Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spanish Cryptography Days, November 2011, Murcia, Spain Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Device-Independent.

Published byStewart Elliott Modified over 9 years ago

Similar presentations

Presentation on theme: "Spanish Cryptography Days, November 2011, Murcia, Spain Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Device-Independent."— Presentation transcript:

1 Spanish Cryptography Days, November 2011, Murcia, Spain Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Device-Independent Quantum Information Processing

2 Computational security Standard Classical Cryptography schemes are based on computational security. Assumption: eavesdropper computational power is limited. Even with this assumption, the security is unproven. E.g.: factoring is believed to be a hard problem. Quantum computers sheds doubts on the long-term applicability of these schemes, e.g. Shor’s algorithm for efficient factorization.

3 Quantum Computation Quantum computer: device able to manipulate information encoded on quantum particles. These devices allow one to solve computational problems in a much more efficient way than a classical computer. Shor’s algorithm (1994): factorization problem. 6 = 3 x 2Easy! 30790518401361202507 = 4575351673 x 6729650659 A quantum computer allows the efficient factorization of large numbers.

4 Computational security It was easy to generate the factors and then compute the product. One-way functions: easy in one direction, hard in the opposite. Many cryptographic schemes, such as RSA, are based on the factorization problem. AliceBob Eve Multiply Factorize If factorization becomes easy, the enemy can break the protocol!

5 Quantum Information Theory Quantum Information Theory studies how to manipulate and transmit information encoded on quantum particles. Quantum Mechanics: set of laws describing the Physics of the microscopic world. (Einstein, Planck, Bohr, Schrödinger, Heisenberg,…, first half of the XX century). Information Theory: mathematical formalism describing how information can be stored, processed and transmitted. (Shannon, 1950). Why now?

6 Quantum Information Theory Current technological progress on devices miniaturization leads to a scenario where information is encoded on quantum particles, such as atoms or photons. Moore’s Law: information-device size decreases exponentially with time. Information is encoded in fewer and fewer atoms. It is very plausible that quantum effects will manifest in the near future.

7 Novel information applications become possible when using information encoded on quantum states, e.g. more powerful computers and secure communication. What happens when we encode information in the quantum world? Quantum Information Theory

8 Heisenberg Uncertainty Principle Quantum Theory only predicts the probabilities of outcomes. Quantum Particle Measurement 50% The measurement process modifies the state of the particle! Heisenberg uncertainty principle: the measurement process perturbs the state of a quantum system.

9 Quantum Cryptography AliceBob Eve Quantum bits The eavesdropper, Eve, when measuring the particles, introduces noise, errors, in the channel and is detected by the honest parties. BennettBrassard Ekert Heisenberg uncertainty principle → Secure cryptography!

10 Quantum Cryptography: a new form of security Standard Classical Cryptography schemes are based on computational security. Assumption: eavesdropper computational power is limited. Even with this assumption, the security is unproven. E.g.: factoring is believed to be a hard problem. Quantum computers sheds doubts on the long-term applicability of these schemes, e.g. Shor’s algorithm for efficient factorization. Quantum Cryptography protocols are based on physical security. Assumption: Quantum Mechanics offers a correct physical description of the devices. No assumption is required on the eavesdropper’s power, provided it does not contradict any quantum law. Using this (these) assumption(s), the security of the schemes can be proven.

11 Quantum Cryptography: you can buy it! Quantum cryptography is a commercial product. In 2007, it was used to secure part of the vote counting in a referendum in the canton of Geneva. The Quantum Stadium: in 2010, in collaboration with the University of Kwazulu-Natal, South Africa, it was used to encrypt a connection in the Durban stadium during the World Cup. Ribordy

12 Quantum hacking How come?!

13 Quantum hacking Single-photon source Single-photon detector Quantum channel Quantum hacking attacks break the implementation, not the principle. Attenuated laser source Realistic APD detector

14 Device-Independent Quantum Information Processing

15 Scenario Alice Bob y=1,…,m a=1,…,r b=1,…,r x=1,…,m Vector of m 2 r 2 positive components satisfying m 2 normalization conditions Distant parties performing m different measurements of r outcomes.

16 Quantum Correlations Assumption: the observed correlations should be compatible with the quantum formalism. No constraint is imposed on the quantum state and measurements reproducing the observed correlations. They act on an arbitrary Hilbert space. Standard Quantum Information applications are not device-independent: they crucially rely on the details of states and measurements used in the protocol.

17 Bell inequality violation Bell inequality violation is a necessary condition for DIQIP. If the correlations are local: The observed statistics can be reproduced by classically correlated data → no improvement can be expected over Classical Information Theory. Any protocol should be built from non-local correlations.

18 Characterization of Quantum Correlations

19 Motivation Given p(a,b|x,y), does it have a quantum realization? Example:

20 Hierarchy of necessary conditions Given a probability distribution p(a,b|x,y), we have defined a hierarchy consisting of a series of tests based on semi-definite programming techniques allowing the detection of supra-quantum correlations. NO YES NO YES The hierarchy is asymptotically convergent. YES

21 Convergence of the hierarchy If some correlations satisfy all the steps in the hierarchy, then: with ?

22 Device-Independent Quantum Key Distribution

23 Device-Independent QKD Standard QKD protocols based their security on: 1.Quantum Mechanics: any eavesdropper, however powerful, must obey the laws of quantum physics. 2.No information leakage: no unwanted classical information must leak out of Alice's and Bob's laboratories. 3.Trusted Randomness: Alice and Bob have access to local random number generators. 4.Knowledge of the devices: Alice and Bob require some control (model) of the devices. Are there protocols for secure QKD based on without requiring any assumption on the devices?

24 Motivation The fewer the assumptions for a cryptographic protocol → the stronger the security. Device-Independent QKD represents the strongest form of quantum cryptography. It is based on the minimal number of assumptions. It may be useful when considering practical implementations. If some correlations are observed → secure key distribution. No security loopholes related to technological issues.

25 Secure device-independent quantum key distribution with causally independent measurement devices

26 The model We require that the generation of raw key elements define causally independent events. All raw-key elements General quantum state Measurements by Alice and Bob

27 The model...... This requirement can be satisfied by performing space-like separated measurements. Secure DIQKD is, in principle, possible. The requirement can just be assumed, either by assuming memoryless devices or some shielding ability by the honest parties (which is always necessary). This requirement is always one of the assumptions (among many more) needed for security in standard QKD.

28 Bound on the key rate The critical error for the CHSH inequality is of approx 5%. For the chained inequality with 3 settings, one has 7.5%. The protocols are competitive in terms of error rate.

29 Device-Independent Randomness Generation

30 Can the presence of randomness be guaranteed by any physical mechanism?

31 Known solutions Classical Random Number Generators (CRNG). All of them are of deterministic Nature. Quantum Random Number Generators (QRNG). There exist different solutions, but the main idea is encapsulated by the following example: In any case, all these solutions have three problems, which are important both from a fundamental and practical point of view. Single photons are prepared and sent into a mirror with transmittivity equal to ½. The random numbers are provided by the clicks in the detectors.

32 Problem 1: certification Good randomness is usually verified by a series of statistical tests. There exist chaotic systems, of deterministic nature, that pass all existing randomness tests. Do these tests really certify the presence of randomness? Do these tests certify any form of quantum randomness? Classical systems pass them!

33 RANDU RANDU is an infamous linear congruential pseudorandom number generator of the Park–Miller type, which has been used since the 1960s. Three-dimensional plot of 100,000 values generated with RANDU. Each point represents 3 subsequent pseudorandom values. It is clearly seen that the points fall in 15 two-dimensional planes.

34 Problem 2: privacy Many applications require private randomness. How can one be sure that the observed random numbers are also random to any other observer, possibly adversarial?...... Classical Memory …

35 Problem 3: device dependence All the solutions crucially rely on the details of the devices used in the generation. How can imperfections in the devices affect the quality of the generated numbers? Can these imperfections be exploited by an adversary? Single photons are prepared and sent into a mirror with transmittivity equal to ½. The random numbers are provided by the clicks in the detectors.

36 Random Numbers from Bell’s Theorem We want to explore the relation between non-locality, measured by the violation β of a Bell inequality, and local randomness, quantified by the parameter. Clearly, if β =0 → r=1. y=1,2 a=+1,-1 b=+1,-1 x=1,2

37 Results All the region above the curve is impossible within Quantum Mechanics.

38 Statement of the problem We have developed an asymptotically convergent series of sets approximating the quantum set.

39 Experimental realization The two-box scenario is performed by two atomic particles located in two distant traps. Using our theoretical techniques, we can certify that 42 new random bits are generated in the experiment. It is the first time that randomness generation is certified without making any detailed assumption about the internal working of the devices.

40 Concluding Remarks

41 Quantum correlations Hierarchy of necessary condition for detecting the quantum origin of correlations. Each condition can be mapped into an SDP problem. How does this picture change if we fix the dimension of the quantum system? Are all finite correlations achievable measuring finite-dimensional quantum systems?

42 Device-Independent QKD Classical cryptographic is based on computational security. Quantum computers may change what we understand today as a hard problem. Quantum Key Distribution is based on physical laws. Standard protocols require good control of the devices. It seems possible to construct QKD protocols whose security does not require any assumption on the devices. General security proofs? The implementation of these protocols using current technology is still a challenge! Hybrid scenarios: partial control of the devices suffices.

43 Random Numbers from Bell’s Theorem Randomness can be derived from non-local quantum correlations. The obtained randomness is certifiable, private and device-independent. It represents a novel application of Quantum Information Theory, solving a task whose classical realization is, at least, unclear. These techniques allow quantifying the intrinsic quantum randomness generated in Bell tests. General security proof? More efficient schemes for generation?

Download ppt "Spanish Cryptography Days, November 2011, Murcia, Spain Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Device-Independent."

Similar presentations

How Much Information Is In Entangled Quantum States? Scott Aaronson MIT |

How Much Information Is In Entangled Quantum States? Scott Aaronson MIT |
Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.

Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.
Quantum Cryptography Post Tenebras Lux!

Quantum Cryptography Post Tenebras Lux!
Quantum Cryptography http://www.dcs.warwick.ac.uk/~esvbb Nick Papanikolaou Third Year CSE Student npapanikolaou@iee.org http://www.dcs.warwick.ac.uk/~esvbb.

Quantum Cryptography Nick Papanikolaou Third Year CSE Student
QCRYPT 2011, Zurich, September 2011 Lluis Masanes 1, Stefano Pironio 2 and Antonio Acín 1,3 1 ICFO-Institut de Ciencies Fotoniques, Barcelona 2 Université.

QCRYPT 2011, Zurich, September 2011 Lluis Masanes 1, Stefano Pironio 2 and Antonio Acín 1,3 1 ICFO-Institut de Ciencies Fotoniques, Barcelona 2 Université.
I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.

I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.
Some Limits on Non-Local Randomness Expansion Matt Coudron and Henry Yuen 6.845 12/12/12 God does not play dice. --Albert Einstein Einstein, stop telling.

Some Limits on Non-Local Randomness Expansion Matt Coudron and Henry Yuen /12/12 God does not play dice. --Albert Einstein Einstein, stop telling.
Bell’s inequalities and their uses Mark Williamson 10.06.10 The Quantum Theory of Information and Computation

Bell’s inequalities and their uses Mark Williamson The Quantum Theory of Information and Computation
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.

Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.

Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Mechanics from Classical Statistics. what is an atom ? quantum mechanics : isolated object quantum mechanics : isolated object quantum field theory.

Quantum Mechanics from Classical Statistics. what is an atom ? quantum mechanics : isolated object quantum mechanics : isolated object quantum field theory.
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Similar presentations

Ads by Google