on the power of quantum memory · 2006. 5. 9. · on the power of quantum memory ueli maurer, eth...
TRANSCRIPT
![Page 1: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/1.jpg)
On the Power of Quantum Memory
Ueli Maurer, ETH Zurich
Joint work with Robert König and Renato Renner
paper at: quant-ph/0305154
7th Workshop on Quantum Information Processing (QIP 2004), Waterloo, Jan. 15–19, 2004
![Page 2: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/2.jpg)
Basic questions:
• How to characterize the power of (quantum) memory?
![Page 3: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/3.jpg)
Basic questions:
• How to characterize the power of (quantum) memory?
• Are r quantum bits more powerful than r classical bits?
![Page 4: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/4.jpg)
Basic questions:
• How to characterize the power of (quantum) memory?
• Are r quantum bits more powerful than r classical bits?
storagefunction
WstateX readout
m
![Page 5: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/5.jpg)
Basic questions:
• How to characterize the power of (quantum) memory?
• Are r quantum bits more powerful than r classical bits?
storagefunction
WstateX readout
m
• Is privacy amplification secure against an adversary holding
quantum information?
![Page 6: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/6.jpg)
Basic questions:
• How to characterize the power of (quantum) memory?
• Are r quantum bits more powerful than r classical bits?
storagefunction
WstateX readout
m
• Is privacy amplification secure against an adversary holding
quantum information?
• Christandel’s talk: Implications to quantum cryptography?
![Page 7: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/7.jpg)
Overview
1. Information-theoretic cryptography
2. Characterizing the power of quantum storage
3. Privacy amplification is secure against quantum
adversaries
![Page 8: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/8.jpg)
Assumptions in cryptographic security proofs
![Page 9: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/9.jpg)
Assumptions in cryptographic security proofs
Every security proof is relative to certain assumptions !
• Randomness exists (generation of secret keys)
• Independence exists (6 ∃ telepathy)
![Page 10: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/10.jpg)
Assumptions in cryptographic security proofs
Every security proof is relative to certain assumptions !
• Randomness exists (generation of secret keys)
• Independence exists (6 ∃ telepathy)
• Computational intractability assumptions
![Page 11: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/11.jpg)
Assumptions in cryptographic security proofs
Every security proof is relative to certain assumptions !
• Randomness exists (generation of secret keys)
• Independence exists (6 ∃ telepathy)
• Computational intractability assumptions
• Correct behavior (trustworthiness) of entities
![Page 12: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/12.jpg)
Assumptions in cryptographic security proofs
Every security proof is relative to certain assumptions !
• Randomness exists (generation of secret keys)
• Independence exists (6 ∃ telepathy)
• Computational intractability assumptions
• Correct behavior (trustworthiness) of entities
• Physical assumptions
– Tamper-resistance
– Noise in communication systems
– Restrictions on adversary’s memory capacity
– Quantum theory
![Page 13: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/13.jpg)
Why cryptography without comp. assumptions
• Which is the right model of computation?
• No lower bound proofs for any useful comput. model.
• Clean security definitions.
• Physical assumptions are more sound than comp. ass.
![Page 14: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/14.jpg)
Symmetric cryptosystem
secure channel
Alice Bob
plaintext
ciphertext
plaintext
secret keysecret key K K
adversary
encryption decryptionM MC
![Page 15: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/15.jpg)
Symmetric cryptosystem
secure channel
Alice Bob
plaintext
ciphertext
plaintext
secret keysecret key K K
adversary
encryption decryptionM MC
Definition: A cryptosystem is perfect if I(M;C) = 0.
![Page 16: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/16.jpg)
Symmetric cryptosystem
secure channel
Alice Bob
plaintext
ciphertext
plaintext
secret keysecret key K K
adversary
encryption decryptionM MC
Definition: A cryptosystem is perfect if I(M;C) = 0.
Theorem � � � �� � � : For every perfect cipher, H(K) ≥ H(M).
![Page 17: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/17.jpg)
Information-theoretic key agreement by public discussion ��� �� �
![Page 18: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/18.jpg)
C2C1
Ct
Ct
Ct
Eve
Alice Bob, ,...
??
S’S
![Page 19: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/19.jpg)
PXYZ
C2C1
C t
C t
C t
Eve
Alice Bob
Z
, ,...X Y
??
S’S
![Page 20: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/20.jpg)
Theorem ��� �� � : H(S) ≤ min [ I(X;Y), I(X;Y|Z) ] .
![Page 21: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/21.jpg)
Theorem ��� �� � : H(S) ≤ min [ I(X;Y), I(X;Y|Z) ] .
Corollary: H(K) ≥ H(M) holds also in an interactive setting.
![Page 22: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/22.jpg)
Theorem ��� �� � : H(S) ≤ min [ I(X;Y), I(X;Y|Z) ] .
Corollary: H(K) ≥ H(M) holds also in an interactive setting.
Corollary: A public-key cryptosystem cannot be i.-t. secure.
![Page 23: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/23.jpg)
Theorem ��� �� � : H(S) ≤ min [ I(X;Y), I(X;Y|Z) ] .
Corollary: H(K) ≥ H(M) holds also in an interactive setting.
Corollary: A public-key cryptosystem cannot be i.-t. secure.
Theorem: In the satellite model, H(S) > 0 is possible whenever
it is not obviously impossible, i.e., if
• Eve’s channel is not perfectly noiseless and
• Alice’s and Bob’s channels have positive capacity.
![Page 24: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/24.jpg)
Information-theoretic key agreement by public discussion
![Page 25: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/25.jpg)
advantagedistillation
informationreconciliation
privacyamplification
Alice’s initial string
Bob’s information Eve’s information
Alice’s new string
![Page 26: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/26.jpg)
Distance from uniformityP (z)
Z
z
d(Z) := 12
∑
z∈Z
∣∣∣∣∣PZ(z) − 1
|Z|
∣∣∣∣∣
(= sum of red quantities)
![Page 27: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/27.jpg)
Distance from uniformityP (z)
Z
z
d(Z) := 12
∑
z∈Z
∣∣∣∣∣PZ(z) − 1
|Z|
∣∣∣∣∣
(= sum of red quantities)
d(Z|W) := EW[
d(PZ|W(·|W))]
![Page 28: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/28.jpg)
Distance from uniformityP (z)
Z
z
d(Z) := 12
∑
z∈Z
∣∣∣∣∣PZ(z) − 1
|Z|
∣∣∣∣∣
(= sum of red quantities)
d(Z|W) := EW[
d(PZ|W(·|W))]
Lemma: One can define a uniform random variable Z that is independent ofW and such that Z = Z holds with probability 1 − d(Z|W).
![Page 29: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/29.jpg)
Distance from uniformityP (z)
Z
z
d(Z) := 12
∑
z∈Z
∣∣∣∣∣PZ(z) − 1
|Z|
∣∣∣∣∣
(= sum of red quantities)
d(Z|W) := EW[
d(PZ|W(·|W))]
Lemma: One can define a uniform random variable Z that is independent ofW and such that Z = Z holds with probability 1 − d(Z|W).
In other words, with probability 1− d(Z|W) the setting with W and Z is equi-valent to an ideal setting with W and independent uniform Z.
![Page 30: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/30.jpg)
Privacy amplification
r
Eve’s informations
H(W)
H(S)
Alice’s and Bob’s shared string
R(W|Eve’s info.)
t
![Page 31: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/31.jpg)
Privacy amplification by universal hashing ��� � � �� � � � � � �� �
Definition: An (X ,Y)-random function G is a random variable takingas values functions X → Y .
![Page 32: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/32.jpg)
Privacy amplification by universal hashing ��� � � �� � � � � � �� �
Definition: An (X ,Y)-random function G is a random variable takingas values functions X → Y .
G is called 2-universal if for any distinct x, x′ ∈ X , P(
G(x) = G(x′)) ≤ 1
|Y|.
![Page 33: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/33.jpg)
Privacy amplification by universal hashing ��� � � �� � � � � � �� �
Definition: An (X ,Y)-random function G is a random variable takingas values functions X → Y .
G is called 2-universal if for any distinct x, x′ ∈ X , P(
G(x) = G(x′)) ≤ 1
|Y|.
Theorem: Let X and W be arbitrary random variable with H2(X|W) ≥ t andlet G be a 2-universal random function from X to {0,1}s. Then
d(G(X)|WG) ≥ O(2−1
2(t−s)).
![Page 34: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/34.jpg)
Privacy amplification by universal hashing ��� � � �� � � � � � �� �
Definition: An (X ,Y)-random function G is a random variable takingas values functions X → Y .
G is called 2-universal if for any distinct x, x′ ∈ X , P(
G(x) = G(x′)) ≤ 1
|Y|.
Theorem: Let X and W be arbitrary random variable with H2(X|W) ≥ t andlet G be a 2-universal random function from X to {0,1}s. Then
d(G(X)|WG) ≥ O(2−1
2(t−s)).
Corollary: If X is uniform over {0,1}n and W consists of r arbitrary (classi-cal) bits about X, then
d(G(X)|WG) = O(2−1
2(n−r−s)).
![Page 35: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/35.jpg)
Privacy amplification by universal hashing ��� � � �� � � � � � �� �
Definition: An (X ,Y)-random function G is a random variable takingas values functions X → Y .
G is called 2-universal if for any distinct x, x′ ∈ X , P(
G(x) = G(x′)) ≤ 1
|Y|.
Theorem: Let X and W be arbitrary random variable with H2(X|W) ≥ t andlet G be a 2-universal random function from X to {0,1}s. Then
d(G(X)|WG) ≥ O(2−1
2(t−s)).
Corollary: If X is uniform over {0,1}n and W consists of r arbitrary (classi-cal) bits about X, then
d(G(X)|WG) = O(2−1
2(n−r−s)).
Question: What about quantum knowledge about X?
![Page 36: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/36.jpg)
The bounded-storage model (BSM) � � �� �
Basic idea: Eve has bounded storage capacity of s bits, but otherwiseunlimited computing power.
![Page 37: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/37.jpg)
The bounded-storage model (BSM) � � �� �
Basic idea: Eve has bounded storage capacity of s bits, but otherwiseunlimited computing power.
extractionfunction
KX=?
arbitrary storage function
derived key Xinitial key K
randomizer R
U (s bits)Eve
AliceBob
![Page 38: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/38.jpg)
The bounded-storage model (BSM) � � �� �
Basic idea: Eve has bounded storage capacity of s bits, but otherwiseunlimited computing power.
extractionfunction
KX=?
arbitrary storage function
derived key Xinitial key K
randomizer R
U (s bits)Eve
AliceBob
Question: What about quantum storage?
![Page 39: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/39.jpg)
Z H( )H Z
Lemma: Consider any random variable Z over Z. If H is a uniform balancedBoolean random function, then
d(Z) ≤ 32
√
|Z| d(H(Z)|H).
![Page 40: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/40.jpg)
Z
W
H( )H Z
Lemma: Consider any random variable Z over Z. If H is a uniform balancedBoolean random function, then
d(Z) ≤ 32
√
|Z| d(H(Z)|H).
More generally,d(Z|W) ≤ 3
2
√
|Z| d(H(Z)|WH).
![Page 41: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/41.jpg)
G
selector
m
processWX
![Page 42: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/42.jpg)
G H
F
selector
m
Z
processWX
Lemma: If G is 2-universal and His a uniform balanced Boolean func-tion, then F = H ◦ G is a 2-universalBoolean function.
![Page 43: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/43.jpg)
G H
F
selector
m
Z
processWX
Lemma: If G is 2-universal and His a uniform balanced Boolean func-tion, then F = H ◦ G is a 2-universalBoolean function.
Corollary: Consider any process generating W from a random variable Xand a selection input m. If for any 2-universal (X , {0,1})-random function Fand for any selector with input F we have
d(F(X)|WF) ≤ ε,
![Page 44: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/44.jpg)
G H
F
selector
m
Z
processWX
Lemma: If G is 2-universal and His a uniform balanced Boolean func-tion, then F = H ◦ G is a 2-universalBoolean function.
Corollary: Consider any process generating W from a random variable Xand a selection input m. If for any 2-universal (X , {0,1})-random function Fand for any selector with input F we have
d(F(X)|WF) ≤ ε,
then for any 2-universal (X , {0,1}s)-random function G and for any selectorwith input G
d(G(X)|WG) ≤ 32 2s/2 ε.
![Page 45: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/45.jpg)
r-qubit quantum storage device
storagefunction
WstateX readout
m
State: Normalized vector ψ in the d-dimensional Hilbert space Hd (d = 2r).
Equivalently, state space = P(Hd) := {Pψ : ψ ∈ Hd, ‖ψ‖ = 1} (pure states),where Pψ is the projection operator in Hd along the vector ψ.
Most general read-out operation: m ∈ POVM(Hd), resulting in W.
m is specified by a family {Ew} of nonneg. op. on Hd with∑
wEw = idHd
.
System in state Pψ ⇒ PW(w) = tr(EwPψ).
![Page 46: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/46.jpg)
The quantum binary decision problem
Given: A QS prepared in one of two mixed states ρ0, ρ1 ∈ S(H),with a priori probabilities q and 1 − q, respectively.
QBDP: Decide which of the two is the case.
![Page 47: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/47.jpg)
The quantum binary decision problem
Given: A QS prepared in one of two mixed states ρ0, ρ1 ∈ S(H),with a priori probabilities q and 1 − q, respectively.
QBDP: Decide which of the two is the case.
General decision strategy: POVM {E0, E1}
Prob[W = i|ρ = ρj] = tr(Eiρj), for i, j ∈ {0,1}.
Success probability: q tr(E0ρ0) + (1 − q) tr(E1ρ1) .
![Page 48: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/48.jpg)
The quantum binary decision problem
Given: A QS prepared in one of two mixed states ρ0, ρ1 ∈ S(H),with a priori probabilities q and 1 − q, respectively.
QBDP: Decide which of the two is the case.
General decision strategy: POVM {E0, E1}
Prob[W = i|ρ = ρj] = tr(Eiρj), for i, j ∈ {0,1}.
Success probability: q tr(E0ρ0) + (1 − q) tr(E1ρ1) .
Theorem ��� �� �� � : The maximum achievable success probability is12 + 1
2
∑dj=1 |µj| ,
where {µj}dj=1 are the eigenvalues of the hermitian operator
Γ := q ρ0 − (1 − q) ρ1.
![Page 49: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/49.jpg)
storagefunction
WstateX readout
mFLemma: Let
X = random variable with range X , stored in an r-qubit quantumsystem using storage function ϕ : x 7→ Pψx.
F = any Boolean random function on X .
W = measurement outcome of any measurement on the state,depending on F.
Then d(F(X)|WF) ≤ 12 EF
[ d∑
j=1
|µFj |]
,
where for every f , {µfj }dj=1 are the eigenvalues of the hermitian operator
Λf :=∑
x:f(x)=0
PX(x)Pψx −∑
x:f(x)=1
PX(x)Pψx
![Page 50: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/50.jpg)
Let
λx,x′ := 2Prob[F(x) = F(x′)] − 1 = EF[δf(x),f(x′) − 1]
Note: For 2-universal F, λx,x′ ≤ 0 for x 6= x′.
![Page 51: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/51.jpg)
Let
λx,x′ := 2Prob[F(x) = F(x′)] − 1 = EF[δf(x),f(x′) − 1]
Note: For 2-universal F, λx,x′ ≤ 0 for x 6= x′.
Theorem: Let X, F, and W be as above. Then
d(F(X)|WF) ≤ 12d
12√ ∑
x,x′∈XPX(x)PX(x′)λx,x′ tr(PψxPψx′)
![Page 52: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/52.jpg)
Let
λx,x′ := 2Prob[F(x) = F(x′)] − 1 = EF[δf(x),f(x′) − 1]
Note: For 2-universal F, λx,x′ ≤ 0 for x 6= x′.
Theorem: Let X, F, and W be as above. Then
d(F(X)|WF) ≤ 12d
12√ ∑
x,x′∈XPX(x)PX(x′)λx,x′ tr(PψxPψx′)
Corollary: If F is 2-universal, then
d(F(X)|WF) ≤ 12d
12
√∑
x∈XP2
X(x) = 12 2
12(H2(X)−r)
Moreover, if X is a uniform n-bit string, then
d(F(X)|WF) ≤ 12 2
12(n−r)
![Page 53: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/53.jpg)
Theorem: Let X, F, and W be as above. Then
d(F(X)|WF) ≤ 12d
12√ ∑
x,x′∈XPX(x)PX(x′)λx,x′ tr(PψxPψx′)
Proof: For any f ,d∑
j=1
|µfj | ≤ d12
√√√√√
d∑
j=1
|µfj |2 = d
12
√
tr(Λ2f) ,
(using Jensen’s inequality and Schur’s (in)equality).
d(F(X)|WF) ≤ 12EF
[ d∑
j=1
|µFj |]
≤ 12 d
12 EF
[√
tr(Λ2F)]
≤ 12 d
12
√
EF[tr(Λ2F)] .
tr(Λ2f) =
∑
x,x′∈Xf(x)=f(x′)
PX(x)PX(x′) tr(PψxPψx′) −∑
x,x′∈Xf(x)6=f(x′)
PX(x)PX(x′) tr(PψxPψx′)
=∑
x,x′∈X2(δf(x),f(x′) − 1)︸ ︷︷ ︸
E[.] = λx,x′
PX(x)PX(x′) tr(PψxPψx′)
![Page 54: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/54.jpg)
Comparing classical and quantum storage devices
Lemma: For a uniform 2-bit random variable X, a uniform Boolean balancedrandom function F, and a 1-(qu)bit storage system,
d� � ��� (F(X)|WF) = 14
and
d� � � �
(F(X)|WF) =1
2√
3≈ 0.289 .
![Page 55: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/55.jpg)
Comparing classical and quantum storage devices
Lemma: For a uniform 2-bit random variable X, a uniform Boolean balancedrandom function F, and a 1-(qu)bit storage system,
d� � ��� (F(X)|WF) = 14
and
d� � � �
(F(X)|WF) =1
2√
3≈ 0.289 .
Lemma: For any random variable X and any uniform random function F,
1√2π
(1+O(2−(n−r)))2−n−r2 ≤ d� � � � (F(X)|WF) ≤ d� � � �
(F(X)|WF) ≤ 122
−n−r2 .
![Page 56: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/56.jpg)
G H
F
selector
m
Z
processWX
Lemma: If G is 2-universal and His a uniform balanced Boolean func-tion, then F = H ◦ G is a 2-universalBoolean function.
Corollary: Let X be a random variable over X . If for any 2-universal (X , {0,1})-random function F and for any process generating W from X and F we have
d(F(X)|WF) ≤ ε,
then for any 2-universal (X , {0,1}s)-random function G and any processgenerating a random variable W from X and G we have
d(G(X)|WG) ≤ 32 2s/2 ε.
![Page 57: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/57.jpg)
Privacy amplification is secure against quantum adversaries
Theorem: Let X be uniformly distributed over {0,1}n and let G be a 2-universal random function from {0,1}n to {0,1}s. If all information aboutX is stored in r qubits, then
d� � ���
(G(X)|WG) ≤ 34 2
−12(n−r−s) .
Note:
d� � � � (G(X)|WG) = O
(
2−1
2(n−r−s))
![Page 58: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/58.jpg)
Conclusions
• In a quite general context quantum memory is only
marginally more powerful than classical memory.
![Page 59: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/59.jpg)
Conclusions
• In a quite general context quantum memory is only
marginally more powerful than classical memory.
• Is this always true? What about the bounded-storage
model?
![Page 60: On the Power of Quantum Memory · 2006. 5. 9. · On the Power of Quantum Memory Ueli Maurer, ETH Zurich Joint work with Robert König and Renato Renner paper at: quant-ph/0305154](https://reader035.vdocuments.site/reader035/viewer/2022081601/60fa1caff1cccb7ced44d0d5/html5/thumbnails/60.jpg)
Conclusions
• In a quite general context quantum memory is only
marginally more powerful than classical memory.
• Is this always true? What about the bounded-storage
model?
• Privacy amplification is secure even against adversaries
with quantum knowledge.
This has applications for security proofs of quantum cryp-
tographic schemes.