Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Similar presentations


Presentation on theme: "Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya."— Presentation transcript:

1 Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya De, and Renato Renner

2 Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

3 Quantum Key Distribution quantum channel classical channel Eve

4 Privacy amplification [BBR’88] Eve F

5 Examples F

6 Aside: randomness extraction (1) Fundamental concept from TCS [NZ’96] Weak randomness is “readily” available Many applications require “perfect” randomness Can we convert one to the other? x P X (x) x Randomized algorithms Crypto Modeling x P U (x) x P X (x) Public source X: Ideal uniform source: Ext?

7 Aside: randomness extraction (2) x P U (x) x P X (x) Ext? + x P Y (x)

8 Extractors for privacy amplification F

9 Example: the perfect matching extractor x1x1 x3x3 x n-1 x2x2 x4x4 xnxn Classical adversary: cannot do better than birthday paradox → need ≈ √n bits of information about x Quantum adversary: on seeing x, store when matching revealed, measure in → only need ≈ log n qubits! X: n-bit string Y: perfect matching chosen among n 2 Ext Ext: {0,1} n x {0,1} 2log n → {0,1} n/2 Output is uniformly random [GKKRW’07]

10 Summary of known constructions SeedOutputRef. Inner-productn1[Ben-Or ’02] 2-universal hashingn[KMR’05] One-bit extractorslog n1[KT’06] n[FS’07] Almost 2-universal hashing m[TSSR’10] Trevisan’s extractor[T-S’09],[DV’10], [DPRV’11]

11 Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

12 A one-bit extractor

13 Quantum eavesdroppers

14 Outline 1.Privacy amplification and randomness extraction 2.A one-bit extractor 3.Trevisan’s construction

15 Trevisan’s construction (1) y

16 y x + Trevisan’s construction (2)

17 Some parameters

18 Overview of security proof y: t bits + x: n bits

19 Summary Privacy amplification is an important step in QKD Well-understood classically, but quantum eavesdropper is a challenge Some constructions proved to carry over – 2-universal hashing most often used: efficient (matrix multiplication), extracts most key. – All previous const. require as many “fresh” random bits as length of key Trevisan’s construction has many advantages – Efficient (local XOR computation) – Extracts longest possible key, only polylog random bits required Proof of security based on reconstruction argument + [KT’06]

20 Open problems

21 Thank you!


Download ppt "Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya."

Similar presentations


Ads by Google