Adrian Kent

DOI: https://doi.org/10.1103/PhysRevA.68.012312

2003-06-12

Abstract:A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multi-party computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signalling constraints into account. The best that can be hoped for, in general, are quantum protocols computationally secure against quantum attack. I describe here a method for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin tossing protocol. No security proof is attempted, but I sketch reasons why these protocols might resist quantum computational attack.

Quantum Physics,Cryptography and Security

Carlos de Gois,George Moreno,Ranieri Nery,Samuraí Brito,Rafael Chaves,Rafael Rabelo

DOI: https://doi.org/10.1103/prxquantum.2.030311

2021-07-20

PRX Quantum

Abstract:Preparing and measuring physical systems are the operational building blocks of any physical experiment, and to describe them is the first purpose of any physical theory. Remarkably, even when only uncharacterized preparation and measurement devices are present, it is sometimes possible to distinguish between the behaviors of quantum and classical systems from only observational data. Certifying the physical origin of measurement statistics in the prepare and measure scenario is of primal importance for developing quantum networks, distributing quantum keys, and certifying randomness, to mention a few applications, but, surprisingly, no general methods to do so are known. We progress on this problem by crafting a general, sufficient condition to certify that a given set of preparations can only generate classical statistics, for any number of generalized measurements. As an application, we employ the method to demonstrate nonclassicality activation in the prepare and measure scenario, also considering its application in random access codes. Following that, we adapt our method to certify, again through a sufficient condition, whether a given set of measurements can never give rise to nonclassical behaviors, irrespective of what preparations they may act upon. This, in turn, allows us to find a large set of incompatible measurements that cannot be used to demonstrate nonclassicality, thus showing incompatibility is not sufficient for nonclassicality in the prepare and measure scenario.

Gregory D. Kahanamoku-Meyer

DOI: https://doi.org/10.22331/q-2023-09-11-1107

2023-09-06

Abstract:Recently, quantum computing experiments have for the first time exceeded the capability of classical computers to perform certain computations -- a milestone termed "quantum computational advantage." However, verifying the output of the quantum device in these experiments required extremely large classical computations. An exciting next step for demonstrating quantum capability would be to implement tests of quantum computational advantage with efficient classical verification, such that larger system sizes can be tested and verified. One of the first proposals for an efficiently-verifiable test of quantumness consists of hiding a secret classical bitstring inside a circuit of the class IQP, in such a way that samples from the circuit's output distribution are correlated with the secret (<a class="link-https" data-arxiv-id="0809.0847" href="https://arxiv.org/abs/0809.0847">arXiv:0809.0847</a>). The classical hardness of this protocol has been supported by evidence that directly simulating IQP circuits is hard, but the security of the protocol against other (non-simulating) classical attacks has remained an open question. In this work we demonstrate that the protocol is not secure against classical forgery. We describe a classical algorithm that can not only convince the verifier that the (classical) prover is quantum, but can in fact can extract the secret key underlying a given protocol instance. Furthermore, we show that the key extraction algorithm is efficient in practice for problem sizes of hundreds of qubits. Finally, we provide an implementation of the algorithm, and give the secret vector underlying the "$25 challenge" posted online by the authors of the original paper.

Quantum Physics,Cryptography and Security

Sam Gunn,Yael Tauman Kalai,Anand Natarajan,Agi Villanyi

2024-04-20

Abstract:We define the notion of a classical commitment scheme to quantum states, which allows a quantum prover to compute a classical commitment to a quantum state, and later open each qubit of the state in either the standard or the Hadamard basis. Our notion is a strengthening of the measurement protocol from Mahadev (STOC 2018). We construct such a commitment scheme from the post-quantum Learning With Errors (LWE) assumption, and more generally from any noisy trapdoor claw-free function family that has the distributional strong adaptive hardcore bit property (a property that we define in this work).

Quantum Physics

Ben W. Reichardt,Falk Unger,Umesh Vazirani

DOI: https://doi.org/10.48550/arXiv.1209.0449

2012-09-03

Quantum Physics

Abstract:Can a classical system command a general adversarial quantum system to realize arbitrary quantum dynamics? If so, then we could realize the dream of device-independent quantum cryptography: using untrusted quantum devices to establish a shared random key, with security based on the correctness of quantum mechanics. It would also allow for testing whether a claimed quantum computer is truly quantum. Here we report a technique by which a classical system can certify the joint, entangled state of a bipartite quantum system, as well as command the application of specific operators on each subsystem. This is accomplished by showing a strong converse to Tsirelson's optimality result for the Clauser-Horne-Shimony-Holt (CHSH) game: the only way to win many games is if the bipartite state is close to the tensor product of EPR states, and the measurements are the optimal CHSH measurements on successive qubits. This leads directly to a scheme for device-independent quantum key distribution. Control over the state and operators can also be leveraged to create more elaborate protocols for reliably realizing general quantum circuits.

Randy Kuang

DOI: https://doi.org/10.48550/arXiv.2302.01026

2023-02-19

Abstract:We know the classical public cryptographic algorithms are based on certain NP-hard problems such as the integer factoring in RSA and the discrete logarithm in Diffie-Hellman. They are going to be vulnerable with fault-tolerant quantum computers. We also know that the uncertainty principle for quantum bits or qubits such as quantum key distribution or QKD based on the quantum uncertainty principle offers the information theoretical security. The interesting implication with the paradigm shifts from classical computing to quantum computing is that the NP-hardness used for classical cryptography may shift to the uncertainty principles for quantum cryptography including quantum symmetric encryption, post-quantum cryptography, as well as quantum encryption in phase space for coherent optical communications. This paper would like to explore those so-called generalized uncertainty principles and explain what their implications are for quantum security. We identified three generalized uncertainty principles offering quantum security: non-commutability between permutation gates, non-commutability between the displacement and phase shift operators for coherent states, and the modular Diophantine Equation Problem in general linear algebra for post-quantum cryptography.

Cryptography and Security

Roman Stricker,Jose Carrasco,Martin Ringbauer,Lukas Postler,Michael Meth,Claire Edmunds,Philipp Schindler,Rainer Blatt,Peter Zoller,Barbara Kraus,Thomas Monz

DOI: https://doi.org/10.1088/2058-9565/ad2986

IF: 6.568

2024-02-15

Quantum Science and Technology

Abstract:With today's quantum processors venturing into regimes beyond the capabilities of classical devices, we face the challenge to verify that these devices perform as intended, even when we cannot check their results on classical computers. In a recent breakthrough in computer science, a protocol was developed that allows the verification of the output of a computation performed by an untrusted quantum device based only on classical resources. Here, we follow these ideas, and demonstrate in a first, proof-of-principle experiment the verification of the output of a quantum computation using only classical means on a small trapped-ion quantum processor. We contrast this to verification protocols, which require trust and detailed hardware knowledge, as in gate-level benchmarking, or additional quantum resources in case we do not have access to or trust in the device to be tested. While our experimental demonstration uses a simplified version of Mahadev's protocol we demonstrate the necessary steps for verifying fully untrusted devices. A scaled-up version of our protocol will allow for classical verification, requiring no hardware access or detailed knowledge of the tested device. Its security relies on post--quantum secure trapdoor functions within an interactive proof. The conceptually straightforward, but technologically challenging scaled-up version of the interactive proofs, considered here, can be used for a variety of additional tasks such as verifying quantum advantage, generating and certifying quantum randomness, or composable remote state preparation.

physics, multidisciplinary,quantum science & technology

A. C. Cem Say,M. Utkan Gezer

2024-12-04

Abstract:A proof of quantumness is a protocol through which a classical machine can test whether a purportedly quantum device, with comparable time and memory resources, is performing a computation that is impossible for classical computers. Existing approaches to provide proofs of quantumness depend on unproven assumptions about some task being impossible for machines of a particular model under certain resource restrictions. We study a setup where both devices have space bounds $\mathit{o}(\log \log n)$. Under such memory budgets, it has been unconditionally proven that probabilistic Turing machines are unable to solve certain computational problems. We formulate a new class of problems, and show that these problems are polynomial-time solvable for quantum machines, impossible for classical machines, and have the property that their solutions can be "proved" by a small-space quantum machine to a classical machine with the same space bound. These problems form the basis of our newly defined protocol, where the polynomial-time verifier's verdict about the tested machine's quantumness is not conditional on an unproven weakness assumption.

Computational Complexity,Formal Languages and Automata Theory,Quantum Physics

Guang Ping He

DOI: https://doi.org/10.48550/arXiv.1306.5357

2013-06-23

Abstract:In a recent letter (Phys. Lett. A 377 (2013) 1076, <a class="link-https" data-arxiv-id="0905.3801" href="https://arxiv.org/abs/0905.3801">arXiv:0905.3801</a>), the authors presented an impossibility proof of quantum bit commitment, which attempted to cover all possible protocols that involve both quantum and classical information. Here we show that there are many errors in the proof, thus it fails to exhaust all conceivable protocols.

Quantum Physics

Zvika Brakerski,Alexandru Gheorghiu,Gregory D. Kahanamoku-Meyer,Eitan Porat,Thomas Vidick

2023-05-18

Abstract:A test of quantumness is a protocol that allows a classical verifier to certify (only) that a prover is not classical. We show that tests of quantumness that follow a certain template, which captures recent proposals such as (Kalai et al., 2022), can in fact do much more. Namely, the same protocols can be used for certifying a qubit, a building-block that stands at the heart of applications such as certifiable randomness and classical delegation of quantum computation. Certifying qubits was previously only known to be possible based on the hardness of the Learning with Errors problem and the use of adaptive hardcore (Brakerski et al., 2018). Our framework allows certification of qubits based only on the existence of post-quantum trapdoor claw-free functions, or on quantum fully homomorphic encryption. These can be instantiated, for example, from Ring Learning with Errors. On the technical side, we show that the quantum soundness of any such protocol can be reduced to proving a bound on a simple algorithmic task: informally, answering ``two challenges simultaneously'' in the protocol. Our reduction formalizes the intuition that these protocols demonstrate quantumness by leveraging the impossibility of rewinding a general quantum prover. This allows us to prove tight bounds on the quantum soundness of (Kahanamoku-Meyer et al., 2021) and (Kalai et al., 2022), showing that no quantum polynomial-time prover can succeed with probability larger than $\cos^2 \frac{\pi}{8}\approx 0.853$. Previously, only an upper bound on the success probability of classical provers, and a lower bound on the success probability of quantum provers, were known. We then extend this proof of quantum soundness to show that provers that approach the quantum soundness bound must perform almost anti-commuting measurements. This certifies that the prover holds a qubit.

Quantum Physics

Matthias C. Caro,Marcel Hinsche,Marios Ioannou,Alexander Nietner,Ryan Sweke

DOI: https://doi.org/10.4230/LIPIcs.ITCS.2024.24

2023-12-07

Abstract:Quantum data access and quantum processing can make certain classically intractable learning tasks feasible. However, quantum capabilities will only be available to a select few in the near future. Thus, reliable schemes that allow classical clients to delegate learning to untrusted quantum servers are required to facilitate widespread access to quantum learning advantages. Building on a recently introduced framework of interactive proof systems for classical machine learning, we develop a framework for classical verification of quantum learning. We exhibit learning problems that a classical learner cannot efficiently solve on their own, but that they can efficiently and reliably solve when interacting with an untrusted quantum prover. Concretely, we consider the problems of agnostic learning parities and Fourier-sparse functions with respect to distributions with uniform input marginal. We propose a new quantum data access model that we call "mixture-of-superpositions" quantum examples, based on which we give efficient quantum learning algorithms for these tasks. Moreover, we prove that agnostic quantum parity and Fourier-sparse learning can be efficiently verified by a classical verifier with only random example or statistical query access. Finally, we showcase two general scenarios in learning and verification in which quantum mixture-of-superpositions examples do not lead to sample complexity improvements over classical data. Our results demonstrate that the potential power of quantum data for learning tasks, while not unlimited, can be utilized by classical agents through interaction with untrusted quantum entities.

Quantum Physics,Computational Complexity,Machine Learning

Giacomo Mauro D'Ariano,Dennis Kretschmann,Dirk Schlingemann,Reinhard F. Werner

DOI: https://doi.org/10.1103/PhysRevA.76.032328

2007-10-15

Abstract:Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. In this paper we give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols", which were recently suggested as a possible way to beat the known no-go results are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two party protocols, which is applicable to more general situations, and a new estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology, and thus may allow secure bit commitment. We present a new such protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's lab.

Quantum Physics

Andrew Drucker,Ronald de Wolf

DOI: https://doi.org/10.48550/arXiv.0910.3376

2011-03-14

Abstract:Alongside the development of quantum algorithms and quantum complexity theory in recent years, quantum techniques have also proved instrumental in obtaining results in classical (non-quantum) areas. In this paper we survey these results and the quantum toolbox they use.

Quantum Physics,Computational Complexity

Omar Amer,Kaushik Chakraborty,David Cui,Fatih Kaleoglu,Charles Lim,Minzhao Liu,Marco Pistoia

2024-10-22

Abstract:Liu et al. (ITCS22) initiated the study of designing a secure position verification protocol based on a specific proof of quantumness protocol and classical communication. In this paper, we study this interesting topic further and answer some of the open questions that are left in that paper. We provide a new generic compiler that can convert any single round proof of quantumness-based certified randomness protocol to a secure classical communication-based position verification scheme. Later, we extend our compiler to different kinds of multi-round proof of quantumness-based certified randomness protocols. Moreover, we instantiate our compiler with a random circuit sampling (RCS)-based certified randomness protocol proposed by Aaronson and Hung (STOC 23). RCS-based techniques are within reach of today's NISQ devices; therefore, our design overcomes the limitation of the Liu et al. protocol that would require a fault-tolerant quantum computer to realize. Moreover, this is one of the first cryptographic applications of RCS-based techniques other than certified randomness.

Quantum Physics,Cryptography and Security

Qingshan Xu,Xiaoqing Tan,Daipengwei Bao,Rui Huang

DOI: https://doi.org/10.1103/physreva.107.052616

IF: 2.971

2023-01-01

Physical Review A

Abstract:Recent advances in quantum technologies raise the urgent need of verifying the correct functionality of a quantum device. Certifying the correctness of a quantum device in a fully classical manner is an important research branch. In this paper, we present a measurement protocol that allows a classical verifier to interact with an efficient quantum prover to verify the computational basis or the XY-plane basis measurement on a quantum state. With the help of two adaptive hardcore bit properties of a noisy trapdoor claw-free family, the security of measurement protocol is proved, which is under quantum hardness of the learning with error. The security characterizes the distance between the output distribution of measurement protocol and the distribution obtained by measuring certain quantum states in the designated basis, with or without the presence of honest behavior of the prover. Moreover, exploiting the measurement protocol, we present two device-noise-independent verification protocols of graph states and a classical verification protocol of delegated quantum computing whose soundness is 0.5757.

Zhonghua Ma,Markus Rambach,Kaumudibikash Goswami,Some Sankar Bhattacharya,Manik Banik,Jacquiline Romero

2023-09-06

Abstract:Quantum correlations and non-projective measurements underlie a plethora of information-theoretic tasks, otherwise impossible in the classical world. Existing schemes to certify such non-classical resources in a device-independent manner require seed randomness, which is often costly and vulnerable to loopholes, for choosing the local measurements performed on different parts of a multipartite quantum system. In this letter, we propose and experimentally implement a semi-device independent certification technique for both quantum correlations and non-projective measurements without seed randomness. Our test is semi-device independent in the sense that it requires only prior knowledge of the dimensions of the parts. We experimentally show a novel quantum advantage in correlated coin tossing by producing specific correlated coins from pairs of photons entangled in their transverse spatial modes. We establish the advantage by showing that the correlated coin obtained from the entangled photons cannot be obtained from two 2-level classical correlated coins. The quantum advantage requires performing qubit trine positive operator-valued measures (POVMs) on each part of the entangled pair, thus also certifying such POVMs in a semi-device-independent manner. This proof of concept firmly establishes a new cost-effective certification technique for both generating non-classical shared randomness and implementing non-classical measurements, which will be important for future multi-party quantum communications.

Quantum Physics,Optics

Samuel Bouaziz--Ermann,Alex B. Grilo,Damien Vergnaud,Quoc-Huy Vu

2023-11-07

Abstract:There has been a recent interest in proposing quantum protocols whose security relies on weaker computational assumptions than their classical counterparts. Importantly to our work, it has been recently shown that public-key encryption (PKE) from one-way functions (OWF) is possible if we consider quantum public keys. Notice that we do not expect classical PKE from OWF given the impossibility results of Impagliazzo and Rudich (STOC'89). However, the distribution of quantum public keys is a challenging task. Therefore, the main question that motivates our work is if quantum PKE from OWF is possible if we have classical public keys. Such protocols are impossible if ciphertexts are also classical, given the impossibility result of Austrin et al. (CRYPTO'22) of quantum enhanced key-agreement (KA) with classical communication. In this paper, we focus on black-box separation for PKE with classical public key and quantum ciphertext from OWF under the polynomial compatibility conjecture, first introduced in Austrin et al.. More precisely, we show the separation when the decryption algorithm of the PKE does not query the OWF. We prove our result by extending the techniques of Austrin et al. and we show an attack for KA in an extended classical communication model where the last message in the protocol can be a quantum state.

Quantum Physics,Cryptography and Security

Wei Yang,Liusheng Huang,Fang Song,Qiyan Wang

DOI: https://doi.org/10.1142/s0217979211058407

2011-01-01

Abstract:Secure key distribution is impossible in pure classical environment. Unconditional secure key distribution is available when quantum means are introduced, assisted by a classical communication channel. What is possible when a quantum key distribution scheme is without classical communication? We present a general model with this constraint and show that quantum key distribution without classical eavesdropping check is in principle impossible. For an adversary can always succeed in obtaining the secret key via a special case of man-in-the-middle attack, namely intercept-and-forward attack without any risk of being captured.

Ben W. Reichardt,Falk Unger,Umesh Vazirani

DOI: https://doi.org/10.48550/arXiv.1209.0448

2012-09-03

Quantum Physics

Abstract:Can a classical system command a general adversarial quantum system to realize arbitrary quantum dynamics? If so, then we could realize the dream of device-independent quantum cryptography: using untrusted quantum devices to establish a shared random key, with security based on the correctness of quantum mechanics. It would also allow for testing whether a claimed quantum computer is truly quantum. Here we report a technique by which a classical system can certify the joint, entangled state of a bipartite quantum system, as well as command the application of specific operators on each subsystem. This is accomplished by showing a strong converse to Tsirelson's optimality result for the Clauser-Horne-Shimony-Holt (CHSH) game: the only way to win many games is if the bipartite state is close to the tensor product of EPR states, and the measurements are the optimal CHSH measurements on successive qubits. This leads directly to a scheme for device-independent quantum key distribution. Control over the state and operators can also be leveraged to create more elaborate protocols for realizing general quantum circuits, and to establish that QMIP = MIP*.

Carl A. Miller

2024-10-09

Abstract:An experimental cryptographic proof of quantumness will be a vital milestone in the progress of quantum information science. Error tolerance is a persistent challenge for implementing such tests: we need a test that not only can be passed by an efficient quantum prover, but one that can be passed by a prover that exhibits a certain amount of computational error. (Brakerski et al. 2018) introduced an innovative two-round proof of quantumness based on the Learning With Errors (LWE) assumption. However, one of the steps in their protocol (the pre-image test) has low tolerance for error. In this work we present a proof of quantumness which maintains the same circuit structure as (Brakerski et al. 2018) while improving the robustness for noise. Our protocol is based on cryptographically hiding an extended Greenberger-Horne-Zeilinger (GHZ) state within a sequence of classical bits. Asymptotically, our protocol allows the total probability of error within the circuit to be as high as $1 - O ( \lambda^{-C} )$, where $\lambda$ is the security parameter and $C$ is a constant that can be made arbitrarily large. As part of the proof of this result, we also prove an uncertainty principle over finite abelian groups which may be of independent interest.

Quantum Physics