380 likes | 533 Views
CSCI920 (Week 11). Quantum Computing Oct. 2010. Announcement Guidance for preparing a group poster Marking criteria for group poster presentation Schedule: Week 12. Outline. Weaknesses in Classical Cryptography Quantum Computing Applications of Quantum Computing - Breaking RSA
E N D
CSCI920(Week 11) Quantum Computing Oct. 2010
Announcement • Guidance for preparing a group poster • Marking criteria for group poster presentation • Schedule: Week 12
Outline • Weaknesses in Classical Cryptography • Quantum Computing • Applications of Quantum Computing - Breaking RSA - Quantum Key Exchange
References: • [Wiki] Quantum Computer.http://en.wikipedia.org/wiki/Quantum_computer • [GT10] N. Gisin and R.T. Thew. Quantum Communication Technology. Electronics Letters, 46(14), July 2010. • [Pik00] Rob Pike. An Introduction to Quantum Computation and Quantum Communication. June 2000. http://herpolhode.com/rob/qcintro.pdf • [Sty] Iain Styles. Quantum Computation. http://www.cs.bham.ac.uk/internal/courses/intro-mqc/current/lecture10_handout.pdf • [RP00] Eleanor G. Rieffel, and Wolfgang Polak. An introduction to quantum computing for non-physicists. ACM Computing Surveys, 32(3): 300-335, 2000. • [Bru+07] Dagmar Bruss et al. Quantum Cryptography: A Survey. ACM Computing Surveys, 39(2), 2000.
Weaknesses in Classic Cryptography • Cryptography has a long and rich history. Enigma Can You Crack The Enigma Code? http://enigma.isg.rhul.ac.uk/ Source: http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma
Weaknesses in Classic Cryptography • ■ Keys play a very important role in modern cryptosystems. • ■ Keys are used to encoded messages (i.e., encrypt plaintext), and decode encoded messages (i.e., decrypt ciphertext). • ■ Classification of cryptography: • Private key cryptosystems: The same key is used for encryption and decryption. • Examples: DES, AES • Public key crytosystems: Two different keys are used for encryption and decryption separately. • Example: RSA
Weaknesses in Classic Cryptography ■ Data Encryption Standard (DES) - A symmetric key cipher (block cipher): Encryption: C=EK(M) Decryption: M=DK(M) - Selected as FIPS, 1976 - 2006:Broke DES in 9 days at $10,000 hardware cost ■ Advanced Encryption Standard (AES) - FIPS 197 - Announced by NIST on Nov. 26, 2001
Weaknesses in Classic Cryptography ■ RSA (An asymmetric cryptosystem) - Invented by Rivest, Shamir and Adleman, 1977 - Encryption using RSA Encryption: C=Epk(M)=Me mod n Decryption: M=DSK(C)=Cd mod n Here: Public Key PK=(e, n), Secret Key SK=(d, n), n=pq, and ed=1 mod (p-1)(q-1). - The security of RSA relies a computational hard problem – factoring. Namely, it is infeasible to find the two prime factors of n, if n is large enough, like 1000 bits or more.
Weaknesses in Classic Cryptography ■ Weaknesses in private key cryptosystems: - Perfect security can be guaranteed if the key is to be secret and is never re-used. - This means that the two communicating parties (say, Alice and Bob) have to agree on a key in advance. - Actually, public key cryptosystems are mainly introduced for this purpose. ■ Weaknesses in public key cryptosystems: - Most public key systems (e.g. RSA) can be broken by quantum computers, if they are eventually feasible on a large scale. - On the other hand, quantum computing also leads to provably secure key exchange solutions.
Quantum Computing • An analogy: - Newtonian physics is an approximation to Einsteinian physics, i.e., general relativity. - Classical physics is an approximation to quantum mechanics. • Classical computing (information) is an approximation to quantum computing (information). • Each approximation has to exclude important details but it serves well for many purposes. • Removing such an approximation requires deeper understanding of Nature but gets a truer picture of it and may introduce new technologies.
Quantum Computing • To get relativity, we remove (among others) the approximation that objects are moving much slower than light. • To get quantum mechanics, we remove (among others) the approximation that we are manipulating things much larger than atoms. • To get quantum computation, we remove (among others) the approximation that the elements of information are independently manipulable. • Namely, in classic computation we can manipulate one bit in a register without affecting the other bits. • But this is not the case in quantum computing!
Quantum Computing • Why bother? Because we would like to overcome some limits in classic computers. • For example, can we do some computations (like factoring) faster? • State of the Art: Factoring an RSA-640 modulus with classical computers on a distributed network requires about 5 months (www.rsasecurity.com). • Removing the approximation in classic computing is challenging, as quantum mechanical effects lead to some troubles for us.
Quantum Computing • Classical computers use bits (binary digits) to store and manipulate information. • Bits are physically implemented by two-state electronic switches. • One bit represents 1 (switch on) or 0 (switch off). • They obey deterministic laws of physics. • There is no “in-between” state: just 1 or 0. • An observation (measurement) of the state will result in a fixed output. • Any future observation of the same state will give a the same output, if the state of the switch has not been changed.
Quantum Computing • Notation • Let us represent “on” by |1 and “off” by |0. • Define a state function |φ : • For one classical bit, |φ can take only two possible states. • The state can be seeing as a complete description of one bit: If the switch is on or off; if measured what the value we can get. • The purpose of these notation will be clear a little later. with measurement yielding “1” with measurement yielding “0”
Quantum Computing • Quantum computing uses qubits (quantum bits) to store and manipulate information. • A qubit is also physically implemented by a two-state system. • But it obeys the laws of quantum mechanics, rather than the laws of classical physics. • A qubit can be in the state of , the state of , or a superposition of these two states. We write its state as |φ = |0 + |1 , where ||2+||2=1. • and are two complex numbers, called probability amplitudes.
Quantum Computing • Measuring a qubit will get a probabilistic result If we measure |φ = |0 + |1, where ||2+||2=1, we observe |0 with probability ||2or |1 with probability ||2. • So, the measurement of the quantum state is probabilistic, not deterministic!
Quantum Computing • Moreover, the act of measuring a quantum state may change the state. • That is, after a measurement subsequent measurements on the state will always output the same value as the first measurement. • We say a quantum state |φcollapses to whichever outcome we observed. • This is called the Quantum Measurement Postulate (QMP).
Quantum Computing • X={ |0 , |1 } is called the computational basis. • A qubit is simply a linear combination of two basis states. • Just like we can use different bases to represent the same point in a two-dimensional plane, a qubit can also be presented or measured w.r.t. different bases. • We can define an alternative Z basis = { |+ , |- }as
Quantum Computing • How to measure a qubit in different bases? • If |φ = |0 + |1 is represented in Z-basis { |+ , |- }, we may get |φ = ’ |+ + ’ |-. • Again, |’|2+|’|2=1 (normalization condition). • So, if we use Z-basis to measure |φ we observe |+ with probability |’|2or |- with probability |’|2. • In fact, previously we implicitly assume that the measurement is making in the same basis as the quantum state represented. Namely, the two bases used for measurement and representation are “parallel”.
Quantum Computing • What will happen if different bases are used for measurement and representation of a qubit? • For example, let us use Z-basis to measure a qubit • What we need to do is just changing the “coordinates” of φ1into Z-basis:
Quantum Computing • Understanding the ideas of quantum computing is not easy for many people. • Albert Einstein: “God does not play dice with the universe” • Max Plank: “I don’t like it, and I wish I never had anything to do with it” • Richard P. Feynman: “No, you’re not going to be able to understand it. . . . You see, my physics students don’t understand it either. That is because I don’t understand it. Nobody does. ... The theory of quantum electrodynamics describes Nature as absurd from the point of view of common sense. And it agrees fully with an experiment. So I hope that you can accept Nature as She is -- absurd.
Quantum Computing • The concepts in quantum are usually counterintuitive, and there are not counterparts in classical physics. • So, it may be not a bad idea to review quantum mechanics as a theory in the sense of mathematics, which is governed by a set of axioms. • The consequences of the axioms describe the behaviour of quantum systems, i.e., the positions, momentums, polarizations, spins, and so on of the various particles. • We cannot explain why some of these things are true, but we that they are know, as they agree with many, many experiments. • Quantum mechanics it the best model that we have for atomic-scale phenomena.
Quantum Computing: N qubits • N bits can represent 2N integers. • N qubits can represent any complex unitary vector in 2N dimensional space, where each dimension corresponding to a possible classical state. • So, an N qubits register represent a spectacularly larger set of values. • Example: • 3 bits can represent any integer of 000, 001, ..., 111. • 3 qubits can represent any value of the form • A 3 qubits register could be in the “pure” state |001 or |101 etc., but it may be in a “pure” state with overwhelming probability.
Quantum Computing: Entanglement • For a 2 bits register, we can access the value of the 1st bit without affecting the 2nd bit. • Two qubits could be in the following state: • So, the 1st qubit of |φ is neither |0 nor |1. • In fact, it is even not a superposition of |0 nor |1 as the state is not separable: the value of 1st qubit is entangled with the value of 2nd qubit. • That is, you cannot get the value of 1st qubit without affecting the value of 2nd qubit. • For example, if you measure |φ and get |0 as the value of 1stqubit. This means that the state of |φ has collapsed to |01 and hence the 2nd bit is now |1 definitely. However, it wasn’t |1 before that.
Quantum Computing: Entanglement • Entanglement is another very different feature of quantum computing. • By definition, an entanglement involves only multiple qubits. • However, a superposition of multiple qubits is not necessarily entangled. Here is an example:
Quantum Computing: No copying! • Moreover, a quantum state cannot be cloned or destroyed. • So it is not possible to measure a qubit in two ways, even indirectly, say, by first copying the qubit and then measuring it in a different basis. • A page proof is given by Rob Pike: An Introduction to Quantum Computation and Quantum Communication. June 2000. http://herpolhode.com/rob/qcintro.pdf
Quantum Computing: Computation • A classical computer accepts n bits in and and get m bits out. • For a quantum computer, we must have m=n as qubits cannot be created or destroyed during the computation. • The quantum computer (QC) is an operator that maps n input qubits to n output qubits. • n qubits represent a unit vector pointing to the surface of a sphere in complex space of 2n dimensions. • So, the QC is just a kind of rotation; it can be represented by a rotation matrix in complex 2n space. • Such matrices are called unitary matrices.
Quantum Computing: Computation • Consequently, a quantum computation evolves by a series of such unitary operations, where operation must be unitary. • However, the final measurement step does not need to be unitary, as we can throw data away at the end.
Quantum Computing: Computation • A quantum computer (QC) looks like this • The input register V is prepared as a superposition of states of all integers from 0 to 2n. • Then, the QC calculates in parallel the function F for all 2n integers simultaneously: This is why a QC is much powerful over classical computers! • Finally, we can get the result by measuring the entangled qubits from the output register W. • F should be designed to maximize the probability that the right answer can be measured out from W.
Quantum Computing: Computation • In a short summary, quantum computation has three main features: • Parallelism (due to superposition) • Interference (due to entanglement) • Probability (due to measurement)
Quantum Computing: BQP • Quantum complexity theory: Which problems can be efficiently solved by quantum computers? We call this class of problems as BQP, for “Bounded error, Quantum, Polynomial time". • Example: both integer factorization and discrete log are in BQP. • Relation to computational complexity theory: • It is believed that BQP is a strict superset of P and is disjoint from NP-complete. However, this is not proved yet.
Applications of Quantum Computing • Shor’s algorithm for breakin RSA • The basic idea is to design a QC to calculate the two factors p and q of an RSA modulus n. • Trick: find distinct x and y satisfying x2 =y2 mod n, i.e. (x+y)(x-y)=0 mod n. • So, we can find at least one factor by computing gcd(x-y, n) or gcd(x-y, n). • Then, consider the period of function f(a)=xr mod n. If f(a) has a period r and r is even, we have xr =1 mod n. • This means that to factor n we only need to look for pair (x,r) so that (xr/2 +1)(xr/2 -1)=0 mod n.
Applications of Quantum Computing • So, the main part of Shor’s algorithm is to build a superposition of all integers x <n, and calculate xa mod n for all a in parallel. • After that, the periods can be obtained via using a (quantum) FFT on the resulting entangled quantum state, which is kind of an entanglement of all valid x,r pairs.. • Finally, measure the output register to one (x,r) pair, and then we can factor n. • Note that with a small probability, the output may be zero. If this is the case, we run the Shor’s algorithm again. • The amazing thing is that we can factor n in polynomial time with an overwhelming probability via a quantum computer.
Applications of Quantum Computing • Quantum Key Exchange (Distribution) Protocols • BB84 protocol: proposed by Bennett and Brassard in 1988. • The basic idea can be illustrated by the following table [Bru+07]
Applications of Quantum Computing • Why does BB84 protocol detect an eavesdropper Eve? • The key is that Eve must guess the encodings (i.e. bases) that Alice and Bob chose. • Only one incorrect choice will lead to Alice and Bob’s checkbits failing to match with probablity 50%. • If a long bitstring is exchanged and no error in checkbits, Alice and Bob can agree the key and believe that the key is not known to Eve with overwhelming probability.
Applications of Quantum Computing • The implementations of Quantum Key Exchange [Sty]: • Longest distance in a fibre: 148.7km at LANL in 2007 • Longest distance in free space: 144km • DARPA Quantum Network: 10 interconnected QKD hubs • First computer network using QKD: six locations around Vienna - October 2008 • Transmission rates are quite low, but it is extremely reliable • Noise levels are low enough to guarantee privacy
Summary • Weaknesses in Classical Cryptography - Private key cryptosystems - Public key cryptosystems • Quantum Computing - Parallelism (due to superposition) - Interference (due to entanglement) - Probability (due to measurement) - BQP • Applications of Quantum Computing - Shor’s algorithm for breaking RSA - BB84 quantum key exchange protocol