Download presentation
Presentation is loading. Please wait.
Published byHarrison Hitchings Modified over 10 years ago
1
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya De, and Renato Renner
2
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction
3
Quantum Key Distribution quantum channel classical channel Eve
4
Privacy amplification [BBR’88] Eve F
5
Examples F
6
Aside: randomness extraction (1) Fundamental concept from TCS [NZ’96] Weak randomness is “readily” available Many applications require “perfect” randomness Can we convert one to the other? x P X (x) x Randomized algorithms Crypto Modeling x P U (x) x P X (x) Public source X: Ideal uniform source: Ext?
7
Aside: randomness extraction (2) x P U (x) x P X (x) Ext? + x P Y (x)
8
Extractors for privacy amplification F
9
Example: the perfect matching extractor x1x1 x3x3 x n-1 x2x2 x4x4 xnxn Classical adversary: cannot do better than birthday paradox → need ≈ √n bits of information about x Quantum adversary: on seeing x, store when matching revealed, measure in → only need ≈ log n qubits! X: n-bit string Y: perfect matching chosen among n 2 Ext Ext: {0,1} n x {0,1} 2log n → {0,1} n/2 Output is uniformly random [GKKRW’07]
10
Summary of known constructions SeedOutputRef. Inner-productn1[Ben-Or ’02] 2-universal hashingn[KMR’05] One-bit extractorslog n1[KT’06] n[FS’07] Almost 2-universal hashing m[TSSR’10] Trevisan’s extractor[T-S’09],[DV’10], [DPRV’11]
11
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction
12
A one-bit extractor
13
Quantum eavesdroppers
14
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction
15
Trevisan’s construction (1) 0 000111 y
16
0 000111 y x + Trevisan’s construction (2)
17
Some parameters
18
Overview of security proof 0 000111 y: t bits + x: n bits
19
Summary Privacy amplification is an important step in QKD Well-understood classically, but quantum eavesdropper is a challenge Some constructions proved to carry over – 2-universal hashing most often used: efficient (matrix multiplication), extracts most key. – All previous const. require as many “fresh” random bits as length of key Trevisan’s construction has many advantages – Efficient (local XOR computation) – Extracts longest possible key, only polylog random bits required Proof of security based on reconstruction argument + [KT’06]
20
Open problems
21
Thank you!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.