Richard Cleve DC 2117 cleve@cs.uwaterloo.ca Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 24 (2009) Richard.

Slides:



Advertisements
Similar presentations
Quantum Computing MAS 725 Hartmut Klauck NTU
Advertisements

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 / RAC 2211 Lecture.
Short course on quantum computing Andris Ambainis University of Latvia.
Quantum Error Correction SOURCES: Michele Mosca Daniel Gottesman Richard Spillman Andrew Landahl.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.
Quantum Algorithms I Andrew Chi-Chih Yao Tsinghua University & Chinese U. of Hong Kong.
CSEP 590tv: Quantum Computing
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
Quantum Computation and Quantum Information – Lecture 2 Part 1 of CS406 – Research Directions in Computing Dr. Rajagopal Nagarajan Assistant: Nick Papanikolaou.
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.
CS4600/5600 Biometrics and Cryptography UTC/CSE
1 Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871 Richard Cleve QNC 3129 Lecture 18 (2014)
Alice and Bob’s Excellent Adventure
1 Introduction to Quantum Information Processing QIC 710 / CS 678 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 / QNC 3129 Lectures.
1 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 Lecture 16 (2011)
A Few Simple Applications to Cryptography Louis Salvail BRICS, Aarhus University.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 Lecture.
1 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 Lecture 19 (2009)
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 653 Course.
October 1 & 3, Introduction to Quantum Computing Lecture 1 of 2 Introduction to Quantum Computing Lecture 1 of 2
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Quantum Teleportation and Bit Commitment Chi-Yee Cheung Chung Yuan Christian University June 9, 2009.
You Did Not Just Read This or did you?. Quantum Computing Dave Bacon Department of Computer Science & Engineering University of Washington Lecture 3:
Introduction to Quantum Key Distribution
1 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 Lecture 20 (2009)
Quantum Cryptography Slides based in part on “A talk on quantum cryptography or how Alice outwits Eve,” by Samuel Lomonaco Jr. and “Quantum Computing”
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
CSEP 590tv: Quantum Computing Dave Bacon July 20, 2005 Today’s Menu n Qubit registers Begin Quantum Algorithms Administrivia Superdense Coding Finish Teleportation.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 653 Lecture.
1 Conference key-agreement and secret sharing through noisy GHZ states Kai Chen and Hoi-Kwong Lo Center for Quantum Information and Quantum Control, Dept.
Page 1 COMPSCI 290.2: Computer Security “Quantum Cryptography” including Quantum Communication Quantum Computing.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Richard Cleve DC 2117 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Lecture (2011)
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 Lecture.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 Lectures
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
15-853Page 1 COMPSCI 290.2: Computer Security “Quantum Cryptography” Including Quantum Communication Quantum Computing.
Richard Cleve DC 3524 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Lecture.
Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Lecture.
J. Miranda University of Ottawa 21 November 2003
Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 16 (2009) Richard.
Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 15 (2009) Richard.
COMPSCI 290.2: Computer Security
Quantum Information Promises new insights Anthony J
Introduction to Quantum Computing Lecture 1 of 2
Quantum Cryptography Quantum Computing
Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel Kiyoshi Tamaki * *Perimeter Institute for.
Course Business I am traveling April 25-May 3rd
Q Jeff Kinne.
Quantum Cryptography Alok.T.J EC 11.
Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 22 (2009) Richard.
Quantum Cryptography Scott Roberts CSE /01/2001.
Authenticated QKD protocol using one-time ID
Richard Cleve DC 2117 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Lecture 15 (2011)
Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 18 (2009) Richard.
Quantum Cryptography Quantum Computing
Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 16 (2009) Richard.
Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 17 (2005) Richard Cleve DC 3524
Quantum Cryptography Quantum Computing
Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 4 (2005) Richard Cleve DC 653
Richard Cleve DC 3524 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Lecture.
Presentation transcript:

Richard Cleve DC 2117 cleve@cs.uwaterloo.ca Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 24 (2009) Richard Cleve DC 2117 cleve@cs.uwaterloo.ca

The Lo-Chau key exchange protocol: easier to analyze, though harder to implement

Sufficiency of Bell states If Alice and Bob can somehow generate a series of Bell states between them, such as ++...+, then it suffices for them to measure these states to obtain a secret key Eve ? Intuitively, this is because there is nothing that Eve can “know” about + = (1/2)(00 + 11) that will permit her to predict a future measurement that she has no access to

Key distribution protocol based on + Preliminary idea: Alice creates several + states and sends the second qubit of each one to Bob If they knew that that they possessed state ++ ... + then they could simply measure each qubit pair (say, in the computational basis) to obtain a shared private key Since Eve can access the qubit channel, she can measure, or otherwise disturb the state in transit (e.g., replace by 00) We might as well assume that Eve is supplying the qubits to Alice and Bob, who somehow test whether they’re + Question: how can Alice and Bob test the validity of their states?

Testing 00 + 11 states I Alice and Bob can pick a random subset of their + states (say half of them) to test, and then forfeit those + Test and discard these pairs + How do Alice and Bob “test” the pairs in this subset? Due to Eve, they can’t use the quantum channel to actually measure them in the Bell basis ... but they can do individual measurements and compare results via the classical channel

Testing 00 + 11 states II The Bell state + = 00 + 11 has the following properties: (a) if both qubits are measured in the computational basis the resulting bits will be the same (i.e., 00 or 11) (b) it does not change if HH is applied to it Therefore, (c) if both qubits are measured in the Hadamard basis the resulting bits will still be the same Moreover, + is the only two-qubit state that satisfies properties (a) and (c) Question: Why?

Testing 00 + 11 states III Problem: they can only measure in one of these two bases Solution: they pick the basis randomly among the two types (Alice decides by flipping a coin and announcing the result to Bob on the read-only classical channel) For example, if Eve slips in a state 00 and then Alice & Bob measure this pair in the Hadamard basis, result is the same bit with probability only ½ (so it’s detected with probability ¼) Basis: computational Hadamard ab ab 00 = + + – 1  2 + 0 0 In general, undetected with probability 1 + fidelity2 2 – 0 1 + 1 0 – 1 1

Testing 00 + 11 states IV Suppose there are n purported + states and Alice and Bob test m of them Suppose Eve slips in just one 00 state Then the probability of Eve succeeding in corrupting the key is (n – m)/n being undetected is (n – m)/4n Setting m = n–1, reduces Eve’s is success/undetected probability to  1/4n This permits at least one secure key to be created (already something that cannot be done with classical information)

Better testing I Think of a related (simpler) classical problem: detect if a binary array contains at least one 1 1 If one is confined to examining individual bits, this is difficult to do with very high probability making few tests If one can test parities of subsets of bits then the following procedure exposes a 1 with probability ½: pick a random r  {0,1}n and test if rx = 0 If x  00...0 then this test detects this with probability ½ Testing k such parities detects with probability 1– (½)k

Better testing II The previous idea can be translated into the context of testing whether pairs Bell states are all + or not + Alice picks a random r  {0,1}n and sends it to Bob Alice and Bob perform various bilateral CNOT operations on their qubits “parity” of positions 1, 3, 4 For r = 1011

Better testing III Call: + = õ,õ – = õ, ĩ + = õ,õ – = õ, ĩ + = ĩ,õ – = ĩ, ĩ Then bilateral CNOT gates cause ã1,ẽ1ã2,ẽ2 to become ã1ã2,ẽ1ã1,ẽ1ẽ2 (Example: õ,õĩ,õ becomes ĩ,õĩ,õ) If the states are not all + = õ,õ then there is either: a ĩ in the first slot or a ĩ in the second slot A measurement of bit parities will detect the former, and this measurement in the Hadamard basis will detect the latter — in either case a series of bilateral CNOTs will cause this parity information to appear in a single pair of qubits that can be measured

Net result By sacrificing say half the qubit pairs, Alice and Bob can establish with probability exponentially close to 1 that all remaining qubit pairs are in state + from which a secret key can be directly obtained Note 1: unlike BB84, this protocol requires Alice and Bob to have quantum computers — to perform nontrivial operations on several qubits Note 2: the Shor-Preskill [2000] security proof for BB84 is shown by reducing BB84 security to Lo-Chau security (and uses CSS codes to establish the reduction)

THE END