Quantum Key Distribution [VV12, MS14, AVR16]2018.qcrypt.net/wp-content/uploads/2018/slides... ·...

Quantum Key Distribution [VV12, MS14, AVR16]

111011100… 101010100…

010.. 000..

111.. 000..

classical channel

Device-Independent Protocols

101010100…

010.. 000..

111.. 000..111011100…

classical channel

101010100…

010.. 000..

111.. 000..111011100…

0100010

010.. 000..

111.. 000..0100010

Question: What are minimal assumptions for DI-QKD?

Current assumptions [VV12, MS14, AVR16]:

1. No information leakage from labs.

2. Random inputs are generated and revealed sequentially.

010 000

111 000

010.. 000..

111.. 000..

010.. 000..

111.. 000..

Our work: Proof of QKD with parallel inputs.

- No need for instantaneous input generation or security within labs.

- Simplifies experiment.

Robust, with a positive key rate.

The Magic Square GameRandom row number

Random columnnumber

The game is won if:

The game is won if:(1) The overlap square matches.(2) Alice’s parity is even.(3) Bob’s parity is odd.

wc ( MAGIC ) = 8/9 (classical)w ( MAGIC ) = 1 (quantum)

EPR Pairs

Random columnnumber

EPR Pairs

The Magic Square game is rigid [Wu16].

Near-optimal expected score => near-perfect key bit pair!

”key bits.”

Random columnnumber

Parallel QKD?

X1X2…XN

public channel

Y1Y2…YN

B1B2…BNA1A2…AN

1. Alice and Bob play Magic Square N times in parallel.

2. They share their inputs.3. They share a few chosen key

bits; if win avg. too low, abort.4. Information reconciliation &

privacy amplification on key bits.

For security, it would suffice to show that Alice’s raw key bits are exponentially unpredictable to Eve.

A 3-Player Game

X1X2…XN Y1Y2…YN

B1B2…BNA1A2…AN

X1X2…XN

Y1Y2…YN

K1K2…KN

The game is won if:(1) MS conditions hold, and(2) Ki= Alice’s ith key bit

for all i.

Does the probability of winning this game vanish exponentially?

The Problem With Parallel

The CHSH game(*) satisfieswc ( CHSH ) = 3/4.

(*): Binary game, won if

The Problem With Parallel

X1X2 Y1Y2

B1B2A1A2

The CHSH game(*) satisfieswc ( CHSH ) = 3/4.

But wc ( CHSH2 ) >= 5/8 > (3/4)2!!

There’s a strategy withP(WIN1) = 3/4P(WIN2 | WIN1 ) = 5/6!!

(*): Binary game, won if

X1X2X3X4…XNY1Y2Y3Y4…YN

B1B2B3B4 …BNA1A2A3A4…AN K1K2K3…KN

X1X2X3…XN

Y1Y2Y3 …YNIs it possible that correctly guessing the outcomes of the first few rounds will allow winning all the rest?

The Entropy Defense[Raz 84, Chailloux+ 14, Jain+ 14, Chung+ 15, Bavarian+ 15]

X1 X2 X3 X4 X5 …

A1 A2 A3 A4 A5 … B1 B2 B3 B4 B5 …

Y1 Y2 Y3 Y4 Y5 …

Let G be a free game (product distribution on inputs).

X1 X2 X3 X4 X5 …

A1 A2 A3 A4 A5 … B1 B2 B3 B4 B5 …

Y1 Y2 Y3 Y4 Y5 …

Let G be a free game (product distribution on inputs).

For randomly chosen rounds j, k,

Why: Conditioning k only reveals O ( 1/N) bits of information about inputs on round j.

One can show:

for some fixed C < 1.

More tightly, if S is a small randomly chosen subset,

X1 X2 X3 X4 X5 …

A1 A2 A3 A4 A5 … B1 B2 B3 B4 B5 …

Y1 Y2 Y3 Y4 Y5 …

A 3-Player Game

X1X2…XN Y1Y2…YN

B1B2…BNA1A2…AN

X1X2…XN

Y1Y2…YN

K1K2…KN

FIRST ATTEMPT:Apply the entropy defense to this game.

Not a free game.

A 3-Player Game

X1X2…XN Y1Y2…YN

B1B2…BNA1A2…AN

Y1Y2…YN

K1K2…KN

SECOND ATTEMPT:Have Eve guess XY andthe key bits. Show

Can’t get an exponential coefficient that small.

X1X2…XN

A 3-Player Game

X1X2…XN Y1Y2…YN

B1B2…BNA1A2…AN

Y1Y2…YN

K1K2…KN

X1X2…XN

THIRD ATTEMPT:We know P(WINS) << (1/9)|S| for small random subset S.

Conclude that Eve’s probability in QKD of guessing the S-inputs & S-key bits is << (1/9)|S|.

Collision Entropy

Idea: H2 measures unpredictability against the “pretty good measurement,” .

( = unpredictability against an optimal measurement.)

An Alternative Interpretation

Suppose X was obtained from a measurement on Q.

Then, is the guessing probability for a mirror adversary.

Symmetricpurification

This is good for us, because:

[Tomamichel+ 08]

Interpretation:You are your own worst enemy. (Approximately.)

A Non-Robust Result

X1X2…XN Y1Y2…YN

B1B2…BNA1A2…AN

Y’1Y’2…Y’N

B’1B’2…B’N

X’1X’2…X’N

A’1A’2…A’N

The ith game is won if:1. Inputs match mirror.2. Alice’s key bit

matches mirror.3. Alice and Bob win

Magic Square.

For small random S,

X1X2…XN

public channel

Y1Y2…YN

B1B2…BNA1A2…AN

Conclusion:

If Alice and Bob win Magic Square on all rounds in S, their key bits have a positive amount of min-entropy!

SUCCESS!!(Almost)

A Non-Robust Result

Robustness: Sequential Case

[Miller+ 14, Dupuis+ 16]: Each time the devices lose, add a coin flip to

their output.

001 111

101 110

their output.

001.. 111..

101.. 110..

their output.

Then, after the protocol succeeds, take the coins back.

001.. 111..

101.. 110..

A 6-Player Game

Y’i X’i

A’iB’i

Zi Z’i

New rule: If Alice and Bob don’t succeed at Magic Square, they still

win if Zi=Z’i.

SUCCESS!!

MagicQKD

X1X2…XN

public channel

Y1Y2…YN

B1B2…BNA1A2…AN

2. They share inputs on eNrandomly chosen rounds.

3. They share outputs on e2N randomly chosen rounds; if avg. score < 1 – e, abort.

4. Record key bits, discard the rest.

MagicQKD

X1X2…XN

public channel

Y1Y2…YN

B1B2…BNA1A2…AN

2. They share inputs on eNrandomly chosen rounds.

3. They share outputs on e2N randomly chosen rounds; if avg. score < 1 – e, abort.

4. Record key bits, discard the rest.

Security Statement: For fixed sufficiently small,

Magic SquareGame

The Entropy Defense[Raz, Chailloux+,Jain+, …]

The MirrorAdversary

Borrowed Randomness

- Bell equipment (untrusted)

- Public classical channel (trusted)

- Private randomness for each player (trusted)

Minimizing assumptions for QKD*

010.. 000..

* Similar result as ours subsequently obtained by [Vidick 17] using “Anchored-Games”.

Minimizing assumptions for QKD

010.. 000..

Only experimental assumption:

- Information can be contained in Alice’s and Bob’s labs.

Only experimental assumption:

- Information can be contained in Alice’s and Bob’s labs.

Minimizing assumptions for QKD

0101011101

1000010110

1010100010

0101110111

1111000101

010100101…

0101011101

1000010110

1010100010

0101110111

1111000101

010100101…

??????????

????????..

New Frontier: Parallel Device-Independence

Known Tools:Quantum parallel repetition theorems for various games (XOR, unique, free, anchored, …)Self-testing for parallel repeated games.

Tasks to study:Randomness expansionUniversal quantum computation

Quantum Key Distribution [VV12, MS14, AVR16]2018.qcrypt.net/wp-content/uploads/2018/slides... ·...

Documents

Quantum technology: the second quantum revolution · quantum control, quantum communication and quantum computation. (b)The tools of quantum technology Successful technologies are

RSF Electronik MS14 Series Catalog

Quantum physics (quantum theory, quantum mechanics)

Semiconductor Quantum Dots and Quantum Dot …lawm/Semiconductor quantum dots and quantum … · Semiconductor Quantum Dots and Quantum Dot Arrays and Applications of ... Introduction

VA40 | VA45 | VA45 Technical Datasheet Variable-area flowmeter • Robustly built for many uses ... G 14.06 - N 21.13 MS14/I TG21 G 14.08 - N 21.18 MS14/I TG21

9780135112885 INP C01 MS14 - Pearson Educationwps.prenhall.com/.../9780135112885_INP_C01_MS14.pdf · From Skills for Success with Microsoft® Office 2010 Vol. 1 Copyright © 2011

Windows 2008 R2 MS14-058 MS14-058 0 Windows 2008 Unix Privesc Check Enum4Linux Linux Priv Checker Immunity Debugger Mona Windbg Environment Variable Locator Custom Scripts String

Optimisation of Preform Temperature Distribution For …esaform2008.insa-lyon.fr/proceedings/MS14/p000MS14.pdf · corresponds approximately to the glass transition of PET. Indeed,

PREVIOUS GNEWS. Apr 4 Patches – 2 Critical – 11 CVEs MS14-017 - Microsoft Word and Office Web Apps, Remote Code MS14-018 - Cumulative Security Update

PREVIOUS GNEWS. Jan 4 Patches – 0 Critical – 6 CVEs 9 Patches – 4 Critical – 31+ CVEs MS14-005 - Microsoft XML Core Services, Info Disclosure MS14-006

Scalp Acupuncture - MS1 to MS14 -Ok -Ok -Ok

MS14 Military Qualified Splitter - Chronos Technology Ltd · The MS14 splitter comes with many available options to meet your specific needs. ... Antenna Port, Cross-Modulation, 30

MS14-00la-18/25 NOHMI BOSAI LTD. U CONSTRUCTION DETAILS · MS14-00la-19/25 NOHMI BOSAI LTD. Number of source 1 piece per detector As refer to Certificate of Approval of Design for

1 Engineering Entanglement: Quantum Computation, Quantum ...quantum-history.mpiwg-berlin.mpg.de/eLibrary/hq1_talks/... · 1 Engineering Entanglement: Quantum Computation, Quantum

PREVIOUS GNEWS. July - 6 Patches – 2 Critical - 27 CVEs MS14-037 - Cumulative Security Update for IE, Remote Code MS14-038 – Windows Journal, Remote Code

Moses Fayngold, Vadim Fayngold Quantum Mechanics … · Quantum Mechanics and Quantum ... Fayngold Quantum Mechanics and Quantum Information. ... Diu, B., Laloe, F. Quantum Mechanics

MS14 Add near doubles and compensate - Numeracy Ninjas

Lectures on quantum groups · Lectures on quantum groups TeoBanica Compact quantum groups, Quantum permutation groups, Easy quantum groups, Transitive quantum groups 2020

vv12.org · 2021. 2. 2. · Video 1 : Interview - part 2 -with Lawyer Salah Dabouz; President (LADDH) - regarding technology neutrality, cybercrime, hacking, the 4.0 and frontline

LAUNCHKIT AUGUST2018 VV12 - Arianespace · 2018. 8. 14. · VV12 Aeolus FLIGHT VV12: 1ST VEGA FLIGHT OF THE YEAR TO LAUNCH ESA’S WINDMISSION For its fifth launch of the year, and