Relativistic Quantum Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Relativistic Quantum Cryptography Relativistic quantum cryptography JĘDRZEJ KANIEWSKI (MMath, University of Cambridge) A thesis submitted in fulfilment of the requirements for the degree of Doctor of Philosophy in the Centre for Quantum Technologies National University of Singapore arXiv:1512.00602v1 [quant-ph] 2 Dec 2015 2015 Declaration I hereby declare that this thesis is my original work and has been written by me in its entirety. I have duly acknowledged all the sources of information which have been used in the thesis. This thesis has also not been submitted for any degree in any university previously. Jędrzej Kaniewski 9 September 2015 i Acknowledgements I would like to thank my supervisor, Stephanie Wehner, for the opportunity to conduct a PhD in quantum information. I am grateful for her time, effort and resources invested in my education. Working with her and being part of her active and diverse research group made the last four years a great learning experience. The fact that I was even able to apply for PhD positions is largely thanks to my brilliant and inspiring undergraduate supervisor, mentor and friend, Dr Peter Wothers MBE. I am particularly grateful for his supportive attitude when I decided to dedicate myself to quantum information. I am grateful to St. Catharine’s College for a wonderful university experience and several long-lasting friendships. I would like to thank my collaborators, Félix Bussières, Patrick J. Coles, Serge Fehr, Nicolas Gisin, Esther Hänggi, Raphael Houlmann, Adrian Kent, Troy Lee, Tommaso Lunghi, Atul Mantri, Nathan McMahon, Gerard Milburn, Corsin Pfister, Robin Schmucker, Marco Tomamichel, Ronald de Wolf and Hugo Zbinden, who made research enjoyable and from whom I have learnt a lot. I am also indebted to Corsin Pfister and Le Phuc Thinh, who have read a pre- liminary version of this thesis, and Tommaso Lunghi and Laura Mančinska, who have given comments on parts of it. Special thanks go to Evon Tan for being the omnipresent good spirit of CQT. Her incredible problem-solving skills allowed me to focus on research and contributed greatly to the scientific output of this thesis. I would like to thank Valerio Scarani for being approachable and always happy to talk about various aspects of quantum information and the scientific world in general. I am grateful to my examiners: Anne Broadbent, Marcin Pawłowski and Miklos Santha for the careful reading of this thesis and providing stimulating feedback. I would like to thank Alexandre Roulet, Jamie Sikora, Marco Tomamichel and Marek Wajs for useful comments on the defence presentation. Dziękuję Markowi Wajsowi za nieocenioną pomoc przy drukowaniu i składaniu doktoratu. Arturowi Ekertowi chciałbym podziękować za czas, wsparcie i konkretne wskazówki w chwilach zwątpienia. iii Choć to już parę lat chciałbym również gorąco podziękować Krzysztofowi Kuśmier- czykowi, Annie Mazurkiewicz i Bognie Lubańskiej za czas i wysiłek włożony w moją edukację oraz za bycie źródłem motywacji i inspiracji. Wszystko to, co udało mi się osiągnąć, jest oparte na solidnych licealnych fundementach i bez ich wkładu nie byłoby możliwe. Chcę także podziękować Poniatówce za niezapomniane trzy lata i wiele przyjaźni, które trwają do dzisiaj. Jackowi Jemielitemu chciałbym podziękować za pierwsze spotkanie z nauką z prawdziwego zdarzenia, niespotykaną wytrwałość i cierpliwość a przede wszystkim za unikalne na skalę światową poczucie humoru, którego często mi brakuje. Doktorat dedykuję w całości Mamie, Tacie, Siostrze i Bratu, bez wsparcia których to przełomowe dzieło nigdy by nie powstało. iv Abstract Special relativity states that information cannot travel faster than the speed of light, which means that communication between agents occupying distinct locations incurs some minimal delay. Alternatively, we can see it as temporary communication constraints between distinct agents and such constraints turn out to be useful for cryptographic purposes. In relativistic cryptography we consider protocols in which interactions occur at distinct locations at well-defined times and we investigate why such a setting allows to implement primitives which would not be possible otherwise. Relativistic cryptography is closely related to non-communicating models, which have been extensively studied in theoretical computer science. Therefore, we start by discussing non-communicating models and its applications in the context of in- teractive proofs and cryptography. We find which non-communicating models might be useful for the purpose of bit commitment, propose suitable bit commitment pro- tocols and investigate their limitations. We explain how some non-communicating models can be justified by special relativity and study what consequences such a translation brings about. In particular, we present a framework for analysing secu- rity of multiround relativistic protocols. We show that while the analysis of classical protocols against classical adversaries is tractable, the case of quantum protocols or quantum adversaries in a classical protocol constitutes a significantly harder task. The second part of the thesis is dedicated to analysing specific protocols. We start by considering a recently proposed two-round quantum bit commitment pro- tocol. We start by proving security under the assumption that idealised devices (single-photon source, perfect detectors) are available. Then, we propose a fault- tolerant variant of the protocol which can be implemented using realistic devices (weak-coherent source, noisy and inefficient detectors) and present a security anal- ysis which takes into account losses, errors, multiphoton pulses, etc. We also report on an experimental implementation performed in collaboration with an experimental group at the University of Geneva. In the last part we focus on classical schemes. We start by analysing a known two-round classical protocol and we show that successful cheating is equivalent to winning a certain non-local game. This is interesting as it demonstrates that even if the protocol is entirely classical, it might be advantageous for the adversary to v use quantum systems. We also propose a new, multiround classical bit commitment protocol and prove its security against classical adversaries. The advantage of the multiround protocol is that it allows us to increase the commitment time without changing the locations of the agents. This demonstrates that in the classical world an arbitrary long commitment can be achieved even if the agents are restricted to occupy a finite region of space. Moreover, the protocol is easy to implement and we discuss an experiment performed in collaboration with the Geneva group. We conclude with a brief summary of the current state of knowledge on relativis- tic cryptography and some interesting open questions that might lead to a better understanding of the exact power of relativistic models. vi List of publications This thesis is based on three publications. Chapters 3 and 4 are based on • Secure bit commitment from relativistic constraints [arXiv:1206.1740] J. Kaniewski, M. Tomamichel, E. Hänggi and S. Wehner IEEE Transactions on Information Theory 59, 7 (2013). (presented at QCrypt ’12) Chapter 5 is based on • Experimental bit commitment based on quantum communication and special relativity [arXiv:1306.4801] T. Lunghi, J. Kaniewski, F. Bussières, R. Houlmann, M. Tomamichel, A. Kent, N. Gisin, S. Wehner and H. Zbinden Physical Review Letters 111, 180504 (2013). (presented at QCrypt ’13) Chapter 6 is based on • Practical relativistic bit commitment [arXiv:1411.4917] T. Lunghi, J. Kaniewski, F. Bussières, R. Houlmann, M. Tomamichel, S. Wehner and H. Zbinden Physical Review Letters 115, 030502 (2015). (presented at QCrypt ’14) During his graduate studies the author has also contributed to the following publi- cations. 1. Query complexity in expectation [arXiv:1411.7280] J. Kaniewski, T. Lee and R. de Wolf Automata, Languages, and Programming: Proceedings of ICALP ’15, Lecture Notes in Computer Science 9134 (2015). 2. Equivalence of wave-particle duality to entropic uncertainty [arXiv:1403.4687] P. J. Coles, J. Kaniewski and S. Wehner vii Nature Communications 5, 5814 (2014). (presented at AQIS ’14) 3. Entropic uncertainty from effective anticommutators [arXiv:1402.5722] J. Kaniewski, M. Tomamichel and S. Wehner Physical Review A 90, 012332 (2014). (presented at AQIS ’14 and QCrypt ’14) 4. A monogamy-of-entanglement game with applications to device-independent quantum cryptography [arXiv:1210.4359] M. Tomamichel, S. Fehr, J. Kaniewski and S. Wehner New Journal of Physics 15, 103002 (2013). (presented at Eurocrypt ’13 and QCrypt ’13) viii Contents Notation and list of symbols1 1 Introduction3 1.1 Cryptography . .3 1.2 Quantum information theory . .8 1.3 Quantum cryptography . 10 1.4 Outline . 13 2 Preliminaries 15 2.1 Notation and miscellaneous lemmas . 15 2.1.1 Strings of bits . 15 2.1.2 Cauchy-Schwarz inequality for probabilities . 16 2.1.3 Chernoff bound for the binomial distribution . 17 2.2 Quantum mechanics . 17 2.2.1 Linear algebra . 17 2.2.2 Quantum formalism . 19 2.2.3 Remote state preparation . 22 2.3 Multiplayer games . 24 2.3.1 Classical and quantum strategies . 24 2.3.2 Finite fields . 26 2.3.3 Definition of the game . 27 2.3.4 Relation to multivariate polynomials over finite fields . 28 2.3.5 A recursive upper bound on the classical value . 29 2.4 Cryptographic protocols and implementations . 30 2.5 Bit commitment . 33 2.5.1 Formal definition . 34 2.5.2 The Mayers-Lo-Chau impossibility result . 37 3 Non-communicating models 41 3.1 Interactive proof systems . 42 3.2 Applications in cryptography . 45 ix CONTENTS 3.3 Commitment schemes . 47 4 Relativistic protocols 53 4.1 Non-communicating schemes in the relativistic setting . 55 4.2 Explicit analysis of relativistic protocols . 59 4.2.1 Classical players . 61 4.2.2 Quantum players . 62 4.2.3 Quantum relativistic protocols . 63 4.3 Limitations of relativistic cryptography . 64 5 Bit commitment by transmitting measurement outcomes 67 5.1 The original protocol . 68 5.1.1 Correctness . 70 5.1.2 Security for honest Alice . 71 5.1.3 Security for honest Bob .
Recommended publications
  • Imperfect Oblivious Transfer Extended Abstract
    Imperfect Oblivious Transfer Extended Abstract Ryan Amiri,1 Petros Wallden,2 and Erika Andersson1 1SUPA, Institute of Photonics and Quantum Sciences, Heriot-Watt University, Edinburgh EH14 4AS, United Kingdom∗ 2LFCS, School of Informatics, University of Edinburgh, 10 Crichton Street, Edinburgh EH8 9AB, United Kingdom I. INTRODUCTION Oblivious transfer (OT) is one of the most widely used and fundamental primitives in cryptography. Its importance stems from the fact that it can be used as the foundation for secure two-party computations; with oblivious transfer, all secure two-party computations are possible [1],[2]. Unfortunately, it has been shown that unconditionally secure oblivious transfer is not possible, and that even quantum mechanics cannot help [3], [4]. In fact, the results of Lo actually go further, and show that it is impossible to securely evaluate any one sided two-party computation. Since then it has been an interesting and productive open question to determine the optimal security parameters achievable for some important two-party computations. In this paper we address the theoretical question \How close to ideal can unconditionally secure OT protocols be?" Our paper contains two main contributions: 1. For general 2-round OT protocols, we increase the lower bound on the minimum cheating probabilities achievable for Alice and Bob, i.e. we show that any OT protocol with at most two rounds of (classical or quantum) communication must have a cheating probability of at least 2=3. If the states in the final round of the (honest) protocol are pure, this bound is increased to 0:749. In the case that the final round contains pure states, we extend our 0:749 bound to general N-round OT protocols.
    [Show full text]
  • The Case for Quantum Key Distribution
    The Case for Quantum Key Distribution Douglas Stebila1, Michele Mosca2,3,4, and Norbert Lütkenhaus2,4,5 1 Information Security Institute, Queensland University of Technology, Brisbane, Australia 2 Institute for Quantum Computing, University of Waterloo 3 Dept. of Combinatorics & Optimization, University of Waterloo 4 Perimeter Institute for Theoretical Physics 5 Dept. of Physics & Astronomy, University of Waterloo Waterloo, Ontario, Canada Email: [email protected], [email protected], [email protected] December 2, 2009 Abstract Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of either information-theoretically secure symmetric key authentication or computationally secure public key authentication: even when using public key authentication, we argue that QKD still offers stronger security than classical key agreement. 1 Introduction Since its discovery, the field of quantum cryptography — and in particular, quantum key distribution (QKD) — has garnered widespread technical and popular interest. The promise of “unconditional security” has brought public interest, but the often unbridled optimism expressed for this field has also spawned criticism and analysis [Sch03, PPS04, Sch07, Sch08]. QKD is a new tool in the cryptographer’s toolbox: it allows for secure key agreement over an untrusted channel where the output key is entirely independent from any input value, a task that is impossible using classical1 cryptography. QKD does not eliminate the need for other cryptographic primitives, such as authentication, but it can be used to build systems with new security properties.
    [Show full text]
  • The Parallel Universes Interpretation of Cosmology
    Cosmology, the Many Universes Interpretation of Quantum Mechanics and Immortality N H E PRINCE [email protected] July 1, 2016 Abstract Observational evidence suggests that the universe is infinite, geometrically flat, homogeneous and isotropic on large scales. Hence we should expect to find large numbers of identical copies of any object consistent with the laws of physics including conscious identities like people. Under suitable notions of continuity of identity, This would imply that immortality of these conscious identities is a consequence of functionalism. I argue that the same conclusion can be drawn using an Everett Deutsch interpretation of quantum mechanics. I also argue why this is the correct interpretation. Lewis’s “terrifying corollary” is reviewed and I discuss how Bostrom’s simulation argument, if correct, might mitigate our futures. 1 Introduction It has been referred to as “quantum physics dirty little secret” [1, p6] – perhaps because to publicise it might lead those people, who little understand it, to develop suicidal tendencies in the hope that they might get into a better universe – This is definitely not a good idea! We’ll look at this little secret in more detail later. But in order to do this we will need to develop some background. First it must be said that the word “worlds” is often used interchangeably for “universes” in the literature. It is not used to mean planets like our own parochial world. Also, the idea of an observation or experiment translates into ordinary language as “looking”, “listening”, “touching” etc. as well as for more technical approaches such as using Charge Coupled Devices to detect individual photons of light in astronomy or interferometry.
    [Show full text]
  • Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation
    applied sciences Article Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation Mariano Lemus 1,2, Mariana F. Ramos 3,4, Preeti Yadav 1,2, Nuno A. Silva 3,4 , Nelson J. Muga 3,4 , André Souto 2,5,6,* , Nikola Paunkovi´c 1,2 , Paulo Mateus 1,2 and Armando N. Pinto 3,4 1 Departamento de Matemática, Instituto Superior Técnico, Av. Rovisco Pais 1, 1049-001 Lisboa, Portugal; [email protected] (M.L.); [email protected] (P.Y.); [email protected] (N.P.); [email protected] (P.M.) 2 Instituto de Telecomunicações, Av. Rovisco Pais 1, 1049-001 Lisboa, Portugal 3 Departamento de Eletrónica, Telecomunicações e Informática, Universidade de Aveiro, Campus Universitário de Santiago, 3810-193 Aveiro, Portugal; [email protected] (M.F.R.); [email protected] (N.A.S.); [email protected] (N.J.M.); [email protected] (A.N.P.) 4 Instituto de Telecomunicações, Campus Universitário de Santiago, 3810-193 Aveiro, Portugal 5 Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Campo Grande 016, 1749-016 Lisboa, Portugal 6 LASIGE, Faculdade de Ciências da Universidade de Lisboa, Campo Grande 016, 1749-016 Lisboa, Portugal * Correspondence: [email protected] Received: 15 May 2020; Accepted: 10 June 2020; Published: 12 June 2020 Featured Application: Private data mining. Abstract: The oblivious transfer primitive is sufficient to implement secure multiparty computation. However, secure multiparty computation based on public-key cryptography is limited by the security and efficiency of the oblivious transfer implementation. We present a method to generate and distribute oblivious keys by exchanging qubits and by performing commitments using classical hash functions.
    [Show full text]
  • A Review on Quantum Cryptography and Quantum Key Distribution
    3rd International Conference on Multidisciplinary Research & Practice P a g e | 463 A Review on Quantum Cryptography and Quantum Key Distribution Ritu Rani Lecturer, Department of Physics, CRM Jat College, Hisar Abstract: - Quantum cryptography uses our current knowledge key. The main disadvantage of a secret-key cryptosystem is of physics to develop a cryptosystem that is not able to be related to the exchange of keys. Symmetric encryption is defeated - that is, one that is completely secure against being based on the exchange of a secret (keys). Secret key compromised without knowledge of the sender or the receiver of cryptography systems are often classified to be either stream the messages. Quantum cryptography promises to reform secure ciphers or block ciphers. Stream ciphers work on a single bit communication by providing security based on the elementary laws of physics, instead of the current state of mathematical at a time and also use some kind of feedback mechanism so algorithms or computing technology. This paper describes an that the key changes regularly. The goal of position-based overview about Quantum cryptography and Quantum key quantum cryptography is to use the geographical location of a distribution technology, and how this technology contributes to player as its (only) credential. A quantum cryptographic the network security. protocol is device-independent if its security does not rely on Keywords:- Quantum cryptography, public-key encryption, trusting that the quantum devices used are truthful. Thus the Secret key encryption, Quantum key distribution technology security analysis of such a protocol needs to consider scenarios of imperfect or even malicious devices.
    [Show full text]
  • Consciousness and the Collapse of the Wave Function∗
    Consciousness and the Collapse of the Wave Function∗ David J. Chalmers† and Kelvin J. McQueen‡ †New York University ‡Chapman University May 7, 2021 Abstract Does consciousness collapse the quantum wave function? This idea was taken seriously by John von Neumann and Eugene Wigner but is now widely dismissed. We develop the idea by combining a mathematical theory of consciousness (integrated information theory) with an account of quantum collapse dynamics (continuous spontaneous localization). Simple versions of the theory are falsified by the quantum Zeno effect, but more complex versions remain compatible with empirical evidence. In principle, versions of the theory can be tested by experiments with quantum com- puters. The upshot is not that consciousness-collapse interpretations are clearly correct, but that there is a research program here worth exploring. Keywords: wave function collapse, consciousness, integrated information theory, continuous spontaneous localization ∗Forthcoming in (S. Gao, ed.) Consciousness and Quantum Mechanics (Oxford University arXiv:2105.02314v1 [quant-ph] 5 May 2021 Press). Authors are listed in alphabetical order and contributed equally. We owe thanks to audiences starting in 2013 at Amsterdam, ANU, Cambridge, Chapman, CUNY, Geneva, G¨ottingen,Helsinki, Mississippi, Monash, NYU, Oslo, Oxford, Rio, Tucson, and Utrecht. These earlier presentations have occasionally been cited, so we have made some of them available at consc.net/qm. For feedback on earlier versions, thanks to Jim Holt, Adrian Kent, Kobi Kremnizer, Oystein Linnebo, and Trevor Teitel. We are grateful to Maaneli Derakhshani and Philip Pearle for their help with the mathematics of collapse models, and especially to Johannes Kleiner, who coauthored section 5 on quantum integrated information theory.
    [Show full text]
  • Arxiv:1806.01736V3 [Quant-Ph] 17 Dec 2018 State Originally Received
    Unconstrained Summoning for relativistic quantum information processing Adrian Kent Centre for Quantum Information and Foundations, DAMTP, Centre for Mathematical Sciences, University of Cambridge, Wilberforce Road, Cambridge, CB3 0WA, U.K. and Perimeter Institute for Theoretical Physics, 31 Caroline Street North, Waterloo, ON N2L 2Y5, Canada. (Dated: December 18, 2018) We define a summoning task to require propagating an unknown quantum state to a point in space-time belonging to a set determined by classical inputs at points in space-time. We consider the classical analogue, in which a known classical state must be returned at precisely one allowed point. We show that, when the inputs are unconstrained, any summoning task that is possible in the classical case is also possible in the quantum case. INTRODUCTION In the not necessarily distant future, many or most significant economic decisions may depend on algorithms that process information arriving around the world as efficiently and quickly as possible, given light speed signalling constraints. Such algorithms will need to decide not only whether to make a trade, but also when and where. Quantum money enables efficient transactions, by allowing a delocalized quantum money token effectively to be “summoned” to a given space-time point as a result of information distributed through space-time. There are also alternative technological solutions [1] in the form of token schemes that do not require long term quantum state storage and in some embodiments are based entirely on classical communication. This paper defines types of summoning task that naturally arise in relativistic economies, and shows that for an important and natural class of these tasks the two technologies have the same functionality.
    [Show full text]
  • Oblivious Transfer of Bits
    Oblivious transfer of bits Abstract. We consider the topic Oblivious transfer of bits (OT), that is a powerful primitive in modern cryptography. We can devide our project into these parts: In the first part: We would clarify the definition OT, we would give a precise characterization of its funcionality and use. Committed oblivious transfer (COT) is an enhancement involving the use of commitments, which can be used in many applications of OT covering particular malicious adversarial behavior, it cannot be forgotten. In the second part: We would describe the history of some important discoveries, that preceded present knowledge in this topic. Some famous discovers as Michael O. Rabin or Claude Crépeau could be named with their works. In the third part: For OT, many protocols covering the transfer of bits are known, we would introduce and describe some of them. The most known are Rabin's oblivious transfer protocol, 1-2 oblivious transfer, 1-n oblivious transfer. These would be explained with examples. In the fourth part: We also need to discuss the security of the protocols and attacs, that are comitted. Then security of mobile computing. In the fifth part: For the end, we would give some summary, also interests or news in this topic, maybe some visions to the future evolution. 1 Introduction Oblivious transfer of bits (often abbreviated OT) is a powerful primitive in modern cryptography especially in the context of multiparty computation where two or more parties, mutually distrusting each other, want to collaborate in a secure way in order to achieve a common goal, for instance, to carry out an electronic election, so this is its applicability.
    [Show full text]
  • Testing Causal Quantum Theory
    Testing Causal Quantum Theory Adrian Kent∗ Centre for Quantum Information and Foundations, DAMTP, Centre for Mathematical Sciences, University of Cambridge, Wilberforce Road, Cambridge, CB3 0WA, United Kingdom and Perimeter Institute for Theoretical Physics, 31 Caroline Street North, Waterloo, ON N2L 2Y5, Canada. Causal quantum theory assumes that measurements or collapses are well-defined physical pro- cesses, localised in space-time, and never give perfectly reliable outcomes and that the outcome of one measurement only influences the outcomes of others within its future light cone. Although the theory has unusual properties, it is not immediately evident that it is inconsistent with experiment to date. I discuss its implications and experimental tests. INTRODUCTION There are fairly compelling theoretical and experimental reasons [1{17] to believe that nature violates local causality and that local hidden variable theories are incorrect. However, while loopholes remain, the case is not quite conclusive. In particular, the collapse locality loophole [18] remains largely untested. Moreover, causal quantum theory [18] is a theoretically interesting example of a local hidden variable theory that remains consistent with Bell experiments to date by exploiting this loophole. Causal quantum theory assumes that measurements or collapses are well-defined physical processes, localised in space-time, and never give perfectly reliable outcomes. Unlike standard quantum theory, it also assumes that mea- surement outcomes respect a strong form of Minkowski or Einstein causality, in that the outcome of one measurement only affects the probability distributions for the outcomes of other measurements within its future light cone. This gives it very peculiar properties, which evoke the suspicion that it must already be excluded by experiments other than Bell experiments and/or cosmological observations.
    [Show full text]
  • Or, How to Share a Quantum Secret in Spacetime
    Localizing and excluding quantum informa- tion; or, how to share a quantum secret in spacetime Patrick Hayden1 and Alex May2 1Stanford University 2The University of British Columbia October 15, 2019 When can quantum information be localized to each of a collection of spacetime regions, while also excluded from another collection of regions? We answer this question by defining and analyzing the localize-exclude task, in which a quantum system must be localized to a collection of authorized regions while also being excluded from a set of unauthorized regions. This task is a spacetime analogue of quantum secret sharing, with authorized and unauthorized regions replacing authorized and unauthorized sets of parties. Our analysis yields the first quantum secret sharing scheme for arbitrary ac- cess structures for which the number of qubits required scales polynomially with the number of authorized sets. We also study a second related task called state-assembly, in which shares of a quantum system are requested at sets of spacetime points. We fully characterize the conditions under which both the localize-exclude and state-assembly tasks can be achieved, and give explicit protocols. Finally, we propose a cryptographic application of these tasks which we call party-independent transfer. Patrick Hayden: [email protected] arXiv:1806.04154v4 [quant-ph] 14 Oct 2019 Alex May: [email protected] Accepted in Quantum 2019-07-02, click title to verify 1 Contents 1 Introduction2 2 Localizing and excluding quantum information4 2.1 Localizing quantum information to many regions . 4 2.2 Localizing and excluding quantum information . 10 3 State-assembly 19 3.1 State-assembly with authorized regions .
    [Show full text]
  • Oblivious Transfer Is in Miniqcrypt
    Oblivious Transfer is in MiniQCrypt Alex B. Grilo∗ Huijia Liny Fang Songz Vinod Vaikuntanathan{ November 30, 2020 Abstract MiniQCrypt is a world where quantum-secure one-way functions exist, and quantum commu- nication is possible. We construct an oblivious transfer (OT) protocol in MiniQCrypt that achieves simulation-security in the plain model against malicious quantum polynomial-time adversaries, building on the foundational work of Bennett, Brassard, Cr´epeau and Skubiszewska (CRYPTO 1991). Combining the OT protocol with prior works, we obtain secure two-party and multi-party computation protocols also in MiniQCrypt. This is in contrast to the classical world, where it is widely believed that one-way functions alone do not give us OT. In the common random string model, we achieve a constant-round universally composable (UC) OT protocol. ∗Sorbonne Universit´e, CNRS, LIP6 y University of Washington z Portland State University { MIT Contents 1 Introduction 1 1.1 Technical Overview.....................................5 1.1.1 Organization of the Paper.............................. 11 2 Quantum Stand-alone Security Model 11 2.1 Modular Composition Theorem.............................. 13 3 Parallel OT with Unbounded Simulation from OWF 13 3.1 Stand-Alone-secure OT in Fso-com-hybrid model..................... 14 3.2 Parallel Repetition for Protocols with Straight-Line Simulation............. 14 3.3 Implementing Fso-com with unbounded Simulation................... 14 4 Extractable Commitment from Unbounded Simulation OT 16 4.1 Verifiable Conditional Disclosure of Secrets (vCDS)................... 16 4.2 CDS Protocol from Unbounded Simulation OT...................... 17 4.3 Extractable Commitment from CDS............................ 21 5 Multiparty (Quantum) Computation in MiniQCrypt 24 A Preliminaries 30 A.1 Basic ideal functionalities................................
    [Show full text]
  • Depictions of Quantum Reality in Kent's Interpretation of Quantum
    Depictions of Quantum Reality in Kent's Interpretation of Quantum Theory Brendan Marsh∗ Department of Applied Mathematics and Theoretical Physics, University of Cambridge, Wilberforce Road, Cambridge, CB3 0WA, U.K. At present, quantum theory leaves unsettled which quantities ontologically, physically exist in a quantum system. Do observables such as energy and position have meaningful values only at the precise moment of measurement, as in the Copenhagen interpretation? Or is position always definite and guided by the wave function, as in de Broglie-Bohm pilot wave theory? In the language of Bell, what are the \beables" of quantum theory and what values may they take in space and time? This is the quantum reality problem. A definitive answer requires not just describing which physical quantities exist in a quantum system, but describing what configurations of those quantities in space and time are allowed, and with what probability those configurations occur. Adrian Kent sets out a new vision of quantum theory along these lines. His interpretation supplements quantum theory to infer the value of physical quantities in spacetime from the asymptotic late-time behavior of the quantum system. In doing so, a Lorentz-covariant and single-world solution to the quantum reality problem is achieved. In this paper, the framework of Kent's interpretation is presented from the ground up. After a broad overview, a derivation of the generalized Aharonov-Bergmann- Lebowitz (ABL) rule is provided before applying Kent's interpretation to toy model systems, in both relativistic and non-relativistic settings. By adding figures and discussion, a broad introduction is provided to Kent's proposed interpretation of quantum theory.
    [Show full text]