pseudorandom states no cloning pseudorandom states no
play

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning - PowerPoint PPT Presentation

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money Theorems and Quantum Money Zhengfeng Ji (UTS:QSI) QCrypt 2018, Shanghai 1 . 1 A Joint Work With A Joint Work With Yi-Kai Liu Fang Song (NIST and


  1. Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money Theorems and Quantum Money Zhengfeng Ji (UTS:QSI) QCrypt 2018, Shanghai 1 . 1

  2. A Joint Work With A Joint Work With Yi-Kai Liu Fang Song (NIST and UMD) (PSU -> TAMU) 1 . 2

  3. Pseudorandomness Pseudorandomness One of the foundations of modern cryptography 2 . 1

  4. Pseudorandomness in Modern Cryptography Pseudorandomness in Modern Cryptography Pseudorandom objects look random to computationally bounded adversaries Computational indistinguishability Pseudorandom generators (PRGs) } l } 2 l g : {0, 1 → {0, 1 PRGs exist if one-way functions (OWFs) exist [Håstad, Impagliazzo, Levin, and Luby 1999] 2 . 2

  5. Pseudorandom Functions and Permutations Pseudorandom Functions and Permutations A random function assigns a random value from the f : X → Y range to each input from domain . Y X Pseudorandom functions (PRFs) A function is pseudorandom if for any PRF : K × X → Y polynomial-time randomized algorithm A ∣ ∣ k ← K A PRF k 1 κ f ← Y X A f 1 κ ∣ Pr [ ( ) = 1 ] − Pr [ ( ) = 1 ] = negl( κ ). ∣ ∣ ∣ Pseudorandom permutations (PRPs) Stream ciphers, block ciphers, message authentication, … 2 . 3

  6. Pseudorandomness in the Quantum Era Pseudorandomness in the Quantum Era True randomness from quantum mechanics Prepare state and measure in the – √ |+ ⟩ = (|0 ⟩ + |1 ⟩ )/ 2 computational basis Device-independent randomness expansion and ampli�cation Why do we need to care about pseudorandomness in quantum computing? 2 . 4

  7. The problem of ef�ciency The number of random functions with n-bit input/output is and 2 n 2 n we need exponentially many bits simply to specify a truly random function Similar argument applies to the space of quantum states of qubits n Pseudorandomness is not a weaker form randomness; it is a different variant of randomness, a combinatorial construction 2 . 5

  8. Pseudorandomness Against Quantum Attacks Pseudorandomness Against Quantum Attacks Stronger assumption: quantum OWFs, functions that are easy to compute classically, but hard to invert even quantumly Security proofs Quantum-secure PRGs exist assuming quantum OWFs Quantum-secure PRFs exist assuming quantum OWFs [Zhandry 2012] Quantum-secure PRPs exist assuming quantum OWFs [Zhandry 2016], [Song 2017, Blog post at ] http://qcc.fangsong.info/2017-06-quantumprp/ 2 . 6

  9. Pseudorandom Quantum Objects Pseudorandom Quantum Objects From classical objects to quantum objects 3 . 1

  10. Pseudorandom Quantum States (PRS's) Pseudorandom Quantum States (PRS's) Truly random quantum states and Haar measure on state space How to de�ne PRS? A family of states is pseudorandom if it is {| ϕ ⟩ k } k ∈ K computationally indistinguishable from the maximally mixed state? [Chen, Chung, Lai, Vadhan and Wu 2017] Missing properties: no-cloning, entanglement, … How about the random bit strings? 1 I ∑ | x ⟩⟨ x | = N N x ∈{0,1} n 3 . 2

  11. A keyed family of quantum states is { | ϕ k ⟩ ∈ S( H ) } k ∈ K pseudorandom , if the following two conditions hold: 1. (Ef�cient generation). There is an ef�cient quantum algorithm such that for all , . G k ∈ K G ( k ) = | ϕ k ⟩ 2. (Pseudorandomness). For any ef�cient quantum algorithm A and any number of copies , m ∈ poly( κ ) ∣ ∣ ϕ k ⟩ ⊗ m ⟩ ⊗ m ∣ Pr [ A (| ) = 1 ] − Pr [ A (| ψ ) = 1 ] ∣ k ← K ∣ | ψ ⟩ ← μ ∣ is negligible. The number of copies matters quantumly.

  12. 3 . 3

  13. Constructions of PRS's Constructions of PRS's PRS's from quantum-secure PRFs or PRPs 4 . 1

  14. Random Phase States Random Phase States Let be a quantum-secure pseudorandom PRF : K × X → X function with key space , and K X = {0, 1, 2, … , N − 1} . and are functions of the security parameter . N = 2 n K N κ Let be the -th root of unity. The family ω N = exp(2 πi / N ) N of pseudorandom states of qubits is de�ned n 1 PRF k ( x ) | ϕ k ⟩ = ∑ ω | x ⟩ . − − N √ N x ∈ X 4 . 2

  15. Properties and Applications Properties and Applications 5 . 1

  16. Cryptographic No-cloning Theorem Cryptographic No-cloning Theorem Pseudorandom states are not ef�ciently clonable Theorem. For any PRS , , , m ′ {| ϕ k } k ∈ K m ∈ poly( κ ) ⟩ > m and any polynomial-time quantum algorithm , the success C cloning probability ⊗ m ′ ⊗ m E ⟨ ( | ϕ k ⟩⟨ ϕ k ) | , C (( | ϕ k ⟩⟨ ϕ k ) | ) ⟩ = negl( κ ). k ∈ K Basic idea Haar random states are not clonable. So if pseudorandom states are clonable, one can use this property to distinguish it from the Haar random case by SWAP tests.

  17. 6 . 1

  18. Quantum Money Quantum Money PRS's give rise to quantum money schemes 7 . 1

  19. What is Quantum Money What is Quantum Money First proposed by Wiesner that arguably marks the beginning of quantum information [Wiesner 1969] The no-cloning theorem prevents counterfeiting of quantum money A money scheme is secure if (1) any valid banknote is accepted with high probability, and (2) any polynomial-time counterfeiter succeeds with negligible probability 7 . 2

  20. Quantum Money from PRS's Quantum Money from PRS's For any with key space , we can de�ne a PRS = { | ϕ k } k ∈ K ⟩ K private-key quantum money scheme as follows: S PRS 1. generates the banknote Bank( k ) |$ ⟩ = | ϕ k ⟩ 2. applies the projective measurement that accepts Ver( k , ρ ) with probability ρ ⟨ ϕ k | ρ | ϕ k ⟩ For security proof, we need to strengthen the Cryptographic No- cloning Theorem so that it can handle the oracle call to . Ver 7 . 3

  21. Entanglement in PRS Entanglement in PRS Let be a family of PRS with security parameter . { | ϕ k } k ∈ K ⟩ κ Consider the partition of the state into systems A and B | ϕ k ⟩ each consisting of polynomial number of qubits in the security parameter. We have 1. The expected Schmidt rank of for all and κ c | ϕ k ⟩ ≥ c > 0 suf�ciently large . κ 2. The expected entanglement accross the cut A:B is . E k E ( ϕ k ) = ω (log κ ) 7 . 4

  22. Conclusions Conclusions The de�nition of pseudorandom states Construction of PRS's Cryptographic No-cloning Theorems for PRS's Quantum money from PRS's Entanglement in PRS Open problems How about pseudorandom unitaries? Is quantum-secure OWF necessary? More applications? 8 . 1

  23. 8 . 2

  24. Advertisement Advertisement Multiple PhD positions available at UTS:QSI Email: Zhengfeng.Ji@uts.edu.au 9 . 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend