Sampling of min-entropy relative to quantum knowledge Robert König in collaboration with Renato Renner TexPoint fonts used in EMF. Read the TexPoint.

Slides:

Advertisements

Similar presentations

Randomness Conductors Expander Graphs Randomness Extractors Condensers Universal Hash Functions

Advertisements

Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

Robust device independent randomness amplification with few devices F.G.S.L Brandao 1, R. Ramanathan 2 A. Grudka 3, K. 4, M. 5,P. 6 Horodeccy 1 Department.

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Quantum One-Way Communication is Exponentially Stronger than Classical Communication TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Paul Cuff THE SOURCE CODING SIDE OF SECRECY TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

Quantum information as high-dimensional geometry Patrick Hayden McGill University Perspectives in High Dimensions, Cleveland, August 2010.

Short course on quantum computing Andris Ambainis University of Latvia.

Chain Rules for Entropy

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Avraham Ben-Aroya (Tel Aviv University) Oded Regev (Tel Aviv University) Ronald de Wolf (CWI, Amsterdam) A Hypercontractive Inequality for Matrix-Valued.

Code and Decoder Design of LDPC Codes for Gbps Systems Jeremy Thorpe Presented to: Microsoft Research

Locally Decodable Codes Uri Nadav. Contents What is Locally Decodable Code (LDC) ? Constructions Lower Bounds Reduction from Private Information Retrieval.

Lattices for Distributed Source Coding - Reconstruction of a Linear function of Jointly Gaussian Sources -D. Krithivasan and S. Sandeep Pradhan - University.

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

Linear Codes for Distributed Source Coding: Reconstruction of a Function of the Sources -D. Krithivasan and S. Sandeep Pradhan -University of Michigan,

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

Cryptanalysis. The Speaker  Chuck Easttom  

The Operational Meaning of Min- and Max-Entropy

Entropy-based Bounds on Dimension Reduction in L 1 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AAAA A Oded Regev.

Communication Complexity Rahul Jain Centre for Quantum Technologies and Department of Computer Science National University of Singapore. TexPoint fonts.

The Operational Meaning of Min- and Max-Entropy Christian Schaffner – CWI Amsterdam, NL joint work with Robert König – Caltech Renato Renner – ETH Zürich,

1 New Coins from old: Computing with unknown bias Elchanan Mossel, U.C. Berkeley

Entanglement sampling and applications Omar Fawzi (ETH Zürich) Joint work with Frédéric Dupuis (Aarhus University) and Stephanie Wehner (CQT, Singapore)

Alternative Wide Block Encryption For Discussion Only.

The question Can we generate provable random numbers? …. ?

Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu.

Quantum Cryptography Antonio Acín

Iftach Haitner and Eran Omri Coin Flipping with Constant Bias Implies One-Way Functions TexPoint fonts used in EMF. Read the TexPoint manual before you.

New Results of Quantum-proof Randomness Extractors Xiaodi Wu (MIT) 1 st Trustworthy Quantum Information Workshop Ann Arbor, USA 1 based on work w/ Kai-Min.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

Random Access Codes and a Hypercontractive Inequality for

Information Complexity Lower Bounds

On the Size of Pairing-based Non-interactive Arguments

Dimension reduction for finite trees in L1

Modern symmetric-key Encryption

Hashing Course: Data Structures Lecturer: Uri Zwick March 2008

General Strong Polarization

Broadcast Encryption Amos Fiat & Moni Naor Advances in Cryptography - CRYPTO ’93 Proceeding, LNCS, Vol. 773, 1994, pp Multimedia Security.

Selection in heaps and row-sorted matrices

Cryptography Lecture 19.

Digital Signature Schemes and the Random Oracle Model

CMSC 414 Computer and Network Security Lecture 3

When are Fuzzy Extractors Possible?

Conditional Computational Entropy

General Strong Polarization

When are Fuzzy Extractors Possible?

Non-Malleable Extractors New tools and improved constructions

Decoupling with random diagonal-unitaries

Cryptography Lecture 4.

Topic 13: Message Authentication Code

Hashing Course: Data Structures Lecturer: Uri Zwick March 2008

Cryptography Lecture 3.

On Derandomizing Algorithms that Err Extremely Rarely

Jens Groth and Mary Maller University College London

Presentation transcript:

Sampling of min-entropy relative to quantum knowledge Robert König in collaboration with Renato Renner TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA

random access codes ? ? decoding probability for (random) subset time Ambainis, Nayak, Ta-Shma, Vazirani 99/Nayak 99 Ben-Aroya, Regev, de Wolf 07: measurement adaptive decoding probability for (random) subset ? time m-qubit state storage ? n coin tosses

Sampling min-entropy (pseudo) random subset time vs random access codes Claim: preservation of entropy-rate vs decoding probability (pseudo) random subset time arbitrary quantum state given : bound on entropy vs bounded number of qubits correlation random variables, large alphabet vs coin flips

Min-entropy and secret keys for classical-quantum states equal to extractable key length (also equal to guessing entropy: [K,Schaffner,Renner08]) Privacy amplification generates approximately [BBR88,BBCM95,Renner05] bits of secure key from partially secret raw key X, against adversary holding Q (optimal)

temporarily available Key expansion in the bounded storage model Sample-then-extract [Maurer92,….,Vadhan03] previously only analysed for classical adversary known to work against quantum adversary Source of randomness temporarily available resources insecure channel bits of key bits of key substring (sampled with S) substring (sampled with S) Privacy amplification Quantum storage qubits

Implication for the bounded storage model Sample-then-extract-approach for building locally computable extractors (Vadhan03) works against quantum adversaries! Ingredients: large source of randomness ( bits) short initial shared key ( bits) aim: generate bits of secure key Validity against quantum adversaries cannot be established using classical extractor properties only. [Gavinsky, Kempe, Kerenidis, Raz & de Wolf’06] key Sample: choose random subset Extract: ``standard’’ hashing Claim: seed for “sampler” seed for extractor

Main result: Sampling of min-entropy Sample: choose random subset (classical) (randomly chosen) subset of rephrased: if then large alphabet size c needed! “blockwise sampling” for any e.g., for Main result: for any state where

Why sampling (Shannon) entropy works There is a simple proof for sampling of Shannon entropy. Only uses Subadditivity Chain-rule repeated application of chain-rule splits joint entropy into sum of contributions random subset hits “good” parts with high probability large small

Why sampling (Shannon) entropy works There is a simple proof for sampling of Shannon entropy. Only uses Subadditivity Chain-rule repeated application of chain-rule splits joint entropy into sum of contributions random subset hits “good” parts with high probability large small subadditivity helps to remove dependence on variables not in subset chain-rule shows that is large

(Min)-entropy(-)rules subadditivity: chain-rule (recombination): Not true in general! chain-rule (splitting): Renato’s talk: recursive application of this rule impossible Need three rules for entropy-sampling argument to work. Two of these hold trivially. The third rule has to be replaced for min-entropy.

Entropy-splitting and recombining small large recombining splitting large entropy: distance to original state: Is a probability distribution General strategy for showing lower bound on smooth min-entropy Separate splitting and smooth entropy 1. construct orthogonal decomposition 2. choose high-entropy subset 3. show that is large Additional properties if split states constructed using eigendecomposition of conditional operator

(Min)-entropy(-)rules subadditivity: chain-rule (recombination): Not true in general! chain-rule (splitting): original state split states (Approximate) chain-rule for appropriately chosen (discrete) splitting!

Recursive splitting and recombining small large for a given subset choose high-entropy components

Conclusions/Application to BSM sampling preserves smooth min-entropy rate - application to the BSM: sample-then-hash approach achieves significant key expansion to general key extraction/qkd schemes: building block (aka “condenser”) for constructing randomness-efficient quantum extractors memory bits of shared key bits of shared key against an adversary with qubits

THE END Thank you for your attention!