Research on Quantum Computational Complexity and Quantum Cryptography at ERATOQCI Project, JST Hiroshi IMAI ERATO QCI Project, JST Dept. Computer Science, Univ. Tokyo 21st Century COE Security Program and RDI, Chuo University 2003 International Symposium on Next Generation Cryptography and Related Mathematics
Complexity Theory vs. Cryptography • Most of current cryptosystems – Computationally secure based on Computational Complexity Theory • This talk: – Quantum Computing/Cryptography • Quantum states ⇔ information – Let’s start with various complexity classes
Classical Computational NEXP NEXP Complexity Classes EXP EXP Exponential Time PSPACE PSPACE Polynomial Space NP Nondeterministic NP Intractable Polynomial Time Tractable P P Polynomial Time
Probabilistic Complexity NEXP NEXP EXP EXP PSPACE PSPACE PP Probabilistic Polynomial Bounded-error Probabilistic Polynomial NP BPP NP co-NP RP co-RP Randomized Polynomial ZPP Zero-error Probabilistic P P Polynomial
Probabilistic Complexity NEXP NEXP EXP EXP PSPACE PSPACE PP Before 2002 however, PRIMES Integer Factoring ??? 2002 NP BPP NP co-NP PRIMES RP co-RP (next talk by ZPP Prof. Agrawal) P P
Quantum Computing NEXP NEXP EXP EXP PSPACE PSPACE Integer factoring PP in Quantum Polynomial Time Bounded-error (Shor 1994) Quantum Polynomial time BQP NP BPP NP co-NP RP co-RP ZPP P P
Interactive Proof System NEXP NEXP= MIP Multi-prover Interctive Proof EXP EXP PSPACE PSPACE= IP IP= IP poly = AM poly Interactive Proof PP Mathematical Model of Cryptographic Protocol AM= AMc ≧ 2 = AM 2 = IP 2 MA= AM 1 Arthur-Merline Game NP BPP NP co-NP RP co-RP ZPP P P
Quantum Complexity NEXP= MIP= QMIP NEXP EXP Quantum MIP EXP QIP Quantum IP BQPSPACE= PrQPSPACE= (N)PSPACE= IP PSPACE PrQP = PP AQMA NQP= co-C = P QMA RQMA MA= AM 1 BQP EQMA NP BPP NP (= EMA) co-NP RP co-RP ZPP P P
Quantum Computing/Cryptography Quantum Computing & I nformation – exponential speed-up by quantum superposition – information transmission by quantum entanglements Impacts: – Quantum Computer destroys I T security (cryptosystem) – P. Shor: Integer Factoring, easy for Quantum Computer collapse of public key cryptosysytem (RSA crypto, etc.) – Quantum Cryptography (possible next-generation crypto.) – secure by quantum principle (physical law) – BB84, B92, etc.
Quantum Cryptography • Aims at Unconditionally Secure cryptoprotocols – Attempts to overcome the limit of computational secure protocols – Unconditional security by quantum power • Measurment ⇒ state reduction • This enales us to detect the existence of eavesdropper • From Computational Complexity Assumptions to Physical Principles
Existing Research on Quantum Cryptography • Quantum Key Distribution: BB84, B92, etc. – unconditionally secure key distribution by quantum law • Quantum law allows detection of the eavesdropper – unconditionally secure crypt. (one-time pad) • Quantum Bit Commitment – Impossibility theorem? (Mayers; Lo and Chau 1997) • Quantum Coin Flipping – Impossibility theorem?? • Almost no other cryptoprotocols by quantum information
Quantum Crypto Quantum Crypto s e n d e r r e c e i v e r ( Alice ) ( Bob ) + receiver 1 + basis : Quantum effect 0 Horizontal: 0 Correct comm. : Vertical:1 Single photon 0,1 of + basis Q communication received + rec. Select one of bases Send 0 or 1 on it 0,1 of ☓ bases 0 Received by ☓ rec 1 ☓ basis : ○ : : 0 45 No information : ○ : 1 135 eavesdroppter ☓ receiver + , ☓ different rec (Eve) (with ½ probability) Verification through classical communication both can’t be used ( uncertainty p. ) Detection of the eavesdroppter
Need for quantum research to develop other protocols • Digital Signature • Secrete Sharing • Authentification • E-voting, E-money, E-… • … • Multi-party Protocol
Computationally Secure Multi-party Protocol Computational secure multi-party protocol Coin Flipping Zero-Knowledge Proof Oblivious Transfer for any N P Problem Bit Commitment One-way function with trap door
Non-Interactive Quantum Statistical and Perfect Zero-Knowledge Proofs Hirotada Kobayashi Quantum Computation and Information (QCI) Project ERATO (Exploratory Research for Advanced Technology) JST (Japan Science and Technology Corporation) Concerning this part, cf. quant-ph/0207158 Title: Non-Interactive Quantum Statistical and Perfect Zero- Knowledge Author: Hirotada Kobayashi
Interactive Proof Systems [Babai 1985, Goldwasser, Micali, and Rackoff 1985] • Two players: prover , verifier – Prover tries to convince verifier of her assertion. – Verifier must check validity of prover’s assertion. (probabilistically and efficiently) probabilistically ⇒ with bounded error efficiently ⇒ in time polynomial to input length Interactive Peggy (Prover) Victor (Verifier) Communication
Example: Graph Non-Isomorphism Graph Non-Isomorphism Problem (GNI) INPUT: Two graphs G 1 , G 2 of n vertices QUESTION: For all permutation π ∈ S n on vertices, π ( G 1 ) ≠ G 2 ? ◎ Protocol of verifier V : 1. Choose an index i ∈ {1,2} of graphs and a permutation π ∈ S n at random. Send a graph π ( G i ) to prover P to ask which of the two is isomorphic to π ( G i ). 2. Receive an index j from P . Accept iff i = j .
1 1 2 同型 4 4 3 3 2 非同型 1 4 2 3 2 4 3 1
Summary • Non-interactive quantum zero-knowledge proofs – NIQSZK, NIQPZK – Necessity of shared randomness or shared entanglement – NIQPZK of perfect completeness with shared EPR pairs • Complete problem for NIQPZK ( 1, b ) – NIQPZK proofs for graph non-automorphism problem – Complete problem for BQP
Recommend
More recommend
