Download presentation

Presentation is loading. Please wait.

Published byHarrison Hitchings Modified over 2 years ago

1
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya De, and Renato Renner

2
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

3
Quantum Key Distribution quantum channel classical channel Eve

4
Privacy amplification [BBR’88] Eve F

5
Examples F

6
Aside: randomness extraction (1) Fundamental concept from TCS [NZ’96] Weak randomness is “readily” available Many applications require “perfect” randomness Can we convert one to the other? x P X (x) x Randomized algorithms Crypto Modeling x P U (x) x P X (x) Public source X: Ideal uniform source: Ext?

7
Aside: randomness extraction (2) x P U (x) x P X (x) Ext? + x P Y (x)

8
Extractors for privacy amplification F

9
Example: the perfect matching extractor x1x1 x3x3 x n-1 x2x2 x4x4 xnxn Classical adversary: cannot do better than birthday paradox → need ≈ √n bits of information about x Quantum adversary: on seeing x, store when matching revealed, measure in → only need ≈ log n qubits! X: n-bit string Y: perfect matching chosen among n 2 Ext Ext: {0,1} n x {0,1} 2log n → {0,1} n/2 Output is uniformly random [GKKRW’07]

10
Summary of known constructions SeedOutputRef. Inner-productn1[Ben-Or ’02] 2-universal hashingn[KMR’05] One-bit extractorslog n1[KT’06] n[FS’07] Almost 2-universal hashing m[TSSR’10] Trevisan’s extractor[T-S’09],[DV’10], [DPRV’11]

11
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

12
A one-bit extractor

13
Quantum eavesdroppers

14
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

15
Trevisan’s construction (1) 0 000111 y

16
0 000111 y x + Trevisan’s construction (2)

17
Some parameters

18
Overview of security proof 0 000111 y: t bits + x: n bits

19
Summary Privacy amplification is an important step in QKD Well-understood classically, but quantum eavesdropper is a challenge Some constructions proved to carry over – 2-universal hashing most often used: efficient (matrix multiplication), extracts most key. – All previous const. require as many “fresh” random bits as length of key Trevisan’s construction has many advantages – Efficient (local XOR computation) – Extracts longest possible key, only polylog random bits required Proof of security based on reconstruction argument + [KT’06]

20
Open problems

21
Thank you!

Similar presentations

OK

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on computer hardware troubleshooting Ppt on fast food in india Ppt on indian textile industries in indonesia Free download ppt on solar water heating system Ppt on accounting standards 10 Ppt on service oriented architecture soa Ppt on precautions of tsunami in japan Ppt on building information modeling classes Ppt on job evaluation and job rotation Ppt on trial and error theory