Download presentation

Presentation is loading. Please wait.

Published byHarrison Hitchings Modified over 2 years ago

1
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya De, and Renato Renner

2
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

3
Quantum Key Distribution quantum channel classical channel Eve

4
Privacy amplification [BBR’88] Eve F

5
Examples F

6
Aside: randomness extraction (1) Fundamental concept from TCS [NZ’96] Weak randomness is “readily” available Many applications require “perfect” randomness Can we convert one to the other? x P X (x) x Randomized algorithms Crypto Modeling x P U (x) x P X (x) Public source X: Ideal uniform source: Ext?

7
Aside: randomness extraction (2) x P U (x) x P X (x) Ext? + x P Y (x)

8
Extractors for privacy amplification F

9
Example: the perfect matching extractor x1x1 x3x3 x n-1 x2x2 x4x4 xnxn Classical adversary: cannot do better than birthday paradox → need ≈ √n bits of information about x Quantum adversary: on seeing x, store when matching revealed, measure in → only need ≈ log n qubits! X: n-bit string Y: perfect matching chosen among n 2 Ext Ext: {0,1} n x {0,1} 2log n → {0,1} n/2 Output is uniformly random [GKKRW’07]

10
Summary of known constructions SeedOutputRef. Inner-productn1[Ben-Or ’02] 2-universal hashingn[KMR’05] One-bit extractorslog n1[KT’06] n[FS’07] Almost 2-universal hashing m[TSSR’10] Trevisan’s extractor[T-S’09],[DV’10], [DPRV’11]

11
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

12
A one-bit extractor

13
Quantum eavesdroppers

14
Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

15
Trevisan’s construction (1) y

16
y x + Trevisan’s construction (2)

17
Some parameters

18
Overview of security proof y: t bits + x: n bits

19
Summary Privacy amplification is an important step in QKD Well-understood classically, but quantum eavesdropper is a challenge Some constructions proved to carry over – 2-universal hashing most often used: efficient (matrix multiplication), extracts most key. – All previous const. require as many “fresh” random bits as length of key Trevisan’s construction has many advantages – Efficient (local XOR computation) – Extracts longest possible key, only polylog random bits required Proof of security based on reconstruction argument + [KT’06]

20
Open problems

21
Thank you!

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google