Download presentation
Presentation is loading. Please wait.
Published byJunior Daniels Modified over 8 years ago
1
Cryptography and Non-Locality Valerio Scarani Centre for Quantum Technologies National University of Singapore Ph.D. and post-doc positions available Barrett Hardy Kent Acín Masanes Gisin Pironio Massar Brunner Winter Wolf Hänggi Ekert
2
Outline Part 1: Motivation –Secure communication based only on compulsory assumptions and observation Part 2: Tools –From cryptography –From non-locality Part 3: Results –Security against quantum Eve –Security against post-quantum Eve
3
Part 1 Motivation
4
The task: Key Distribution Unbreakable… unless the eavesdropper Eve knows the key!!! Key-Distribution Problem: How to distribute the key among the partners? AliceBob M=0101110010100011 K=1000100011110101 P=M K=1101010001010110 Sent: sum mod 2: Contains NO info on M! K P= 0101110010100011=M Goal: secure distribution of a key between distant partners. Quantum crypto: code the bits of the key in quantum states
5
Phenomenology Alice Bob (1) 1 x 01 y 0 Eve distributes the signal… …but knows neither the settings x,y nor the results a,b Alice Bob (2) 1 x 01 y 0 ab N times (3) Public communication: estimate P(a,b|x,y) Laws of physics: P(a,b|x,y) bound on Eve’s information. We adopt an entanglement-based scenario:
6
Assumptions for Security RNG M Raw key RNG M Raw key AB C2C2 C2C2 No leakage out of Alice’s and Bob’s Labs Raw key: never Choice of M: not as long as Eve can act on the state The choices of the M are really random Security of classical post-processing, authentication… Eve is constrained by the laws of physics Dimensionality of the Q-system under control Measurement devices under control Blue = Trusted Red = Untrusted MM Koashi 2005, Beaudry-Moroder- Lutkenhaus 2008 Proofs based on non-locality allow black-box The whole of QM, or just a subset of laws? ?
7
“No-cloning” Wootters-Zurek etc. 1982 It is impossible to make a perfect copy of an unknown quantum state. If a basis is perfectly copied, all superposition states will not. Bennett-Brassard 1984 Eve cannot make a perfect copy of Bob’s quantum state and simulate exactly his measurement. Any interaction that gives Eve some information will modify Bob’s state, thus introducing errors. Drawback: no-cloning cannot be “observed”.
8
“No local variables” (“Non-locality”) Bell 1964 Measurement on entangled states correlations: Cannot be ascribed to communication Cannot be ascribed to pre- established agreement (“local variables”, “shared randomness”) QM: the results are really created by the measurement, were not available before it. Ekert 1991 If the results were not available before the measurement, in particular they were not available to Eve On data that can be ascribed neither to communication nor to pre-established agreement, an eavesdropper can only have limited information. Non-locality can be observed from P(a,b|x,y): violation of a “Bell-type inequality”.
9
Equivalence under “no-signaling” Thm: No-signaling & Non-locality No-cloning Masanes, Acín, Gisin PRA 2006; Barnum, Barrett, Leifer, Wilce q-ph/06 Indeed, “signaling” = Alice’s choice changes what Bob sees (and viceversa) No-signaling: The two “foundations” of cryptography are equivalent for no-signaling theories – and non-locality can be observed In particular, Q-measurements give rise to no-signaling P(a,b|x,y)
10
Motivation: summary We want to guarantee the security of key distribution based on: assumptions: only the compulsory ones; bound on Eve’s information: non-locality of P(a,b|x,y), i.e. only inputs/outputs No leakage out of Alice’s and Bob’s Labs Random choice of the input Security of classical procedures Eve is constrained by the laws of physics Quantum physics, just no-signaling, or any intermediate set of laws
11
Part 2 Tools
12
Tools of cryptography Figure of merit: secret key rate Information Theory Achievable secret key rate r (asymptotic N ): “Eve’s uncertainty minus Bob’s uncertainty on Alice’s string” “Capacity of the A-B channel minus Eve’s knowledge” N m n PA l =Nr EC n leak From N exchanged signals (raw key) to a secret key of length l : (assuming 1-way communication):
13
Individual –Eve sends i.i.d. signals –and tries to guess each bit of the raw key Collective –Eve sends i.i.d signals –and tries to guess the final key General –Eve sends the most general signals –And tries to guess the final key Tools of cryptography Classes of Attacks “Unconditional security”
14
Tools of Non-locality Bell-CHSH inequality Hypothesis: correlations from a pre-established strategy: For all it holds: Then: let’s take two choices for x and for y, and binary outcomes: (recall: is not known) Any correlation that can be distributed using a pre-established strategy must respect this inequality. (Clauser, Horne, Shimony, Holt 1969) QM: S can reach up to 2 2
15
15 Tools of Non-locality The Popescu-Rohrlich (PR) box 11 11 1 No-signaling Non-deterministic böchsli
16
Tools of Non-locality No-Cloning of the PR-box ? Can B duplicate his channel? B learns A’s input signaling! No-cloning
17
No-signalling Polytope Tools of Non-locality Probability Space PR-box Local correlations CHSH Polytope Quantum region CHSH Convex, no polytope Measurement on singlet
18
Part 3 Results
19
Suitable Protocols Not all protocols can be proved secure using non-locality! E.g., the expected P(a,b|x,y) for BB84 is LOCAL even for zero error Alice: 3 settings x=0,1,kBob: 2 settings y=0,1 Raw key: (a K, b 0 ); in particular error rate Q=Prob(a K b 0 ) Eve’s info estimated from: S=CHSH(a 0,a 1,b 0,b 1 ) Modified version of Ekert 1991 protocol Feature 1: CHSH is measured; Feature 2: one outcome (b 0 ) is used for both the key and CHSH; A possible protocol (Acín, Massar, Pironio 2006):
20
Known security bounds Usual QKD: General attacks (equivalent to BB84) NL, Laws=QM Collective attacks NL, Laws= no-signaling Individual attacks r S
21
Status of security proofs Laws of physics = quantum –Collective attacks: secure Acín, Brunner, Gisin, Massar, Pironio & VS, PRL 2007 Laws of physics = only no-signaling –Individual attacks: secure Acín, Gisin & Masanes PRL 2005; VS et al., PRA 2006; Acín, Massar & Pironio New J. Phys. 2006 –General attacks: insecure Barrett, Hardy, Kent PRL 2005: 1 secure bit for error=0 Hänggi & Wolf, submitted Laws of physics = no-signaling + something –General attacks: conditions under study Masanes & Winter, in preparation
22
Detection loophole Alice Bob 1 x 01 y 0 If she chooses x=0, I don’t answer Firing of the detector correlated to the choice of the measurement?? In our labs, we know this is not the case because we understand the physics of our devices… … but in a black-box scenario against an adversarial Eve, it becomes a very reasonable assumption As of today, with photons one cannot close the loophole non-locality cannot be observed in a black-box scenario these proofs cannot be used yet. Practical motivation to close the detection loophole!
23
Side-issues CHSH PR-Box CHSHP PR 41 2222 2121 20 Individual attacks on the CHSH protocol, NS 0.38 1-way, no pp 2.76 0.24 1-way, pp 2.48 0.2 2-way, no pp 2.4 0.09 2-way, pp 2.18 Better procedures or bipartite bound information?
24
Conclusions
25
Summary Goal: security of key distribution from –Compulsory assumptions; –Inputs & Outputs: the non-locality of P(a,b|x,y) Among the assumptions: “Eve is constrained by the laws of physics” –Can be the whole of quantum physics… –…or a restricted set of laws. Several open issues –Minimal set of laws for security –Unconditional security against quantum Eve –Related: close the detection loophole
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.