A New High-Dimensional Quantum Entropic Uncertainty Relation with Applications
Total Page:16
File Type:pdf, Size:1020Kb
A New High-Dimensional Quantum Entropic Uncertainty Relation with Applications Walter O. Krawec University of Connecticut Department of Computer Science and Engineering Storrs, CT, USA 06269 Email: [email protected] Abstract—In this paper we derive a new quantum entropic [14] that it can be extended to more general areas of quantum uncertainty relation, bounding the conditional smooth quantum information theory. In particular we proved a quantum entropic min entropy based on the result of a measurement using a uncertainty relation, however our previous relation from [14] two outcome POVM and the failure probability of a classical sampling strategy. Our relation works for systems of arbitrary was only applicable to qubits (dimension two systems) and did dimension. We apply it to analyze a new source independent not involve the conditional min entropy. As we consider condi- quantum random number generation protocol and show our tional entropy here, our new bound is immediately applicable relation provides optimistic results compared to prior work. to quantum cryptographic applications. We demonstrate this This is a (slightly) extended version of a paper to appear by considering and analyzing a new high-dimensional source in IEEE ISIT 2020. independent quantum random number generator (QRNG). Thanks to our new entropic uncertainty relation, and in par- I. INTRODUCTION ticular it’s need for only a two-outcome POVM in one of Quantum entropic uncertainty relations have numerous ap- the measurements, our new QRNG does not require a full plications in quantum information, communication, and cryp- basis measurement in the test case making it potentially more tography. Informally, typical relations of this kind bound practical (though, we stress, we are not interested in practical the amount of uncertainty in two different measurements issues in this paper, only theoretical analyses). We show performed on a quantum system. This bound is typically a that our new bound provides very optimistic random number function of the overlap between the measurements performed. generation rates when compared to other high dimensional Though there are many varieties [1]–[6] (just to list a few - QRNG’s, even considering our protocol’s simplicity in its see [7]–[9] for a general survey). quantum capabilities. Conditional quantum min entropy (which we define for- Our main result is described formally in Theorem 2. At mally later but denote H1(AjE)) is a very useful resource a high level, our main result shows that for a given quantum in quantum cryptography [10] and so discovering new uncer- state ρAE (which is not necessarily i.i.d.), where the A register tainty bounds involving the min entropy of a system is impor- acts on n + m copies of a d-dimensional Hilbert space, if tant in various applications (though, outside of applications, one were to measure part of the A system using a particular such bounds are also interesting in and of themselves). For two-outcome POVM, then, with high probability, one can instance, a useful quantum min entropy uncertainty relation bound the min entropy in the remaining unmeasured portion was shown in [2] and states that H1(ZjE)+Hmax(XjB) ≥ γ, of the partially measurement state should a measurement where γ is a function of the overlap of the two measurements in a d dimensional basis be performed on the remaining arXiv:2005.04773v2 [quant-ph] 23 May 2020 (used to produce registers Z and X respectively) and Hmax is system. This bound is a function of the observed outcome of the max entropy [10]–[12]. Such a relation may be used, for the POVM measurement (in particular, the Hamming weight instance, to bound an adversary’s uncertainty on a quantum of this outcome) and also a function of the measurements system given that the X and B registers are highly correlated. performed. This has interesting cryptographic applications as In this work, we introduce a new quantum uncertainty it allows one to argue about the entropy in partially measured relation, bounding the conditional quantum min entropy of states given a particular measurement outcome, with high a system based on the Hamming weight of a measurement probability. Due to the two-outcome nature of the POVM case, outcome performed using a two-outcome POVM and the error it also allows for easy analysis of cryptographic primitives probability of a classical sampling technique. Our relation where users do not need to distinguish all d basis states in a applies to systems of arbitrary, but known and finite, dimen- “test” case. Experimentally, one need only distinguish a single sion. To our knowledge this form of uncertainty relation has basis state for the test basis and a full basis measurement, not been discovered before. To prove our relation, we utilize in an alternative, potentially easier to distinguish, basis, for a quantum sampling framework introduced by Bouman and the subsequent measurement. That is, one need not be able to Fehr in [13]. This sampling framework was used in [13] to distinguish all basis states in two different bases. This may lead prove the security of BB84. Only recently, we discovered in to simpler cryptographic protocols and we show an example in this work. Above, IA is the identity operator on HA and X ≥ 0 implies We make several contributions in this work. First, we derive that X is positive semi-definite. If the E system is trivial, it a new quantum entropic uncertainty relation, relating condi- can be shown that H1(A)ρ = − log λmax, where λmax is the tional min entropy and the Hamming weight of a measure- maximal eigenvalue of ρ. If ρ is a classical state (i.e., ρA = P ment outcome performed through a two-outcome measurement x px[x] for some orthonormal basis fjxig), then H1(A)ρ = (regardless of the dimension of the underlying system). Our − log max px. The smooth min entropy, denoted H1(AjE)ρ relation is connected to the quantum sampling framework is defined as [10]: introduced in [13] thus showing, in addition to our prior work in [14], that this sampling framework has strong potential for H1(AjE)ρ = sup H1(AjE)σ; σ2Γ(ρ) applications in general quantum information theory while also showing a fascinating connection between classical and quan- where: tum science. Finally, we analyze a new source-independent Γ(ρ) = fσ j jjσ − ρjj ≤ g; QRNG protocol using high dimensional quantum states, which and jjXjj is the trace distance of operator X. is also potentially more practical than prior protocols in this Let Z = fjiig be an orthonormal basis of HA and let ρAE setting. We use our entropic uncertainty relation to prove be some density operator. Then we write H (ZjE) to mean the security of this protocol and show it can support very 1 ρ the conditional min entropy of the state ρZE which results optimistic bit generation rates. In fact, for many settings, our from a measurement of the A system using basis Z. If ρ new protocol, thanks to our new entropic uncertainty relation, AE is pure (i.e., ρAE = [ ]), then we may write H1(ZjE) . can actually outperform more complex protocols. This shows Similarly for the smooth min entropy. the great potential benefits of using quantum sampling based Given a quantum-classical state ρAC of the form ρAC = entropic uncertainty relations as discussed here and in our PN c c=0 pcρA ⊗ [c], then it is easy to prove from the definition previous work [14]. of min entropy that: A. Notation H1(AjC)ρ ≥ min H1(A)ρc : (3) We begin by introducing some notation and concepts we c A will use. Let Ad = f0; 1; ··· ; d − 1g be an alphabet of size Min-entropy is a very useful quantity to measure and has d (the exact characters do not matter so long as there is a many applications. In quantum cryptography, one may use N distinguished “0” element). Given q 2 Ad , and a subset min-entropy to determine how many uniform independent t = ft1; ··· ; tmg of f1; 2; ··· ;Ng, we write qt to mean the random bits may be extracted from a quantum state. In substring of q indexed by t, namely qt = qt1 ··· qtm . We use particular, through a privacy amplification process, one may q−t to mean the substring of q indexed by the complement take as input a classical-quantum (cq) state ρAE and process of t. We define the Hamming weight of q to be the number the A register which is N bits long to transform it into the of non-zero characters in q. The relative Hamming weight of cq-state σKE, where the K register is ` bits long by hashing q, denoted w(q) is the number of non-zero characters in q it through a two-universal hash function. Then, as shown in divided by the total number of characters in q. That is: [10], it holds that: 1 w(q) = jfi j q 6= 0gj=jqj: (1) ` − 2 (H1(AjE)ρ−`) i σKE − IK =2 ⊗ σE ≤ 2 + 2. (4) A density operator acting on Hilbert space H is a Hermitian An important lemma concerning min-entropy was proven in positive semi-definite operator of unit trace. Given element [13] (also based on a Lemma from [10]). j i 2 H, we write [ ] to mean the projector j i h j. We use Hd to denote a d-dimensional Hilbert space. Lemma 1. (From [13]): Let Z = fjiig and X = fjxiig The Shannon entropy of a random variable X is denoted be two orthonormal bases of HZ . Then for any pure state P H(X). The d-ary entropy function, denoted hd(x) for x 2 j i = i2J αi jii ⊗ jφiiE 2 HZ ⊗ HE (where jφiiE are [0; 1] is defined to be: arbitrary, normalized, states in HE), if we define the mixed P 2 state ρ = i2J jαij [i] ⊗ [φi], then: hd(x) = x logd(d − 1) − x logd x − (1 − x) logd(1 − x): H (XjE) ≥ H (XjE) − log jJj: We also define the extended d-ary entropy function, denoted 1 1 ρ 2 ¯ Hd(x), for any x 2 R, as: II.