entropy accumulation in device independent protocols
play

Entropy Accumulation in Device-independent Protocols QIP17 Seattle - PowerPoint PPT Presentation

Apr 02, 2024 •30 likes •550 views

Entropy Accumulation in Device-independent Protocols QIP17 Seattle | January 19, 2017 arXiv: 1607.01796 & 1607.01797 Rotem Arnon-Friedman , Frdric Dupuis, Omar Fawzi, Renato Renner, & Thomas Vidick Outline 1. Introduction to

  1. Entropy Accumulation in Device-independent Protocols QIP17 Seattle | January 19, 2017 arXiv: 1607.01796 & 1607.01797 Rotem Arnon-Friedman , Frédéric Dupuis, Omar Fawzi, Renato Renner, & Thomas Vidick

  2. Outline 1. Introduction to device-independence 2. The difficulty of proving security 3. Overview …

  3. Brief introduction to Device-independent Cryptography

  4. The concept of DI • Alice and Bob share an uncharacterised device • They interact with it according to some known protocol (e.g., DI quantum key distribution protocol) • They either abort or accomplish their task 
 (e.g., output a good key)

  5. Bell inequality / game Alice Bob

  6. Bell inequality / game No communication Winning condition:

  7. Bell inequality / game • Winning prob. of the device: • Bell inequality: • Quantum advantage (violation): • some secret randomness in the outputs 
 with respect to an adversary holding a purification of

  8. Example: the CHSH game Alice: Input Output Bob: Input Output Win: • Best classical strategy: 75% winning • Best quantum strategy: ~85% winning • Quantum advantage

  9. Example: the CHSH game • Quantum advantage implies secret randomness: 1 0 . 8 0 . 6 0 . 4 0 . 2 0 How random 
 0 . 76 0 . 78 0 . 8 0 . 82 0 . 84 is from 
 Eve ’s point of view [Pironio, Acìn, Brunner et al. , 09]

  10. The Difficulty of Proving Security

  11. The difficulty of proving security ??? ???

  12. The IID assumption • Play the game many times independently and identically • Estimate the winning probability in one device • The total amount of entropy is roughly the 
 Simple! ✔ number of games entropy in one game

  13. The IID assumption • IID is a strong assumption! (e.g., no memory at all) • Cannot use de Finetti theorems (in contrast to standard QKD for example)

  14. The general case • One component to each party • Sequential interaction with Alice and Bob’s components

  15. Previous DIQKD works [Ekert, 91] [Mayers and Yao, 98] [Pironio, Acìn, Brunner et al. , 09] IID + asymptotic Optimal rates! ✔ [Barrett, Hardy, and Kent, 05] General security Proof of concept [Reichardt, Unger, and Vazirani, 13] [Vazirani and Vidick, 14] 
 [Miller and Shi, 14]

  16. Overview

  17. Overview New! IID Sequential

  18. Outline of the rest of talk 4. Security under the IID assumption 5. General security proof •New tool: the Entropy Accumulation Theorem •Application: new results for DI cryptography 6. Summary and open questions

  19. Security Proof under the IID Assumption

  20. 
 
 Proving security • Main task: lower-bounding the smooth min-entropy 
 where is the raw data, the quantum side- information belonging to the adversary, and a security parameter • Tightly determines the maximal length of an extractable secret key

  21. 
 
 
 Security — IID • IID random variables • IID quantum side-information • For the von-Neumann entropy : 


  22. 
 
 Security — IID • IID random variables • IID quantum side-information • For the smooth min-entropy : 
 Quantum Asymptotic Equipartition Property 
 [Tomamichel, Colbeck, and Renner, 09]

  23. Security — IID 1. Play the game many times and calculate the average winning probability 2. Use the single-round relation 
 1 0 . 8 between the winning probability 
 0 . 6 0 . 4 and the von-Neumann entropy 0 . 2 0 0 . 76 0 . 78 0 . 8 0 . 82 0 . 84 3. Plug into the quantum AEP: total smooth min- entropy is in first order

  24. 
 
 Security — IID (remarks) • Need to understand only the physics of a single- round 
 Simple! ✔ • The von-Neumann entropy is the relevant single- round quantity Tight! ✔

  25. Security — IID 1. Play the game many times and calculate the average winning probability 2. Use the single-round relation 
 1 0 . 8 between the winning probability 
 0 . 6 0 . 4 and the von-Neumann entropy 0 . 2 0 0 . 76 0 . 78 0 . 8 0 . 82 0 . 84 3. Plug into the quantum AEP: total smooth min- entropy is in first order

  26. General Security Proof

  27. General security • Still need to lower-bound • Instead of IID behaviour of the device, consider more general sequential processes • “Extend” the quantum AEP to the sequential scenario The Entropy Accumulation Theorem

  28. The EAT

  29. Sequential process • Model of a sequential process:

  30. EAT channels • Assumptions on the channels: 1. finite dimensional with dimension 2. is a classical register that can be measured from without changing the state 3. For any initial state, the final state fulfils the Markov-chain condition: 


  31. 
 Empirical statistics • Frequencies from the observed data: 
 • is a probability distribution over

  32. 
 Min-tradeoff function • Min-tradeoff function — worst-case von- Neumann entropy in a single-round 
 • The infimum is over 
 states such that

  33. Entropy accumulation theorem • Event depending on the frequencies • the final state conditioned on • such that 
 for all

  34. 
 
 Entropy accumulation theorem • for all • EAT: 
 where depends on • Similar statement for the smooth max-entropy 


  35. Main ingredients in the proof • Heavily relies on the sandwiched relative Rényi entropies introduced in [Wilde, Winter, and Yang, 14] and [Müller-Lennert, Dupuis, Szehr, et al. , 13] • A new chain rule for the sandwiched relative Rényi entropies was developed to prove the EAT

  36. 
 
 Main ingredients in the proof • “Classical version of the min-tradeoff function”: 
 Seq. proc. creates 
 How much can we extract from after 
 we use ? 
 Too optimistic Too pessimistic

  37. 
 
 Main ingredients in the proof • “Classical version of the min-tradeoff function”: 
 Seq. proc. creates 
 How much can we extract from after 
 we use ? 
 Intermediate: Too optimistic Too pessimistic the min-tradeoff function 
 is the “quantum version” of this

  38. Finally, we are ready! Applying the EAT to DI Cryptography

  39. DI entropy accumulation pro. • Main building block in DI cryptographic protocols DI Entropy Accumulation Protocol Arguments: G – two-player non-local game X , Y – possible inputs for Alice Bob D – untrusted device of two components that can play G repeatedly n ∈ N + – number of rounds ω exp – expected winning prob. for an honest (noisy) implementation δ est ∈ (0 , 1) – width of the statistical confidence interval 1: For every round i ∈ [ n ] do Steps 2-4: Alice and Bob choose inputs X i ∈ X and Y i ∈ Y respectively. 2: They use D with X i , Y i and record the outputs A i and B i respectively. 3: They set C i = w ( A i , B i , X i , Y i ). 4: 5: Alice and Bob abort if P j C j < ( ω exp − δ est ) · n .

  40. DI entropy accumulation pro. • Channels — the behaviour of Alice and Bob + uncharacterised device in each round • — win or lose in game • Event — the protocol not aborting 
 • — final state conditioned on not aborting • We lower-bound

  41. Min-tradeoff function 1 1 H H f min 0 0 ω t ω ω

  42. Entropy rate (CHSH) 1 IID asymptotic rate n = 10 8 0 . 8 n = 10 7 n = 10 6 n = 10 5 0 . 6 0 . 4 0 . 2 0 0 . 76 0 . 77 0 . 78 0 . 79 0 . 8 0 . 81 0 . 82 0 . 83 0 . 84 0 . 85 ω

  43. DIQKD • Based on the Entropy Accumulation protocol • Classical-post processing on top: • Error correction • Privacy amplification

  44. DIQKD — The setting • Standard assumptions: • Alice and Bob’s physical locations are secure (unwanted information cannot leak outside to Eve or between their devices) • Trusted random number generator • Trusted classical post-processing units • Authenticated, but public, classical channel • Quantum physics is correct (and complete) • Communication is allowed between Alice and Bob, and from Eve to Alice and Bob, between the rounds of the game (can create “entanglement on the fly”)

  45. DIQKD 1 Q = 0 . 5% 87% 0 . 9 Q = 2 . 5% 0 . 8 Q = 5% 0 . 7 0 . 6 key rate r 53% 0 . 5 0 . 4 0 . 3 22% 0 . 2 0 . 1 0 10 6 10 7 10 8 10 9 10 10 10 11 10 15 number of rounds n

  46. DIQKD 1 n = 10 15 0 . 9 n = 10 10 0 . 8 n = 10 8 n = 10 7 0 . 7 0 . 6 key rate r 0 . 5 0 . 4 0 . 3 0 . 2 0 . 1 0 1 3 5 7 . 1 quantum bit error rate Q (%)

  47. 
 
 General security (remarks) • Need to understand only the physics of a single- round 
 Simple! ✔ • The von-Neumann entropy is the relevant single- round quantity Tight! ✔ • The optimal attack is the IID attack in first order

  48. Summary

  49. Summary 1. New information-theoretic tool: the EAT • Describes how entropy accumulates in sequential quantum processes • The von-Neumann entropy is the relevant single-round quantity 2. New framework to prove security of DI protocols • Modular, simple, and tight security proof • Concrete examples: DIQKD and randomness expansion based on CHSH • In essence, the best adversarial attack is the IID attack also in the DI scenario

Recommend

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) &gt;= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S) Entropy is o8en related to disorder but not strictly correct Entropy is a measure

351 views • 8 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

81 views • 4 slides
Treatment Device Testing Protocols in the Garden State:

Treatment Device Testing Protocols in the Garden State:

Treatment Device Testing Protocols in the Garden State: Current Status of Laboratory Testing and Field Longevity Monitoring Washington Stormwater Center 2013

387 views • 16 slides
Decision trees, protocols, and the Fourier Entropy-Influence Conjecture Andrew Wan (Simons

Decision trees, protocols, and the Fourier Entropy-Influence Conjecture Andrew Wan (Simons

Decision trees, protocols, and the Fourier Entropy-Influence Conjecture Andrew Wan (Simons Institute) John Wright (CMU) Chenggang Wu (Tsinghua) Fourier basics Given a Boolean function , Fourier

1.77k views • 117 slides
Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy Jyotirmoy Basak,

Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy Jyotirmoy Basak,

Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy Jyotirmoy Basak, Arpita Maitra and Subhamoy Maitra Indian Statistical Institute &amp; C R Rao AIMSCS December 18, 2019 Device Independent Quantum Key Distribution

536 views • 28 slides
DRAFT Protocols and Definitions Device-associated Module Ventilator-associated Pneumonia (VAP)

DRAFT Protocols and Definitions Device-associated Module Ventilator-associated Pneumonia (VAP)

DRAFT Protocols and Definitions Device-associated Module Ventilator-associated Pneumonia (VAP) Mary Andrus, BA, RN, CIC Division of Healthcare Quality Promotion Target Audience This training session is designed for those who DRAFT will

866 views • 30 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Outline Introduction HISPs Proposed OOB Methods Experimental Design Results Analysis and Discussion Conclusion Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda, Ivan Flechais, and A.W.

670 views • 41 slides
Accumulation points of real Schur roots Charles Paquette November 22 nd , 2014 CGMRT 2014,

Accumulation points of real Schur roots Charles Paquette November 22 nd , 2014 CGMRT 2014,

Introduction Accumulation points - Examples Accumulation points - Canonical decomposition Accumulation points - Rational ones Accumulation points - Others Accumulation points of real Schur roots Charles Paquette November 22 nd , 2014 CGMRT

891 views • 46 slides
The role of Device to Device &amp; Edge Compute For IOT Applications Huzur Saran Department of

The role of Device to Device &amp; Edge Compute For IOT Applications Huzur Saran Department of

The role of Device to Device &amp; Edge Compute For IOT Applications Huzur Saran Department of Computer Science &amp; Engg. Indian Institute of Technology Delhi New Delhi, India IoT Framework 5G standards based Interfaces and protocols

410 views • 20 slides
On witnessing arbitrary bipartite entanglement in measurement device independent way Sibasish

On witnessing arbitrary bipartite entanglement in measurement device independent way Sibasish

On witnessing arbitrary bipartite entanglement in measurement device independent way Sibasish Ghosh Optics &amp; Quantum Information Group The Institute of Mathematical Sciences C. I. T. Campus, Taramani Chennai - 600 113 [In collaboration

829 views • 55 slides
Dynamics of OBT Accumulation in Dynamics of OBT Accumulation in Aquatic Biota Aquatic Biota

Dynamics of OBT Accumulation in Dynamics of OBT Accumulation in Aquatic Biota Aquatic Biota

Dynamics of OBT Accumulation in Dynamics of OBT Accumulation in Aquatic Biota Aquatic Biota January 25-29, 2010 Sang Bog Kim, Ph.D. Research Scientist Environmental Technologies Branch Chalk River Laboratories Chalk River, Ontario Canada

457 views • 20 slides
Accumulation UL Excellent Cash Accumulation Potential Insurance products are issued by: John

Accumulation UL Excellent Cash Accumulation Potential Insurance products are issued by: John

Accumulation Universal Life Insurance Accumulation UL Excellent Cash Accumulation Potential Insurance products are issued by: John Hancock Lie Insurance Company (U.S.A.), Boston, MA 02116 (not licensed in New York) and John Hancock Life

132 views • 9 slides
Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically - defined thermodynamic quantity that helps to account for the flow of energy through a thermodynamic process. 2 What is

467 views • 13 slides
Device-independent Randomness Expansion with Entangled Photons Yanbao Zhang NTT Research Center

Device-independent Randomness Expansion with Entangled Photons Yanbao Zhang NTT Research Center

Device-independent Randomness Expansion with Entangled Photons Yanbao Zhang NTT Research Center for Theoretical Quantum Physics NTT Basic Research Lab, Japan Based on the joint work arXiv:1912.11158 with Krister Shalm, Joshua Bienfang, Collin

420 views • 23 slides
E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION Entropy measures exponential complexity in a topological dynamical system: topological entropy very crude, entropy function on invariant

556 views • 23 slides
Antibiotic Antibiotic accumulation and efflux accumulation and efflux in eukaryotic cells: in

Antibiotic Antibiotic accumulation and efflux accumulation and efflux in eukaryotic cells: in

corpora non agunt nisi fixata Antibiotic Antibiotic accumulation and efflux accumulation and efflux in eukaryotic cells: in eukaryotic cells: Ehrlichs magic bullet theory a journey at the frontier a journey at the frontier

1.34k views • 120 slides
Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute of Communication Engineering National Taipei University Chapter Outline Chap. 2 Entropy, Relative Entropy, and Mutual Information 2.1 Entropy 2.2

752 views • 51 slides
Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of bits actually required to store data. Entropy is sometimes called a measure of surprise A highly predictable sequence contains little actual

293 views • 16 slides
ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF CHEMISTRY AND BIOCHEMISTRY, BYU, PROVO, UT 84602, POPOVIC.PASA@GMAIL.COM Thermodynamic entropy - S (J/K) At T=0K ideal crystal imperfect

560 views • 21 slides
Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual information f -divergence Mikael Skoglund 1/16 Entropy Over ( R , B ) , consider a discrete RV X with all probability in a countable set X B ,

538 views • 8 slides
Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J. A. Laeven Dept. of Econometrics and OR Tilburg University, CentER and Eurandom based on joint work with Mitja Stadje August 30, 2011 Entropy

442 views • 40 slides

More recommend