Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Published byHarrison Hitchings Modified over 9 years ago

Similar presentations

Presentation on theme: "Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya."— Presentation transcript:

1 Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya De, and Renato Renner

2 Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

3 Quantum Key Distribution quantum channel classical channel Eve

4 Privacy amplification [BBR’88] Eve F

5 Examples F

6 Aside: randomness extraction (1) Fundamental concept from TCS [NZ’96] Weak randomness is “readily” available Many applications require “perfect” randomness Can we convert one to the other? x P X (x) x Randomized algorithms Crypto Modeling x P U (x) x P X (x) Public source X: Ideal uniform source: Ext?

7 Aside: randomness extraction (2) x P U (x) x P X (x) Ext? + x P Y (x)

8 Extractors for privacy amplification F

9 Example: the perfect matching extractor x1x1 x3x3 x n-1 x2x2 x4x4 xnxn Classical adversary: cannot do better than birthday paradox → need ≈ √n bits of information about x Quantum adversary: on seeing x, store when matching revealed, measure in → only need ≈ log n qubits! X: n-bit string Y: perfect matching chosen among n 2 Ext Ext: {0,1} n x {0,1} 2log n → {0,1} n/2 Output is uniformly random [GKKRW’07]

10 Summary of known constructions SeedOutputRef. Inner-productn1[Ben-Or ’02] 2-universal hashingn[KMR’05] One-bit extractorslog n1[KT’06] n[FS’07] Almost 2-universal hashing m[TSSR’10] Trevisan’s extractor[T-S’09],[DV’10], [DPRV’11]

11 Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

12 A one-bit extractor

13 Quantum eavesdroppers

14 Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

15 Trevisan’s construction (1) 0 000111 y

16 0 000111 y x + Trevisan’s construction (2)

17 Some parameters

18 Overview of security proof 0 000111 y: t bits + x: n bits

19 Summary Privacy amplification is an important step in QKD Well-understood classically, but quantum eavesdropper is a challenge Some constructions proved to carry over – 2-universal hashing most often used: efficient (matrix multiplication), extracts most key. – All previous const. require as many “fresh” random bits as length of key Trevisan’s construction has many advantages – Efficient (local XOR computation) – Extracts longest possible key, only polylog random bits required Proof of security based on reconstruction argument + [KT’06]

20 Open problems

21 Thank you!

Download ppt "Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya."

Similar presentations

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.

Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.

Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.
The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley.

The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou

Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)

Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.

Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.
Random Quantum Circuits are Unitary Polynomial-Designs Fernando G.S.L. Brandão 1 Aram Harrow 2 Michal Horodecki 3 1.Universidade Federal de Minas Gerais,

Random Quantum Circuits are Unitary Polynomial-Designs Fernando G.S.L. Brandão 1 Aram Harrow 2 Michal Horodecki 3 1.Universidade Federal de Minas Gerais,
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
How to get more mileage from randomness extractors Ronen Shaltiel University of Haifa.

How to get more mileage from randomness extractors Ronen Shaltiel University of Haifa.
Deterministic extractors for bit- fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel Seedless.

Deterministic extractors for bit- fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel Seedless.
Extracting Randomness David Zuckerman University of Texas at Austin.

Extracting Randomness David Zuckerman University of Texas at Austin.
Efficient Algorithms via Precision Sampling Robert Krauthgamer (Weizmann Institute) joint work with: Alexandr Andoni (Microsoft Research) Krzysztof Onak.

Efficient Algorithms via Precision Sampling Robert Krauthgamer (Weizmann Institute) joint work with: Alexandr Andoni (Microsoft Research) Krzysztof Onak.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Similar presentations

Ads by Google