Quantum key distribution based on private states

Similar documents
Quantum key distribution for the lazy and careless

Security of Quantum Key Distribution with Imperfect Devices

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Practical quantum-key. key- distribution post-processing

Quantum Key Distribution. The Starting Point

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

arxiv:quant-ph/ v2 17 Sep 2002

Quantum Information Theory and Cryptography

Sending Quantum Information with Zero Capacity Channels

Entropy Accumulation in Device-independent Protocols

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

arxiv:quant-ph/ v1 9 May 2005

Transmitting and Hiding Quantum Information

Cryptography in a quantum world

Quantum Teleportation Pt. 3

Bound entangled states with secret key and their classical counterpart

Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber

Quantum Information Processing and Diagrams of States

Lecture 11 September 30, 2015

Universally composable and customizable post-processing for practical quantum key distribution

Quantum Hadamard channels (I)

Secure quantum key distribution using squeezed states

Compression and entanglement, entanglement transformations

Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber

Asymptotic Analysis of a Three State Quantum Cryptographic Protocol

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance.

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Squashed entanglement

arxiv:quant-ph/ v3 13 Mar 2007

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Quantum Information Theory

Entanglement and Quantum Teleportation

Supplementary Material I. BEAMSPLITTER ATTACK The beamsplitter attack has been discussed [C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smol

Teleportation of Quantum States (1993; Bennett, Brassard, Crepeau, Jozsa, Peres, Wootters)

Limitations on Quantum Key Repeaters

Converse bounds for private communication over quantum channels

Unconditionally secure deviceindependent

Entanglement Manipulation

Quantum key distribution with 2-bit quantum codes

Key distillation from quantum channels using two-way communication protocols

Fundamental rate-loss tradeoff for optical quantum key distribution

Classical and Quantum Channel Simulations

Introduction to Quantum Key Distribution

Quantum Correlations as Necessary Precondition for Secure Communication

Lecture 6: Quantum error correction and quantum capacity

Quantum Cryptography

Quantum Key Distribution

Trustworthiness of detectors in quantum key distribution with untrusted detectors

Bound Information: The Classical Analog to Bound Quantum Entanglement

arxiv: v1 [quant-ph] 3 Jan 2008

Quantum Entanglement Assisted Key Distribution

1. Basic rules of quantum mechanics

Realization of B92 QKD protocol using id3100 Clavis 2 system

C. QUANTUM INFORMATION 99

Trading classical communication, quantum communication, and entanglement in quantum Shannon theory

Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014

How much entanglement is lost along a channel? TQC 2008, 30 Jan 2008

Applications of Quantum Key Distribution (QKD)

C. QUANTUM INFORMATION 111

Simulation of BB84 Quantum Key Distribution in depolarizing channel

arxiv: v2 [quant-ph] 26 Mar 2012

Ping Pong Protocol & Auto-compensation

On the complementary quantum capacity of the depolarizing channel

Lecture 4: Postulates of quantum mechanics

Quantum Information Transfer and Processing Miloslav Dušek

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

On balance of information in bipartite quantum communication systems: entanglement-energy analogy

More Randomness From Noisy Sources

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

arxiv:quant-ph/ v2 11 Jan 2006

5. Communication resources

A. Quantum Key Distribution

Other Topics in Quantum Information

Security Proofs for Quantum Key Distribution Protocols by Numerical Approaches

Security Issues Associated With Error Correction And Privacy Amplification In Quantum Key Distribution

SECURITY OF QUANTUM KEY DISTRIBUTION USING WEAK COHERENT STATES WITH NONRANDOM PHASES

Realization of Finite-Size Continuous-Variable Quantum Key Distribution based on Einstein-Podolsky-Rosen Entangled Light

arxiv: v2 [quant-ph] 10 Mar 2015

High rate quantum cryptography with untrusted relay: Theory and experiment

Entanglement Measures and Monotones

Quantum Hacking. Feihu Xu Dept. of Electrical and Computer Engineering, University of Toronto

What is possible to do with noisy quantum computers?

Concentration of Measure Effects in Quantum Information. Patrick Hayden (McGill University)

Which-way experiment with an internal degree of freedom

Device-Independent Quantum Information Processing (DIQIP)

arxiv:quant-ph/ v1 6 Dec 2005

arxiv: v7 [quant-ph] 20 Mar 2017

Invertible Quantum Operations and Perfect Encryption of Quantum States

Quantum cryptography: from theory to practice

APPLICATIONS. Quantum Communications

Quantum Cryptography

Gilles Brassard. Université de Montréal

An Introduction to Quantum Information and Applications

Secure Quantum Signatures Using Insecure Quantum Channels

Instantaneous Nonlocal Measurements

Teleportation-based approaches to universal quantum computation with single-qubit measurements

Transcription:

Quantum key distribution based on private states Karol Horodecki (1), Michal Horodecki (1), Pawel Horodecki (2) Debbie Leung (3), Hoi-Kwong Lo (4) & Jonathan Oppenheim (5) (1) Univeristy of Gdańsk, Poland (2) Technical University of Gdańsk, Poland (3) University of Waterloo, Canada (previously Caltech, USA) (4) University of Toronto, Canada (5) University of Cambridge, United Kingdom quant-ph/0309110,0506189,0510067 + unpublished rumors Funding: EU grants RESQ, QUPRODIS, PROSECCO; PMSRiT, Cambridge MIT-Institute, Newton Trust, NSF, Tolman Foundation, Croucher Foundation, NSERC, CRC, CFI, OIT, PREA, CIPI, CIAR

Outline Background: E92 & Lo-Chau-security proof (+protocol) Quantum Key (ebits, γ states) Distillation (trusted imperfect states) Distribution (untrusted states) Moral - entanglement key - channel with zero quantum capacity but nonzero key capacity

Quantum key A bipartite quantum state (possessed by Alice & Bob) that provides a secure key as local measurement outcome e.g. 1 ebit: 00i+ 11i AB 00ih00 + 11ih11 AB Φ 2 i ψi E ρ E purified by Frank (secure local garbage bins of Alice & Bob inaccessible to Eve ) Φ d i = 00i +... + d-1 d-1i Φ d = Φ d ihφ d

Quantum key A bipartite quantum state (possessed by Alice & Bob) that provides a secure key as local measurement outcome e.g. 1 ebit: 00i+ 11i AB 00ih00 + 11ih11 AB Most general: ψi E HHH0 0309110 ρ E U t (Φ d AB ψihψ A'B'E ) U t i=1d iiihii AB ρ E purified by Frank Twisting operation U t = ij ijihij AB U ij A'B'

Quantum key γ d = U t (Φ d AB ψihψ A'B'E ) U t Twisting operation U t = ij ijihij AB U ij A'B' twisting meas Φ d AB key ψi A'B'E A' B' E shield γ d Intuition 1: meas commute with twisting U t 2: A'B' acts as "shield" for the "key" in AB

Quantum key γ d = U t (Φ d AB ψihψ A'B'E ) U t Story ends here if the world is (1) error-free (perfect) (2) contains only good people (trusted)

Quantum key distillation from imperfect but trusted iid source ρ n Easy approach: first distilling ebits ρ AB n Φ 2 nd(ρ) D(ρ)=distillable entanglement DW03, HHHO 0506189: Most general: directly get C(ρ) = (1/n) log d 2 keybits ρ n ABA'B' d2 i=1 iiihii AB ρ E Restricted: first distill "a" γ state: ρ ABA'B' n γ d1 then generate K(ρ) = (1/n) log d 1 keybits Clearly: D(ρ) K(ρ) C(ρ) Surprise: (1) ρ K(ρ) = C(ρ), (2) ρ K(ρ) À D(ρ) (3) ρ K(ρ) > 0 = D(ρ)

Outline Will use E92 & Lo-Chau-security proof (+protocol) as the platform of discussion. Prepapre-measure scheme will be discussed on the side. Quantum Key (ebits, γ states) Distillation (trusted imperfect states) Distribution (untrusted states) Moral - entanglement key - channel with zero quantum capacity but nonzero key capacity

Quantum key distribution given untrusted γ Bruteforce method: Extract secure keybits via entanglement distillation e.g. Lo-Chau (LC) protocol Why, by attempting to distill ebits, can untrusted states be turned into a secure key? Can attempts to distill γ states work on untrusted states? NB Entanglement distillation for the sake of generating a key is far-suboptimal or infeasible if the untrusted state ρ has K(ρ)ÀD(ρ) or if 0=D(ρ))

Quantum key distribution given untrusted γ Here (HLLO 0510067, HHHLLO 06@#?!$) : (a) recap LC for regular QKD based on untrusted ebits (b) related untrusted γ to untrusted ebits - first "untwist" γ in one's imagination. - within one's imagination, apply LC [i.e. bit & phase error estimation + ent purification] In the bases "without imagination," above means bit & phase error estimation + ent purification + final key extraction all in "twisted" basis. We'll see how.

Quantum key distribution given untrusted ebits (a) Lo-Chau protocol (for regular QKD) recap (0) Share n bipartite systems (1) Imagine the n systems have been measured in Bell basis. (2) Randomly select 2m test systems. (a) On m of them, estimate phase error rate p z (expectation of XX) (b) On the rest, estimate bit error rate p x (expectation of ZZ) (3) Apply entanglement purification on the rest if estimates of p x, p z are below threshold (4) Measure ebits to get key

Quantum key distribution given untrusted ebits NB. The Bell measurement gives classical meaning to p x,p z. So random sampling theory applies -- with high prob p x,p z on test systems that in the untested systems. Just for the relevant part of the protocol: the Bell measurement has no effect. Reason: measurement of XX,ZZ (on any state) commutes with Bell measurement, expectation of XX,ZZ unaffected by including/omitting the Bell measurement. Can imagine the Bell measurement in security proof without doing it. Subtlety: Expectation of XX is indirectly inferred from those of XI,IX. The outcome statistics of measuring XI, IX are affected by the Bell measurement (meas of XI, IX don't commute with Bell meas), but the combined estimate of expectation of XX is unaffected.

Quantum key distribution given untrusted γ Now, if Alice and Bob are given untrusted γ states since γ = U t (Bell states shield) U t twisting meas Φ d AB key ψi A'B'E A' B' E shield γ d noise

Quantum key distribution given untrusted γ Now, if Alice and Bob are given untrusted γ states since γ = U t (Bell states shield) U t noise twisting meas Φ d AB key A' γ d ψi A'B'E B' E shield untwist So, IF Alice and Bob can undo U t, they can then apply Lo-Chau procedure to get nearly pure ebits in key system, redo U t, and measure out secure key. retwist

Quantum key distribution given untrusted γ Starting with untrusted γ (0) UNTWIST (1) Imagine the n systems have been measured in Bell basis. (2) Randomly select 2m test systems. (a) On m of them, estimate phase error rate p z (expectation of XX) (b) On the rest, estimate bit error rate p x (expectation of ZZ) (3) Apply entanglement purification on the rest if estimates of p x,p z below threshold (0 ) RETWIST (4) Measure γ to get key

Quantum key distribution given untrusted γ Starting with untrusted γ (0) UNTWIST (1) Imagine the n systems have been measured in Bell basis. (2) Randomly select 2m test systems. (a) On m of them, estimate phase error rate p z (expectation of XX) (b) On the rest, estimate bit error rate p x (expectation of ZZ) (3) Apply entanglement purification on the rest if estimates of p x,p z below threshold (4) Measure ebits to get key (0 ) RETWIST

Quantum key distribution given untrusted γ Starting with untrusted γ (0) UNTWIST (1) Imagine the n systems have been measured in Bell basis. (2) Randomly select 2m test systems. (a) On m of them, estimate phase error rate p z (expectation of XX) (b) On the rest, estimate bit error rate p x (expectation of ZZ) (0 ) RETWIST (0) UNTWIST (3) Apply entanglement purification on the rest if estimates of p x,p z below threshold (4) Measure ebits to get key (0 ) RETWIST

Quantum key distribution given untrusted γ Starting with untrusted γ (0) UNTWIST (1) Imagine the n systems have been measured in Bell basis. (2) Randomly select 2m test systems. (a) On m of them, estimate phase error rate p z (expectation of XX) (b) On the rest, estimate bit error rate p x (expectation of ZZ) (0 ) RETWIST (0) UNTWIST Shor-Preskill 00: (3') Measure imperfect ebits to get raw key (4') Apply privacy amplification and error correction on raw key based on p x, p z if p x, p z below threshold (0 ) RETWIST

Quantum key distribution given untrusted γ Starting with untrusted γ (0) UNTWIST (1) Imagine the n systems have been measured in Bell basis. (2) Randomly select 2m test systems. (a) On m of them, estimate phase error rate p z (expectation of XX) (b) On the rest, estimate bit error rate p x (expectation of ZZ) (0 ) RETWIST For QKD with untrusted γ : (3') Measure key part of imperfect γ states to get raw key (4') Apply privacy amplification and error correction on raw key based on p x, p z if p x, p z below threshold

Quantum key distribution given untrusted γ Starting with untrusted γ How? (1) Imagine the n systems have been measured in twisted Bell basis {γ 2k = U t ( [I σ k Φ 2 AB I σ k ] ψihψ A'B'E ) U t } k (2) Randomly select 2m test systems. (a) On m of them, estimate twisted phase error rate p z (expectation of U t ( XX ψihψ A'B'E ) U t ) (b) On the rest, estimate twisted bit error rate p x (expectation of U t ( ZZ ψihψ A'B'E ) U t ) For QKD with untrusted γ : (3') Measure key part of imperfect γ states to get raw key (4') Apply privacy amplification and error correction on raw key based on p x, p z if p x, p z below threshold

Quantum key distribution given untrusted γ How-to Randomly select 2m test systems. (a) On m of them, estimate twisted phase error rate p z (expectation of U t ( XX ψihψ A'B'E ) U t ) (b) On the rest, estimate twist bit error rate p x (expectation of U t ( ZZ ψihψ A'B'E ) U t ) Since U t commute with ZZ (also ZI, IZ) just measure key part of γ states.

Quantum key distribution given untrusted γ How-to Randomly select 2m test systems. (a) On m of them, estimate twisted phase error rate p z (expectation of U t ( XX ψihψ A'B'E ) U t ) call it O Previous solution HLLO 0510067 first distilled O(m) ebits for the teleportation of A' to Bob. Since m n, applies to the case even when K(ρ) À D(ρ) > 0. What if K(ρ) > D(ρ) = 0? Needs a new technique... The exponential quantum definetti Theorem which gives many other advantages (Renner PhD Thesis 05).

Quantum key distribution given untrusted ρ How-to Randomly select 2m test systems. (a) On m of them, estimate twisted phase error rate p z (expectation of U t ( XX ψihψ A'B'E ) U t ) Label test system by superscripts [1],..., [m] call it O The goal is to find p z est := tr(ρ [1,...,m] (O [1] + O [2] +... + O [m] ) ). Express O = i=1t α i O i s.t. each O i can be estimated by LOCC. Divide the m test systems into t parts, and estimate one O i on each part (O i 's may not commute).

Quantum key distribution given untrusted ρ How-to Randomly select 2m test systems. (a) On m of them, estimate twisted phase error rate p z (expectation of U t ( XX ψihψ A'B'E ) U t ) Label test system by superscripts [1],..., [m] The goal is to find p est z := tr(ρ [1,...,m] (O [1] + O [2] +... + O [m] ) ). Express O = i=1t α i O i s.t. each O i can be estimated by LOCC. Divide the m test systems into t parts, and estimate one O i on each part (O i 's may not commute). By the Quantum definetti Theorem (Renner PhD Thesis 2005) ρ [1,...,m] dμ μ m [NB almost tensor power state] p z est m dμ tr(μ O) = m dμ i=1t α i tr(μ O i ) call it O Each tr(μ O i ) can be well estimated due to ρ [1,...,m] and the Chernoff bound. dμ μ m

Quantum key distribution given untrusted ρ (b) TWISTED Lo-Chau protocol for QKD BASED on γ/ρ (1) Imagine the n systems have been measured in Twisted Bell basis {γ 2k = U t ( [I σ k Φ 2 AB I σ k ] ψihψ A'B'E ) U t } k (2) Randomly select 2m test systems. (a) On m of them, estimate twisted phase error rate p z (expectation of U t ( XX ψihψ A'B'E ) U t ) (b) On the rest, estimate twist bit error rate p x (expectation of U t ( ZZ ψihψ A'B'E ) U t ) local meas (3') Measure key part of imperfect γ states to get raw key (4') Apply privacy amplification and error correction on raw key based on p x, p z if p x, p z below threshold Note -- prepare-measure scheme possible

Discussion Our method: -Works for all ρ with K(ρ) 0 (distillability doesn't matter) -Does not distill, but embed a distillation argument via the Shor-Preskill reduction Note: - For a "bound entangled" quantum channel that is thought to create ρ, can still distribute key securely, while channel has no quantum capacity (ability to transmit unknown quantum states). - When little is known about the shared state, either (a) guess a γ, and assume the state is noisy version of it (error rate and key rate depends on our guess) (prep-meas) (b) do tomography to find good guess of γ (q. memory needed)

The End Thank You

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback