DOCSLIB.ORG

Quantum Digital Signatures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Quantum Digital Signatures View metadata, citation and similar papers at core.ac.uk Quantum Digital Signatures brought to you by CORE provided by CERN Document Server Daniel Gottesman and Isaac Chuang Computer Science Division, University of California, Berkeley, CA 94270 MIT Media Laboratory, Cambridge, MA 02139 The physics of quantum systems opens a door to tremen- bit message. It is not sufficient, however, to simply plug dously intriguing possibilities for cryptography, the art and in fk in place of f(k). First, due to the no-cloning the- science of communicating in the presence of adversaries [1]. orem,| i there can be no perfect equality test for quantum One major goal of classical cryptography is to certify the states. Also, as we show below, the nature of quantum origin of a message. Much like a handwritten signature states provides Alice with non-classical cheating strategies, on a paper document, a digital signature authenticates an and eavesdroppers with non-classical forgery mechanisms. electronic document and ensures that it has not been tam- And unlike classical schemes, only a limited number of pered with. The importance of digital signatures to mod- copies of the public key can be issued, or the scheme be- ern electronic commerce has become such that Rivest has comes insecure. Despite these difficulties, the protocol we written “[they] may prove to be one of the most fundamen- present, when used correctly, allows the probability of any tal and useful inventions of modern cryptography.” [2] This security failure to be made exponentially small with only is especially true of schemes where the signature can be rec- polynomial expenditure of resources. ognized using a widely available reference. The security of Let us begin with the quantum one-way function. Sup- all such public key digital signature schemes presently de- pose we take all classical bit strings k of length L,and pends on the inability of a forger to solve certain difficult assign to each one a quantum state fk of n qubits. Fur- mathematical problems, such as factoring large numbers | i ther, let the states be nearly orthogonal: fk fk δ for [3]. Unfortunately, with a quantum computer factoring be- |h | 0 i| ≤ k = k0; this allows L to be much larger than n. Buhrman, comes tractable [4], thus allowing signatures to be forged. Cleve,6 Watrous, and de Wolf introduced one such family as Here, we present a quantum digital signature scheme which quantum fingerprints,inwhichL = O(2n)andδ 0:9[7]. is absolutely secure, even against powerful quantum cheat- Another family is provided by the set of stabilizer≈ states ing strategies. It allows a sender (Alice) to sign a message [1], with L = n2=2+o(n2), and δ =1=√2. Both these sets so that the signature can be validated by one or more dif- are easy to create with any standard set of universal quan- ferent people, and all will agree either that the message tum gates. A third family of interest uses just n = 1 qubit came from Alice or that it has been tampered with. per state, and consists of the states cos(jθ) 0 +sin(jθ) 1 , | i | i Classical digital signature schemes can be created out of for θ = π/2L, and integer j. This family works for any any one-way function [5]. f(x) is a one-way function if it value of L,andgivesδ =cosθ. is easy to compute f(x)givenx, but computing x given The mapping k fk acts as a sort of “quantum one- f(x) is very difficult. This allows the following digital sig- way function” because7→ | iti is impossible to invert, but easy nature scheme [6]: Alice chooses k0 and k1, and publicly to compute and verify. Holevo’s theorem puts limits on announces f,(0;f(k0)) and (1;f(k1)). Later, to sign a sin- the amount of classical information that can be extracted gle bit b, Alice presents (b; kb). The recipient can easily from a quantum state [8]; in particular, measurements on compute f(kb) and check that it agrees with Alice’s ear- n qubits can give at most n classical bits of information. lier announcement, and since k0 and k1 were known only Thus, given t copies of the state fk , we can learn at most to Alice, this certifies that she must have sent the mes- tn bits of information about k,andwhen| i L tn 1, our sage. However, while there are many candidate one-way chance of successfully guessing the string k remains− small. functions, none have been proven to be secure, and some, We take for granted certain properties of classical func- such as multiplying together two primes (the inverse be- tions which are no longer so straightforward quantum- ing factoring the product), become insecure on a quantum mechanically. Given two outputs fk and fk ,howcanwe computer. This deficiency leaves a substantial gap in the | i | 0 i be sure that k = k0? This is done using a simple quantum cryptographic landscape. circuit [7], which we shall call the swap-test. Take the states Our quantum digital signature scheme is based on a fk and fk0 , and prepare a single ancilla qubit in the state quantum analogue of a one-way function which, unlike any (| 0i + 1|)=√i2. Next, perform a Fredkin gate (controlled- | i | i classical function, is provably secure from an information- swap) with the ancilla qubit as control and fk0 and fk theoretic standpoint, no matter how advanced the enemy’s as targets. Then perform a Hadamard on the| ancillai qubit| i computers. The key idea we introduce is a one-way func- and measure it. If the result is 0 , then the swap-test is tion whose input is a classical bit-string k, and output is a passed; this always happens if |fi = f . Otherwise, | k0 i | ki quantum state fk (versus, for instance, a function which if fk0 fk δ, the result 0 occurs with probability at maps quantum| statesi to quantum states). Like the above most|h (1| +i|δ ≤2)=2. If the result| i is 1 , then the test fails; | i classical scheme, we will require O(m) qubits to sign a m- this happens only when k = k0 and occurs with probability 6 1 2 (1 δ )=2. Clearly the swap test works equally well even if works in the presence of weak noise by letting c1 be greater the− states are not outputs of the function f —ifthestates than zero, and with other minor adjustments. are the same, they always pass the swap test, while if they The key distribution stage works as follows: are different, they sometimes fail. i i Another important property is the ability to verify the 1. Alice creates a set k0;k1 ,1 i M, of pairs of -bit strings. The {’s will} be used≤ ≤ to sign 0’s in the output of the function: given k, how do we check that a L k0 message, and the k1’s will be used to sign 1’s. Note state = fk ? This is straightforward: since the func- i i | i | i k0 and k1 are chosen independently and randomly for tion k 0 k fk is easy to compute, simply perform the inverse| i| i7→| operation,i| i and measure the second register. If each i. = fk , the measurement result will be nonzero with 2. Alice creates 2t copies of each of the states | i6 | i 2 probability 1 fk . f i ; f i . These will be Alice’s public keys. k0 k1 Blindly modifying−|h | i| classical cryptographic protocols to {| i | i} 3. Alice sends her public keys to a key distribution cen- use quantum one-way functions will generally fail. First, ter, and each of the t recipients downloads two copies given the output of a classical one-way function, someone of each fki ; fki . One copy will be used to verify with limited computational ability can learn nothing at 0 1 the message,{| i and| onei} to test for Alice cheating. The all about the input, whereas f always leaks a limited k public keys have been labelled by Alice, so the recip- amount of information about k|, thei input to the quantum ients know which key is which (but not the identities one-way function. This is why in our signature scheme, of the individual keys). Alice must limit the number of copies of her public keys in circulation. Second, verification of the identity of fk can 4. Finally, for each value of i, the recipients verify that only be done with some error. Third, quantum cheating| i they all received the same public keys using the swap strategies become available; for example Alice (the person test. Each recipient first performs a swap-test be- preparing the state) can prepare an entangled initial state, tween their two keys, then each passes one copy which enables her to delay choosing k until after she has to a single recipient. That recipient checks that given fk away. This fact spells the doom of any attempt these t test keys remain unchanged when any pair to use| quantumi one-way functions to perform bit commit- is swapped. If any of the public keys fail the test, ment [9,10], which is one application of classical one-way the protocol is aborted. Otherwise, discard the test functions. However, only Alice has the ability to change the keys. state, which enables us to use quantum one-way functions Assuming all recipients’ public keys pass the swap test, to perform digital signatures. ideally all the recipients would now have identical public Our digital signature protocol consists of two stages.
Load more

Recommended publications
  • Arxiv:1803.04114V2 [Quant-Ph] 16 Nov 2018
    Learning the quantum algorithm for state overlap Lukasz Cincio,1 Yiğit Subaşı,1 Andrew T. Sornborger,2 and Patrick J. Coles1 1Theoretical Division, Los Alamos National Laboratory, Los Alamos, NM 87545, USA. 2Information Sciences, Los Alamos National Laboratory, Los Alamos, NM 87545, USA. Short-depth algorithms are crucial for reducing computational error on near-term quantum com- puters, for which decoherence and gate infidelity remain important issues. Here we present a machine-learning approach for discovering such algorithms. We apply our method to a ubiqui- tous primitive: computing the overlap Tr(ρσ) between two quantum states ρ and σ. The standard algorithm for this task, known as the Swap Test, is used in many applications such as quantum support vector machines, and, when specialized to ρ = σ, quantifies the Renyi entanglement. Here, we find algorithms that have shorter depths than the Swap Test, including one that has a constant depth (independent of problem size). Furthermore, we apply our approach to the hardware-specific connectivity and gate sets used by Rigetti’s and IBM’s quantum computers and demonstrate that the shorter algorithms that we derive significantly reduce the error - compared to the Swap Test - on these computers. I. INTRODUCTION hyperparameters, we optimize the algorithm in a task- oriented manner, i.e., by minimizing a cost function that quantifies the discrepancy between the algorithm’s out- Quantum supremacy [1] may be coming soon [2]. put and the desired output. The task is defined by a While it is an exciting time for quantum computing, de- training data set that exemplifies the desired computa- coherence and gate fidelity continue to be important is- tion.
    [Show full text]
  • Signing Perfect Currency Bonds
    Signing Perfect Currency Bonds Subhayan Roy Moulick∗ and Prasanta K. Panigrahiy Indian Institute of Science Education and Research Kolkata, Mohanpur 741246, West Bengal, India (Dated: May 23, 2019) We propose the idea of a Quantum Cheque Scheme, a cryptographic protocol in which any legiti- mate client of a trusted bank can issue a cheque, that cannot be counterfeited or altered in anyway, and can be verified by a bank or any of its branches. We formally define a Quantum Cheque and present the first Unconditionally Secure Quantum Cheque Scheme and show it to be secure against any no-signaling adversary. The proposed Quantum Cheque Scheme can been perceived as the quantum analog of Electronic Data Interchange, as an alternate for current e-Payment Gateways. PACS numbers: 03.67.Dd, 03.67.Hk, 03.67.Ac I. INTRODUCTION in addition to security against counterfeiters, owing its origin to the pioneering works of Mosca and Stebila [11]. Replication of classical information is a significant nui- They proposed a scheme based on blind quantum com- sance in copy-protection. Any physical entity created putation that required a verifier to do an obfuscated ver- classically can be, in principle, copied. Currency bonds, ification with the bank and learn only the validity of the printed on textile and paper, are no exception, and any quantum coin. This however is a private key protocol adversary, given sufficient time and resources, can be and requires communication with the bank. able to counterfeit currency bonds. However, the quan- In this paper we propose the idea of Quantum Cheques tum regime can circumvent this problem, exploiting the and present a construction of an Quantum Cheque `No Cloning Theorem' [1], and pave way for unforgeable Scheme with Perfect Security against any No-Signaling Quantum Currency that are impossible to counterfeit adversary.
    [Show full text]
  • Quantum Information & Quantum Computation
    CS290A, Spring 2005: Quantum Information & Quantum Computation Wim van Dam Engineering 1, Room 5109 vandam@cs http://www.cs.ucsb.edu/~vandam/teaching/CS290/ Administrative • The Final Examination will be: Monday June 6, 12:00–15:00, PHELPS 1401 • New Exercises are posted Try to answer Question 2 before Thursday. Last Week / This Week • Last week we looked at quantum money and quantum cryptography, which uses the qubit states 0,1,+,–. • This week we will extend this idea to describe “quantum fingerprinting”. • Also this week: superdense quantum coding and quantum teleportation of quantum states. Fingerprinting Assume two parties A and B that each have data in the form of a (long) string x and y ∈{0,1} N. A and B want to check if they have the same data, without revealing a priori to the other their strings. They do this by sending (publicly) information about their strings (x and y) to a trusted third party C, who decides. Sending the whole strings is not allowed because the strings are too long / risk of eavesdropping. A and B want to have a way of fingerprinting their strings. Quantum Fingerprinting “Quantum Fingerprinting” refers to a way of mapping the ∈ N strings x,y {0,1} to quantum states | φx〉 and | φy〉, that live in a ‘much smaller than 2 N’-dimensional Hilbert space, such that from ψ and φ we can tell decide whether x=y. ∈ N The set { |φx〉 : x {0,1} } cannot be mutually orthogonal. Instead we will have to work with near orthogonal states. ∈ N Central Idea: Encode x {0,1} into m qubit state |φx〉 (with m much smaller than N).
    [Show full text]
  • Lecture 25: QMA(2) 1 Introduction 2 QMA(2): the 2-Prover
    Quantum Computation (CMU 18-859BB, Fall 2015) Lecture 25: QMA(2) December 7, 2015 Lecturer: Ryan O'Donnell Scribe: Yongshan Ding 1 Introduction So far, we have seen two major quantum complexity classes, namely BQP and QMA. They are the quantum analogue of two famous classical complexity classes, P (or more precisely BPP) and NP, respectively. In today's lecture, we shall extend to a generalization of QMA that only arises in the Quantum setting. In particular, we denote QMA(k) for the case that quantum verifier uses k quantum certificates. Before we study the new complexity class, recall the following \swap test" circuit from homework 3: qudit SWAP qudit qubit j0i H • H Accept if j0i When we measure the last register, we \accept" if the outcome is j0i and \reject" if the outcome is j1i. We have shown that this is \similarity test". In particular we have the following: 1 1 2 1 2 • Pr[Accept j i ⊗ j'i] = 2 + 2 j h j'i j = 1 − 2 dtr(j i ; j'i) 1 1 Pd 2 • Pr[Accept ρ ⊗ ρ] = 2 + 2 i=1 pi , if ρ = fpi j iig. 2 QMA(2): The 2-Prover QMA Recall from last time, we introduced the QMA class where there is a prover who is trying to prove some instance x is in the language L, regardless of whether it is true or not. Figure. 1 is a simple picture that describes this. The complexity class we are going to look at today involves multiple provers. Kobayashi et al.
    [Show full text]
  • Practical Quantum Digital Signature
    Practical Quantum Digital Signature 1,2, 1,2, 1,2, Hua-Lei Yin, ∗ Yao Fu, † and Zeng-Bing Chen ‡ 1Hefei National Laboratory for Physical Sciences at Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei, Anhui 230026, China 2The CAS Center for Excellence in QIQP and the Synergetic Innovation Center for QIQP, University of Science and Technology of China, Hefei, Anhui 230026, China (Dated: September 5, 2018) Guaranteeing non-repudiation, unforgeability as well as transferability of a signature is one of the most vital safeguards in today’s e-commerce era. Based on fundamental laws of quantum physics, quantum digital signature (QDS) aims to provide information-theoretic security for this crypto- graphic task. However, up to date, the previously proposed QDS protocols are impractical due to various challenging problems and most importantly, the requirement of authenticated (secure) quan- tum channels between participants. Here, we present the first quantum digital signature protocol that removes the assumption of authenticated quantum channels while remaining secure against the collective attacks. Besides, our QDS protocol can be practically implemented over more than 100 km under current mature technology as used in quantum key distribution. PACS numbers: 03.67.Dd, 03.67.Hk, 03.67.Ac I. INTRODUCTION The authenticated quantum channels are equivalent to the secure quantum channels that do not allow any eaves- Digital signatures aim to certify the provenance and dropping. Recall that while quantum key distribution identity of a message as well as the authenticity of a (QKD) [11, 12] requires authenticated classical channels, signature. They are widely applied in e-mails, financial it does not require authenticated (secure) quantum chan- transactions, electronic contracts, software distribution nels because of potential eavesdropping.
    [Show full text]
  • Quantum Computing: Lecture Notes
    Quantum Computing: Lecture Notes Ronald de Wolf Preface These lecture notes were formed in small chunks during my “Quantum computing” course at the University of Amsterdam, Feb-May 2011, and compiled into one text thereafter. Each chapter was covered in a lecture of 2 45 minutes, with an additional 45-minute lecture for exercises and × homework. The first half of the course (Chapters 1–7) covers quantum algorithms, the second half covers quantum complexity (Chapters 8–9), stuff involving Alice and Bob (Chapters 10–13), and error-correction (Chapter 14). A 15th lecture about physical implementations and general outlook was more sketchy, and I didn’t write lecture notes for it. These chapters may also be read as a general introduction to the area of quantum computation and information from the perspective of a theoretical computer scientist. While I made an effort to make the text self-contained and consistent, it may still be somewhat rough around the edges; I hope to continue polishing and adding to it. Comments & constructive criticism are very welcome, and can be sent to [email protected] Attribution and acknowledgements Most of the material in Chapters 1–6 comes from the first chapter of my PhD thesis [71], with a number of additions: the lower bound for Simon, the Fourier transform, the geometric explanation of Grover. Chapter 7 is newly written for these notes, inspired by Santha’s survey [62]. Chapters 8 and 9 are largely new as well. Section 3 of Chapter 8, and most of Chapter 10 are taken (with many changes) from my “quantum proofs” survey paper with Andy Drucker [28].
    [Show full text]
  • 4. Quantum Computing
    4. QUANTUM COMPUTING Jozef Gruska Faculty of Informatics Brno Czech Republic October 11, 2013 Quantum Computing 4 - Quantum Gates and Circuits - 2013 4. QUANTUM CIRCUITS Quantum circuits are the most easy to deal with model of quantum computations. Several simple quantum gates form elementary building blocks from which any quantum circuit can be built. Jozef Gruska October 11, 2013 1 Quantum Computing 4 - Quantum Gates and Circuits - 2013 PART I - MOTIVATION Jozef Gruska October 11, 2013 2 Quantum Computing 4 - Quantum Gates and Circuits - 2013 MOTTO I. Progress in science is often done by pessimists. Progress in technology is always done by optimists. Jozef Gruska October 11, 2013 3 Quantum Computing 4 - Quantum Gates and Circuits - 2013 MOTTO II. Progress in science is often done by pessimists. Progress in technology is always done by knowledgeable and experienced optimists. Jozef Gruska October 11, 2013 4 Quantum Computing 4 - Quantum Gates and Circuits - 2013 TWO STORIES TO REMEMBER • The proposal to build Collosus, the first electronic computer for cryptanalysis purposes, was during the 2WW rejected by a committee of prominent specialists as impossible to make, in spite of the fact that British cryptanalysts needed it badly to crack communication between Hitler and his generals. • Collosus was then built by an ingenious optimist, Tommy Flowers, within 10 months in a Post office laboratory, and worked from the beginning successfully to break Lorenz cipher, starting January 1944. • The key point was that Flowers realized that velvets were reliable provided they were never switched on and off. (Of course, nobody believed him.) • The idea that 30m long ENIAC with 19000 vacuum tubes could work looked also crazy, for scientists, but it worked.
    [Show full text]
  • The Power of Unentanglement
    The Power of Unentanglement Scott Aaronson∗ Salman Beigi Andrew Drucker Bill Fefferman MIT MIT MIT University of Chicago Peter Shor MIT Abstract The class QMA (k), introduced by Kobayashi et al., consists of all languages that can be verified using k unentangled quantum proofs. Many of the simplest questions about this class have remained embarrassingly open: for example, can we give any evidence that k quantum proofs are more powerful than one? Does QMA (k) = QMA (2) for k 2? Can QMA (k) protocols be amplified to exponentially small error? ≥ In this paper, we make progress on all of the above questions. We give a protocol by which a verifier can be convinced that a 3Sat formula of size m is • satisfiable, with constant soundness, given O (√m) unentangled quantum witnesses with O (log m) qubits each. Our protocol relies on the existence of very short PCPs. We show that assuming a weak version of thee Additivity Conjecture from quantum infor- • mation theory, any QMA (2) protocol can be amplified to exponentially small error, and QMA (k)= QMA (2) for all k 2. ≥ We prove the nonexistence of “perfect disentanglers” for simulating multiple Merlins with • one. 1 Introduction Quantum entanglement is often described as a complicated, hard-to-understand resource. But ironically, many questions in quantum computing are easiest to answer assuming unlimited entan- glement, and become much more difficult if entanglement is not allowed! One way to understand this is that Hilbert space—the space of all quantum states—has extremely useful linear-algebraic properties, and when we restrict to the set of separable states we lose many of those properties.
    [Show full text]
  • QMA(2) Workshop— Tutorial 1 Bill Fefferman (Quics) Agenda
    QMA(2) workshop— Tutorial 1 Bill Fefferman (QuICS) Agenda I. Basics II. Known results III. Open questions/Next tutorial overview I. Basics I.1 Classical Complexity Theory • P • Class of problems efficiently solved on classical computer • NP • Class of problems with efficiently verifiable solutions P • Characterized by 3SAT • Input: Ψ:{0,1}n→{0,1} NP • n-variable 3-CNF formula • E.g., (x1∨x2∨x3)∧(x1∨−x2∨x6)∧... • Problem: ∃x1,x2,...,xn so that Ψ(x)=1? • Could use a box solving 3SAT to solve any problem in NP 4 I.2 Merlin-Arthur �∈{0,1}p(n) • “Randomized generalization” of NP • Can think of a game between all-knowing but potentially dishonest Merlin trying to prove statement to efficient randomized classical computer (Arthur) • If statement is true, there exists a polynomial length classical bitstring or “witness” to convince Arthur to accept with high probability (Completeness) • If statement is false, then every “witness” is rejected by Arthur with high probability (Soundness) • Under commonly believed derandomization hypothesis MA=NP 5 I.3 Quantum Merlin-Arthur • QMA: Same setup, now Arthur is BQP machine, |ψ⟩ witness is polynomial qubit quantum state • Formally: QMAm is the class of promise problems L=(Lyes,Lno) so that: • There exists a uniform verifier {�#}#∈{&,(}* of polynomial size that acts on O(m(|x|)+k(|x|)) qubits (for k∈poly(n)): k k x Lyes 0 Vx† 1 1 outVx 0 2/3 2 )9| i h | ⌦h k | | ih | | i⌦| k i ≥ x L 0 V † 1 1 V 0 1/3 2 no )8| i h | ⌦h | x | ih |out x | i⌦| i • “Quantum analogue” of NP • k-Local Hamiltonian problem is QMA-complete (when k≥2) [Kitaev ’02] / • Input: � = ∑.0( �., each term �.
    [Show full text]
  • Pseudorandom Quantum States
    Pseudorandom Quantum States Zhengfeng Ji1, Yi-Kai Liu2, and Fang Song3 1 Centre for Quantum Software and Information, School of Software, Faculty of Engineering and Information Technology, University of Technology Sydney, NSW, Australia [email protected] 2 Joint Center for Quantum Information and Computer Science (QuICS), National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, and University of Maryland, College Park, MD, USA [email protected] 3 Computer Science Department, Portland State University, Portland, OR, USA [email protected] Abstract. We propose the concept of pseudorandom quantum states, which appear random to any quantum polynomial-time adversary. It offers a computational approximation to perfectly random quantum states anal- ogous in spirit to cryptographic pseudorandom generators, as opposed to statistical notions of quantum pseudorandomness that have been studied previously, such as quantum t-designs analogous to t-wise independent distributions. Under the assumption that quantum-secure one-way functions exist, we present efficient constructions of pseudorandom states, showing that our definition is achievable. We then prove several basic properties of pseudorandom states, which show the utility of our definition. First, we show a cryptographic no-cloning theorem: no efficient quantum al- gorithm can create additional copies of a pseudorandom state, when given polynomially-many copies as input. Second, as expected for ran- dom quantum states, we show that pseudorandom quantum states are highly entangled on average. Finally, as a main application, we prove that any family of pseudorandom states naturally gives rise to a private-key quantum money scheme. 1 Introduction Pseudorandomness is a foundational concept in modern cryptography and theo- retical computer science.
    [Show full text]
  • Quantum Machine Learning
    Chapter 10 Quantum machine learning Quantum computing and machine learning are arguably two of the “hottest” topics in science at the moment. Here in Sweden, this is reflected in the fact that the two largest programs supported by the Knut and Alice Wallenberg foundation are centered around quantum technologies and artificial intelligence. In this chapter, we will discuss efforts to combine the two fields into quantum machine learning. Since this is a course about quantum algorithms, we do not cover applications of classical machine learning to simulating and understanding quantum systems, but focus instead on how machine learning can be enhance by quantum computation. We begin with a brief overview of classical machine learning and then study some examples of quantum machine learning algorithms. 10.1 A brief overview of classical machine learning What is machine learning? With the success of, and hype around, machine learning in recent years, there are examples of companies and researchers calling many things “machine learning” that would have been called something else a few years ago. According to Wikipedia, “Machine learning is the scientific study of algorithms and statistical models that computer systems use to perform a specific task without using explicit instructions, relying on patterns and inference instead”. We like the following definition (source unknown): “Machine learning studies algorithms whose performance improves with data (‘learning from experience’)”. 10.1.1 Types of machine learning Broadly speaking, there are three paradigms in machine learning for extracting meaning from some data: Unsupervised learning: Learning structure in P (data) given samples from P (data). Here, the • machine learning is used to generate knowledge by analyzing unlabelled data.
    [Show full text]
  • Quantum Cryptography
    QFFF DISSERTATION IMPERIAL COLLEGE LONDON DEPARTMENT OF PHYSICS Quantum Cryptography Author: Supervisor: Yoann PIÉTRI Jonathan HALLIWELL September 25, 2020 Submitted in partial fulfillment of the requirements for the degree of Master of Science of Imperial College London. Abstract In this paper, we review how the laws of Quantum Mechanics allow creating unconditionally secure protocols in cryptography, i.e. protocols where the security is ensured by physical laws and bounds and not on some computationally hard problems. We first review the use of Quantum Mechanics to perform unconditionally secure secret key distribution, and we then extend the ideas to other cryptographic tasks including public-key cryptography, digital signatures, and fingerprinting. Acknowledgements I would like to thanks everyone in the Theoretical Physics group for this year. I have learned a lot and it was a good ending after two years of engineering school. I thank Jonathan HALLIWELL for supervising this dissertation. I also would like to thank my family for their endless support and their help which allowed me to study in the United Kingdom this year. And finally, special thanks to Nada KAFIA, without whom I wouldn’t have gotten over these difficult times. Contents Abstract 2 Acknowledgements 3 1 Introduction 6 1.1 The beginnings of cryptography.............................6 1.2 Modern Cryptography..................................7 1.3 Quantum computer or the end of cryptography?....................9 1.4 Post-Quantum Cryptography............................... 10 2 Preliminaries 12 2.1 Notations......................................... 12 2.2 Quantum gates...................................... 13 2.3 Measurement....................................... 15 2.4 No-cloning theorem................................... 15 2.5 Conjugate coding.................................... 16 2.6 Entanglement, EPR paradox and BELL inequalities..................
    [Show full text]