Presentation is loading. Please wait.

Presentation is loading. Please wait.

Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,

Published byKane Furlow Modified over 9 years ago

Similar presentations

Presentation on theme: "Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,"— Presentation transcript:

1 Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday, 3 November 2010 joint work with Harry Buhrman, Nishanth Chandran, Serge Fehr, Ran Gelles, Vipul Goyal and Rafail Ostrovsky (UCLA)

2 2 Outline  Quantum Computing & Teleportation  Position-Based Cryptography  Impossibility of Position-Based Quantum Cryptography  Constructions  Summary & Open Questions

3 3 Quantum Bit: Polarization of a Photon

4 4 Qubit: Rectilinear/Computational Basis

5 5 Detecting a Qubit Bob no photon: 0 Alice

6 6 Measuring a Qubit Bob no photon: 0 photon: 1 with prob. 1 yields 1 measurement: 0/1 Alice

7 7 Diagonal/Hadamard Basis with prob. ½ yields 0 with prob. ½ yields 1 Measurement: 0/1

8 8 Quantum Mechanics with prob. 1 yields 1 Measurements: + basis £ basis with prob. ½ yields 0 with prob. ½ yields 1 0/1

9 9 Quantum Operations are linear isometries can be described by a unitary matrix: examples: identity bitflip (Pauli X): mirroring at axis X X X X

10 10 Quantum Operations are linear isometries can be described by a unitary matrix: examples: identity bitflip (Pauli X): mirroring at axis phase-flip (Pauli Z): mirroring at axis both (Pauli XZ) Z

11 11 No-Cloning Theorem XZXZU Proof: copying is a non-linear operation

12 Quantum Key Distribution (QKD) Alice Bob Eve inf-theoretic security against unrestricted eavesdroppers: quantum states are unknown to Eve, she cannot copy them honest players can check whether Eve interfered technically feasible: no quantum computation required, only quantum communication [Bennett Brassard 84]

13 13 EPR Pairs prob. ½ : 0prob. ½ : 1 prob. 1 : 0 [Einstein Podolsky Rosen 1935] “spukhafte Fernwirkung” (spooky action at a distance) EPR pairs do not allow to communicate (no contradiction to relativity) can provide a shared random bit (or other non-signalling correlations) EPR magic!

14 14 Quantum Teleportation [Bennett Brassard Crépeau Jozsa Peres Wootters 1993] does not contradict relativity teleported state can only be recovered when the classical information ¾ arrives with probability 1/4, no correction is needed [Bell]

15 15 Outline Quantum Computing & Teleportation  Position-Based Cryptography  Impossibility of Position-Based Quantum Cryptography  Constructions  Summary & Open Questions

16 16 Motivation Typically, cryptographic players use credentials such as secret information authenticated information biometric features can the geographical location used as (only) credential? examples of desirable primitives: position-based secret communication (e.g. between military bases) position-based authentication position-based access control to resources

17 17 Basic task: Position Verification Prover wants to convince verifiers that she is at a particular position assumptions: communication at speed of light instantaneous computation verifiers can coordinate no coalition of (fake) provers, i.e. not at the claimed position, can convince verifiers Verifier1 Verifier2 Prover

18 18 Position Verification: First Try Verifier1 Verifier2 Prover time

19 19 Position Verification: Second Try Verifier1 Verifier2 Prover

20 20 Impossibility of Classical Position Verification [Chandran Goyal Moriarty Ostrovsky: CRYPTO ‘09] using the same resources as the honest prover, colluding adversaries can reproduce a consistent view computational assumptions do not help position verification is classically impossible !

21 21 Verifier1 Verifier2 Prover Position-Based Quantum Cryptography [Kent Munro Spiller 03/10, Chandran Fehr Gelles Goyal Ostrovsky, Malaney 10] intuitively: security follows from no cloning formally, usage of recently established [Renes Boileau 09] entropic quantum uncertainty relation

22 22 Position-Based QC: Teleportation Attack [Kent Munro Spiller 03/10, Lau Lo 10]

23 23 Position Verification: Fourth Try [Kent Munro Spiller 03/10, Malaney 10, Lau Lo 10] however: insecure if adversaries share two EPR pairs! are there secure quantum schemes at all?

24 24 Outline Quantum Computing & Teleportation Position-Based Cryptography  Impossibility of Position-Based Quantum Cryptography  Constructions  Summary & Open Questions

25 25 Impossibility of Position-Based Q Crypto [ Buhrman Chandran Fehr Gelles Goyal Ostrovsky S 10] attack on general position-verification scheme distributed quantum computation with one simultaneous round of communication

26 26 Distributed Q Computation in 2 Rounds trivial to do in two rounds U

27 27 Distributed Q Computation in 2 Rounds trivial to do in two rounds also using only classical communication U

28 28 Distributed Q Computation in 1 Round clever way of back-and-forth teleportation, based on ideas by [Vaidman 03] for “instantaneous measurement of nonlocal variables” U

29 29 Distributed Q Computation in 1 Round U

30 30 Distributed Q Computation in 1 Round

31 31 Distributed Q Computation in 1 Round the number of required EPR pairs grows exponentially with the number of recursion levels

32 32 Distributed Q Computation: Analysis in every layer of recursion, there is a constant probability of success. invariant: except for the last teleportation step, Bob can completely trace back and correct previous errors. using an exponential amount of EPR pairs, players succeed with probability arbitrarily close to 1 scheme generalizes to more players Hence, position-based quantum cryptography is impossible!

33 33 Outline Quantum Computing & Teleportation Position-Based Cryptography Impossibility of Position-Based Quantum Cryptography  Constructions  Summary & Open Questions

34 34 Position-Based Quantum Cryptography reasoning only valid in the no-preshared entanglement (No-PE) model Theorem: success probability of attack is at most 0.89 use (sequential) repetition to amplify gap between honest and dishonest players

35 35 Position-Based Authentication and QKD verifiers accept message only if sent from prover’s position weak authentication: if message bit = 0 : perform Position Verification (PV) if message bit = 1 : PV with prob 1-q, send ? otherwise strong authentication by encoding message into balanced- repetition-code (0  00…0011…1, 1  11…1100…0 ) verifiers check statistics of ? and success of PV using authentication scheme, verifiers can also perform position-based quantum key distribution

36 36 Summary plain model: classically and quantumly impossible basic scheme for secure positioning if adversaries have no pre-shared entanglement more advanced schemes allow message authentication and key distribution can be generalized to more dimensions Verifier1 Verifier2 Prover intro to Quantum Computing & Teleportation

37 37 Open Questions no-go theorem vs. secure schemes how much entanglement is required to break the scheme? security in the bounded-quantum-storage model? many interesting connections to entropic uncertainty relations and non-local games Verifier1 Verifier2Prover

Download ppt "Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,"

Similar presentations

Introduction to Quantum Teleportation

Introduction to Quantum Teleportation
Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.

Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.
Quantum Computing MAS 725 Hartmut Klauck NTU 5.3.2012.

Quantum Computing MAS 725 Hartmut Klauck NTU
Position-Based Quantum Cryptography Christian Schaffner ILLC, University of Amsterdam Centrum Wiskunde & Informatica Logic Tea, ILLC Tuesday, 14/02/2012.

Position-Based Quantum Cryptography Christian Schaffner ILLC, University of Amsterdam Centrum Wiskunde & Informatica Logic Tea, ILLC Tuesday, 14/02/2012.
Quantum Communication, Teleportation, and Maxwell’s Demon

Quantum Communication, Teleportation, and Maxwell’s Demon
1 quantum teleportation David Riethmiller 28 May 2007.

1 quantum teleportation David Riethmiller 28 May 2007.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.

QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.
Quantum Key Distribution Yet another method of generating a key.

Quantum Key Distribution Yet another method of generating a key.
Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.

Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.
A Brief Introduction to Quantum Computation 1 Melanie Mitchell Portland State University 1 This talk is based on the following paper: E. Rieffel & W. Polak,

A Brief Introduction to Quantum Computation 1 Melanie Mitchell Portland State University 1 This talk is based on the following paper: E. Rieffel & W. Polak,
Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.

Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.
Interactive Proofs For Quantum Computations Dorit Aharonov, Michael Ben-Or, Elad Eban School of Computer Science and Engineering The Hebrew University.

Interactive Proofs For Quantum Computations Dorit Aharonov, Michael Ben-Or, Elad Eban School of Computer Science and Engineering The Hebrew University.
Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.

Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.

Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.

Similar presentations

Ads by Google