Download PPT - QIP is

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
Document related concepts

Canonical quantization wikipedia , lookup

Quantum entanglement wikipedia , lookup

Quantum state wikipedia , lookup

Interpretations of quantum mechanics wikipedia , lookup

EPR paradox wikipedia , lookup

T-symmetry wikipedia , lookup

Bell test experiments wikipedia , lookup

Hidden variable theory wikipedia , lookup

Bell's theorem wikipedia , lookup

Quantum teleportation wikipedia , lookup

Quantum key distribution wikipedia , lookup

Transcript 
Device-independent security
in quantum key distribution
Lluis Masanes
ICFO-The Institute of Photonic Sciences
arXiv:0807.2158
Outline
1.
Why violation of Bell inequalities plus no-signaling
imply secure key distribution?
2. Description of the key distribution protocol
3. The security definition
4. Main result (security of privacy amplification)
5. Analogy between Bell-violation and the min entropy
6. The device-independent-security model
7. Imposing quantum mechanics
8. Estimation without de-Finetti
9. Sketch of the proof
10. Conclusions
No-signaling plus Bell-violation
implies privacy
•
•
Forget quantum mechanics
Consider 2 parties (Alice and Bob)
No-signaling plus Bell-violation
implies privacy
•
Suppose a third party (Eve) knows the outcome of
Alice’s
are compatible
The correlations do not violate
any Bell inequality
No-signaling plus Bell-violation
implies privacy
•
CONCLUSION: If a Bell inequality is violated the
outcomes cannot be perfectly known by a third party
•
Relation between the amount of Bell inequality
violation and the degree of privacy
A key distribution protocol
1.
Distribute N pairs of systems
A key distribution protocol
1.
2.
3.
Distribute N pairs of systems
Measure all systems with the observable x=y=0
Error correction
A key distribution protocol
1.
2.
3.
4.
Distribute N pairs of systems
Measure all systems with the observable x=y=0
Error correction
Privacy amplification (with a constant function)
A key distribution protocol
1.
2.
3.
4.
Distribute N pairs of systems
Measure all systems with the observable x=y=0
Error correction
Privacy amplification (with a constant function)
A key distribution protocol
•
•
If the numbers
are well chosen the 2 keys
are identical and secure
To decide
we need an estimation step (latter)
The no-signaling assumption
• Alice, Bob and Eve share a distribution
• None of the systems
the rest
can signal
The security definition
•
•
•
•
Consider Alice’s key when M=0
Ideal secret key:
Real secret key (result of the protocol):
Security definition: the real and the ideal distributions
are indistinguishable, even if Alice and Eve cooperate for
this purpose
The security definition
•
•
•
•
Consider Alice’s key when M=0
Ideal secret key:
Real secret key (result of the protocol):
Security definition: the real and the ideal distributions
are indistinguishable, even if Alice and Eve cooperate for
this purpose
• Any use of the the real key will give the same results as
the ideal key (Universally-composable security)
Main result:
security of privacy amplification
For any nonsignaling distribution
let
with all x=0, then
where
CHSH
PR-box
Quantum
Classical
Main result:
security of privacy amplification
For any nonsignaling distribution
let
with all x=0, then
where
Main result:
security of privacy amplification
For any nonsignaling distribution
let
then
where
BC
CHSH
PR-box
Quantum
Quantum
Classical
Bell violation is analogous to the
min entropy
• Define
• Min entropy is the central quantity in standard QKD
•
allows for deterministic randomness
extraction, while
needs random hashing
Incorporating public communication
• If Alice publishes M bits
during the protocol
• Efficiency
Secret key rates
6 states
No-sign
G obs
The device-independent security
model
Untrusted device: a physical system
plus the measurement apparatus
For each system, we can ignore the
dimension of the Hilbert space, the
operators that correspond to the
observables 0 and 1, etc.
The device-independent security
model
Untrusted device: a physical system
plus the measurement apparatus
Trusted device: classical computer,
random number generator, etc
Physical meaning of the nosignaling constrains
•
•
•
•
Systems must not signal Eve
Systems must not signal the other party
Signaling among Alice’s systems must not occur
Signaling among Bob’s systems is allowed
The device-independent security
model
•
•
•
The simplest implementation of QKD is through a
sequential distribution of pairs of systems
All systems in one side are observed with the same
detector
In this set up, the assumption of full no-signaling in
Alice’s side seems unjustified
The device-independent security
model
•
•
•
Total relaxation
If we allow signaling between Alice’s systems, privacy
amplification is impossible
Although it is fair to assume something stronger
The sequential no-signaling model
•
We call these constraints sequential no-signaling
•
If the function used for hashing is XOR or MAJORITY,
there is a sequential no-signaling attack (E. Hanggi, Ll. Masanes)
•
Does this happen with any function?
time
Let’s assume quantum mechanics
• Let us impose
• Or something weaker
Let’s assume quantum mechanics
• Let us impose
• Or something weaker
• We obtain the same expressions with
Secret key rates
6 states
No-sign + QM
2 obs
No-sign
G obs
Estimation of
and
• In the unconditional security scenario, Alice and Bob
have no idea about
nor
• There is no known exponential de Finetti-like theorem
• Instead
A problem with the estimation
• With this method we do not get the above rates
[singlets give: rate = 0.26 < 1!]
• Can we find an estimation procedure which gives the
expected rates?
• Is this something fundamental?
Sketch of the proof
Sketch of the proof
Conclusions
1.
2.
3.
4.
5.
6.
7.
Key distribution from Bell-violating correlations is
secure, with the sole assumption of no-signaling
According to the strongest notion of security
(universally-composable)
Analogy between Bell-violation and the min entropy
The security of the scheme is device independent
Rates can be improved by assuming QM
Deterministic randomness extraction is possible
Thanks for your attention
Smooth Bell-inequality violation
• Define
• Bell-inequality violation is asymptotically discontinuous
Analogy with the smooth min
entropy
• Min entropy is the central quantity in standard QKD
•
allows for deterministic randomness
extraction, while
needs random hash
Incorporating public communication
• If Alice publishes M bits
during the protocol
• Efficiency
Sketch of the proof
Sketch of the proof
Assuming quantum mechanics
• Let us impose
• Or something weaker
Related documents
Quantum mechanical model
Quantum mechanical model
Case Studies -Somatoform Disorders
Case Studies -Somatoform Disorders
Quantum Information as a Tool
Quantum Information as a Tool
Information Security - National University of Sciences and
Information Security - National University of Sciences and
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
What to Expect When Treatment Begins
What to Expect When Treatment Begins
David Williams (University of Cambridge)
David Williams (University of Cambridge)
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Misc. Privacy Topics (concluding)
Misc. Privacy Topics (concluding)
Computer Science 9616b, Fall 2016 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project