quantum to classical randomness extractors
play

Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, - PowerPoint PPT Presentation

Aug 19, 2022 •28 likes •558 views

Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, Stephanie Wehner - Full version preprint available at arXiv: 1111.2026v3 08/23/2012 - CRYPTO University of California, Santa Barbara Outline (Classical to Classical)

  1. Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, Stephanie Wehner - Full version preprint available at arXiv: 1111.2026v3 08/23/2012 - CRYPTO University of California, Santa Barbara

  2. Outline • (Classical to Classical) Randomness Extractors

  3. Outline • (Classical to Classical) Randomness Extractors • Main Contribution: Quantum to Classical Randomness Extractors

  4. Outline • (Classical to Classical) Randomness Extractors • Main Contribution: Quantum to Classical Randomness Extractors • Application: Security in the Noisy-Storage Model

  5. Outline • (Classical to Classical) Randomness Extractors • Main Contribution: Quantum to Classical Randomness Extractors • Application: Security in the Noisy-Storage Model • Entropic Uncertainty Relations with Quantum Side Information

  6. Outline • (Classical to Classical) Randomness Extractors • Main Contribution: Quantum to Classical Randomness Extractors • Application: Security in the Noisy-Storage Model • Entropic Uncertainty Relations with Quantum Side Information • Conclusions / Open Problems

  7. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Source N = N 1 , N 2 , . . . , N q

  8. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . .

  9. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . . Function: f ( N = N 1 , . . . , N q ) = M

  10. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . . Pr[ N i = 0] = 2 Pr[ N i = 1] = 1 Ex: Function: f ( N = N 1 , . . . , N q ) = M 3 3 M = f ( N 1 N 2 N 3 ) = N 1 + N 2 + N 3 mod 2 Pr[ M = 0] ≈ 0 . 52

  11. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . . Pr[ N i = 0] = 2 Pr[ N i = 1] = 1 Ex: Function: f ( N = N 1 , . . . , N q ) = M 3 3 M = f ( N 1 N 2 N 3 ) = N 1 + N 2 + N 3 mod 2 Pr[ M = 0] ≈ 0 . 52 Only minimal guarantee about the randomness of the source, high min- entropy: . H min ( N ) P = − log max P N ( n ) = − log p guess ( N ) P n

  12. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . . Pr[ N i = 0] = 2 Pr[ N i = 1] = 1 Ex: Function: f ( N = N 1 , . . . , N q ) = M 3 3 M = f ( N 1 N 2 N 3 ) = N 1 + N 2 + N 3 mod 2 Pr[ M = 0] ≈ 0 . 52 Only minimal guarantee about the randomness of the source, high min- entropy: . H min ( N ) P = − log max P N ( n ) = − log p guess ( N ) P n Not possible to obtain randomness using a deterministic function, invest a small amount of perfect randomness: N f D M = f D ( N ) Seed D

  13. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . . Pr[ N i = 0] = 2 Pr[ N i = 1] = 1 Ex: Function: f ( N = N 1 , . . . , N q ) = M 3 3 M = f ( N 1 N 2 N 3 ) = N 1 + N 2 + N 3 mod 2 Pr[ M = 0] ≈ 0 . 52 Only minimal guarantee about the randomness of the source, high min- entropy: . H min ( N ) P = − log max P N ( n ) = − log p guess ( N ) P n Not possible to obtain randomness using a deterministic function, invest a small amount of perfect randomness: N f D M = f D ( N ) Seed D Lost randomness? Strong extractors: are jointly uniform. ( M, D )

  14. Classical to Classical (CC)-Randomness Extractors (I) Given an (unknown) weak source of classical randomness, how to convert it into uniformly random bits? Pr[ N 1 = 0] = 1 Pr[ N 2 = 0] = 1 Ex: Source N = N 1 , N 2 , . . . , N q 2 + δ 1 , 2 + δ 2 , . . . Pr[ N i = 0] = 2 Pr[ N i = 1] = 1 Ex: Function: f ( N = N 1 , . . . , N q ) = M 3 3 M = f ( N 1 N 2 N 3 ) = N 1 + N 2 + N 3 mod 2 Pr[ M = 0] ≈ 0 . 52 Only minimal guarantee about the randomness of the source, high min- entropy: . H min ( N ) P = − log max P N ( n ) = − log p guess ( N ) P n Not possible to obtain randomness using a deterministic function, invest a small amount of perfect randomness: N f D M = f D ( N ) Seed D Lost randomness? Strong extractors: are jointly uniform. ( M, D ) Applications in information theory, cryptography and computational complexity theory [1,2]. [1] Nisan and Zuckerman, JCSS 52:43, 1996 [2] Vadhan, http://people.seas.harvard.edu/~salil/pseudorandomness/

  15. Classical to Classical (CC)-Randomness Extractors (II) Deal with prior knowledge (trivial for classical side information [3]), in general problematic for quantum side information [4]! Source described by classical-quantum (cq)- state: X p n | n ih n | N ⌦ ρ n . ρ NE = E n [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007

  16. Classical to Classical (CC)-Randomness Extractors (II) Deal with prior knowledge X p n | n ih n | N ⌦ ρ n E N ρ NE = (trivial for classical side E n information [3]), in general problematic for quantum id D Mix side information [4]! D D Source described by f D classical-quantum (cq)- Discard state: k ρ MED � id M M ⌦ ρ ED k 1  ε X p n | n ih n | N ⌦ ρ n . p ρ NE = E X † X ] k X k 1 = tr[ M D n E [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007

  17. Classical to Classical (CC)-Randomness Extractors (II) Deal with prior knowledge X p n | n ih n | N ⌦ ρ n E N ρ NE = (trivial for classical side E n information [3]), in general problematic for quantum id D Mix side information [4]! D D Source described by f D classical-quantum (cq)- Discard state: k ρ MED � id M M ⌦ ρ ED k 1  ε X p n | n ih n | N ⌦ ρ n . p ρ NE = E X † X ] k X k 1 = tr[ M D n E Guarantee about conditional min-entropy of the source: . H min ( N | E ) ρ = − log p guess ( N | E ) ρ [3] König and Terhal, IEEE TIT 54:749, 2008 [4] Gavinsky et al., STOC, 2007

  18. Classical to Classical (CC)-Randomness Extractors (II) Deal with prior knowledge X p n | n ih n | N ⌦ ρ n E N ρ NE = (trivial for classical side E n information [3]), in general problematic for quantum id D Mix side information [4]! D D Source described by f D classical-quantum (cq)- Discard state: k ρ MED � id M M ⌦ ρ ED k 1  ε X p n | n ih n | N ⌦ ρ n . p ρ NE = E X † X ] k X k 1 = tr[ M D n E Guarantee about conditional min-entropy of the source: . H min ( N | E ) ρ = − log p guess ( N | E ) ρ Ex: Two-universal hashing / privacy amplification [5]. For all cq-states with ρ NE k ρ MED � id M , we have for . M = 2 k · ε 2 H min ( N | E ) ρ ≥ k M ⌦ ρ ED k 1  ε Strong extractor (against quantum side information), . ( k, ε ) D = O ( N ) [3] König and Terhal, IEEE TIT 54:749, 2008 [5] Renner, PhD Thesis, ETHZ, 2005 [4] Gavinsky et al., STOC, 2007

  19. Quantum to Classical (QC)-Randomness Extractors - Definition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source?

  20. Quantum to Classical (QC)-Randomness Extractors - Definition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source? N ρ NE E N id D Mix D D Measure M D Measurement Discard M k ρ MED � id M M ⌦ ρ ED k 1  ε M D E

  21. Quantum to Classical (QC)-Randomness Extractors - Definition (I) Motivation: How to get weak randomness at first? How much randomness can be gained from a quantum source? N ρ NE E N id D Mix D D Measure M D Measurement Discard M k ρ MED � id M M ⌦ ρ ED k 1  ε M D E Idea: Same setup as in the classical case (no control of the source)! Only guarantee about the conditional min-entropy [6]: N 1 X | Φ i NN 0 = p | n i N ⌦ | n i N 0 N n =1 F ( ρ , σ ) = kp ρ p σ k 2 H min ( N | E ) ρ = − log N max Λ E ! N 0 F ( Φ NN 0 , (id N ⊗ Λ E → N 0 )( ρ NE )) 1 [6] König et al., IEEE TIT 55:4674, 2009

Recommend

Quantum-proof randomness extractors via operator space theory Mario Berta, Omar Fawzi,

Quantum-proof randomness extractors via operator space theory Mario Berta, Omar Fawzi,

Quantum-proof randomness extractors via operator space theory Mario Berta, Omar Fawzi, Volkher B. Scholz based on arXiv:1409.3563 Introduction to (Classical) Randomness Extractors Goal: transform only partly random classical

276 views • 24 slides
2-source Randomness Extractors for Elliptic Curves Abdoul Aziz Ciss Laboratoire de Traitement de

2-source Randomness Extractors for Elliptic Curves Abdoul Aziz Ciss Laboratoire de Traitement de

Motivations Extractors Character sums Randomness extractors for EC 2-source Randomness Extractors for Elliptic Curves Abdoul Aziz Ciss Laboratoire de Traitement de lInformation et Syst` emes Intelligents Ecole Polytechnique de Thi`

348 views • 22 slides
Physical Randomness Extractors Kai-Min Chung Academia Sinica, Taiwan Xiaodi Wu Yaoyun Shi

Physical Randomness Extractors Kai-Min Chung Academia Sinica, Taiwan Xiaodi Wu Yaoyun Shi

Physical Randomness Extractors Kai-Min Chung Academia Sinica, Taiwan Xiaodi Wu Yaoyun Shi MIT/UC Berkeley University of Michigan Presented in QIP14 as plenary talk (joint with [MS14]) 1 Randomness Randomness is a vital resource

391 views • 17 slides
Randomness Extractors Alex Block Purdue University April 25, 2016 Alex Block (Purdue

Randomness Extractors Alex Block Purdue University April 25, 2016 Alex Block (Purdue

Randomness Extractors Alex Block Purdue University April 25, 2016 Alex Block (Purdue University) Randomness Extractors April 25, 2016 1 / 28 Table of Contents Preliminaries 1 What is an Extractor? 2 Seeded Extractors 3 Deterministic

400 views • 28 slides
Quantum Random Access Codes with Shared Randomness Maris Ozols, Laura Mancinska, Andris

Quantum Random Access Codes with Shared Randomness Maris Ozols, Laura Mancinska, Andris

Introduction Classical RACs Quantum RACs Numerical results Symmetric constructions Summary Quantum Random Access Codes with Shared Randomness Maris Ozols, Laura Mancinska, Andris Ambainis, Debbie Leung University of Waterloo, IQC June 20,

1.12k views • 110 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Randomness Extractors. Secure Communication in Practice Lecture 17

Randomness Extractors. Secure Communication in Practice Lecture 17

Randomness Extractors. Secure Communication in Practice Lecture 17

816 views • 23 slides
Extractors and Pseudorandom Generators Luca Trevisan Columbia University Extractors and

Extractors and Pseudorandom Generators Luca Trevisan Columbia University Extractors and

Extractors and Pseudorandom Generators Luca Trevisan Columbia University Extractors and Pseudorandom Generators 1 Contents We present a new approach to construct extractors. Extractors transform a weakly random (realistic)

391 views • 27 slides
Quantum Error Correction On a quantum computer, a single electron or nucleus Peter J. Cameron in

Quantum Error Correction On a quantum computer, a single electron or nucleus Peter J. Cameron in

Classical v quantum In a classical computer, each bit of information is stored by a transistor containing trillions of electrons. Quantum Error Correction On a quantum

457 views • 3 slides
Randomness and quantum computa/on Computability and the BSS

Randomness and quantum computa/on Computability and the BSS

Randomness and quantum computa/on Computability and the BSS model, Hiddensee, August 9 , 2016 Andr Nies University of Auckland

652 views • 37 slides
From Quantum Computing Types of Physical . . . to Computers Quantum Processes . . . Randomness

From Quantum Computing Types of Physical . . . to Computers Quantum Processes . . . Randomness

We Need Faster . . . What Physical . . . How Can We Find . . . This Leads to . . . From Quantum Computing Types of Physical . . . to Computers Quantum Processes . . . Randomness in General of Generation Omega Completely Lawless . . .

383 views • 20 slides
Simulating quantum and classical field theories on a quantum computer Stephen Jordan With: John

Simulating quantum and classical field theories on a quantum computer Stephen Jordan With: John

Simulating quantum and classical field theories on a quantum computer Stephen Jordan With: John Preskill, Keith Lee, Ali Moosavian Pedro Costa, Aaron Ostrander Field Theory Classical Quantum Value at each point in space Qubit(s) at

447 views • 34 slides
Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos

Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos

Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos Santha CNRS, IRIF, Universit Paris Diderot, France and Centre for Quantum Technologies, NUS, Singapore 1/36 Plan of the talk 1 Crash course on

543 views • 36 slides
EP 228: Quantum Mechanics Lecture 11: Classical Vs Quantum Mechanics Probabilistic

EP 228: Quantum Mechanics Lecture 11: Classical Vs Quantum Mechanics Probabilistic

EP 228: Quantum Mechanics Lecture 11: Classical Vs Quantum Mechanics Probabilistic interpretation For large number of identically prepared system, we can say the probability of measuring enery E n will be |C n | 2 . Recall the definition

521 views • 13 slides
On canonical coupling of classical geometry to quantum matter 1. Introduction R ab 1 2 g ab R

On canonical coupling of classical geometry to quantum matter 1. Introduction R ab 1 2 g ab R

On canonical coupling of classical geometry to quantum matter 1. Introduction R ab 1 2 g ab R = 8 G c 4 T ab 1.1 classical T , classical R fine. 1.2 quantum T , quantum R nobody knows. 1.3 quantum T , classical R try it

239 views • 6 slides
Quantum Lecture 11 The classical wiretap channel The quantum wiretap channel Quantum

Quantum Lecture 11 The classical wiretap channel The quantum wiretap channel Quantum

Quantum Lecture 11 The classical wiretap channel The quantum wiretap channel Quantum key distribution Mikael Skoglund, Quantum Info 1/16 The Classical Wiretap Channel The degraded wiretap channel p ( y | x ) X n Y n W W

422 views • 8 slides
Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS 2018 Goal: explain section 3-D of arXiv:1805.03662 [...] [...] Key ideas we'll cover 1. Cost of error corrected quantum computation 2. Preparing

993 views • 45 slides
Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness

Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness

Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness Extractors Story So Far Basic primitives for secure communication: Shared-Key Public-Key SKE PKE Encryption MAC

498 views • 17 slides
Fabio Sebastiano Interfacing qubits with classical (non-quantum) systems A real-life quantum

Fabio Sebastiano Interfacing qubits with classical (non-quantum) systems A real-life quantum

Fabio Sebastiano Interfacing qubits with classical (non-quantum) systems A real-life quantum computer Electronic interface Quantum processor Example Single-qubit rotation Microwave pulse I f ~ 5 GHz 20 GHz Example Read-out

164 views • 12 slides
A Quantum Route to Hamilton-Jacobi Theory: Considerations on the Quantum-to-Classical Transition

A Quantum Route to Hamilton-Jacobi Theory: Considerations on the Quantum-to-Classical Transition

A Quantum Route to Hamilton-Jacobi Theory: Considerations on the Quantum-to-Classical Transition Collaborators : J. F. Cari nena, A. Ibort, G. Morandi N. Mukunda, G. Sudarshan, G. Esposito, J. Clemente-Gallardo X. Gr` acia, E. Mart

429 views • 19 slides
Quantum decoupling via efficient classical operations and the entanglement cost of one-shot

Quantum decoupling via efficient classical operations and the entanglement cost of one-shot

Review of some classical tasks Quantum tasks Efficient decoupling and entanglement optimization Quantum decoupling via efficient classical operations and the entanglement cost of one-shot quantum protocols Anurag Anshu (joint work with

707 views • 67 slides
The many classical faces of quantum structures Chris Heunen University of Oxford November 30,

The many classical faces of quantum structures Chris Heunen University of Oxford November 30,

The many classical faces of quantum structures Chris Heunen University of Oxford November 30, 2013 1 / 31 Relationship between classical and quantum 2 / 31 Relationship between classical and quantum 2 / 31 Relationship between classical and

1.07k views • 88 slides
Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil Korzekwa Faculty of Physics, Astronomy and Applied Computer Science, Jagiellonian University, Poland Outline 1. Motivation 2. Background 3.

492 views • 18 slides
Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic

Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic

Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic Andrew M. Childs Alex B. Grilo QCrypt 2020 arXiv:1911.08101 Verifiable quantum advantage 1 Verifiable quantum advantage When a quantum cloud is

808 views • 51 slides

More recommend