1 / 25

Cryptography and Non-Locality

Cryptography and Non-Locality. Ekert. Barrett. Acín. Gisin. Hardy. Masanes. Kent. Pironio. Winter. Massar. Wolf. Hänggi. Brunner. Valerio Scarani Centre for Quantum Technologies National University of Singapore. Ph.D. and post-doc positions available. Outline.

gamada
Download Presentation

Cryptography and Non-Locality

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographyand Non-Locality Ekert Barrett Acín Gisin Hardy Masanes Kent Pironio Winter Massar Wolf Hänggi Brunner Valerio Scarani Centre for Quantum Technologies National University of Singapore Ph.D. and post-doc positions available

  2. Outline • Part 1: Motivation • Secure communication based only on compulsory assumptions and observation • Part 2: Tools • From cryptography • From non-locality • Part 3:Results • Security against quantum Eve • Security against post-quantum Eve

  3. Part 1Motivation

  4. Alice Bob K=1000100011110101 K=1000100011110101 The task: Key Distribution KP= 0101110010100011=M M=0101110010100011 P=MK=1101010001010110 Sent: summod 2: Contains NO info on M! • Unbreakable… unless the eavesdropper Eve knows the key!!! • Key-Distribution Problem: How to distribute the key among the partners? Goal: secure distribution of a key between distant partners. Quantum crypto: code the bits of the key in quantum states

  5. (1) Eve 1 x 0 1 y 0 Alice Bob distributes the signal… N times (2) 1 x 0 1 y 0 Alice Bob a b (3) Public communication: estimateP(a,b|x,y) Phenomenology We adopt an entanglement-based scenario: …but knowsneither the settings x,ynor the resultsa,b Laws of physics: P(a,b|x,y)  bound on Eve’s information.

  6. Assumptions for Security ? rAB C2 C2 M M RNG RNG Blue = Trusted Red = Untrusted Raw key Raw key  • No leakage out of Alice’s and Bob’s Labs • Raw key: never • Choice of M: not as long as Eve can act on the state • The choices of the M are really random • Security of classical post-processing, authentication… • Eve is constrained by the laws of physics • Dimensionality of the Q-system under control • Measurement devices under control   M M  Proofs based on non-locality allow black-box Koashi 2005, Beaudry-Moroder-Lutkenhaus 2008 The whole of QM, or just a subset of laws?

  7. “No-cloning” Wootters-Zurek etc. 1982 Bennett-Brassard 1984 Eve cannot make a perfect copy of Bob’s quantum state and simulate exactly his measurement. Any interaction that gives Eve some information will modify Bob’s state, thus introducing errors. • It is impossible to make a perfect copy of an unknown quantum state. • If a basis is perfectly copied, all superposition states will not. Drawback: no-cloning cannot be “observed”.

  8. “No local variables” (“Non-locality”) Bell 1964 Ekert 1991 If the results were not available before the measurement, in particular they were not available to Eve On data that can be ascribed neither to communication nor to pre-established agreement, an eavesdropper can only have limited information. Measurement on entangled states  correlations: • Cannot be ascribed to communication • Cannot be ascribed to pre-established agreement (“local variables”, “shared randomness”) • QM: the results are really created by the measurement, were not available before it. Non-locality can be observed from P(a,b|x,y): violation of a “Bell-type inequality”.

  9. Equivalence under “no-signaling” No-signaling: Indeed, “signaling” = Alice’s choice changes what Bob sees (and viceversa) In particular, Q-measurements give rise to no-signaling P(a,b|x,y) Thm: No-signaling & Non-locality  No-cloning Masanes, Acín, Gisin PRA 2006; Barnum, Barrett, Leifer, Wilce q-ph/06 The two “foundations” of cryptography are equivalent for no-signaling theories – and non-locality can be observed

  10. Motivation: summary • We want to guarantee the security of key distribution based on: • assumptions: only the compulsory ones; • bound on Eve’s information: non-locality of P(a,b|x,y), i.e. only inputs/outputs • No leakage out of Alice’s and Bob’s Labs • Random choice of the input • Security of classical procedures • Eve is constrained by the laws of physics • Quantum physics, just no-signaling, or any intermediate set of laws

  11. Part 2Tools

  12. Tools of cryptographyFigure of merit: secret key rate From N exchanged signals (raw key) to a secret key of length l: (assuming 1-way communication): Information Theory  Achievable secret key rate r (asymptotic N): “Eve’s uncertainty minus Bob’s uncertainty on Alice’s string” EC PA “Capacity of the A-B channel minus Eve’s knowledge” l=Nr n-leak N n m

  13. Tools of cryptographyClasses of Attacks • Individual • Eve sends i.i.d. signals • and tries to guess each bit of the raw key • Collective • Eve sends i.i.d signals • and tries to guess the final key • General • Eve sends the most general signals • And tries to guess the final key “Unconditional security”

  14. Tools of Non-localityBell-CHSH inequality (Clauser, Horne, Shimony, Holt 1969) Hypothesis: correlations from a pre-established strategy: Then: let’s take two choices for x and for y, and binary outcomes: For all l it holds: (recall: l is not known) Any correlation that can be distributed using a pre-established strategy must respect this inequality. QM: S can reach up to 22

  15. No-signaling Non-deterministic 1 1 1 -1 Tools of Non-localityThe Popescu-Rohrlich (PR) box böchsli

  16. B learns A’s input  signaling! No-cloning Tools of Non-localityNo-Cloning of the PR-box ? Can B duplicate his channel?

  17. Local correlations Polytope Quantum region Convex, no polytope PR-box No-signalling Polytope Measurement on singlet CHSH CHSH Tools of Non-localityProbability Space

  18. Part 3Results

  19. Suitable Protocols Not all protocols can be proved secure using non-locality! E.g., the expected P(a,b|x,y) for BB84 is LOCAL even for zero error A possible protocol (Acín, Massar, Pironio 2006): Alice:3 settings x=0,1,k Bob:2 settings y=0,1 Raw key:(aK, b0); in particular error rate Q=Prob(aK b0) Eve’s info estimated from:S=CHSH(a0,a1,b0,b1) • Modified version of Ekert 1991 protocol • Feature 1: CHSH is measured; • Feature 2: one outcome (b0) is used for both the key and CHSH;

  20. Known security bounds NL, Laws=QM NL, Laws= no-signaling Usual QKD: General attacks (equivalent to BB84) Individual attacks Collective attacks r S

  21. Status of security proofs • Laws of physics = quantum • Collective attacks: secure • Acín, Brunner, Gisin, Massar, Pironio & VS, PRL 2007 • Laws of physics = only no-signaling • Individual attacks: secure • Acín, Gisin & Masanes PRL 2005; VS et al., PRA 2006; Acín, Massar & Pironio New J. Phys. 2006 • General attacks: insecure • Barrett, Hardy, Kent PRL 2005: 1 secure bit for error=0 • Hänggi & Wolf, submitted • Laws of physics = no-signaling + something • General attacks: conditions under study • Masanes & Winter, in preparation

  22. Detection loophole 1 x 0 1 y 0 Alice Bob If she chooses x=0, I don’t answer • Firing of the detector correlated to the choice of the measurement?? • In our labs, we know this is not the case because we understand the physics of our devices… • … but in a black-box scenario against an adversarial Eve, it becomes a very reasonable assumption  As of today, with photons one cannot close the loophole  non-locality cannot be observed in a black-box scenario  these proofs cannot be used yet.  Practical motivation to close the detection loophole!

  23. CHSH PPR PR-Box 4 1 22 2-1 1-way, no pp 0.38 2.76 1-way, pp 0.24 2.48 0.2 2.4 2-way, no pp 2.18 0.09 2-way, pp 2 0 CHSH Side-issues Individual attacks on the CHSH protocol, NS Better procedures or bipartite bound information?

  24. Conclusions

  25. Summary • Goal: security of key distribution from • Compulsory assumptions; • Inputs & Outputs: the non-locality of P(a,b|x,y) • Among the assumptions: “Eve is constrained by the laws of physics” • Can be the whole of quantum physics… • …or a restricted set of laws. • Several open issues • Minimal set of laws for security • Unconditional security against quantum Eve • Related: close the detection loophole

More Related