Relativistic Quantum Cryptography
Total Page:16
File Type:pdf, Size:1020Kb
Relativistic quantum cryptography JĘDRZEJ KANIEWSKI (MMath, University of Cambridge) A thesis submitted in fulfilment of the requirements for the degree of Doctor of Philosophy in the Centre for Quantum Technologies National University of Singapore arXiv:1512.00602v1 [quant-ph] 2 Dec 2015 2015 Declaration I hereby declare that this thesis is my original work and has been written by me in its entirety. I have duly acknowledged all the sources of information which have been used in the thesis. This thesis has also not been submitted for any degree in any university previously. Jędrzej Kaniewski 9 September 2015 i Acknowledgements I would like to thank my supervisor, Stephanie Wehner, for the opportunity to conduct a PhD in quantum information. I am grateful for her time, effort and resources invested in my education. Working with her and being part of her active and diverse research group made the last four years a great learning experience. The fact that I was even able to apply for PhD positions is largely thanks to my brilliant and inspiring undergraduate supervisor, mentor and friend, Dr Peter Wothers MBE. I am particularly grateful for his supportive attitude when I decided to dedicate myself to quantum information. I am grateful to St. Catharine’s College for a wonderful university experience and several long-lasting friendships. I would like to thank my collaborators, Félix Bussières, Patrick J. Coles, Serge Fehr, Nicolas Gisin, Esther Hänggi, Raphael Houlmann, Adrian Kent, Troy Lee, Tommaso Lunghi, Atul Mantri, Nathan McMahon, Gerard Milburn, Corsin Pfister, Robin Schmucker, Marco Tomamichel, Ronald de Wolf and Hugo Zbinden, who made research enjoyable and from whom I have learnt a lot. I am also indebted to Corsin Pfister and Le Phuc Thinh, who have read a pre- liminary version of this thesis, and Tommaso Lunghi and Laura Mančinska, who have given comments on parts of it. Special thanks go to Evon Tan for being the omnipresent good spirit of CQT. Her incredible problem-solving skills allowed me to focus on research and contributed greatly to the scientific output of this thesis. I would like to thank Valerio Scarani for being approachable and always happy to talk about various aspects of quantum information and the scientific world in general. I am grateful to my examiners: Anne Broadbent, Marcin Pawłowski and Miklos Santha for the careful reading of this thesis and providing stimulating feedback. I would like to thank Alexandre Roulet, Jamie Sikora, Marco Tomamichel and Marek Wajs for useful comments on the defence presentation. Dziękuję Markowi Wajsowi za nieocenioną pomoc przy drukowaniu i składaniu doktoratu. Arturowi Ekertowi chciałbym podziękować za czas, wsparcie i konkretne wskazówki w chwilach zwątpienia. iii Choć to już parę lat chciałbym również gorąco podziękować Krzysztofowi Kuśmier- czykowi, Annie Mazurkiewicz i Bognie Lubańskiej za czas i wysiłek włożony w moją edukację oraz za bycie źródłem motywacji i inspiracji. Wszystko to, co udało mi się osiągnąć, jest oparte na solidnych licealnych fundementach i bez ich wkładu nie byłoby możliwe. Chcę także podziękować Poniatówce za niezapomniane trzy lata i wiele przyjaźni, które trwają do dzisiaj. Jackowi Jemielitemu chciałbym podziękować za pierwsze spotkanie z nauką z prawdziwego zdarzenia, niespotykaną wytrwałość i cierpliwość a przede wszystkim za unikalne na skalę światową poczucie humoru, którego często mi brakuje. Doktorat dedykuję w całości Mamie, Tacie, Siostrze i Bratu, bez wsparcia których to przełomowe dzieło nigdy by nie powstało. iv Abstract Special relativity states that information cannot travel faster than the speed of light, which means that communication between agents occupying distinct locations incurs some minimal delay. Alternatively, we can see it as temporary communication constraints between distinct agents and such constraints turn out to be useful for cryptographic purposes. In relativistic cryptography we consider protocols in which interactions occur at distinct locations at well-defined times and we investigate why such a setting allows to implement primitives which would not be possible otherwise. Relativistic cryptography is closely related to non-communicating models, which have been extensively studied in theoretical computer science. Therefore, we start by discussing non-communicating models and its applications in the context of in- teractive proofs and cryptography. We find which non-communicating models might be useful for the purpose of bit commitment, propose suitable bit commitment pro- tocols and investigate their limitations. We explain how some non-communicating models can be justified by special relativity and study what consequences such a translation brings about. In particular, we present a framework for analysing secu- rity of multiround relativistic protocols. We show that while the analysis of classical protocols against classical adversaries is tractable, the case of quantum protocols or quantum adversaries in a classical protocol constitutes a significantly harder task. The second part of the thesis is dedicated to analysing specific protocols. We start by considering a recently proposed two-round quantum bit commitment pro- tocol. We start by proving security under the assumption that idealised devices (single-photon source, perfect detectors) are available. Then, we propose a fault- tolerant variant of the protocol which can be implemented using realistic devices (weak-coherent source, noisy and inefficient detectors) and present a security anal- ysis which takes into account losses, errors, multiphoton pulses, etc. We also report on an experimental implementation performed in collaboration with an experimental group at the University of Geneva. In the last part we focus on classical schemes. We start by analysing a known two-round classical protocol and we show that successful cheating is equivalent to winning a certain non-local game. This is interesting as it demonstrates that even if the protocol is entirely classical, it might be advantageous for the adversary to v use quantum systems. We also propose a new, multiround classical bit commitment protocol and prove its security against classical adversaries. The advantage of the multiround protocol is that it allows us to increase the commitment time without changing the locations of the agents. This demonstrates that in the classical world an arbitrary long commitment can be achieved even if the agents are restricted to occupy a finite region of space. Moreover, the protocol is easy to implement and we discuss an experiment performed in collaboration with the Geneva group. We conclude with a brief summary of the current state of knowledge on relativis- tic cryptography and some interesting open questions that might lead to a better understanding of the exact power of relativistic models. vi List of publications This thesis is based on three publications. Chapters 3 and 4 are based on • Secure bit commitment from relativistic constraints [arXiv:1206.1740] J. Kaniewski, M. Tomamichel, E. Hänggi and S. Wehner IEEE Transactions on Information Theory 59, 7 (2013). (presented at QCrypt ’12) Chapter 5 is based on • Experimental bit commitment based on quantum communication and special relativity [arXiv:1306.4801] T. Lunghi, J. Kaniewski, F. Bussières, R. Houlmann, M. Tomamichel, A. Kent, N. Gisin, S. Wehner and H. Zbinden Physical Review Letters 111, 180504 (2013). (presented at QCrypt ’13) Chapter 6 is based on • Practical relativistic bit commitment [arXiv:1411.4917] T. Lunghi, J. Kaniewski, F. Bussières, R. Houlmann, M. Tomamichel, S. Wehner and H. Zbinden Physical Review Letters 115, 030502 (2015). (presented at QCrypt ’14) During his graduate studies the author has also contributed to the following publi- cations. 1. Query complexity in expectation [arXiv:1411.7280] J. Kaniewski, T. Lee and R. de Wolf Automata, Languages, and Programming: Proceedings of ICALP ’15, Lecture Notes in Computer Science 9134 (2015). 2. Equivalence of wave-particle duality to entropic uncertainty [arXiv:1403.4687] P. J. Coles, J. Kaniewski and S. Wehner vii Nature Communications 5, 5814 (2014). (presented at AQIS ’14) 3. Entropic uncertainty from effective anticommutators [arXiv:1402.5722] J. Kaniewski, M. Tomamichel and S. Wehner Physical Review A 90, 012332 (2014). (presented at AQIS ’14 and QCrypt ’14) 4. A monogamy-of-entanglement game with applications to device-independent quantum cryptography [arXiv:1210.4359] M. Tomamichel, S. Fehr, J. Kaniewski and S. Wehner New Journal of Physics 15, 103002 (2013). (presented at Eurocrypt ’13 and QCrypt ’13) viii Contents Notation and list of symbols1 1 Introduction3 1.1 Cryptography . .3 1.2 Quantum information theory . .8 1.3 Quantum cryptography . 10 1.4 Outline . 13 2 Preliminaries 15 2.1 Notation and miscellaneous lemmas . 15 2.1.1 Strings of bits . 15 2.1.2 Cauchy-Schwarz inequality for probabilities . 16 2.1.3 Chernoff bound for the binomial distribution . 17 2.2 Quantum mechanics . 17 2.2.1 Linear algebra . 17 2.2.2 Quantum formalism . 19 2.2.3 Remote state preparation . 22 2.3 Multiplayer games . 24 2.3.1 Classical and quantum strategies . 24 2.3.2 Finite fields . 26 2.3.3 Definition of the game . 27 2.3.4 Relation to multivariate polynomials over finite fields . 28 2.3.5 A recursive upper bound on the classical value . 29 2.4 Cryptographic protocols and implementations . 30 2.5 Bit commitment . 33 2.5.1 Formal definition . 34 2.5.2 The Mayers-Lo-Chau impossibility result . 37 3 Non-communicating models 41 3.1 Interactive proof systems . 42 3.2 Applications in cryptography . 45 ix CONTENTS 3.3 Commitment schemes . 47 4 Relativistic protocols 53 4.1 Non-communicating schemes in the relativistic setting . 55 4.2 Explicit analysis of relativistic protocols . 59 4.2.1 Classical players . 61 4.2.2 Quantum players . 62 4.2.3 Quantum relativistic protocols . 63 4.3 Limitations of relativistic cryptography . 64 5 Bit commitment by transmitting measurement outcomes 67 5.1 The original protocol . 68 5.1.1 Correctness . 70 5.1.2 Security for honest Alice . 71 5.1.3 Security for honest Bob .