Research on Quantum Computational Complexity and Quantum - - PowerPoint PPT Presentation

Research on Quantum Computational Complexity and Quantum Cryptography at ERATOQCI Project, JST

Hiroshi IMAI ERATO QCI Project, JST

• Dept. Computer Science, Univ. Tokyo

21st Century COE Security Program and RDI, Chuo University 2003 International Symposium on Next Generation Cryptography and Related Mathematics

Complexity Theory vs. Cryptography

• Most of current cryptosystems

– Computationally secure based on Computational Complexity Theory

• This talk:

– Quantum Computing/Cryptography

• Quantum states ⇔ information

– Let’s start with various complexity classes

Classical Computational Complexity Classes

NEXP NEXP P Polynomial Time P NP PSPACE EXP PSPACE EXP Exponential Time Polynomial Space Nondeterministic Polynomial Time NP Intractable Tractable

Probabilistic Complexity

P ZPP RP co-RP NP co-NP BPP PP PSPACE Probabilistic Polynomial Bounded-error Probabilistic Polynomial Randomized Polynomial Zero-error Probabilistic Polynomial NEXP NEXP EXP EXP PSPACE NP P

Probabilistic Complexity

NEXP P ZPP RP co-RP NP co-NP BPP PP PSPACE

Before 2002 PRIMES 2002 PRIMES (next talk by

• Prof. Agrawal)

however, Integer Factoring ???

NEXP EXP EXP PSPACE NP P

P ZPP RP co-RP NP co-NP BPP PP PSPACE NEXP EXP BQP

Integer factoring in Quantum Polynomial Time (Shor 1994)

Bounded-error Quantum Polynomial time

Quantum Computing

NEXP EXP PSPACE NP P

Interactive Proof System

P ZPP RP co-RP NP co-NP BPP MA= AM1 PP AM= AMc≧2= AM2= IP2

Arthur-Merline Game

IP= IPpoly= AMpoly Interactive Proof EXP Mathematical Model of Cryptographic Protocol NEXP NEXP= MIP Multi-prover Interctive Proof EXP PSPACE PSPACE= IP NP P

Quantum Complexity

P ZPP RP co-RP NP(= EMA) co-NP BPP BQP MA= AM1 QMA AQMA PrQP = PP EQMA RQMA NQP= co-C=P QIP EXP NEXP= MIP= QMIP Quantum IP Quantum MIP NEXP EXP BQPSPACE= PrQPSPACE= (N)PSPACE= IP PSPACE NP P

Quantum Computing/Cryptography

Quantum Computing & I nformation

– exponential speed-up by quantum superposition – information transmission by quantum entanglements

Impacts:

– Quantum Computer destroys I T security (cryptosystem) – P. Shor: Integer Factoring, easy for Quantum Computer collapse of public key cryptosysytem (RSA crypto, etc.) – Quantum Cryptography (possible next-generation crypto.) – secure by quantum principle (physical law) – BB84, B92, etc.

Quantum Cryptography

• Aims at Unconditionally Secure cryptoprotocols

– Attempts to overcome the limit of computational secure protocols – Unconditional security by quantum power

• Measurment ⇒ state reduction
• This enales us to detect the existence of eavesdropper
• From Computational Complexity Assumptions

to Physical Principles

Existing Research on Quantum Cryptography

• Quantum Key Distribution: BB84, B92, etc.

– unconditionally secure key distribution by quantum law

• Quantum law allows detection of the eavesdropper

– unconditionally secure crypt. (one-time pad)

• Quantum Bit Commitment

– Impossibility theorem? (Mayers; Lo and Chau 1997)

• Quantum Coin Flipping

– Impossibility theorem??

• Almost no other cryptoprotocols by quantum information

eavesdroppter (Eve)

Q communication 1 1

Quantum effect

Correct comm.：

0,1 of ＋basis received ＋rec.

0,1 of ☓ bases Received by ☓ rec No information：

＋,☓ different rec

(with ½ probability) both can’t be used （ uncertainty p.）

s e n d e r ( Alice） r e c e i v e r ( Bob) ＋basis：

Horizontal: 0 Vertical:1 ☓basis： 45

○:: 0

135

○: 1

Verification through classical communication Detection of the eavesdroppter

＋receiver

☓receiver Select one of bases Send 0 or 1 on it

Quantum Crypto Quantum Crypto

Single photon

Need for quantum research to develop other protocols

• Digital Signature
• Secrete Sharing
• Authentification
• E-voting, E-money, E-…
• …
• Multi-party Protocol

Computationally Secure Multi-party Protocol

Computational secure multi-party protocol

Oblivious Transfer

Coin Flipping

Zero-Knowledge Proof for any Ｎ ＰProblem

Bit Commitment One-way function with trap door

Non-Interactive Quantum Statistical and Perfect Zero-Knowledge Proofs

Hirotada Kobayashi

Quantum Computation and Information (QCI) Project ERATO (Exploratory Research for Advanced Technology) JST (Japan Science and Technology Corporation) Concerning this part, cf. quant-ph/0207158 Title: Non-Interactive Quantum Statistical and Perfect Zero- Knowledge Author: Hirotada Kobayashi

Interactive Proof Systems

[Babai 1985, Goldwasser, Micali, and Rackoff 1985]

• Two players: prover, verifier

– Prover tries to convince verifier of her assertion. – Verifier must check validity of prover’s assertion. (probabilistically and efficiently) probabilistically ⇒ with bounded error efficiently ⇒ in time polynomial to input length

Peggy (Prover) Victor (Verifier) Interactive Communication

Example: Graph Non-Isomorphism

Graph Non-Isomorphism Problem (GNI) INPUT: Two graphs G1, G2 of n vertices QUESTION: For all permutation π ∈ Sn on vertices, π (G1) ≠ G2? ◎ Protocol of verifier V:

• 1. Choose an index i ∈ {1,2} of graphs

and a permutation π ∈ Sn at random. Send a graph π (Gi) to prover P to ask which of the two is isomorphic to π (Gi).

• 2. Receive an index j from P.

Accept iff i = j.

1 同型 1 2 4 4 3 3 2 1 4 非同型 2 3 4 3 1 2

Summary

• Non-interactive quantum zero-knowledge proofs

– NIQSZK, NIQPZK – Necessity of shared randomness or shared entanglement – NIQPZK of perfect completeness with shared EPR pairs

• Complete problem for NIQPZK(1, b)

– NIQPZK proofs for graph non-automorphism problem – Complete problem for BQP