Trustworthy Quantum Information. Yaoyun Shi University of Michigan

Similar documents
Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014

Randomness in nonlocal games between mistrustful players

Entropy Accumulation in Device-independent Protocols

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Universal security for randomness expansion

Bit-Commitment and Coin Flipping in a Device-Independent Setting

Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source

A semi-device-independent framework based on natural physical assumptions

Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices

XXXX Robust Protocols for Securely Expanding Randomness and Distributing Keys Using Untrusted Quantum Devices

Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Unconditionally secure deviceindependent

Quantum Supremacy and its Applications

Device-Independent Quantum Information Processing (DIQIP)

Quantum Technology: Challenges and Opportunities for Cyber Security. Yaoyun Shi University of Michigan

Device-independent quantum information. Valerio Scarani Centre for Quantum Technologies National University of Singapore

Speaker s name and affiliation Rotem Arnon- Friedman (ETH Zürich) de Finetti reductions in the context of non-local games

Free randomness can be amplified

Physical Randomness Extractors: Generating Random Numbers with Minimal Assumptions

Quantum Key Distribution. The Starting Point

Lecture 4: Perfect Secrecy: Several Equivalent Formulations

Quantum Supremacy and its Applications

Device-Independent Quantum Information Processing

More Randomness From Noisy Sources

Lecture 2: Perfect Secrecy and its Limitations

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Some limits on non-local randomness expansion

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

Research Fellow, Simons Institute for Theoretical Computer Science, Spring 2014

Quantum Cryptography

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

Quantum Information Theory and Cryptography

Quantum Entanglement, Quantum Cryptography, Beyond Quantum Mechanics, and Why Quantum Mechanics Brad Christensen Advisor: Paul G.

Super-Quantum, Non-Signaling Correlations Cannot Exist

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Security of Device-Independent Quantum Key Distribution Protocols

Trustworthiness of detectors in quantum key distribution with untrusted detectors

Problem Set: TT Quantum Information

Contents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge

Modern symmetric-key Encryption

arxiv: v1 [quant-ph] 21 Aug 2013

Lecture 3: Randomness in Computation

Interconversion of nonlocal correlations

Chapter 2 : Perfectly-Secret Encryption

Quantum to Classical Randomness Extractors

arxiv:quant-ph/ v3 18 Jun 2005

Cryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University

A history of entanglement

Lecture th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics

Perfectly secure cipher system.

arxiv: v2 [quant-ph] 22 Sep 2008

Sharing and verifying quantum informa3on with differing degrees of trust

Super-Quantum, Non-Signaling Correlations Cannot Exist

Lecture 15: Privacy Amplification against Active Attackers

Quantum information and quantum mechanics: fundamental issues. John Preskill, Caltech 23 February

Quantum Information Transfer and Processing Miloslav Dušek

arxiv: v3 [quant-ph] 19 Oct 2010

Scribe for Lecture #5

THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY

Modern Cryptography Lecture 4

On Perfect and Adaptive Security in Exposure-Resilient Cryptography. Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT

High rate quantum cryptography with untrusted relay: Theory and experiment

10. Physics from Quantum Information. I. The Clifton-Bub-Halvorson (CBH) Theorem.

Fully device independent quantum key distribution

Quantum Entanglement, Beyond Quantum Mechanics, and Why Quantum Mechanics

Quantum random number generation

Limitations on transversal gates

Lecture 3: Lower bound on statistically secure encryption, extractors

A. Quantum Key Distribution

Classical Verification of Quantum Computations

arxiv: v3 [quant-ph] 1 Mar 2018

Bell inequality for qunits with binary measurements

Near-Optimal Secret Sharing and Error Correcting Codes in AC 0

Lecture 2: Program Obfuscation - II April 1, 2009

Incompressible Functions, Relative-Error Extractors, and the Power of Nondeterminsitic Reductions

Article. Reference. Secrecy extraction from no-signalling correlations. SCARANI, Valerio, et al.

Minentropy and its Variations for Cryptography

Introduction to Modern Cryptography Lecture 11

Experimentally Generated Random Numbers Certified by the Impossibility of Superluminal Signaling

From Secure MPC to Efficient Zero-Knowledge

Privacy Amplification in the Isolated Qubits Model

Great Theoretical Ideas in Computer Science. Lecture 7: Introduction to Computational Complexity

BU CAS CS 538: Cryptography Lecture Notes. Fall itkis/538/

Optimal bounds for quantum bit commitment

1. Basic rules of quantum mechanics

Explicit bounds on the entangled value of multiplayer XOR games. Joint work with Thomas Vidick (MIT)

Quantum Symmetrically-Private Information Retrieval

On the influence of non-perfect random numbers on probabilistic algorithms

: Cryptography and Game Theory Ran Canetti and Alon Rosen. Lecture 8

Security Implications of Quantum Technologies

White-Box Security Notions for Symmetric Encryption Schemes

arxiv: v2 [quant-ph] 28 Jun 2017

PERFECTLY secure key agreement has been studied recently

Introduction to Quantum Key Distribution

Why is Deep Random suitable for cryptology

The relation between Hardy s non-locality and violation of Bell inequality

Benny Pinkas Bar Ilan University

Beginnings... Computers might as well be made of green cheese. It is no longer safe to assume this! The first axiom I learnt in Computer Science:

Transcription:

Trustworthy Quantum Information Yaoyun Shi University of Michigan

QI 2.0

QI 2.0 Some hairy questions

QI 1.0: using trusted q. device

QI 2.0: using untrusted q. device The device(s) prove to you their trustworthiness

Untrusted quantum device quantum innerworking classical communication User Classical

Untrusted quantum devices all-powerful q adversary Adversary unknown entanglement User me don t allow communication

The question: What can we do with untrusted quantum devices?

Why should we care? We mortals are classical beings, can t directly experience quantum states or operations Is this working according to specs? What if the device has been tampered with? Could there be harmful quantum side information? Pioneered by Mayers & Yao [98], Barrett, Hardy & Kent [05]

Q1. Self-testing Can we know the unknown?

Can we know the unknown? Self-testing (Rigidity): classical interaction uniquely determines the quantum inn-working

The CHSH Game A x B y CHSH Game: x, y, a, b {0, 1} Classical Strategy: share randomness, apply deterministic function a b Quantum Strategy: share entanglement, apply local measurement x y win if 0 0 a=b 0 1 a=b 1 0 a=b 1 1 a!=b When x, y are uniform, the prob. of winning OPT(classical) = 3/4 OPT(quantum) = cos 2 Pi/8.853

Self-Testing/Rigidity of CHSH There is a unique OPT q. strategy. (Popescu-Rohrlich92) Any approximately OPT q. strategy must be close to the OPT q. strategy (McKagueYS12, MillerS12, ReichardtUV12)

Other self-testing results Concepts proposed by Mayer-Yao98, BardynLMMS09 Several other states are robust self-testing Q1.1 Which games are (robust) self-testing? All games with a q. advantage? Q1.2 Which states can be (robustly) self-tested? All pure entangled states?

Sequential games x1 a1 x2 a2 x3 a3 xn an A A A A B B B B y1 b1 y2 b2 y3 b3 yn bn The same devices sequentially play the game Count the winning frequency f If f OPT(quantum), what can we say the strategy?

Sequential games If f is essentially OPT(q.), the strategy for a random subsequence of a substantial size must be close to OPT q. strategy. (ReichardtUV12) What if OPT-f=const? Q1.3: Characterize close-to-opt sequential strategies

Parallel games x1,,xn y1,,yn A B a1,,an b1,,bn Q1.4 Characterize close-to-opt parallel strategies.

Rigidity of quantum causality Time a x y A B b x a guessing game: win if a =a Non-local games are special cases of quantum causal relations Winning the guessing game prob.=1, the first stage strategy must be essentially classical (MillerS16) Q1.5 Which causal relations are (robust) selftesting?

Q2. Certifiable Randomness Is cryptography possible?

Q2. Certifiable Randomness Is randomness possible?

Randomness = Secrecy uniform no correlation Perfect secrecy/ random? Almost perfect secrecy/random?

Randomness is a faith

Randomness is impossible to test directly All randomness test is a binary function Always says Random on any fixed input from the acceptance pre-image

Randomness is a faith [We assume] that the developer understands the behavior of the entropy source and has made a good faith effort to produce a consistent source of entropy.

What are the minimal assumptions for generating randomness? There may be incomparable sets of minimal assumptions Trusted quantum device gives a trivial answer What if we don t trust the quantum devices? Must assume the existence of randomness

Randomness Expansion (Colbeck06, Colbeck&Kent11) Perfect randomness untrusted quantum devices more true randomness Known: 2-device, exponential expansion (VaziraniVidick12), robust, cryptographic level of security (MillerS14)

Unbounded Expansion output length can be arbitrary Known: 8 devices (Coudron&Yuan14); 4 devices (and robust) (MillerS14, ChungCS14) Q2.1 What is the minimum number of devices required for unbounded expansion?

Randomness Amplification (Colbeck&Renner12) We ak randomness untrusted quantum devices true randomness Known: uses a single min-entropy source (the most general weak source) but not efficient (ChungSW14) Q2.2 Is there an efficient protocol? Efficient = cryptographic-level security

Other questions Q2.3 Are there secure parallel protocols for randomness expansion, unbounded expansion, and min-entropy source amplification? Q2.4 What is the lowest possible detector efficiency to observe a Bell violation?

Q3. Lifting Security Could classical security imply quantum security?

From classical security to quantum security Untrusted-device (Device-Independent) protocols are typically simple Quantum-security proofs are quite difficult Classical-security is relatively simple Q3.1 Is there a general principle translating classical security to quantum security? Restrict to the states from the protocols

Classical (seeded) randomness extractors weak randomness sources deterministic short, perfectly random seed true randomness Randomness extractors: deterministically transform weak sources to true randomness Requires two independent sources Well-understood when one source (seed) is uniform The seed length can be made very small A random function is an ideal extractor Explicit near-ideal contractions are known

Quantum-proof classical extractors Quantum security: adversary has quantum side information Known: many classically-secure extractors are also quantum-secure but these don t have the ideal pars Q3.2 Are all classically-secure extractors quantum-secure? Q3.3 Are most functions an ideal quantum-proof extractor?

Q4. Non-signaling security A non-signaling information theory?

Non-signaling x y A b (x y) b x y output distr 0 0 (0,0), (1,1) 0 1 (0,0), (1,1) 1 0 (0,0), (1,1) 1 1 (0,1), (1,0) B No-signaling boxes: a box s input has no influence on other boxes behavior True for the quantum boxes but also include non-quantum boxes PR box

Non-signaling security all-powerful nonsignaling adversary Adversary unknown nonsignaling correlation User

Why should we care? Perhaps quantum mechanics is not complete? What are the essential reasons for security? Simpler security proofs? Non-signaling boxes are defined by linear constraints Quantum boxes are much more complicated

Proposed: Barrett, Hardy & Kent05 Strong results known for NS security for Key Distribution (MasanesRCWB14) & randomness amplification (ChungSW16) Significant gaps with ideal parameters Q4.1 Prove NS security for rand. expansion/amplification/kd with ideal pars Q4.2 Formulate NS version of standard q. info concepts and results.

Other topics Delegated quantum computation: verifiable/blind/ homomorphic (AharonovBE10, BroadbentFK09, BroadbentJ15, Schaffner16) Measurement-Device Independent (LoCQ12)

Conclusion A lot can be done even without trusting q. devices Many fundamental questions remain open Addressing these questions also raises fundamental QI questions

Trustworthy Quantum Information Workshop (TyQI.org) 2015: Ann Arbor 2016: Shanghai (Qiang Zhang@USTC) 2017: Paris (Diamenti & Kashefi)

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback