Loading in 2 Seconds...

Spanish Cryptography Days , November 2011 , Murcia, Spain

Loading in 2 Seconds...

- 212 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'Spanish Cryptography Days , November 2011 , Murcia, Spain' - betrys

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Device-Independent Quantum Information Processing

Antonio Acín

ICREA Professor at ICFO-Institut de CienciesFotoniques, Barcelona

Spanish Cryptography Days, November 2011, Murcia, Spain

Computational security

- Standard Classical Cryptography schemes are based on computational security.
- Assumption: eavesdropper computational power is limited.
- Even with this assumption, the security is unproven. E.g.: factoring is believed to be a hard problem.
- Quantum computers sheds doubts on the long-term applicability of these schemes, e.g. Shor’s algorithm for efficient factorization.

Quantum Computation

Quantum computer: device able to manipulate information encoded on quantum particles. These devices allow one to solve computational problems in a much more efficient way than a classical computer.

Shor’s algorithm (1994): factorization problem.

6 = 3 x 2 Easy!

30790518401361202507 =

4575351673 x 6729650659

A quantum computer allows the efficient factorization of large numbers.

Computational security

It was easy to generate the factors and then compute the product. One-way functions: easy in one direction, hard in the opposite.

Many cryptographic schemes, such as RSA, are based on the factorization problem.

Alice

Bob

Multiply

Multiply

Eve

Factorize

If factorization becomes easy, the enemy can break the protocol!

Quantum Information Theory

Quantum Information Theory studies how to manipulate and transmit information encoded on quantum particles.

Quantum Mechanics: set of laws describing the Physics of the microscopic world.

(Einstein, Planck, Bohr, Schrödinger, Heisenberg,…, first half of the XX century).

Information Theory: mathematical formalism describing how information can be stored, processed and transmitted.

(Shannon, 1950).

Why now?

Quantum Information Theory

Current technological progress on devices miniaturization leads to a scenario where information is encoded on quantum particles, such as atoms or photons.

- Moore’s Law: information-device size decreases exponentially with time.
- Information is encoded in fewer and fewer atoms.
- It is very plausible that quantum effects will manifest in the near future.

Quantum Information Theory

What happens when we encode information in the quantum world?

Novel information applications become possible when using information encoded on quantum states, e.g. more powerful computers and secure communication.

Heisenberg Uncertainty Principle

Quantum Theory only predicts the probabilities of outcomes.

50%

Quantum Particle

Measurement

50%

The measurement process modifies the state of the particle!

Heisenberg uncertainty principle: the measurement process perturbs the state of a quantum system.

Quantum Cryptography

Heisenberg uncertainty principle → Secure cryptography!

Quantum bits

Alice

Bob

Eve

The eavesdropper, Eve, when measuring the particles, introduces noise, errors, in the channel and is detected by the honest parties.

Bennett

Brassard

Ekert

Quantum Cryptography: a new form of security

- Quantum Cryptography protocols are based on physical security.
- Assumption: Quantum Mechanics offers a correct physical description of the devices.
- No assumption is required on the eavesdropper’s power, provided it does not contradict any quantum law.
- Using this (these) assumption(s), the security of the schemes can be proven.

- Standard Classical Cryptography schemes are based on computational security.
- Assumption: eavesdropper computational power is limited.
- Even with this assumption, the security is unproven. E.g.: factoring is believed to be a hard problem.
- Quantum computers sheds doubts on the long-term applicability of these schemes, e.g. Shor’s algorithm for efficient factorization.

Quantum Cryptography: you can buy it!

- Quantum cryptography is a commercial product.
- In 2007, it was used to secure part of the vote counting in a referendum in the canton of Geneva.
- The Quantum Stadium: in 2010, in collaborationwiththeUniversity of Kwazulu-Natal, South Africa, itwasusedtoencrypt a connection in theDurbanstadiumduringtheWorld Cup.

Ribordy

Quantum hacking

How come?!

Quantum hacking

Quantum hacking attacks break the implementation, not the principle.

Quantum channel

Single-photon source

Attenuated laser source

Single-photon detector

Realistic APD detector

Scenario

Distant parties performing m different measurements of r outcomes.

x=1,…,m

y=1,…,m

a=1,…,r

b=1,…,r

Bob

Alice

Vector of m2r2 positive components satisfying m2 normalization conditions

Quantum Correlations

Assumption: the observed correlations should be compatible with the quantum formalism.

No constraint is imposed on the quantum state and measurements reproducing the observed correlations. They act on an arbitrary Hilbert space.

Standard Quantum Information applications are not device-independent: they crucially rely on the details of states and measurements used in the protocol.

Bell inequality violation

Bell inequality violation is a necessary condition for DIQIP.

If the correlations are local:

The observed statistics can be reproduced by classically correlated data →

no improvement can be expected over Classical Information Theory.

Any protocol should be built from non-local correlations.

Hierarchy of necessary conditions

Given a probabilitydistributionp(a,b|x,y), wehavedefined a hierarchyconsisting of a series of testsbasedonsemi-definiteprogrammingtechniquesallowingthedetection of supra-quantum correlations.

YES

YES

YES

YES

NO

NO

NO

The hierarchy is asymptotically convergent.

Device-Independent QKD

- Standard QKD protocols based their security on:
- Quantum Mechanics: any eavesdropper, however powerful, must obey the laws of quantum physics.
- No information leakage: no unwanted classical information must leak out of Alice's and Bob's laboratories.
- Trusted Randomness:Alice and Bob have access to local random number generators.
- Knowledge of the devices: Alice and Bob require some control (model) of the devices.

Are there protocols for secure QKD based on without requiring any assumption on the devices?

Motivation

- The fewer the assumptions for a cryptographic protocol → the stronger the security.
- Device-Independent QKD represents the strongest form of quantum cryptography. It is based on the minimal number of assumptions.
- It may be useful when considering practical implementations. If some correlations are observed → secure key distribution. No security loopholes related to technological issues.

Secure device-independent quantum key distribution with causally independent measurement devices

The model

We require that the generation of raw key elements define causally independent events.

All raw-key elements

Measurements by Alice and Bob

General quantum state

The model

- This requirement can be satisfied by performing space-like separated measurements. Secure DIQKD is, in principle, possible.
- The requirement can just be assumed, either by assuming memoryless devices or some shielding ability by the honest parties (which is always necessary).
- This requirement is always one of the assumptions (among many more) needed for security in standard QKD.

...

Bound on the key rate

The critical error for the CHSH inequality is of approx 5%. For the chained inequality with 3 settings, one has 7.5%. The protocols are competitive in terms of error rate.

Known solutions

- Classical Random Number Generators (CRNG). All of them are of deterministic Nature.
- Quantum Random Number Generators (QRNG). There exist different solutions, but the main idea is encapsulated by the following example:
- In any case, all these solutions have three problems, which are important both from a fundamental and practical point of view.

Single photons are prepared and sent into a mirror with transmittivity equal to ½. The random numbers are provided by the clicks in the detectors.

Problem 1: certification

- Good randomness is usually verified by a series of statistical tests.
- There exist chaotic systems, of deterministic nature, that pass all existing randomness tests.
- Do these tests really certify the presence of randomness?
- Do these tests certify any form of quantum randomness? Classical systems pass them!

RANDU

RANDU is an infamous linear congruential pseudorandom number generator of the Park–Miller type, which has been used since the 1960s.

Three-dimensional plot of 100,000 values generated with RANDU. Each point represents 3 subsequent pseudorandom values. It is clearly seen that the points fall in 15 two-dimensional planes.

Problem 2: privacy

- Many applications require private randomness.
- How can one be sure that the observed random numbers are also random to any other observer, possibly adversarial?

...

Classical Memory

…

Problem 3: device dependence

- All the solutions crucially rely on the details of the devices used in the generation.
- How can imperfections in the devices affect the quality of the generated numbers? Can these imperfections be exploited by an adversary?

Single photons are prepared and sent into a mirror with transmittivity equal to ½. The random numbers are provided by the clicks in the detectors.

Random Numbers from Bell’s Theorem

We want to explore the relation between non-locality, measured by the violationβof a Bell inequality, and local randomness, quantified by the parameter . Clearly, if β=0 →r=1.

x=1,2

y=1,2

a=+1,-1

b=+1,-1

Results

All the region above the curve is impossible within Quantum Mechanics.

Statement of the problem

We have developed an asymptotically convergent series of sets approximating the quantum set.

Experimental realization

- The two-box scenario is performed by two atomic particles located in two distant traps.
- Using our theoretical techniques, we can certify that 42 new random bits are generated in the experiment.
- It is the first time that randomness generation is certified without making any detailed assumption about the internal working of the devices.

Quantum correlations

- Hierarchy of necessary condition for detecting the quantum origin of correlations.
- Each condition can be mapped into an SDP problem.
- How does this picture change if we fix the dimension of the quantum system?
- Are all finite correlations achievable measuring finite-dimensional quantum systems?

Device-Independent QKD

- Classical cryptographic is based on computational security. Quantum computers may change what we understand today as a hard problem.
- Quantum Key Distribution is based on physical laws.
- Standard protocols require good control of the devices.
- It seems possible to construct QKD protocols whose security does not require any assumption on the devices.
- General security proofs?
- The implementation of these protocols using current technology is still a challenge!
- Hybrid scenarios: partial control of the devices suffices.

Random Numbers from Bell’s Theorem

- Randomness can be derived from non-local quantum correlations.
- The obtained randomness is certifiable, private and device-independent.
- It represents a novel application of Quantum Information Theory, solving a task whose classical realization is, at least, unclear.
- These techniques allow quantifying the intrinsic quantum randomness generated in Bell tests.
- General security proof?
- More efficient schemes for generation?

Download Presentation

Connecting to Server..