Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography and Non-Locality Valerio Scarani Centre for Quantum Technologies National University of Singapore Ph.D. and post-doc positions available Barrett.

Published byJunior Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography and Non-Locality Valerio Scarani Centre for Quantum Technologies National University of Singapore Ph.D. and post-doc positions available Barrett."— Presentation transcript:

1 Cryptography and Non-Locality Valerio Scarani Centre for Quantum Technologies National University of Singapore Ph.D. and post-doc positions available Barrett Hardy Kent Acín Masanes Gisin Pironio Massar Brunner Winter Wolf Hänggi Ekert

2 Outline Part 1: Motivation –Secure communication based only on compulsory assumptions and observation Part 2: Tools –From cryptography –From non-locality Part 3: Results –Security against quantum Eve –Security against post-quantum Eve

3 Part 1 Motivation

4 The task: Key Distribution Unbreakable… unless the eavesdropper Eve knows the key!!!  Key-Distribution Problem: How to distribute the key among the partners? AliceBob M=0101110010100011 K=1000100011110101 P=M  K=1101010001010110 Sent: sum mod 2: Contains NO info on M! K  P= 0101110010100011=M Goal: secure distribution of a key between distant partners. Quantum crypto: code the bits of the key in quantum states

5 Phenomenology Alice Bob (1) 1 x 01 y 0 Eve distributes the signal… …but knows neither the settings x,y nor the results a,b Alice Bob (2) 1 x 01 y 0 ab N times (3) Public communication: estimate P(a,b|x,y) Laws of physics: P(a,b|x,y)  bound on Eve’s information. We adopt an entanglement-based scenario:

6 Assumptions for Security RNG M Raw key RNG M Raw key  AB C2C2 C2C2  No leakage out of Alice’s and Bob’s Labs Raw key: never Choice of M: not as long as Eve can act on the state  The choices of the M are really random  Security of classical post-processing, authentication…  Eve is constrained by the laws of physics  Dimensionality of the Q-system under control  Measurement devices under control    Blue = Trusted Red = Untrusted MM Koashi 2005, Beaudry-Moroder- Lutkenhaus 2008  Proofs based on non-locality allow black-box The whole of QM, or just a subset of laws? ?

7 “No-cloning” Wootters-Zurek etc. 1982 It is impossible to make a perfect copy of an unknown quantum state. If a basis is perfectly copied, all superposition states will not. Bennett-Brassard 1984 Eve cannot make a perfect copy of Bob’s quantum state and simulate exactly his measurement. Any interaction that gives Eve some information will modify Bob’s state, thus introducing errors. Drawback: no-cloning cannot be “observed”.

8 “No local variables” (“Non-locality”) Bell 1964 Measurement on entangled states  correlations: Cannot be ascribed to communication Cannot be ascribed to pre- established agreement (“local variables”, “shared randomness”) QM: the results are really created by the measurement, were not available before it. Ekert 1991 If the results were not available before the measurement, in particular they were not available to Eve On data that can be ascribed neither to communication nor to pre-established agreement, an eavesdropper can only have limited information. Non-locality can be observed from P(a,b|x,y): violation of a “Bell-type inequality”.

9 Equivalence under “no-signaling” Thm: No-signaling & Non-locality  No-cloning Masanes, Acín, Gisin PRA 2006; Barnum, Barrett, Leifer, Wilce q-ph/06 Indeed, “signaling” = Alice’s choice changes what Bob sees (and viceversa) No-signaling: The two “foundations” of cryptography are equivalent for no-signaling theories – and non-locality can be observed In particular, Q-measurements give rise to no-signaling P(a,b|x,y)

10 Motivation: summary We want to guarantee the security of key distribution based on: assumptions: only the compulsory ones; bound on Eve’s information: non-locality of P(a,b|x,y), i.e. only inputs/outputs  No leakage out of Alice’s and Bob’s Labs  Random choice of the input  Security of classical procedures  Eve is constrained by the laws of physics  Quantum physics, just no-signaling, or any intermediate set of laws

11 Part 2 Tools

12 Tools of cryptography Figure of merit: secret key rate Information Theory  Achievable secret key rate r (asymptotic N  ): “Eve’s uncertainty minus Bob’s uncertainty on Alice’s string” “Capacity of the A-B channel minus Eve’s knowledge” N m n PA l =Nr EC n  leak From N exchanged signals (raw key) to a secret key of length l : (assuming 1-way communication):

13 Individual –Eve sends i.i.d. signals –and tries to guess each bit of the raw key Collective –Eve sends i.i.d signals –and tries to guess the final key General –Eve sends the most general signals –And tries to guess the final key Tools of cryptography Classes of Attacks “Unconditional security”

14 Tools of Non-locality Bell-CHSH inequality Hypothesis: correlations from a pre-established strategy: For all  it holds: Then: let’s take two choices for x and for y, and binary outcomes: (recall:  is not known) Any correlation that can be distributed using a pre-established strategy must respect this inequality. (Clauser, Horne, Shimony, Holt 1969) QM: S can reach up to 2  2

15 15 Tools of Non-locality The Popescu-Rohrlich (PR) box 11 11 1 No-signaling Non-deterministic böchsli

16 Tools of Non-locality No-Cloning of the PR-box ? Can B duplicate his channel? B learns A’s input  signaling! No-cloning

17 No-signalling Polytope Tools of Non-locality Probability Space PR-box Local correlations CHSH Polytope Quantum region CHSH Convex, no polytope Measurement on singlet

18 Part 3 Results

19 Suitable Protocols Not all protocols can be proved secure using non-locality! E.g., the expected P(a,b|x,y) for BB84 is LOCAL even for zero error Alice: 3 settings x=0,1,kBob: 2 settings y=0,1 Raw key: (a K, b 0 ); in particular error rate Q=Prob(a K  b 0 ) Eve’s info estimated from: S=CHSH(a 0,a 1,b 0,b 1 ) Modified version of Ekert 1991 protocol Feature 1: CHSH is measured; Feature 2: one outcome (b 0 ) is used for both the key and CHSH; A possible protocol (Acín, Massar, Pironio 2006):

20 Known security bounds Usual QKD: General attacks (equivalent to BB84) NL, Laws=QM Collective attacks NL, Laws= no-signaling Individual attacks r S

21 Status of security proofs Laws of physics = quantum –Collective attacks: secure Acín, Brunner, Gisin, Massar, Pironio & VS, PRL 2007 Laws of physics = only no-signaling –Individual attacks: secure Acín, Gisin & Masanes PRL 2005; VS et al., PRA 2006; Acín, Massar & Pironio New J. Phys. 2006 –General attacks: insecure Barrett, Hardy, Kent PRL 2005: 1 secure bit for error=0 Hänggi & Wolf, submitted Laws of physics = no-signaling + something –General attacks: conditions under study Masanes & Winter, in preparation

22 Detection loophole Alice Bob 1 x 01 y 0 If she chooses x=0, I don’t answer Firing of the detector correlated to the choice of the measurement?? In our labs, we know this is not the case because we understand the physics of our devices… … but in a black-box scenario against an adversarial Eve, it becomes a very reasonable assumption  As of today, with photons one cannot close the loophole  non-locality cannot be observed in a black-box scenario  these proofs cannot be used yet.  Practical motivation to close the detection loophole!

23 Side-issues CHSH PR-Box CHSHP PR 41 2222 2121 20 Individual attacks on the CHSH protocol, NS 0.38 1-way, no pp 2.76 0.24 1-way, pp 2.48 0.2 2-way, no pp 2.4 0.09 2-way, pp 2.18 Better procedures or bipartite bound information?

24 Conclusions

25 Summary Goal: security of key distribution from –Compulsory assumptions; –Inputs & Outputs: the non-locality of P(a,b|x,y) Among the assumptions: “Eve is constrained by the laws of physics” –Can be the whole of quantum physics… –…or a restricted set of laws. Several open issues –Minimal set of laws for security –Unconditional security against quantum Eve –Related: close the detection loophole

Download ppt "Cryptography and Non-Locality Valerio Scarani Centre for Quantum Technologies National University of Singapore Ph.D. and post-doc positions available Barrett."

Similar presentations

QCRYPT 2011, Zurich, September 2011 Lluis Masanes 1, Stefano Pironio 2 and Antonio Acín 1,3 1 ICFO-Institut de Ciencies Fotoniques, Barcelona 2 Université.

QCRYPT 2011, Zurich, September 2011 Lluis Masanes 1, Stefano Pironio 2 and Antonio Acín 1,3 1 ICFO-Institut de Ciencies Fotoniques, Barcelona 2 Université.
Tony Short University of Cambridge (with Sabri Al-Safi – PRA 84, 042323 (2011))

Tony Short University of Cambridge (with Sabri Al-Safi – PRA 84, (2011))
I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.

I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.
Fixing the lower limit of uncertainty in the presence of quantum memory Archan S. Majumdar S. N. Bose National Centre for Basic Sciences, Kolkata Collaborators:

Fixing the lower limit of uncertainty in the presence of quantum memory Archan S. Majumdar S. N. Bose National Centre for Basic Sciences, Kolkata Collaborators:
P LAYING ( QUANTUM ) GAMES WITH OPERATOR SPACES David Pérez-García Universidad Complutense de Madrid Bilbao 8-Oct-2011.

P LAYING ( QUANTUM ) GAMES WITH OPERATOR SPACES David Pérez-García Universidad Complutense de Madrid Bilbao 8-Oct-2011.
Nonlocal Boxes And All That Daniel Rohrlich Atom Chip Group, Ben Gurion University, Beersheba, Israel 21 January 2010.

Nonlocal Boxes And All That Daniel Rohrlich Atom Chip Group, Ben Gurion University, Beersheba, Israel 21 January 2010.
Ilja Gerhardt QUANTUM OPTICS CQT GROUP Ilja Gerhardt, Matthew P. Peloso, Caleb Ho, Antía Lamas-Linares and Christian Kurtsiefer Entanglement-based Free.

Ilja Gerhardt QUANTUM OPTICS CQT GROUP Ilja Gerhardt, Matthew P. Peloso, Caleb Ho, Antía Lamas-Linares and Christian Kurtsiefer Entanglement-based Free.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Bell’s inequalities and their uses Mark Williamson 10.06.10 The Quantum Theory of Information and Computation

Bell’s inequalities and their uses Mark Williamson The Quantum Theory of Information and Computation
Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.

Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Toyohiro Tsurumaru (Mitsubishi Electric Corporation) Masahito Hayashi (Graduate School of Information Sciences, Tohoku University / CQT National University.

Toyohiro Tsurumaru (Mitsubishi Electric Corporation) Masahito Hayashi (Graduate School of Information Sciences, Tohoku University / CQT National University.
Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.

Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.
Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) www.icfo.es Quantum Cryptography.

Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) Quantum Cryptography.
Is Communication Complexity Physical? Samuel Marcovitch Benni Reznik Tel-Aviv University arxiv 0709.1602.

Is Communication Complexity Physical? Samuel Marcovitch Benni Reznik Tel-Aviv University arxiv
Spanish Cryptography Days, November 2011, Murcia, Spain Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Device-Independent.

Spanish Cryptography Days, November 2011, Murcia, Spain Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Device-Independent.
Physics is becoming too difficult for physicists. — David Hilbert (mathematician)

Physics is becoming too difficult for physicists. — David Hilbert (mathematician)

Similar presentations

Ads by Google