université Libre de Bruxelles Joint work with: A. Chailloux & I. Kerenidis (LIAFA), N. Aharon (TAU), S. Pironio & S. Massar (ULB).

More information

Classical Verification of Quantum Computations

Classical Verification of Quantum Computations Classical Verification of Quantum Computations Urmila Mahadev UC Berkeley September 12, 2018 Classical versus Quantum Computers Can a classical computer verify a quantum computation? Classical output (decision

More information

Quantum Information Transfer and Processing Miloslav Dušek

Quantum Information Transfer and Processing Miloslav Dušek Quantum Information Transfer and Processing Miloslav Dušek Department of Optics, Faculty of Science Palacký University, Olomouc Quantum theory Quantum theory At the beginning of 20 th century about the

More information

More Randomness From Noisy Sources

More Randomness From Noisy Sources More Randomness From Noisy Sources Jean-Daniel Bancal and Valerio Scarani,2 Centre for Quantum Technologies, National University of Singapore 3 Science Drive 2, Singapore 7543 2 Department of Physics,

More information

Quantum Technology: Challenges and Opportunities for Cyber Security. Yaoyun Shi University of Michigan

Quantum Technology: Challenges and Opportunities for Cyber Security. Yaoyun Shi University of Michigan Quantum Technology: Challenges and Opportunities for Cyber Security Yaoyun Shi University of Michigan The Alien Monsters Are Coming! Written by Yaoyun Shi Illustrated by Oriana Shi Ultimatum to Earthlings

More information

Round-Efficient Multi-party Computation with a Dishonest Majority

Round-Efficient Multi-party Computation with a Dishonest Majority Round-Efficient Multi-party Computation with a Dishonest Majority Jonathan Katz, U. Maryland Rafail Ostrovsky, Telcordia Adam Smith, MIT Longer version on http://theory.lcs.mit.edu/~asmith 1 Multi-party

More information

Quantum Key Distribution. The Starting Point

Quantum Key Distribution. The Starting Point Quantum Key Distribution Norbert Lütkenhaus The Starting Point Quantum Mechanics allows Quantum Key Distribution, which can create an unlimited amount of secret key using -a quantum channel -an authenticated

More information

Zero-Knowledge Against Quantum Attacks

Zero-Knowledge Against Quantum Attacks Zero-Knowledge Against Quantum Attacks John Watrous Department of Computer Science University of Calgary January 16, 2006 John Watrous (University of Calgary) Zero-Knowledge Against Quantum Attacks QIP

More information

An Introduction to Quantum Information and Applications

An Introduction to Quantum Information and Applications An Introduction to Quantum Information and Applications Iordanis Kerenidis CNRS LIAFA-Univ Paris-Diderot Quantum information and computation Quantum information and computation How is information encoded

More information

Cryptography in a quantum world

Cryptography in a quantum world T School of Informatics, University of Edinburgh 25th October 2016 E H U N I V E R S I T Y O H F R G E D I N B U Outline What is quantum computation Why should we care if quantum computers are constructed?

More information

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states

More information

Unconditionally secure deviceindependent

Unconditionally secure deviceindependent Unconditionally secure deviceindependent quantum key distribution with only two devices Roger Colbeck (ETH Zurich) Based on joint work with Jon Barrett and Adrian Kent Physical Review A 86, 062326 (2012)

More information

Free randomness can be amplified

Free randomness can be amplified Free randomness can be amplified Colbeck and Renner June 18, 2013 arxiv Abstract Are there fundamentally random processes in nature? Theoretical predictions, confirmed experimentally, such as the violation

More information

Overlapping qubits. Parallel self-testing of (tilted) EPR pairs via copies of (tilted) CHSH. The parallel-repeated magic square game is rigid

Overlapping qubits. Parallel self-testing of (tilted) EPR pairs via copies of (tilted) CHSH. The parallel-repeated magic square game is rigid Rui Chao USC Ben W. Reichardt USC Overlapping qubits Chris Sutherland USC Thomas Vidick Caltech arxiv 1701.01062 Parallel self-testing of (tilted) EPR pairs via copies of (tilted) CHSH Andrea W. Coladangelo

More information

Device-Independent Quantum Information Processing

Device-Independent Quantum Information Processing Device-Independent Quantum Information Processing Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Chist-Era kick-off seminar, March 2012, Warsaw, Poland Quantum Information

More information

Secure Identification and QKD in the Bounded-Quantum-Storage Model

Secure Identification and QKD in the Bounded-Quantum-Storage Model Secure Identification and QKD in the Bounded-Quantum-Storage Model Ivan B. Damgård 1, Serge Fehr 2, Louis Salvail 1, and Christian Schaffner 2 1 BRICS, FICS, Aarhus University, Denmark {ivan salvail}@brics.dk

More information

From Secure MPC to Efficient Zero-Knowledge

From Secure MPC to Efficient Zero-Knowledge From Secure MPC to Efficient Zero-Knowledge David Wu March, 2017 The Complexity Class NP NP the class of problems that are efficiently verifiable a language L is in NP if there exists a polynomial-time

More information

Classical Verification of Quantum Computations

Classical Verification of Quantum Computations 2018 IEEE 59th Annual Symposium on Foundations of Computer Science Classical Verification of Quantum Computations Urmila Mahadev Department of Computer Science, UC Berkeley mahadev@berkeley.edu Abstract

More information

arxiv: v1 [quant-ph] 21 Aug 2013

arxiv: v1 [quant-ph] 21 Aug 2013 Robust Device Independent Randomness Amplification arxiv:308.4635v [quant-ph] Aug 03 Ravishankar Ramanathan,, Fernando G. S. L. Brandão, 3 Andrzej Grudka, 4 Karol Horodecki,, 5 Michał Horodecki,, and Paweł

More information

A semi-device-independent framework based on natural physical assumptions

A semi-device-independent framework based on natural physical assumptions AQIS 2017 4-8 September 2017 A semi-device-independent framework based on natural physical assumptions and its application to random number generation T. Van Himbeeck, E. Woodhead, N. Cerf, R. García-Patrón,

More information

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today: Today: Introduction to the class. Examples of concrete physical attacks on RSA A computational approach to cryptography Pseudorandomness 1 What are Physical Attacks Tampering/Leakage attacks Issue of how

More information

Explicit bounds on the entangled value of multiplayer XOR games. Joint work with Thomas Vidick (MIT)

Explicit bounds on the entangled value of multiplayer XOR games. Joint work with Thomas Vidick (MIT) Explicit bounds on the entangled value of multiplayer XOR games Jop Briët Joint work with Thomas Vidick (MIT) Waterloo, 2012 Entanglement and nonlocal correlations [Bell64] Measurements on entangled quantum

More information

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes 5th March 2004 Unconditional Security of Quantum Key Distribution With Practical Devices Hermen Jan Hupkes The setting Alice wants to send a message to Bob. Channel is dangerous and vulnerable to attack.

More information

Device-Independent Quantum Information Processing (DIQIP)

Device-Independent Quantum Information Processing (DIQIP) Device-Independent Quantum Information Processing (DIQIP) Maciej Demianowicz ICFO-Institut de Ciencies Fotoniques, Barcelona (Spain) Coordinator of the project: Antonio Acín (ICFO, ICREA professor) meeting,

More information

Introduction to Quantum Key Distribution

Introduction to Quantum Key Distribution Fakultät für Physik Ludwig-Maximilians-Universität München January 2010 Overview Introduction Security Proof Introduction What is information? A mathematical concept describing knowledge. Basic unit is

More information

Lecture 20: Bell inequalities and nonlocality

Lecture 20: Bell inequalities and nonlocality CPSC 59/69: Quantum Computation John Watrous, University of Calgary Lecture 0: Bell inequalities and nonlocality April 4, 006 So far in the course we have considered uses for quantum information in the

More information

Quantum Cryptography. Chris1an Schaffner. Research Center for Quantum So8ware

Quantum Cryptography. Chris1an Schaffner. Research Center for Quantum So8ware Quantum Cryptography Chris1an Schaffner Research Center for Quantum So8ware Ins1tute for Logic, Language and Computa1on (ILLC) University of Amsterdam Centrum Wiskunde & Informa1ca Physics@FOM, Veldhoven

More information

Cryptographical Security in the Quantum Random Oracle Model

Cryptographical Security in the Quantum Random Oracle Model Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons

More information

Introduction to Cryptography Lecture 13

Introduction to Cryptography Lecture 13 Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple

More information

Entanglement and information

Entanglement and information Ph95a lecture notes for 0/29/0 Entanglement and information Lately we ve spent a lot of time examining properties of entangled states such as ab è 2 0 a b è Ý a 0 b è. We have learned that they exhibit

More information

Security of Quantum Key Distribution with Imperfect Devices

Security of Quantum Key Distribution with Imperfect Devices Security of Quantum Key Distribution with Imperfect Devices Hoi-Kwong Lo Dept. of Electrical & Comp. Engineering (ECE); & Dept. of Physics University of Toronto Email:hklo@comm.utoronto.ca URL: http://www.comm.utoronto.ca/~hklo

More information

Cyber Security in the Quantum Era

Cyber Security in the Quantum Era T Computer Security Guest Lecture University of Edinburgh 27th November 2017 E H U N I V E R S I T Y O H F R G E D I N B U Outline Quantum Computers: Is it a threat to Cyber Security? Why should we act

More information

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Physics is becoming too difficult for physicists. David Hilbert (mathematician) Physics is becoming too difficult for physicists. David Hilbert (mathematician) Simple Harmonic Oscillator Credit: R. Nave (HyperPhysics) Particle 2 X 2-Particle wave functions 2 Particles, each moving

More information

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel Kiyoshi Tamaki *Perimeter Institute for Theoretical Physics Collaboration with Masato Koashi

More information

What are we talking about when we talk about post-quantum cryptography?

What are we talking about when we talk about post-quantum cryptography? PQC Asia Forum Seoul, 2016 What are we talking about when we talk about post-quantum cryptography? Fang Song Portland State University PQC Asia Forum Seoul, 2016 A personal view on postquantum cryptography

More information

Quantum Pseudo-Telepathy

Quantum Pseudo-Telepathy Quantum Pseudo-Telepathy Michail Lampis mlambis@softlab.ntua.gr NTUA Quantum Pseudo-Telepathy p.1/24 Introduction In Multi-Party computations we are interested in measuring communication complexity. Communication

More information

Lecture Notes 20: Zero-Knowledge Proofs

Lecture Notes 20: Zero-Knowledge Proofs CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Lecture Notes 20: Zero-Knowledge Proofs Reading. Katz-Lindell Ÿ14.6.0-14.6.4,14.7 1 Interactive Proofs Motivation: how can parties

More information

Direct product theorem for discrepancy

Direct product theorem for discrepancy Direct product theorem for discrepancy Troy Lee Rutgers University Adi Shraibman Weizmann Institute of Science Robert Špalek Google Direct product theorems: Why is Google interested? Direct product theorems:

More information

CS/Ph120 Homework 8 Solutions

CS/Ph120 Homework 8 Solutions CS/Ph0 Homework 8 Solutions December, 06 Problem : Thinking adversarially. Solution: (Due to De Huang) Attack to portocol : Assume that Eve has a quantum machine that can store arbitrary amount of quantum

More information

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen Entanglement arnoldzwicky.org Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen PHYS403, July 26, 2017 Entanglement A quantum object can

More information

Fully device independent quantum key distribution

Fully device independent quantum key distribution Fully device independent quantum key distribution Umesh Vazirani Thomas Vidick Abstract We give the first device-independent proof of security of a protocol for quantum key distribution that guarantees

More information

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139 Quantum Error Correcting Codes and Quantum Cryptography Peter Shor M.I.T. Cambridge, MA 02139 1 We start out with two processes which are fundamentally quantum: superdense coding and teleportation. Superdense

More information

Nonlocal Quantum XOR Games for Large Number of Players

Nonlocal Quantum XOR Games for Large Number of Players onlocal Quantum XOR Games for Large umber of Players Andris Ambainis, Dmitry Kravchenko, ikolajs ahimovs, Alexander Rivosh Faculty of Computing, University of Latvia Abstract onlocal games are used to

More information

Lecture 15: Privacy Amplification against Active Attackers

Lecture 15: Privacy Amplification against Active Attackers Randomness in Cryptography April 25, 2013 Lecture 15: Privacy Amplification against Active Attackers Lecturer: Yevgeniy Dodis Scribe: Travis Mayberry 1 Last Time Previously we showed that we could construct

More information

Practical Quantum Coin Flipping

Practical Quantum Coin Flipping Practical Quantum Coin Flipping Anna Pappa, 1, André Chaillloux, 2, Eleni Diamanti, 1, and Iordanis Kerenidis 2, 1 LTCI, CNRS - Télécom ParisTech, Paris, France 2 LIAFA, CNRS - Université Paris 7, Paris,

More information

Practical quantum-key. key- distribution post-processing

Practical quantum-key. key- distribution post-processing Practical quantum-key key- distribution post-processing processing Xiongfeng Ma 马雄峰 IQC, University of Waterloo Chi-Hang Fred Fung, Jean-Christian Boileau, Hoi Fung Chau arxiv:0904.1994 Hoi-Kwong Lo, Norbert

More information

Device-independent quantum information. Valerio Scarani Centre for Quantum Technologies National University of Singapore

Device-independent quantum information. Valerio Scarani Centre for Quantum Technologies National University of Singapore Device-independent quantum information Valerio Scarani Centre for Quantum Technologies National University of Singapore Looking for post-doc Commitment to fairness: in case of otherwise equally competent

More information

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security Areas for Discussion Joseph Spring Department of Computer Science MSc Distributed Systems and Security Introduction Photons Quantum Key Distribution Protocols BB84 A 4 state QKD Protocol B9 A state QKD

More information

Introduction to Modern Cryptography Lecture 11

Introduction to Modern Cryptography Lecture 11 Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00

More information

Notes on Complexity Theory Last updated: November, Lecture 10

Notes on Complexity Theory Last updated: November, Lecture 10 Notes on Complexity Theory Last updated: November, 2015 Lecture 10 Notes by Jonathan Katz, lightly edited by Dov Gordon. 1 Randomized Time Complexity 1.1 How Large is BPP? We know that P ZPP = RP corp

More information

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4 CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky Lecture 4 Lecture date: January 26, 2005 Scribe: Paul Ray, Mike Welch, Fernando Pereira 1 Private Key Encryption Consider a game between

More information

Stream Computation and Arthur- Merlin Communication

Stream Computation and Arthur- Merlin Communication Stream Computation and Arthur- Merlin Communication Justin Thaler, Yahoo! Labs Joint Work with: Amit Chakrabarti, Dartmouth Graham Cormode, University of Warwick Andrew McGregor, Umass Amherst Suresh Venkatasubramanian,

More information

Lecture th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics

Lecture th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics 0368.4162: Introduction to Cryptography Ran Canetti Lecture 11 12th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics Introduction to cryptographic protocols Commitments 1 Cryptographic

More information

: Cryptography and Game Theory Ran Canetti and Alon Rosen. Lecture 8

: Cryptography and Game Theory Ran Canetti and Alon Rosen. Lecture 8 0368.4170: Cryptography and Game Theory Ran Canetti and Alon Rosen Lecture 8 December 9, 2009 Scribe: Naama Ben-Aroya Last Week 2 player zero-sum games (min-max) Mixed NE (existence, complexity) ɛ-ne Correlated

More information

Beginnings... Computers might as well be made of green cheese. It is no longer safe to assume this! The first axiom I learnt in Computer Science:

Beginnings... Computers might as well be made of green cheese. It is no longer safe to assume this! The first axiom I learnt in Computer Science: Beginnings... The first axiom I learnt in Computer Science: Computers might as well be made of green cheese It is no longer safe to assume this! (Department of Computer Science, Quantum Universitycomputation:

More information

Scribe for Lecture #5

Scribe for Lecture #5 CSA E0 235: Cryptography 28 January 2016 Scribe for Lecture #5 Instructor: Dr. Arpita Patra Submitted by: Nidhi Rathi 1 Pseudo-randomness and PRG s We saw that computational security introduces two relaxations

More information

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute High Fidelity to Low Weight Daniel Gottesman Perimeter Institute A Word From Our Sponsor... Quant-ph/0212066, Security of quantum key distribution with imperfect devices, D.G., H.-K. Lo, N. Lutkenhaus,

More information

Verification of quantum computation

Verification of quantum computation Verification of quantum computation THOMAS VIDICK CALIFORNIA INSTITUTE OF TECHNOLOGY Slides: http://users.cms.caltech.edu/~vidick/verification.{ppsx,pdf} 1. Problem formulation 2. Overview of existing

More information

Quantum Communication

Quantum Communication Quantum Communication Harry Buhrman CWI & University of Amsterdam Physics and Computing Computing is physical Miniaturization quantum effects Quantum Computers ) Enables continuing miniaturization ) Fundamentally

More information

Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings

Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings Yehuda Lindell Bar-Ilan University, Israel Technion Cryptoday 2014 Yehuda Lindell Online/Offline and Batch Yao 30/12/2014

More information

Privacy Amplification in the Isolated Qubits Model

Privacy Amplification in the Isolated Qubits Model Privacy Amplification in the Isolated Qubits Model Yi-Kai Liu Applied and Computational Mathematics Division National Institute of Standards and Technology Gaithersburg, MD, USA yi-kai.liu@nist.gov Abstract.

More information

Notes on Zero Knowledge

Notes on Zero Knowledge U.C. Berkeley CS172: Automata, Computability and Complexity Handout 9 Professor Luca Trevisan 4/21/2015 Notes on Zero Knowledge These notes on zero knowledge protocols for quadratic residuosity are based

More information

A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness

A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness Gilad Asharov Yehuda Lindell Tal Rabin February 25, 2013 Abstract It is well known that it is impossible

More information

1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds

1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds 1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds Amos Beimel Department of Computer Science Ben Gurion University Be er Sheva, Israel Eran Omri Department of Computer

More information

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time

More information

10. Physics from Quantum Information. I. The Clifton-Bub-Halvorson (CBH) Theorem.

10. Physics from Quantum Information. I. The Clifton-Bub-Halvorson (CBH) Theorem. 10. Physics from Quantum Information. I. The Clifton-Bub-Halvorson (CBH) Theorem. Clifton, Bub, Halvorson (2003) Motivation: Can quantum physics be reduced to information-theoretic principles? CBH Theorem:

More information

Lecture 11 September 30, 2015

Lecture 11 September 30, 2015 PHYS 7895: Quantum Information Theory Fall 015 Lecture 11 September 30, 015 Prof. Mark M. Wilde Scribe: Mark M. Wilde This document is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike

More information

Lecture 3: Randomness in Computation

Lecture 3: Randomness in Computation Great Ideas in Theoretical Computer Science Summer 2013 Lecture 3: Randomness in Computation Lecturer: Kurt Mehlhorn & He Sun Randomness is one of basic resources and appears everywhere. In computer science,

More information

THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY

THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY Mark Zhandry - Stanford University Joint work with Dan Boneh Classical Cryptography Post-Quantum Cryptography All communication stays classical

More information

Lecture 38: Secure Multi-party Computation MPC

Lecture 38: Secure Multi-party Computation MPC Lecture 38: Secure Multi-party Computation Problem Statement I Suppose Alice has private input x, and Bob has private input y Alice and Bob are interested in computing z = f (x, y) such that each party

More information

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1 Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption

More information

Transmitting and Hiding Quantum Information

Transmitting and Hiding Quantum Information 2018/12/20 @ 4th KIAS WORKSHOP on Quantum Information and Thermodynamics Transmitting and Hiding Quantum Information Seung-Woo Lee Quantum Universe Center Korea Institute for Advanced Study (KIAS) Contents

More information

Lecture 1: Introduction to Public key cryptography

Lecture 1: Introduction to Public key cryptography Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means

More information

6.896 Quantum Complexity Theory November 4th, Lecture 18

6.896 Quantum Complexity Theory November 4th, Lecture 18 6.896 Quantum Complexity Theory November 4th, 2008 Lecturer: Scott Aaronson Lecture 18 1 Last Time: Quantum Interactive Proofs 1.1 IP = PSPACE QIP = QIP(3) EXP The first result is interesting, because

More information

Experimentally Generated Random Numbers Certified by the Impossibility of Superluminal Signaling

Experimentally Generated Random Numbers Certified by the Impossibility of Superluminal Signaling Experimentally Generated Random Numbers Certified by the Impossibility of Superluminal Signaling Peter Bierhorst, Lynden K. Shalm, Alan Mink, Stephen Jordan, Yi-Kai Liu, Scott Glancy, Bradley Christensen,

More information

1 Recap: Interactive Proofs

1 Recap: Interactive Proofs Theoretical Foundations of Cryptography Lecture 16 Georgia Tech, Spring 2010 Zero-Knowledge Proofs 1 Recap: Interactive Proofs Instructor: Chris Peikert Scribe: Alessio Guerrieri Definition 1.1. An interactive

More information

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 10

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 10 CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 10 Lecture date: 14 and 16 of March, 2005 Scribe: Ruzan Shahinian, Tim Hu 1 Oblivious Transfer 1.1 Rabin Oblivious Transfer

More information

The Future. Currently state of the art chips have gates of length 35 nanometers.

The Future. Currently state of the art chips have gates of length 35 nanometers. Quantum Computing Moore s Law The Future Currently state of the art chips have gates of length 35 nanometers. The Future Currently state of the art chips have gates of length 35 nanometers. When gate lengths

More information

Adriaan van Wijngaarden

Adriaan van Wijngaarden Adriaan van Wijngaarden From his Wikipedia article: His education was in mechanical engineering, for which he received a degree from Delft University of Technology in 1939. He then studied for a doctorate

More information

6.896 Quantum Complexity Theory 30 October Lecture 17

6.896 Quantum Complexity Theory 30 October Lecture 17 6.896 Quantum Complexity Theory 30 October 2008 Lecturer: Scott Aaronson Lecture 17 Last time, on America s Most Wanted Complexity Classes: 1. QMA vs. QCMA; QMA(2). 2. IP: Class of languages L {0, 1} for

More information

Inaccessible Entropy and its Applications. 1 Review: Psedorandom Generators from One-Way Functions

Inaccessible Entropy and its Applications. 1 Review: Psedorandom Generators from One-Way Functions Columbia University - Crypto Reading Group Apr 27, 2011 Inaccessible Entropy and its Applications Igor Carboni Oliveira We summarize the constructions of PRGs from OWFs discussed so far and introduce the

More information

Sharing and verifying quantum informa3on with differing degrees of trust

Sharing and verifying quantum informa3on with differing degrees of trust Sharing and verifying quantum informa3on with differing degrees of trust Damian Markham Paris Centre for Quantum Compu3ng pcqc.fr Basics Measurements Random State ϕ Projector P r for result Proabibity

More information

Quantum Communication. Serge Massar Université Libre de Bruxelles

Quantum Communication. Serge Massar Université Libre de Bruxelles Quantum Communication Serge Massar Université Libre de Bruxelles Plan Why Quantum Communication? Prepare and Measure schemes QKD Using Entanglement Teleportation Communication Complexity And now what?

More information

Quantum Information Theory and Cryptography

Quantum Information Theory and Cryptography Quantum Information Theory and Cryptography John Smolin, IBM Research IPAM Information Theory A Mathematical Theory of Communication, C.E. Shannon, 1948 Lies at the intersection of Electrical Engineering,

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback