• No results found

Cryptography in a quantum world - Summary

N/A
N/A
Info
Downloaden
Protected

Academic year: 2021

Share "Cryptography in a quantum world - Summary"

Copied!
5
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Download het nu ( 5 pagina )

Hele tekst

(1)

UvA-DARE is a service provided by the library of the University of Amsterdam (https://dare.uva.nl)

UvA-DARE (Digital Academic Repository)

Cryptography in a quantum world

Wehner, S.D.C.

Publication date 2008

Link to publication

Citation for published version (APA):

Wehner, S. D. C. (2008). Cryptography in a quantum world.

General rights

It is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s) and/or copyright holder(s), other than for strictly personal, individual use, unless the work is under an open content license (like Creative Commons).

Disclaimer/Complaints regulations

If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library: https://uba.uva.nl/en/contact, or a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.

(2)

Summary

Quantum computing had a profound impact on cryptography. Shor’s discovery of an efficient quantum algorithm for factoring large integers implies that nearly all existing classical systems based on computational assumptions can be bro-ken, once a quantum computer is built. It is therefore imperative to find other means of implementing secure protocols. This thesis aims to contribute to the understanding of both the physical limitations, as well as the possibilities of cryp-tography in the quantum setting. To this end, we first investigate two notions that are crucial to the security of quantum protocols: uncertainty relations and entanglement. How can we find good uncertainty relations for a large number of measurement settings? How does the presence of entanglement affect classi-cal protocols? And, what limitations does it impose on implementing quantum protocols? Finally, can we circumvent some of those limitations using realistic assumptions?

Information in Quantum States

In this part, we start by investigating how to extract information from quan-tum states. One of the most basic tasks is the discrimination of quanquan-tum states. Given an ensemble of known quantum states, which one do we hold in our hands? We study a variant of this problem which is of central importance for the secu-rity of protocols in the bounded-quantum-storage model. Here, we are given additional information about the state after the measurement or, more generally, after a quantum memory bound is applied. We prove general bounds on the suc-cess probability which answer in the negative the question whether deterministic privacy amplification is possible in all known protocols in the bounded-quantum-storage model. To this end, we introduce a general algebraic framework which allows us to solve this problem for any set of states and provide two explicit examples.

(3)

256 Summary We then turn to examine entropic uncertainty relations, which are an alter-native way to state Heisenberg’s uncertainty principle. They are frequently a more useful characterization, because the “uncertainty” is lower bounded by a quantity that does not depend on the state to be measured. Recently, entropic uncertainty relations have gained importance in the context of quantum cryp-tography in the bounded-storage model, where proving the security of protocols ultimately reduces to bounding such relations. Proving new entropic uncertainty relations could thus give rise to new protocols. Such relations are known for two or d + 1 mutually unbiased measurements. We prove tight entropic uncertainty relations for measurements in a large number of specific mutually unbiased bases (MUBs) in square dimensions. In a similar way, we show that such MUBs are unsuitable for locking classical correlations in quantum states: Using 2 or all of them does not increase the locking effect.

Our result shows that one needs to be careful about thinking of “maximally incompatible” measurements as being necessarily mutually unbiased. But what properties do measurements need to have in order to give strong uncertainty relations? We find very strong uncertainty relations from the generators of a Clifford algebra. In particular, we prove that for k such anti-commuting observ-ables X1, . . . , Xkwe obtain optimal uncertainty relations for the Shannon entropy

and nearly optimal relations for the collision entropy. Our results have immediate applications to quantum cryptography in the bounded-storage model.

Entanglement

In this part, we investigate the intriguing notion of quantum entanglement. We demonstrate how to find the optimal quantum strategies for correlation inequal-ities where each measurement has exactly two outcomes using semidefinite pro-gramming. As an example, we prove a tight upper bound for a well-known gen-eralized CHSH inequality.

Furthermore, we consider how a classical two-prover interactive proof system changes if the provers are allowed to share entanglement. In this setting, a polyno-mial time bounded verifier is allowed to ask questions to two unbounded provers, who are trying to convince the verifier of the validity of a specific statement, even if the statement is false. The provers may thereby agree on any strategy ahead of time, but can no longer communicate once the protocol starts. Surprisingly, it turns out that, when the provers are allowed to share entanglement, it is pos-sible to simulate two such classical provers using a single quantum prover. This indicates that entanglement among provers truly weakens the proof system, and provides an example of how classical systems can be affected, even if we only allow a very limited set of quantum operations.

(4)

Summary 257

Applications to Cryptography

In this part, we consider the consequences of uncertainty relations and entan-glement in quantum systems to cryptography. Traditional cryptography is con-cerned with the secure and reliable transmission of messages. With the advent of widespread electronic communication and the internet, however, new crypto-graphic tasks have become increasingly important. We would like to construct secure protocols for electronic voting, online auctions, contract signing and many other applications where the protocol participants themselves do not trust each other. main focus is on two primitives, which form an important building block for constructing multi-party protocols: bit commitment and oblivious transfer. Classical protocols for such problems are usually based on computational assump-tions which do not stand up to a quantum computer. Unfortunately, it has been shown that even quantum computers do not help in this case and that perfect quantum bit commitment and oblivious transfer are impossible. In the face of such negative statements, what can we still hope to achieve?

Given that perfect bit commitment is impossible, perhaps we can alter the task slightly and obtain useful protocols? Here, we considered commitments to an entire string of bits at once, when the attacker has unbounded resources at his disposal. Evidently, if perfect bit commitment is impossible, perfect string commitment is also impossible as well. However, we showed that we can ob-tain non-trivial quantum protocols, where the participants have a small ability to cheat. To this end, we introduced a framework for the classification of string commitment protocols. In particular, we proved that the measure of information is crucial to the security: For a very strong notion of security, we showed that even slightly imperfect quantum string commitments are also impossible. Never-theless, we showed that for a weaker measure of information we can indeed obtain nontrivial protocols, which are impossible in a classical world.

Luckily, it turns out that we can implement oblivious transfer if we are willing to assume that storing qubits is noisy. We introduce the model of noisy quantum storage, which is similar to the model of bounded quantum storage. Here, how-ever, we consider an explicit noise model inspired by present day technology. If the honest parties can perform perfect quantum operations, then we show that the protocol is secure for any amount of noise. In case the honest participants are only able to perform noisy operations themselves, we analyze a practical protocol that can be implemented using present-day hardware. We show how to derive explicit tradeoffs between the amount of storage noise, the amount of noise in the operations performed by the honest participants and the security of the protocol. Here, the very problem that makes it so hard to implement a quantum computer can actually be turned to our advantage.

(5)

Referenties

Download het nu ( PDF - 5 pagina - 149.11 KB )

GERELATEERDE DOCUMENTEN

Improving design, execution and analysis of transcriptomics experimentation - Thesis (complete)

Analysis of the responses at the transcriptome level of p53.S389A MEFs revealed that this p53.S389 phosphorylation site is involved in the regulation of basal expression levels of

Improving design, execution and analysis of transcriptomics experimentation - Chapter 1: General introduction

It shows that optimizing the experimental setup with respect to the design space, the experiment execution and the analysis for a specific biological process, is

Improving design, execution and analysis of transcriptomics experimentation - Chapter 3: Serious complications in gene-expression studies with stress perturbation: An example of UV-exposed p53-mutant mouse embryonic

As transcriptomics techniques, be it microarray technology or next-generation sequencing-based, are more sensitive, dose and time range finding experiments could be

Improving design, execution and analysis of transcriptomics experimentation - Chapter 4: RNA isolation for transcriptomics of human and mouse small skin biopsies

(C) Scatterplot of biopsy weight versus RNA quality for 44 human biopsies showing no clear relationship, although heavier biopsies appear to have less spread in RIN value than

Improving design, execution and analysis of transcriptomics experimentation - Chapter 5: A range finding protocol to support design for transcriptomics experimentation: examples of in-vitro and in-vivo murine UV expo

* location of the sweet spot.. In-vivo example of dose-response correlations of individual genes per time point. To find the best spot in an experimental design space defined by the

Emergence of syncytium-inducing human immunodeficiency virus type 1 variants coincides with a transient increase in viral RNA level and Is in independent predictor for progression to Aids - 201045y

To study the dynamics of human immunodeficiency virus (HIV)-1 RNA level around the time of conversion from non – syncytium-inducing (NSI) to syncytium-inducing (SI) phenotype and

N.I. Novikov als Vrijmetselaar", De spirituele zoektocht van een Russische schrijver, publicist en uitgever 1744-1818 - Titlepage

If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons.. In case of

N.I. Novikov als Vrijmetselaar", De spirituele zoektocht van een Russische schrijver, publicist en uitgever 1744-1818 - INHOUDSOPGAVE

Novikov als Vrijmetselaar", De spirituele zoektocht van een Russische schrijver, publicist en uitgever 1744-1818.. de