* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Quantum computer - Universidad de Murcia
Quantum dot cellular automaton wikipedia , lookup
Ensemble interpretation wikipedia , lookup
Theoretical and experimental justification for the Schrödinger equation wikipedia , lookup
Renormalization group wikipedia , lookup
Relativistic quantum mechanics wikipedia , lookup
Quantum decoherence wikipedia , lookup
Basil Hiley wikipedia , lookup
Topological quantum field theory wikipedia , lookup
Wave–particle duality wikipedia , lookup
Probability amplitude wikipedia , lookup
Renormalization wikipedia , lookup
Density matrix wikipedia , lookup
Double-slit experiment wikipedia , lookup
Particle in a box wikipedia , lookup
Bohr–Einstein debates wikipedia , lookup
Scalar field theory wikipedia , lookup
Path integral formulation wikipedia , lookup
Quantum electrodynamics wikipedia , lookup
Measurement in quantum mechanics wikipedia , lookup
Delayed choice quantum eraser wikipedia , lookup
Coherent states wikipedia , lookup
Hydrogen atom wikipedia , lookup
Quantum field theory wikipedia , lookup
Quantum dot wikipedia , lookup
Copenhagen interpretation wikipedia , lookup
Quantum fiction wikipedia , lookup
Quantum entanglement wikipedia , lookup
Many-worlds interpretation wikipedia , lookup
Bell test experiments wikipedia , lookup
Symmetry in quantum mechanics wikipedia , lookup
Orchestrated objective reduction wikipedia , lookup
Quantum computing wikipedia , lookup
Quantum group wikipedia , lookup
Bell's theorem wikipedia , lookup
Quantum machine learning wikipedia , lookup
History of quantum field theory wikipedia , lookup
Interpretations of quantum mechanics wikipedia , lookup
EPR paradox wikipedia , lookup
Quantum state wikipedia , lookup
Canonical quantization wikipedia , lookup
Quantum cognition wikipedia , lookup
Quantum teleportation wikipedia , lookup
Device-Independent Quantum Information Processing Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Spanish Cryptography Days, November 2011, Murcia, Spain Computational security • Standard Classical Cryptography schemes are based on computational security. • Assumption: eavesdropper computational power is limited. • Even with this assumption, the security is unproven. E.g.: factoring is believed to be a hard problem. • Quantum computers sheds doubts on the long-term applicability of these schemes, e.g. Shor’s algorithm for efficient factorization. Quantum Computation Quantum computer: device able to manipulate information encoded on quantum particles. These devices allow one to solve computational problems in a much more efficient way than a classical computer. Shor’s algorithm (1994): factorization problem. 6=3x2 Easy! 30790518401361202507 = 4575351673 x 6729650659 A quantum computer allows the efficient factorization of large numbers. Computational security It was easy to generate the factors and then compute the product. One-way functions: easy in one direction, hard in the opposite. Many cryptographic schemes, such as RSA, are based on the factorization problem. Alice Bob Multiply Multiply Eve Factorize If factorization becomes easy, the enemy can break the protocol! Quantum Information Theory Quantum Information Theory studies how to manipulate and transmit information encoded on quantum particles. Quantum Mechanics: set of laws describing the Physics of the microscopic world. (Einstein, Planck, Bohr, Schrödinger, Heisenberg,…, first half of the XX century). Information Theory: mathematical formalism describing how information can be stored, processed and transmitted. (Shannon, 1950). Why now? Quantum Information Theory Current technological progress on devices miniaturization leads to a scenario where information is encoded on quantum particles, such as atoms or photons. • Moore’s Law: information-device size decreases exponentially with time. • Information is encoded in fewer and fewer atoms. • It is very plausible that quantum effects will manifest in the near future. Quantum Information Theory What happens when we encode information in the quantum world? Novel information applications become possible when using information encoded on quantum states, e.g. more powerful computers and secure communication. Heisenberg Uncertainty Principle Quantum Theory only predicts the probabilities of outcomes. Quantum Particle 50% Measurement 50% The measurement process modifies the state of the particle! Heisenberg uncertainty principle: the measurement process perturbs the state of a quantum system. Quantum Cryptography Heisenberg uncertainty principle → Secure cryptography! Quantum bits Alice Bob Eve The eavesdropper, Eve, when measuring the particles, introduces noise, errors, in the channel and is detected by the honest parties. Bennett Brassard Ekert Quantum Cryptography: a new form of security Standard Classical Cryptography areon based •• Quantum Cryptography protocolsschemes are based on computational physical security. security. Assumption: Quantum eavesdropper computational power is •• Assumption: Mechanics offers a correct limited. description of the devices. physical • Even with this assumption, the security is unproven. • No assumption is required on the eavesdropper’s E.g.: factoring is believed to be a hard problem. power, provided it does not contradict any quantum • Quantum computers sheds doubts on the long-term law. applicability of these schemes, e.g. Shor’s algorithm • Using this (these) assumption(s), the security of the for efficient factorization. schemes can be proven. Quantum Cryptography: you can buy it! • Quantum cryptography is a commercial product. Ribordy • In 2007, it was used to secure part of the vote counting in a referendum in the canton of Geneva. • The Quantum Stadium: in 2010, in collaboration with the University of Kwazulu-Natal, South Africa, it was used to encrypt a connection in the Durban stadium during the World Cup. Quantum hacking How come?! Quantum hacking Quantum hacking attacks break the implementation, not the principle. Quantum channel Single-photon source Attenuated laser source Single-photon detector Realistic APD detector Device-Independent Quantum Information Processing Scenario Distant parties performing m different measurements of r outcomes. x=1,…,m Alice a=1,…,r y=1,…,m p(a, b x, y) b=1,…,r Bob Vector of m2 r2 positive components satisfying m2 normalization conditions pa, b x, y p1,11,1, p1,21,1,, pr, r 1,1,, pr, r m, m pa, b x, y 1 r a ,b 1 x, y Quantum Correlations Assumption: the observed correlations should be compatible with the quantum formalism. pa, b x, y tr AB M M x a y b M x a 1 a M ax' M ax aa' M ax No constraint is imposed on the quantum state and measurements reproducing the observed correlations. They act on an arbitrary Hilbert space. Standard Quantum Information applications are not device-independent: they crucially rely on the details of states and measurements used in the protocol. Bell inequality violation Bell inequality violation is a necessary condition for DIQIP. If the correlations are local: p(a, b x, y) p pa x, qb y, The observed statistics can be reproduced by classically correlated data → no improvement can be expected over Classical Information Theory. Any protocol should be built from non-local correlations. Characterization of Quantum Correlations Motivation Given p(a,b|x,y), does it have a quantum realization? pa, b x, y tr AB M ax M by x M a 1 a M ax M ax' a 'a M ax Example: pa, b 0,0 pa, b 0,1 pa, b 1,0 pa, b1,1 0.245,0.255,0.255,0.245 1 2 3 ,2 3 ,2 3 ,2 3 8 Hierarchy of necessary conditions Given a probability distribution p(a,b|x,y), we have defined a hierarchy consisting of a series of tests based on semi-definite programming techniques allowing the detection of supra-quantum correlations. 1 0 NO YES 2 0 YES YES 0 NO The hierarchy is asymptotically convergent. NO YES Convergence of the hierarchy If some correlations satisfy all the steps in the hierarchy, then: pa, b x, y tr M M x a y b with ? pa, b x, y tr AB M ax M by M , M by 0 x M a 1 a x a Device-Independent Quantum Key Distribution Device-Independent QKD Standard QKD protocols based their security on: 1. Quantum Mechanics: any eavesdropper, however powerful, must obey the laws of quantum physics. 2. No information leakage: no unwanted classical information must leak out of Alice's and Bob's laboratories. 3. Trusted Randomness: Alice and Bob have access to local random number generators. 4. Knowledge of the devices: Alice and Bob require some control (model) of the devices. Are there protocols for secure QKD based on p(a, b x, y) without requiring any assumption on the devices? Motivation • The fewer the assumptions for a cryptographic protocol → the stronger the security. • Device-Independent QKD represents the strongest form of quantum cryptography. It is based on the minimal number of assumptions. • It may be useful when considering practical implementations. If some correlations are observed → secure key distribution. No security loopholes related to technological issues. Secure device-independent quantum key distribution with causally independent measurement devices The model We require that the generation of raw key elements define causally independent events. All raw-key elements General quantum state Measurements by Alice and Bob The model • This requirement can be satisfied by performing space-like separated measurements. Secure DIQKD is, in principle, possible. • The requirement can just be assumed, either by assuming memoryless devices or some shielding ability by the honest parties (which is always necessary). • This requirement is always one of the assumptions (among many more) needed for security in standard QKD. x1 a1 xn an y1 . . . b1 yn bn Bound on the key rate K log 2 f gexp H a b 1- V QBER 2 The critical error for the CHSH inequality is of approx 5%. For the chained inequality with 3 settings, one has 7.5%. The protocols are competitive in terms of error rate. Device-Independent Randomness Generation Can the presence of randomness be guaranteed by any physical mechanism? Known solutions • Classical Random Number Generators (CRNG). All of them are of deterministic Nature. • Quantum Random Number Generators (QRNG). There exist different solutions, but the main idea is encapsulated by the following example: T 50% R 50% Single photons are prepared and sent into a mirror with transmittivity equal to ½. The random numbers are provided by the clicks in the detectors. • In any case, all these solutions have three problems, which are important both from a fundamental and practical point of view. Problem 1: certification • Good randomness is usually verified by a series of statistical tests. • There exist chaotic systems, of deterministic nature, that pass all existing randomness tests. • Do these tests really certify the presence of randomness? • Do these tests certify any form of quantum randomness? Classical systems pass them! RANDU RANDU is an infamous linear congruential pseudorandom number generator of the Park–Miller type, which has been used since the 1960s. Three-dimensional plot of 100,000 values generated with RANDU. Each point represents 3 subsequent pseudorandom values. It is clearly seen that the points fall in 15 two-dimensional planes. Problem 2: privacy • Many applications require private randomness. T 50% R 50% r1 r2 . . . Classical Memory rr1n2 … rn • How can one be sure that the observed random numbers are also random to any other observer, possibly adversarial? Problem 3: device dependence • All the solutions crucially rely on the details of the devices used in the generation. T 50% R 50% Single photons are prepared and sent into a mirror with transmittivity equal to ½. The random numbers are provided by the clicks in the detectors. • How can imperfections in the devices affect the quality of the generated numbers? Can these imperfections be exploited by an adversary? Random Numbers from Bell’s Theorem We want to explore the relation between non-locality, measured by the violation β of a Bell inequality, and local randomness, quantified by the parameter r max a, x pa x . Clearly, if β =0 → r=1. x=1,2 a=+1,-1 y=1,2 p(a, b x, y) b=+1,-1 Results All the region above the curve is impossible within Quantum Mechanics. Statement of the problem r max p a x p a, b x, y Q xy c ab p a, b x, y We have developed an asymptotically convergent series of sets approximating the quantum set. rn max p a x p a, b x, y n xy c ab p a, b x, y Experimental realization • The two-box scenario is performed by two atomic particles located in two distant traps. • Using our theoretical techniques, we can certify that 42 new random bits are generated in the experiment. • It is the first time that randomness generation is certified without making any detailed assumption about the internal working of the devices. Concluding Remarks Quantum correlations • Hierarchy of necessary condition for detecting the quantum origin of correlations. • Each condition can be mapped into an SDP problem. • How does this picture change if we fix the dimension of the quantum system? • Are all finite correlations achievable measuring finite-dimensional quantum systems? Device-Independent QKD • Classical cryptographic is based on computational security. Quantum computers may change what we understand today as a hard problem. • Quantum Key Distribution is based on physical laws. • Standard protocols require good control of the devices. • It seems possible to construct QKD protocols whose security does not require any assumption on the devices. • General security proofs? • The implementation of these protocols using current technology is still a challenge! • Hybrid scenarios: partial control of the devices suffices. Random Numbers from Bell’s Theorem • Randomness can be derived from non-local quantum correlations. • The obtained randomness is certifiable, private and device-independent. • It represents a novel application of Quantum Information Theory, solving a task whose classical realization is, at least, unclear. • These techniques allow quantifying the intrinsic quantum randomness generated in Bell tests. • General security proof? • More efficient schemes for generation?