Quantum
Cryptography
Christian Schaffner
ILLC, University of Amsterdam
Centrum
Wiskunde
&
Informatica
Logic, Language and Computation
Monday, 15 October 2012
2
What will you Learn from this Talk?
Classical Cryptography
Quantum Computation &
Teleportation
Position

Based
Cryptography
Garden

Hose Model
3
Classical Cryptography
3000 years of fascinating history
until
1970:
private communication
was the only goal
4
Modern Cryptography
is
everywhere
!
is concerned with all settings where people
do not trust
each other
Modern Cryptography
Alice
Bob
symmetric

key cryptography:
encryption: Eve does not
learn
the message
authentication: Eve cannot
alter
the message
Eve
k = 0101 1011
c
= m
©
k = 0101 0100
k = 0101 1011
m = 0000 1111
m
= c
©
k = 0000 1111
, e.g.
one

time pad
Modern Cryptography
Alice
Bob
symmetric

key cryptography:
encryption: Eve does not
learn
the message
authentication: Eve cannot
alter
the message
public

key cryptography:
solves
the
key

exchange
problem
digital
signatures
Eve
m = 0000 1111
public key
secret key
7
Introduction to Modern Cryptography
6 ECTS
MoL
course
first lecture: Tuesday, 30 October 2012, 11:
00, B0.208
http://homepages.cwi.nl/~schaffne/course
/
be the first to solve the
crypto challenge
!
8
What to Learn from this Talk?
Classical Cryptography
Quantum Computing & Teleportation
Position

Based Cryptography
Garden

Hose Model
9
Quantum Bit:
Polarization
of
a Photon
q
u
b
i
t
a
s
u
n
i
t
v
e
c
t
o
r
i
n
C
2
10
Qubit
:
Rectilinear/Computational
Basis
11
Detecting a
Qubit
Bob
no
photons
:
0
Alice
12
Measuring a Qubit
Bob
no
photons
:
0
photons:
1
with prob. 1 yields 1
measurement
:
0/1
Alice
13
Diagonal/
Hadamard
Basis
with prob. ½ yields 0
with prob. ½ yields 1
Measurement:
0/1
=
14
Illustration of a Superposition
with prob. ½ yields 0
with prob. ½ yields 1
Measurement:
0/1
=
15
Illustration of a Superposition
=
=
16
Quantum
Mechanics
with prob. 1 yields 1
Measurements:
+
basis
£
basis
with prob. ½ yields 0
with prob. ½ yields 1
0/1
0/1
Quantum Information Processing (QIP)
18
No

Cloning Theorem
?
?
?
quantum
operations:
U
Proof: copying is a
non

linear operation
Quantum Key Distribution (QKD)
Alice
Bob
Eve
security
against
unrestricted
eavesdroppers
:
quantum
states
are
unknown
to
Eve,
she
cannot
copy
them
honest
players
can
check
whether
Eve
interfered
technically feasible
:
no quantum computation required
,
only quantum communication
[
Bennett Brassard 84
]
20
EPR Pairs
prob. ½ : 0
prob. ½ : 1
prob. 1 : 0
[
Einstein
Podolsky
Rosen 1935]
“
spukhafte
Fernwirkung
” (spooky action at a distance)
EPR pairs
do not allow to communicate
(
no contradiction
to relativity theory)
can provide a shared random bit
EPR magic!
21
Quantum Teleportation
[
Bennett Brassard Cr
é
peau
Jozsa
Peres
Wootters
1993]
does
not contradict relativity theory
teleported
state can only be recovered
once the classical information
¾
arrives
?
[
Bell]
?
?
22
What to Learn from this Talk?
Classical Cryptography
Quantum Computing & Teleportation
Position

Based Cryptography
Garden

Hose Model
23
How to Convince Someone of Your Presence at a Location
The Great Moon
Landing Hoax
http://www.unmuseum.org/moonhoax.htm
24
Basic Task: Position Verification
Prove you are at a
certain location
:
launching

missile command comes from within the
military headquarters
talking to
the correct country
pizza delivery
problem
…
building block
for
advanced cryptographic tasks:
authentication, position

based key

exchange
can
only decipher message at specific
location
Can
the
geographical
location
of
a
player
be
used
as
cryptographic
credential
?
25
Basic task: Position Verification
Prover
wants to convince
verifiers that she is at a
particular position
no
coalition of (fake)
provers
, i.e. not at the claimed
position, can convince verifiers
assumptions:
communication at speed of light
instantaneous computation
verifiers can coordinate
Verifier1
Verifier2
Prover
26
Position Verification: First Try
Verifier1
Verifier2
Prover
time
distance bounding [Brands
Chaum
‘93]
27
Position Verification: Second Try
Verifier1
Verifier2
Prover
position
verification
is
classically
impossible
!
[
Chandran
Goyal
Moriarty
Ostrovsky
: CRYPTO
’
09]
28
Equivalent Attacking Game
independent messages
m
x
and
m
y
copying
classical information
this is
impossible
quantumly
29
Position Verification: Quantum Try
[Kent Munro
Spiller
03/10
]
Let us study the attacking game
?
?
?
30
?
Attacking Game
impossible
but
possible
with entanglement!!
?
?
?
?
31
?
Entanglement attack
done if b=1
[
Bell]
?
?
32
?
Entanglement attack
the correct person can reconstruct the
qubit
in time!
the scheme is completely broken
[
Bell]
?
?
[
Bell]
33
more complicated schemes?
Different schemes
proposed by
Chandran, Fehr, Gelles, Goyal, Ostrovsky [2010]
Malaney [2010]
Kent, Munro, Spiller [2010]
Lau, Lo [2010
]
Unfortunately they can all
be
broken
!
general
no

go
theorem
[
Buhrman
,
Chandran
,
Fehr
,
Gelles
,
Goyal
,
Ostrovsky
, S 2010]
34
U
Most General Single

Round Scheme
Let us study the attacking game
35
U
Distributed Q Computation in 1 Round
using some form of
back

and

forth teleportation
,
players
succeed with probability arbitrarily close to
1
requires an
exponential amount
of EPR pairs
36
No

Go Theorem
Any position

verification protocol
can be
broken
using
an
exponential
number
of
EPR

pairs
Question
:
is this optimal
?
Does
there
exist
a
protocol
such
that
:
any
attack
requires many EPR

pairs
honest
prover
and
verifiers
efficient
37
Single

Qubit
Protocol:
SQP
f
[Kent Munro
Spiller
03/10
]
if f(
x,y
)=0
?
?
?
if f(
x,y
)=1
efficiently computable
38
?
Attacking Game for
SQP
f
Define
E(
SQP
f
)
:= minimum number of EPR pairs
required for attacking
SQP
f
?
?
if f(
x,y
)=0
if f(
x,y
)=1
x
y
39
What to Learn from this Talk?
Classical Cryptography
Quantum Computing & Teleportation
Position

Based Cryptography
Garden

Hose Model
http://arxiv.org/abs/
1109.2563
Buhrman
,
Fehr,
S,
Speelman
share
s
waterpipes
40
The Garden

Hose Model
The Garden

Hose Model
based on their inputs, players connect
pipes with pieces of hose
Alice also connects a
water
tap
41
if water exits @ Alice
if water exits @ Bob
Garden

Hose complexity of
f
:
GH
(f
)
:= minimum number
of pipes needed to compute f
42
if water exits @ Alice
if water exits @ Bob
The Garden

Hose Model
Demonstration: Inequality on Two Bits
43
GH
( Inequality )
∙
demonstration: 3n
challenge: 2n + 1 (first student to email me solution wins)
world record
:
~1.448n (
using IBM’s SAT
solver)
GH( Inequality )
¸
n
[
Pietrzak
‘11]
n

Bit Inequality Puzzle
44
Relationship between
E(
SQP
f
)
and
GH(f)
GH(f)
¸
E(
SQP
f
)
Garden

Hose
Attacking Game
teleport
teleport
teleport
teleport
?
GH(f)
¸
E(
SQP
f
)
Garden

Hose
Attacking Game
teleport
teleport
teleport
teleport
?
y, Bob’s
telep
. keys
x, Alice’s
telep
. keys
using
x &
y,
can follow the water/
qubit
correct water/
qubit
using
all
measurement
outcomes
48
last slide:
GH
(f)
¸
E(
SQP
f
)
The two models are
not
equivalent
:
exists
f such that
GH(f) = n
, but
E
(
SQP
f
)
∙
log(n)
Quantum
garden

hose
model:
give Alice & Bob also entanglement
research question: are the models
now
equivalent
?
GH(f)
=
E(
SQP
f
)
?
49
Garden

Hose Complexity Theory
every f has GH(f)
∙
2
n+1
if f
in
logspace
,
then GH(f)
∙
polynomial
efficient f & no efficient attack
)
P
L
exist f with GH(f)
exponential
(
counting argument)
for g
2
{equality, IP, majority
}:
GH(g)
¸
n / log(n)
techniques from communication
complexity
Many open problems!
50
What
Have You Learned from
this Talk?
Classical Cryptography
Quantum Computing &
Teleportation
51
What
Have You Learned from
this Talk?
No

Go Theorem
Impossible
unconditionally, but attack
requires
unrealistic amounts of
resources
Garden

Hose Model
model of communication complexity
Position

Based Cryptography
52
Take on the crypto challenges!
GH( Inequality )
=
2n
+ 1
pipes
the first person to tell me (
cschaffner@
uva.nl
) the
protocol wins:
course
“Introduction to Modern Cryptography”
first lecture: Tuesday, 30 October 2012, 11:
00
Comments 0
Log in to post a comment