-
Simple and Rigorous Proof Method for the Security of Practical Quantum Key Distribution in the Single-Qubit Regime Using Mismatched Basis Measurements
Authors:
Michel Boyer,
Gilles Brassard,
Nicolas Godbout,
Rotem Liss,
Stéphane Virally
Abstract:
Quantum key distribution (QKD) protocols aim at allowing two parties to generate a secret shared key. While many QKD protocols have been proven unconditionally secure in theory, practical security analyses of experimental QKD implementations typically do not take into account all possible loopholes, and practical devices are still not fully characterized for obtaining tight and realistic key rates…
▽ More
Quantum key distribution (QKD) protocols aim at allowing two parties to generate a secret shared key. While many QKD protocols have been proven unconditionally secure in theory, practical security analyses of experimental QKD implementations typically do not take into account all possible loopholes, and practical devices are still not fully characterized for obtaining tight and realistic key rates. We present a simple method of computing secure key rates for any practical implementation of discrete-variable QKD (which can also apply to measurement-device-independent QKD), initially in the single-qubit lossless regime, and we rigorously prove its unconditional security against any possible attack. We hope our method becomes one of the standard tools used for analysing, benchmarking, and standardizing all practical realizations of QKD.
△ Less
Submitted 3 July, 2023; v1 submitted 29 August, 2022;
originally announced August 2022.
-
Comparison of pharmacist evaluation of medication orders with predictions of a machine learning model
Authors:
Sophie-Camille Hogue,
Flora Chen,
Geneviève Brassard,
Denis Lebel,
Jean-François Bussières,
Audrey Durand,
Maxime Thibault
Abstract:
The objective of this work was to assess the clinical performance of an unsupervised machine learning model aimed at identifying unusual medication orders and pharmacological profiles. We conducted a prospective study between April 2020 and August 2020 where 25 clinical pharmacists dichotomously (typical or atypical) rated 12,471 medication orders and 1,356 pharmacological profiles. Based on AUPR,…
▽ More
The objective of this work was to assess the clinical performance of an unsupervised machine learning model aimed at identifying unusual medication orders and pharmacological profiles. We conducted a prospective study between April 2020 and August 2020 where 25 clinical pharmacists dichotomously (typical or atypical) rated 12,471 medication orders and 1,356 pharmacological profiles. Based on AUPR, performance was poor for orders, but satisfactory for profiles. Pharmacists considered the model a useful screening tool.
△ Less
Submitted 3 November, 2020;
originally announced November 2020.
-
Probability and consequences of living inside a computer simulation
Authors:
Alexandre Bibeau-Delisle,
Gilles Brassard
Abstract:
It is shown that under reasonable assumptions a Drake-style equation can be obtained for the probability that our universe is the result of a deliberate simulation. Evaluating loose bounds for certain terms in the equation shows that the probability is unlikely to be as high as previously reported in the literature, especially in a scenario where the simulations are recursive. Furthermore, we inve…
▽ More
It is shown that under reasonable assumptions a Drake-style equation can be obtained for the probability that our universe is the result of a deliberate simulation. Evaluating loose bounds for certain terms in the equation shows that the probability is unlikely to be as high as previously reported in the literature, especially in a scenario where the simulations are recursive. Furthermore, we investigate the possibility of eavesdrop** from the outside of such a simulation and introduce a general attack that can circumvent attempts at quantum cryptography inside the simulation, even if the quantum properties of the simulation are genuine.
△ Less
Submitted 20 August, 2020;
originally announced August 2020.
-
Quantum cryptography: Public key distribution and coin tossing
Authors:
Charles H. Bennett,
Gilles Brassard
Abstract:
When elementary quantum systems, such as polarized photons, are used to transmit digital information, the uncertainty principle gives rise to novel cryptographic phenomena unachievable with traditional transmission media, e.g. a communications channel on which it is impossible in principle to eavesdrop without a high probability of disturbing the transmission in such a way as to be detected. Such…
▽ More
When elementary quantum systems, such as polarized photons, are used to transmit digital information, the uncertainty principle gives rise to novel cryptographic phenomena unachievable with traditional transmission media, e.g. a communications channel on which it is impossible in principle to eavesdrop without a high probability of disturbing the transmission in such a way as to be detected. Such a quantum channel can be used in conjunction with ordinary insecure classical channels to distribute random key information between two users with the assurance that it remains unknown to anyone else, even when the users share no secret information initially. We also present a protocol for coin-tossing by exchange of quantum messages, which is secure against traditional kinds of cheating, even by an opponent with unlimited computing power, but ironically can be subverted by use of a still subtler quantum phenomenon, the Einstein-Podolsky-Rosen paradox.
△ Less
Submitted 14 March, 2020;
originally announced March 2020.
-
Remote Sampling with Applications to General Entanglement Simulation
Authors:
Gilles Brassard,
Luc Devroye,
Claude Gravel
Abstract:
We show how to sample exactly discrete probability distributions whose defining parameters are distributed among remote parties. For this purpose, von Neumann's rejection algorithm is turned into a distributed sampling communication protocol. We study the expected number of bits communicated among the parties and also exhibit a trade-off between the number of rounds of the rejection algorithm and…
▽ More
We show how to sample exactly discrete probability distributions whose defining parameters are distributed among remote parties. For this purpose, von Neumann's rejection algorithm is turned into a distributed sampling communication protocol. We study the expected number of bits communicated among the parties and also exhibit a trade-off between the number of rounds of the rejection algorithm and the number of bits transmitted in the initial phase. Finally, we apply remote sampling to the simulation of quantum entanglement in its most general form possible, when an arbitrary number of parties share systems of arbitrary dimensions on which they apply arbitrary measurements (not restricted to being projective measurements). In case the dimension of the systems and the number of possible outcomes per party is bounded by a constant, it suffices to communicate an expected O(m^2) bits in order to simulate exactly the outcomes that these measurements would have produced on those systems, where m is the number of participants.
△ Less
Submitted 17 July, 2018;
originally announced July 2018.
-
Parallel lives: A local-realistic interpretation of "nonlocal" boxes
Authors:
Gilles Brassard,
Paul Raymond-Robichaud
Abstract:
We carry out a thought experiment in an imaginary world. Our world is both local and realistic, yet it violates a Bell inequality more than does quantum theory. This serves to debunk the myth that equates local realism with local hidden variables in the simplest possible manner. Along the way, we reinterpret the celebrated 1935 argument of Einstein, Podolsky and Rosen, and come to the conclusion t…
▽ More
We carry out a thought experiment in an imaginary world. Our world is both local and realistic, yet it violates a Bell inequality more than does quantum theory. This serves to debunk the myth that equates local realism with local hidden variables in the simplest possible manner. Along the way, we reinterpret the celebrated 1935 argument of Einstein, Podolsky and Rosen, and come to the conclusion that they were right in their questioning the completeness of the Copenhagen version of quantum theory, provided one believes in a local-realistic universe. Throughout our journey, we strive to explain our views from first principles, without expecting mathematical sophistication nor specialized prior knowledge from the reader.
△ Less
Submitted 4 July, 2020; v1 submitted 28 September, 2017;
originally announced September 2017.
-
Provably secure key establishment against quantum adversaries
Authors:
Aleksandrs Belovs,
Gilles Brassard,
Peter Hoyer,
Marc Kaplan,
Sophie Laplante,
Louis Salvail
Abstract:
At Crypto 2011, some of us had proposed a family of cryptographic protocols for key establishment capable of protecting quantum and classical legitimate parties unconditionally against a quantum eavesdropper in the query complexity model. Unfortunately, our security proofs were unsatisfactory from a cryptographically meaningful perspective because they were sound only in a worst-case scenario. Her…
▽ More
At Crypto 2011, some of us had proposed a family of cryptographic protocols for key establishment capable of protecting quantum and classical legitimate parties unconditionally against a quantum eavesdropper in the query complexity model. Unfortunately, our security proofs were unsatisfactory from a cryptographically meaningful perspective because they were sound only in a worst-case scenario. Here, we extend our results and prove that for any e > 0, there is a classical protocol that allows the legitimate parties to establish a common key after O(N) expected queries to a random oracle, yet any quantum eavesdropper will have a vanishing probability of learning their key after O(N^{1.5-e}) queries to the same oracle. The vanishing probability applies to a typical run of the protocol. If we allow the legitimate parties to use a quantum computer as well, their advantage over the quantum eavesdropper becomes arbitrarily close to the quadratic advantage that classical legitimate parties enjoyed over classical eavesdroppers in the seminal 1974 work of Ralph Merkle. Along the way, we develop new tools to give lower bounds on the number of quantum queries required to distinguish two probability distributions. This method in itself could have multiple applications in cryptography. We use it here to study average-case quantum query complexity, for which we develop a new composition theorem of independent interest.
△ Less
Submitted 28 April, 2017; v1 submitted 26 April, 2017;
originally announced April 2017.
-
Cryptography in a Quantum World
Authors:
Gilles Brassard
Abstract:
Although practised as an art and science for ages, cryptography had to wait until the mid-twentieth century before Claude Shannon gave it a strong mathematical foundation. However, Shannon's approach was rooted is his own information theory, itself inspired by the classical physics of Newton and Einstein. But our world is ruled by the laws of quantum mechanics. When quantum-mechanical phenomena ar…
▽ More
Although practised as an art and science for ages, cryptography had to wait until the mid-twentieth century before Claude Shannon gave it a strong mathematical foundation. However, Shannon's approach was rooted is his own information theory, itself inspired by the classical physics of Newton and Einstein. But our world is ruled by the laws of quantum mechanics. When quantum-mechanical phenomena are taken into account, new vistas open up both for codemakers and codebreakers. Is quantum mechanics a blessing or a curse for the protection of privacy? As we shall see, the jury is still out!
△ Less
Submitted 14 October, 2015;
originally announced October 2015.
-
Quantum Cryptography II: How to re-use a one-time pad safely even if P=NP
Authors:
Charles H. Bennett,
Gilles Brassard,
Seth Breidbart
Abstract:
When elementary quantum systems, such as polarized photons, are used to transmit digital information, the uncertainty principle gives rise to novel cryptographic phenomena unachievable with traditional transmission media, e.g. a communications channel on which it is impossible in principle to eavesdrop without a high probability of being detected. With such a channel, a one-time pad can safely be…
▽ More
When elementary quantum systems, such as polarized photons, are used to transmit digital information, the uncertainty principle gives rise to novel cryptographic phenomena unachievable with traditional transmission media, e.g. a communications channel on which it is impossible in principle to eavesdrop without a high probability of being detected. With such a channel, a one-time pad can safely be reused many times as long as no eavesdrop is detected, and, planning ahead, part of the capacity of these uncompromised transmissions can be used to send fresh random bits with which to replace the one-time pad when an eavesdrop finally is detected. Unlike other schemes for stretching a one-time pad, this scheme does not depend on complexity-theoretic assumptions such as the difficulty of factoring.
△ Less
Submitted 1 July, 2014;
originally announced July 2014.
-
Experimental Heat-Bath Cooling of Spins
Authors:
Gilles Brassard,
Yuval Elias,
José M. Fernandez,
Haggai Gilboa,
Jonathan A. Jones,
Tal Mor,
Yossi Weinstein,
Li Xiao
Abstract:
Algorithmic cooling (AC) is a method to purify quantum systems, such as ensembles of nuclear spins, or cold atoms in an optical lattice. When applied to spins, AC produces ensembles of highly polarized spins, which enhance the signal strength in nuclear magnetic resonance (NMR). According to this cooling approach, spin-half nuclei in a constant magnetic field are considered as bits, or more precis…
▽ More
Algorithmic cooling (AC) is a method to purify quantum systems, such as ensembles of nuclear spins, or cold atoms in an optical lattice. When applied to spins, AC produces ensembles of highly polarized spins, which enhance the signal strength in nuclear magnetic resonance (NMR). According to this cooling approach, spin-half nuclei in a constant magnetic field are considered as bits, or more precisely, quantum bits, in a known probability distribution. Algorithmic steps on these bits are then translated into specially designed NMR pulse sequences using common NMR quantum computation tools. The $algorithmic$ cooling of spins is achieved by alternately combining reversible, entropy-preserving manipulations (borrowed from data compression algorithms) with $selective$ $reset$, the transfer of entropy from selected spins to the environment. In theory, applying algorithmic cooling to sufficiently large spin systems may produce polarizations far beyond the limits due to conservation of Shannon entropy.
Here, only selective reset steps are performed, hence we prefer to call this process "heat-bath" cooling, rather than algorithmic cooling. We experimentally implement here two consecutive steps of selective reset that transfer entropy from two selected spins to the environment. We performed such cooling experiments with commercially-available labeled molecules, on standard liquid-state NMR spectrometers. Our experiments yielded polarizations that $bypass$ $Shannon's$ $entropy$-$conservation$ $bound$, so that the entire spin-system was cooled. This paper was initially submitted in 2005, first to Science and then to PNAS, and includes additional results from subsequent years (e.g. for resubmission in 2007). The Postscriptum includes more details.
△ Less
Submitted 28 April, 2014;
originally announced April 2014.
-
Prospects and Limitations of Algorithmic Cooling
Authors:
Gilles Brassard,
Yuval Elias,
Tal Mor,
Yossi Weinstein
Abstract:
Heat-bath algorithmic cooling (AC) of spins is a theoretically powerful effective cooling approach, that (ideally) cools spins with low polarization exponentially better than cooling by reversible entropy manipulations alone. Here, we investigate the limitations and prospects of AC. For non-ideal and semioptimal AC, we study the impact of finite relaxation times of reset and computation spins on t…
▽ More
Heat-bath algorithmic cooling (AC) of spins is a theoretically powerful effective cooling approach, that (ideally) cools spins with low polarization exponentially better than cooling by reversible entropy manipulations alone. Here, we investigate the limitations and prospects of AC. For non-ideal and semioptimal AC, we study the impact of finite relaxation times of reset and computation spins on the achievable effective cooling. We derive, via simulations, the attainable cooling levels for given ratios of relaxation times using two semioptimal practicable algorithms. We expect this analysis to be valuable for the planning of future experiments. For ideal and optimal AC, we make use of lower bounds on the number of required reset steps, based on entropy considerations, to present important consequences of using AC as a tool for improving signal-to-noise ratio in liquid-state magnetic resonance spectroscopy. We discuss the potential use of AC for noninvasive clinical diagnosis and drug monitoring, where it may have significantly lower specific absorption rate (SAR) with respect to currently used methods.
△ Less
Submitted 27 April, 2014;
originally announced April 2014.
-
Noisy Interactive Quantum Communication
Authors:
Gilles Brassard,
Ashwin Nayak,
Alain Tapp,
Dave Touchette,
Falk Unger
Abstract:
We study the problem of simulating protocols in a quantum communication setting over noisy channels. This problem falls at the intersection of quantum information theory and quantum communication complexity, and it will be of importance for eventual real-world applications of interactive quantum protocols, which can be proved to have exponentially lower communication costs than their classical cou…
▽ More
We study the problem of simulating protocols in a quantum communication setting over noisy channels. This problem falls at the intersection of quantum information theory and quantum communication complexity, and it will be of importance for eventual real-world applications of interactive quantum protocols, which can be proved to have exponentially lower communication costs than their classical counterparts for some problems. These are the first results concerning the quantum version of this problem, originally studied by Schulman in a classical setting (FOCS '92, STOC '93). We simulate a length $N$ quantum communication protocol by a length $O(N)$ protocol with arbitrarily small error. Under adversarial noise, our strategy can withstand, for arbitrarily small $ε> 0$, error rates as high as $1/2 -ε$ when parties pre-share perfect entanglement, but the classical channel is noisy. We show that this is optimal. We provide extension of these results in several other models of communication, including when also the entanglement is noisy, and when there is no pre-shared entanglement but communication is quantum and noisy. We also study the case of random noise, for which we provide simulation protocols with positive communication rates and no pre-shared entanglement over some quantum channels with quantum capacity $C_Q=0$, proving that $C_Q$ is in general not the right characterization of a channel's capacity for interactive quantum communication. Our results are stated for a general quantum communication protocol in which Alice and Bob collaborate, and these results hold in particular in the quantum communication complexity settings of the Yao and Cleve--Buhrman models.
△ Less
Submitted 9 June, 2019; v1 submitted 10 September, 2013;
originally announced September 2013.
-
Exact simulation of the GHZ distribution
Authors:
Gilles Brassard,
Luc Devroye,
Claude Gravel
Abstract:
John Bell has shown that the correlations entailed by quantum mechanics cannot be reproduced by a classical process involving non-communicating parties. But can they be simulated with the help of bounded communication? This problem has been studied for more than two decades and it is now well understood in the case of bipartite entanglement. However, the issue was still widely open for multipartit…
▽ More
John Bell has shown that the correlations entailed by quantum mechanics cannot be reproduced by a classical process involving non-communicating parties. But can they be simulated with the help of bounded communication? This problem has been studied for more than two decades and it is now well understood in the case of bipartite entanglement. However, the issue was still widely open for multipartite entanglement, even for the simplest case, which is the tripartite Greenberger-Horne-Zeilinger (GHZ) state. We give an exact simulation of arbitrary independent von Neumann measurements on general n-partite GHZ states. Our protocol requires O(n^2) bits of expected communication between the parties, and O(n log n) expected time is sufficient to carry it out in parallel. Furthermore, we need only an expectation of O(n) independent unbiased random bits, with no need for the generation of continuous real random variables nor prior shared random variables. In the case of equatorial measurements, we improve on the prior art with a protocol that needs only O(n log n) bits of communication and O(log^2 n) parallel time. At the cost of a slight increase in the number of bits communicated, these tasks can be accomplished with a constant expected number of rounds.
△ Less
Submitted 17 May, 2015; v1 submitted 24 March, 2013;
originally announced March 2013.
-
Can free will emerge from determinism in quantum theory?
Authors:
Gilles Brassard,
Paul Raymond-Robichaud
Abstract:
Quantum Mechanics is generally considered to be the ultimate theory capable of explaining the emergence of randomness by virtue of the quantum measurement process. Therefore, Quantum Mechanics can be thought of as God's wonderfully imaginative solution to the problem of providing His creatures with Free Will in an otherwise well-ordered Universe. Indeed, how could we dream of free will in the pure…
▽ More
Quantum Mechanics is generally considered to be the ultimate theory capable of explaining the emergence of randomness by virtue of the quantum measurement process. Therefore, Quantum Mechanics can be thought of as God's wonderfully imaginative solution to the problem of providing His creatures with Free Will in an otherwise well-ordered Universe. Indeed, how could we dream of free will in the purely deterministic Universe envisioned by Laplace if everything ever to happen is predetermined by (and in principle calculable from) the actual conditions or even those existing at the time of the Big Bang? In this essay, we share our view that Quantum Mechanics is in fact deterministic, local and realistic, in complete contradiction with most people's perception of Bell's theorem, thanks to our new theory of parallel lives. Accordingly, what we perceive as the so-called "collapse of the wavefunction" is but an illusion. Then we ask the fundamental question: Can a purely deterministic Quantum Theory give rise to the illusion of nondeterminism, randomness, probabilities, and ultimately can free will emerge from such a theory?
△ Less
Submitted 10 April, 2012;
originally announced April 2012.
-
Simulating equatorial measurements on GHZ states with finite expected communication cost
Authors:
Gilles Brassard,
Marc Kaplan
Abstract:
The communication cost of simulating probability distributions obtained by measuring quantum states is a natural way to quantify quantum non-locality. While much is known in the case of bipartite entanglement, little has been done in the multipartite setting. In this paper, we focus on the GHZ state. Specifically, equatorial measurements lead to correlations similar to the ones obtained with Bell…
▽ More
The communication cost of simulating probability distributions obtained by measuring quantum states is a natural way to quantify quantum non-locality. While much is known in the case of bipartite entanglement, little has been done in the multipartite setting. In this paper, we focus on the GHZ state. Specifically, equatorial measurements lead to correlations similar to the ones obtained with Bell states. We give a protocol to simulate these measurements on the n-partite GHZ state using O(n^2) bits of communication on average.
△ Less
Submitted 14 December, 2011;
originally announced December 2011.
-
Key establishment à la Merkle in a quantum world
Authors:
Gilles Brassard,
Peter Hoyer,
Kassem Kalach,
Marc Kaplan,
Sophie Laplante,
Louis Salvail
Abstract:
In 1974, Ralph Merkle proposed the first unclassified scheme for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N, an eavesdropper cannot break into their communication without spending a time proportional to N^2, which is quadratically more than the legitimate effort. Two of…
▽ More
In 1974, Ralph Merkle proposed the first unclassified scheme for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N, an eavesdropper cannot break into their communication without spending a time proportional to N^2, which is quadratically more than the legitimate effort. Two of us showed in 2008 that Merkle's schemes are completely insecure against a quantum adversary, but that their security can be partially restored if the legitimate parties are also allowed to use quantum computation: the eavesdropper needed to spend a time proportional to N^{3/2} to break our earlier quantum scheme. Furthermore, all previous classical schemes could be broken completely by the onslaught of a quantum eavesdropper and we conjectured that this is unavoidable.
We give now two novel key establishment schemes in the spirit of Merkle's. The first one can be broken by a quantum adversary who makes an effort proportional to N^{5/3}, which is the optimal attack against this scheme. Our second scheme is purely classical, yet it cannot be broken by a quantum eavesdropper who is only willing to expend an effort proportional to that of the legitimate parties.
We then introduce two families of more elaborate protocols. The first family consists in quantum protocols whose security is arbitrarily close to quadratic in the query complexity model. The second is a family of classical protocols whose security against a quantum adversary is arbitrarily close to N^{3/2} in the same model.
△ Less
Submitted 12 February, 2015; v1 submitted 10 August, 2011;
originally announced August 2011.
-
An optimal quantum algorithm to approximate the mean and its application for approximating the median of a set of points over an arbitrary distance
Authors:
Gilles Brassard,
Frederic Dupuis,
Sebastien Gambs,
Alain Tapp
Abstract:
We describe two quantum algorithms to approximate the mean value of a black-box function. The first algorithm is novel and asymptotically optimal while the second is a variation on an earlier algorithm due to Aharonov. Both algorithms have their own strengths and caveats and may be relevant in different contexts. We then propose a new algorithm for approximating the median of a set of points over…
▽ More
We describe two quantum algorithms to approximate the mean value of a black-box function. The first algorithm is novel and asymptotically optimal while the second is a variation on an earlier algorithm due to Aharonov. Both algorithms have their own strengths and caveats and may be relevant in different contexts. We then propose a new algorithm for approximating the median of a set of points over an arbitrary distance function.
△ Less
Submitted 21 June, 2011;
originally announced June 2011.
-
Flip** quantum coins
Authors:
Guido Berlin,
Gilles Brassard,
Felix Bussieres,
Nicolas Godbout,
Joshua A. Slater,
Wolfgang Tittel
Abstract:
Coin flip** is a cryptographic primitive in which two distrustful parties wish to generate a random bit in order to choose between two alternatives. This task is impossible to realize when it relies solely on the asynchronous exchange of classical bits: one dishonest player has complete control over the final outcome. It is only when coin flip** is supplemented with quantum communication tha…
▽ More
Coin flip** is a cryptographic primitive in which two distrustful parties wish to generate a random bit in order to choose between two alternatives. This task is impossible to realize when it relies solely on the asynchronous exchange of classical bits: one dishonest player has complete control over the final outcome. It is only when coin flip** is supplemented with quantum communication that this problem can be alleviated, although partial bias remains. Unfortunately, practical systems are subject to loss of quantum data, which restores complete or nearly complete bias in previous protocols. We report herein on the first implementation of a quantum coin-flip** protocol that is impervious to loss. Moreover, in the presence of unavoidable experimental noise, we propose to use this protocol sequentially to implement many coin flips, which guarantees that a cheater unwillingly reveals asymptotically, through an increased error rate, how many outcomes have been fixed. Hence, we demonstrate for the first time the possibility of flip** coins in a realistic setting. Flip** quantum coins thereby joins quantum key distribution as one of the few currently practical applications of quantum communication. We anticipate our findings to be useful for various cryptographic protocols and other applications, such as an online casino, in which a possibly unlimited number of coin flips has to be performed and where each player is free to decide at any time whether to continue playing or not.
△ Less
Submitted 1 May, 2009; v1 submitted 27 April, 2009;
originally announced April 2009.
-
Fair Loss-Tolerant Quantum Coin Flip**
Authors:
Guido Berlin,
Gilles Brassard,
Felix Bussieres,
Nicolas Godbout
Abstract:
Coin flip** is a cryptographic primitive in which two spatially separated players, who in principle do not trust each other, wish to establish a common random bit. If we limit ourselves to classical communication, this task requires either assumptions on the computational power of the players or it requires them to send messages to each other with sufficient simultaneity to force their complet…
▽ More
Coin flip** is a cryptographic primitive in which two spatially separated players, who in principle do not trust each other, wish to establish a common random bit. If we limit ourselves to classical communication, this task requires either assumptions on the computational power of the players or it requires them to send messages to each other with sufficient simultaneity to force their complete independence. Without such assumptions, all classical protocols are so that one dishonest player has complete control over the outcome. If we use quantum communication, on the other hand, protocols have been introduced that limit the maximal bias that dishonest players can produce. However, those protocols would be very difficult to implement in practice because they are susceptible to realistic losses on the quantum channel between the players or in their quantum memory and measurement apparatus. In this paper, we introduce a novel quantum protocol and we prove that it is completely impervious to loss. The protocol is fair in the sense that either player has the same probability of success in cheating attempts at biasing the outcome of the coin flip. We also give explicit and optimal cheating strategies for both players.
△ Less
Submitted 4 May, 2009; v1 submitted 27 April, 2009;
originally announced April 2009.
-
Entanglement Cost of Nonlocal Measurements
Authors:
Somshubhro Bandyopadhyay,
Gilles Brassard,
Shelby Kimmel,
William K. Wootters
Abstract:
For certain joint measurements on a pair of spatially separated particles, we ask how much entanglement is needed to carry out the measurement exactly. For a class of orthogonal measurements on two qubits with partially entangled eigenstates, we present upper and lower bounds on the entanglement cost. The upper bound is based on a recent result by D. Berry [Phys. Rev. A 75, 032349 (2007)]. The l…
▽ More
For certain joint measurements on a pair of spatially separated particles, we ask how much entanglement is needed to carry out the measurement exactly. For a class of orthogonal measurements on two qubits with partially entangled eigenstates, we present upper and lower bounds on the entanglement cost. The upper bound is based on a recent result by D. Berry [Phys. Rev. A 75, 032349 (2007)]. The lower bound, based on the entanglement production capacity of the measurement, implies that for almost all measurements in the class we consider, the entanglement required to perform the measurement is strictly greater than the average entanglement of its eigenstates. On the other hand, we show that for any complete measurement in d x d dimensions that is invariant under all local Pauli operations, the cost of the measurement is exactly equal to the average entanglement of the states associated with the outcomes.
△ Less
Submitted 30 March, 2009; v1 submitted 12 September, 2008;
originally announced September 2008.
-
Anonymous quantum communication
Authors:
Gilles Brassard,
Anne Broadbent,
Joseph Fitzsimons,
Sebastien Gambs,
Alain Tapp
Abstract:
We present the first protocol for the anonymous transmission of a quantum state that is information-theoretically secure against an active adversary, without any assumption on the number of corrupt participants. The anonymity of the sender and receiver is perfectly preserved, and the privacy of the quantum state is protected except with exponentially small probability. Even though a single corru…
▽ More
We present the first protocol for the anonymous transmission of a quantum state that is information-theoretically secure against an active adversary, without any assumption on the number of corrupt participants. The anonymity of the sender and receiver is perfectly preserved, and the privacy of the quantum state is protected except with exponentially small probability. Even though a single corrupt participant can cause the protocol to abort, the quantum state can only be destroyed with exponentially small probability: if the protocol succeeds, the state is transferred to the receiver and otherwise it remains in the hands of the sender (provided the receiver is honest).
△ Less
Submitted 15 June, 2007;
originally announced June 2007.
-
Can quantum-mechanical description of physical reality be considered incomplete?
Authors:
Gilles Brassard,
Andre Allan Methot
Abstract:
In loving memory of Asher Peres, we discuss a most important and influential paper written in 1935 by his thesis supervisor and mentor Nathan Rosen, together with Albert Einstein and Boris Podolsky. In that paper, the trio known as EPR questioned the completeness of quantum mechanics. The authors argued that the then-new theory should not be considered final because they believed it incapable of…
▽ More
In loving memory of Asher Peres, we discuss a most important and influential paper written in 1935 by his thesis supervisor and mentor Nathan Rosen, together with Albert Einstein and Boris Podolsky. In that paper, the trio known as EPR questioned the completeness of quantum mechanics. The authors argued that the then-new theory should not be considered final because they believed it incapable of describing physical reality. The epic battle between Einstein and Bohr intensified following the latter's response later the same year. Three decades elapsed before John S. Bell gave a devastating proof that the EPR argument was fatally flawed. The modest purpose of our paper is to give a critical analysis of the original EPR paper and point out its logical shortcomings in a way that could have been done 70 years ago, with no need to wait for Bell's theorem. We also present an overview of Bohr's response in the interest of showing how it failed to address the gist of the EPR argument.
△ Less
Submitted 29 December, 2006;
originally announced January 2007.
-
Brief History of Quantum Cryptography: A Personal Perspective
Authors:
Gilles Brassard
Abstract:
Quantum cryptography is the only approach to privacy ever proposed that allows two parties (who do not share a long secret key ahead of time) to communicate with provably perfect secrecy under the nose of an eavesdropper endowed with unlimited computational power and whose technology is limited by nothing but the fundamental laws of nature. This essay provides a personal historical perspective o…
▽ More
Quantum cryptography is the only approach to privacy ever proposed that allows two parties (who do not share a long secret key ahead of time) to communicate with provably perfect secrecy under the nose of an eavesdropper endowed with unlimited computational power and whose technology is limited by nothing but the fundamental laws of nature. This essay provides a personal historical perspective on the field. For the sake of liveliness, the style is purposely that of a spontaneous after-dinner speech.
△ Less
Submitted 11 April, 2006;
originally announced April 2006.
-
Experimental Heat-Bath Cooling of Spins
Authors:
Gilles Brassard,
Yuval Elias,
Jose M. Fernandez,
Haggai Gilboa,
Jonathan A. Jones,
Tal Mor,
Yossi Weinstein,
Li Xiao
Abstract:
Algorithmic cooling is a novel technique to generate ensembles of highly polarized spins, which could significantly improve the signal strength in Nuclear Magnetic Resonance (NMR) spectroscopy. It combines reversible (entropy-preserving) manipulations and irreversible controlled interactions with the environment, using simple quantum computing techniques to increase spin polarization far beyond…
▽ More
Algorithmic cooling is a novel technique to generate ensembles of highly polarized spins, which could significantly improve the signal strength in Nuclear Magnetic Resonance (NMR) spectroscopy. It combines reversible (entropy-preserving) manipulations and irreversible controlled interactions with the environment, using simple quantum computing techniques to increase spin polarization far beyond the Shannon entropy-conservation bound. Notably, thermalization is beneficially employed as an integral part of the cooling scheme, contrary to its ordinary destructive implications. We report the first cooling experiments bypassing Shannon's entropy-conservation bound, performed on a standard liquid-state NMR spectrometer. We believe that this experimental success could pave the way for the first near-future application of quantum computing devices.
△ Less
Submitted 16 November, 2005;
originally announced November 2005.
-
A limit on nonlocality in any world in which communication complexity is not trivial
Authors:
Gilles Brassard,
Harry Buhrman,
Noah Linden,
Andre A. Methot,
Alain Tapp,
Falk Unger
Abstract:
Bell proved that quantum entanglement enables two space-like separated parties to exhibit classically impossible correlations. Even though these correlations are stronger than anything classically achievable, they cannot be harnessed to make instantaneous (faster than light) communication possible. Yet, Popescu and Rohrlich have shown that even stronger correlations can be defined, under which i…
▽ More
Bell proved that quantum entanglement enables two space-like separated parties to exhibit classically impossible correlations. Even though these correlations are stronger than anything classically achievable, they cannot be harnessed to make instantaneous (faster than light) communication possible. Yet, Popescu and Rohrlich have shown that even stronger correlations can be defined, under which instantaneous communication remains impossible. This raises the question: Why are the correlations achievable by quantum mechanics not maximal among those that preserve causality? We give a partial answer to this question by showing that slightly stronger correlations would result in a world in which communication complexity becomes trivial.
△ Less
Submitted 4 August, 2005;
originally announced August 2005.
-
Minimum entangled state dimension required for pseudo-telepathy
Authors:
Gilles Brassard,
Andre A. Methot,
Alain Tapp
Abstract:
Pseudo-telepathy provides an intuitive way of looking at Bell's inequalities, in which it is often obvious that feats achievable by use of quantum entanglement would be classically impossible. A two-player pseudo-telepathy game proceeds as follows: Alice and Bob are individually asked a question and they must provide an answer. They are not allowed any form of communication once the questions ar…
▽ More
Pseudo-telepathy provides an intuitive way of looking at Bell's inequalities, in which it is often obvious that feats achievable by use of quantum entanglement would be classically impossible. A two-player pseudo-telepathy game proceeds as follows: Alice and Bob are individually asked a question and they must provide an answer. They are not allowed any form of communication once the questions are asked, but they may have agreed on a common strategy prior to the execution of the game. We say that they win the game if the questions and answers fulfil a specific relation. A game exhibits pseudo-telepathy if there is a quantum strategy that makes Alice and Bob win the game for all possible questions, provided they share prior entanglement, whereas it would be impossible to win this game systematically in a classical setting. In this paper, we show that any two-player pseudo-telepathy game requires the quantum players to share an entangled quantum system of dimension at least 3x3. This is optimal for two-player games, but the most efficient pseudo-telepathy game possible, in terms of total dimension, involves three players who share a quantum system of dimension 2x2x2.
△ Less
Submitted 20 December, 2004; v1 submitted 17 December, 2004;
originally announced December 2004.
-
Recasting Mermin's multi-player game into the framework of pseudo-telepathy
Authors:
Gilles Brassard,
Anne Broadbent,
Alain Tapp
Abstract:
Entanglement is perhaps the most non-classical manifestation of quantum mechanics. Among its many interesting applications to information processing, it can be harnessed to reduce the amount of communication required to process a variety of distributed computational tasks. Can it be used to eliminate communication altogether? Even though it cannot serve to signal information between remote parti…
▽ More
Entanglement is perhaps the most non-classical manifestation of quantum mechanics. Among its many interesting applications to information processing, it can be harnessed to reduce the amount of communication required to process a variety of distributed computational tasks. Can it be used to eliminate communication altogether? Even though it cannot serve to signal information between remote parties, there are distributed tasks that can be performed without any need for communication, provided the parties share prior entanglement: this is the realm of pseudo-telepathy.
One of the earliest uses of multi-party entanglement was presented by Mermin in 1990. Here we recast his idea in terms of pseudo-telepathy: we provide a new computer-scientist-friendly analysis of this game. We prove an upper bound on the best possible classical strategy for attempting to play this game, as well as a novel, matching lower bound. This leads us to considerations on how well imperfect quantum-mechanical apparatus must perform in order to exhibit a behaviour that would be classically impossible to explain. Our results include improved bounds that could help vanquish the infamous detection loophole.
△ Less
Submitted 16 June, 2005; v1 submitted 6 August, 2004;
originally announced August 2004.
-
Quantum Pseudo-Telepathy
Authors:
Gilles Brassard,
Anne Broadbent,
Alain Tapp
Abstract:
Quantum information processing is at the crossroads of physics, mathematics and computer science. It is concerned with that we can and cannot do with quantum information that goes beyond the abilities of classical information processing devices. Communication complexity is an area of classical computer science that aims at quantifying the amount of communication necessary to solve distributed co…
▽ More
Quantum information processing is at the crossroads of physics, mathematics and computer science. It is concerned with that we can and cannot do with quantum information that goes beyond the abilities of classical information processing devices. Communication complexity is an area of classical computer science that aims at quantifying the amount of communication necessary to solve distributed computational problems. Quantum communication complexity uses quantum mechanics to reduce the amount of communication that would be classically required.
Pseudo-telepathy is a surprising application of quantum information processing to communication complexity. Thanks to entanglement, perhaps the most nonclassical manifestation of quantum mechanics, two or more quantum players can accomplish a distributed task with no need for communication whatsoever, which would be an impossible feat for classical players.
After a detailed overview of the principle and purpose of pseudo-telepathy, we present a survey of recent and no-so-recent work on the subject. In particular, we describe and analyse all the pseudo-telepathy games currently known to the authors.
△ Less
Submitted 22 November, 2004; v1 submitted 27 July, 2004;
originally announced July 2004.
-
Quantum Computing Without Entanglement
Authors:
Eli Biham,
Gilles Brassard,
Dan Kenigsberg,
Tal Mor
Abstract:
It is generally believed that entanglement is essential for quantum computing. We present here a few simple examples in which quantum computing without entanglement is better than anything classically achievable, in terms of the reliability of the outcome after a xed number of oracle calls. Using a separable (that is, unentangled) n-qubit state, we show that the Deutsch-Jozsa problem and the Sim…
▽ More
It is generally believed that entanglement is essential for quantum computing. We present here a few simple examples in which quantum computing without entanglement is better than anything classically achievable, in terms of the reliability of the outcome after a xed number of oracle calls. Using a separable (that is, unentangled) n-qubit state, we show that the Deutsch-Jozsa problem and the Simon problem can be solved more reliably by a quantum computer than by the best possible classical algorithm, even probabilistic. We conclude that: (a) entanglement is not essential for quantum computing; and (b) some advantage of quantum algorithms over classical algorithms persists even when the quantum state contains an arbitrarily small amount of information|that is, even when the state is arbitrarily close to being totally mixed.
△ Less
Submitted 26 June, 2003;
originally announced June 2003.
-
Multi-Party Pseudo-Telepathy
Authors:
Gilles Brassard,
Anne Broadbent,
Alain Tapp
Abstract:
Quantum entanglement, perhaps the most non-classical manifestation of quantum information theory, cannot be used to transmit information between remote parties. Yet, it can be used to reduce the amount of communication required to process a variety of distributed computational tasks. We speak of pseudo-telepathy when quantum entanglement serves to eliminate the classical need to communicate. In…
▽ More
Quantum entanglement, perhaps the most non-classical manifestation of quantum information theory, cannot be used to transmit information between remote parties. Yet, it can be used to reduce the amount of communication required to process a variety of distributed computational tasks. We speak of pseudo-telepathy when quantum entanglement serves to eliminate the classical need to communicate. In earlier examples of pseudo-telepathy, classical protocols could succeed with high probability unless the inputs were very large. Here we present a simple multi-party distributed problem for which the inputs and outputs consist of a single bit per player, and we present a perfect quantum protocol for it. We prove that no classical protocol can succeed with a probability that differs from 1/2 by more than a fraction that is exponentially small in the number of players. This could be used to circumvent the detection loophole in experimental tests of nonlocality.
△ Less
Submitted 5 June, 2003;
originally announced June 2003.
-
Quantum Arithmetic on Galois Fields
Authors:
Stephane Beauregard,
Gilles Brassard,
Jose M. Fernandez
Abstract:
In this paper we discuss the problem of performing elementary finite field arithmetic on a quantum computer. Of particular interest, is the controlled-multiplication operation, which is the only group-specific operation in Shor's algorithms for factoring and solving the Discrete Log Problem. We describe how to build quantum circuits for performing this operation on the generic Galois fields GF(…
▽ More
In this paper we discuss the problem of performing elementary finite field arithmetic on a quantum computer. Of particular interest, is the controlled-multiplication operation, which is the only group-specific operation in Shor's algorithms for factoring and solving the Discrete Log Problem. We describe how to build quantum circuits for performing this operation on the generic Galois fields GF($p^k$), as well as the boundary cases GF($p$) and GF($2^k$). We give the detailed size, width and depth complexity of such circuits, which ultimately will allow us to obtain detailed upper bounds on the amount of quantum resources needed to solve instances of the DLP on such fields.
△ Less
Submitted 29 January, 2003;
originally announced January 2003.
-
Quantum Communication Complexity (A Survey)
Authors:
Gilles Brassard
Abstract:
Can quantum communication be more efficient than its classical counterpart? Holevo's theorem rules out the possibility of communicating more than n bits of classical information by the transmission of n quantum bits --- unless the two parties are entangled, in which case twice as many classical bits can be communicated but no more. In apparent contradiction, there are distributed computational t…
▽ More
Can quantum communication be more efficient than its classical counterpart? Holevo's theorem rules out the possibility of communicating more than n bits of classical information by the transmission of n quantum bits --- unless the two parties are entangled, in which case twice as many classical bits can be communicated but no more. In apparent contradiction, there are distributed computational tasks for which quantum communication cannot be simulated efficiently by classical means. In extreme cases, the effect of transmitting quantum bits cannot be achieved classically short of transmitting an exponentially larger number of bits.
In a similar vein, can entanglement be used to save on classical communication? It is well known that entanglement on its own is useless for the transmission of information. Yet, there are distributed tasks that cannot be accomplished at all in a classical world when communication is not allowed, but that become possible if the non-communicating parties share prior entanglement. This leads to the question of how expensive it is, in terms of classical communication, to provide an exact simulation of the spooky power of entanglement.
△ Less
Submitted 1 January, 2001;
originally announced January 2001.
-
Quantum Amplitude Amplification and Estimation
Authors:
Gilles Brassard,
Peter Hoyer,
Michele Mosca,
Alain Tapp
Abstract:
Consider a Boolean function $χ: X \to \{0,1\}$ that partitions set $X$ between its good and bad elements, where $x$ is good if $χ(x)=1$ and bad otherwise. Consider also a quantum algorithm $\mathcal A$ such that $A |0\rangle= \sum_{x\in X} α_x |x\rangle$ is a quantum superposition of the elements of $X$, and let $a$ denote the probability that a good element is produced if $A |0\rangle$ is measu…
▽ More
Consider a Boolean function $χ: X \to \{0,1\}$ that partitions set $X$ between its good and bad elements, where $x$ is good if $χ(x)=1$ and bad otherwise. Consider also a quantum algorithm $\mathcal A$ such that $A |0\rangle= \sum_{x\in X} α_x |x\rangle$ is a quantum superposition of the elements of $X$, and let $a$ denote the probability that a good element is produced if $A |0\rangle$ is measured. If we repeat the process of running $A$, measuring the output, and using $χ$ to check the validity of the result, we shall expect to repeat $1/a$ times on the average before a solution is found. *Amplitude amplification* is a process that allows to find a good $x$ after an expected number of applications of $A$ and its inverse which is proportional to $1/\sqrt{a}$, assuming algorithm $A$ makes no measurements. This is a generalization of Grover's searching algorithm in which $A$ was restricted to producing an equal superposition of all members of $X$ and we had a promise that a single $x$ existed such that $χ(x)=1$. Our algorithm works whether or not the value of $a$ is known ahead of time. In case the value of $a$ is known, we can find a good $x$ after a number of applications of $A$ and its inverse which is proportional to $1/\sqrt{a}$ even in the worst case. We show that this quadratic speedup can also be obtained for a large family of search problems for which good classical heuristics exist. Finally, as our main result, we combine ideas from Grover's and Shor's quantum algorithms to perform amplitude estimation, a process that allows to estimate the value of $a$. We apply amplitude estimation to the problem of *approximate counting*, in which we wish to estimate the number of $x\in X$ such that $χ(x)=1$. We obtain optimal quantum algorithms in a variety of settings.
△ Less
Submitted 15 May, 2000;
originally announced May 2000.
-
Security Aspects of Practical Quantum Cryptography
Authors:
Gilles Brassard,
Norbert Lütkenhaus,
Tal Mor,
Barry C. Sanders
Abstract:
The use of quantum bits (qubits) in cryptography holds the promise of secure cryptographic quantum key distribution schemes. Unfortunately, the implemented schemes can be totally insecure. We provide a thorough investigation of security issues for practical quantum key distribution, taking into account channel losses, a realistic detection process, and modifications of the ``qubits'' sent from t…
▽ More
The use of quantum bits (qubits) in cryptography holds the promise of secure cryptographic quantum key distribution schemes. Unfortunately, the implemented schemes can be totally insecure. We provide a thorough investigation of security issues for practical quantum key distribution, taking into account channel losses, a realistic detection process, and modifications of the ``qubits'' sent from the sender to the receiver. We first show that even quantum key distribution with perfect qubits cannot be achieved over long distances when fixed channel losses and fixed dark count errors are taken into account. Then we show that existing experimental schemes (based on ``weak-pulse'') are usually totally insecure. Finally we show that parametric downconversion offers enhanced performance compared to its weak coherent pulse counterpart.
△ Less
Submitted 12 November, 1999;
originally announced November 1999.
-
Quantum cryptography via parametric downconversion
Authors:
Gilles Brassard,
Tal Mor,
Barry C. Sanders
Abstract:
The use of quantum bits (qubits) in cryptography holds the promise of secure cryptographic quantum key distribution schemes. It is based usually on single-photon polarization states. Unfortunately, the implemented ``qubits'' in the usual weak pulse experiments are not true two-level systems, and quantum key distribution based on these imperfect qubits is totally insecure in the presence of high…
▽ More
The use of quantum bits (qubits) in cryptography holds the promise of secure cryptographic quantum key distribution schemes. It is based usually on single-photon polarization states. Unfortunately, the implemented ``qubits'' in the usual weak pulse experiments are not true two-level systems, and quantum key distribution based on these imperfect qubits is totally insecure in the presence of high (realistic) loss rate. In this work, we investigate another potential implementation: qubits generated using a process of parametric downconversion. We find that, to first (two-photon) and second (four-photon) order in the parametric downconversion small parameter, this implementation of quantum key distribution is equivalent to the theoretical version.
Once realistic measurements are taken into account, quantum key distribution based on parametric downconversion suffers also from sensitivity to extremely high (nonrealistic) losses. By choosing the small parameter of the process according to the loss rates, both implementations of quantum key distribution can in principle become secure against the attack studied in this paper. However, adjusting the small parameter to the required levels seems to be impractical in the weak pulse process. On the other hand, this can easily be done in the parametric downconversion process, making it a much more promising implementation.
△ Less
Submitted 21 June, 1999;
originally announced June 1999.
-
The cost of exactly simulating quantum entanglement with classical communication
Authors:
Gilles Brassard,
Richard Cleve,
Alain Tapp
Abstract:
We investigate the amount of communication that must augment classical local hidden variable models in order to simulate the behaviour of entangled quantum systems. We consider the scenario where a bipartite measurement is given from a set of possibilities and the goal is to obtain exactly the same correlations that arise when the actual quantum system is measured. We show that, in the case of a…
▽ More
We investigate the amount of communication that must augment classical local hidden variable models in order to simulate the behaviour of entangled quantum systems. We consider the scenario where a bipartite measurement is given from a set of possibilities and the goal is to obtain exactly the same correlations that arise when the actual quantum system is measured. We show that, in the case of a single pair of qubits in a Bell state, a constant number of bits of communication is always sufficient--regardless of the number of measurements under consideration. We also show that, in the case of a system of n Bell states, a constant times 2^n bits of communication are necessary.
△ Less
Submitted 14 January, 1999;
originally announced January 1999.
-
Defeating classical bit commitments with a quantum computer
Authors:
Gilles Brassard,
Claude Crépeau,
Dominic Mayers,
Louis Salvail
Abstract:
It has been recently shown by Mayers that no bit commitment scheme is secure if the participants have unlimited computational power and technology. However it was noticed that a secure protocol could be obtained by forcing the cheater to perform a measurement. Similar situations had been encountered previously in the design of Quantum Oblivious Transfer. The question is whether a classical bit c…
▽ More
It has been recently shown by Mayers that no bit commitment scheme is secure if the participants have unlimited computational power and technology. However it was noticed that a secure protocol could be obtained by forcing the cheater to perform a measurement. Similar situations had been encountered previously in the design of Quantum Oblivious Transfer. The question is whether a classical bit commitment could be used for this specific purpose. We demonstrate that, surprisingly, classical unconditionally concealing bit commitments do not help.
△ Less
Submitted 9 June, 1998;
originally announced June 1998.
-
Quantum Counting
Authors:
Gilles Brassard,
Peter Hoyer,
Alain Tapp
Abstract:
We study some extensions of Grover's quantum searching algorithm. First, we generalize the Grover iteration in the light of a concept called amplitude amplification. Then, we show that the quadratic speedup obtained by the quantum searching algorithm over classical brute force can still be obtained for a large family of search problems for which good classical heuristics exist. Finally, as our m…
▽ More
We study some extensions of Grover's quantum searching algorithm. First, we generalize the Grover iteration in the light of a concept called amplitude amplification. Then, we show that the quadratic speedup obtained by the quantum searching algorithm over classical brute force can still be obtained for a large family of search problems for which good classical heuristics exist. Finally, as our main result, we combine ideas from Grover's and Shor's quantum algorithms to perform approximate counting, which can be seen as an amplitude estimation process.
△ Less
Submitted 27 May, 1998;
originally announced May 1998.
-
Security of Quantum Key Distribution Against All Collective Attacks
Authors:
Eli Biham,
Michel Boyer,
Gilles Brassard,
Jeroen van de Graaf,
Tal Mor
Abstract:
Security of quantum key distribution against sophisticated attacks is among the most important issues in quantum information theory. In this work we prove security against a very important class of attacks called collective attacks (under a compatible noise model) which use quantum memories and gates, and which are directed against the final key. Although attacks stronger than the collective att…
▽ More
Security of quantum key distribution against sophisticated attacks is among the most important issues in quantum information theory. In this work we prove security against a very important class of attacks called collective attacks (under a compatible noise model) which use quantum memories and gates, and which are directed against the final key. Although attacks stronger than the collective attacks can exist in principle, no explicit example was found and it is conjectured that security against collective attacks implies also security against any attack.
△ Less
Submitted 12 January, 1998;
originally announced January 1998.
-
A brief review on the impossibility of quantum bit commitment
Authors:
Gilles Brassard,
Claude Crépeau,
Dominic Mayers,
Louis Salvail
Abstract:
The desire to obtain an unconditionally secure bit commitment protocol in quantum cryptography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit commitment protocol was proposed together with a security proof. However, a basic flaw in the protocol was d…
▽ More
The desire to obtain an unconditionally secure bit commitment protocol in quantum cryptography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit commitment protocol was proposed together with a security proof. However, a basic flaw in the protocol was discovered by Mayers in 1995 and subsequently by Lo and Chau. Later the result was generalized by Mayers who showed that unconditionally secure bit commitment is impossible. A brief review on quantum bit commitment which focuses on the general impossibility theorem and on recent attempts to bypass this result is provided.
△ Less
Submitted 10 December, 1997;
originally announced December 1997.
-
Quantum Algorithm for the Collision Problem
Authors:
Gilles Brassard,
Peter Hoyer,
Alain Tapp
Abstract:
In this note, we give a quantum algorithm that finds collisions in arbitrary r-to-one functions after only O((N/r)^(1/3)) expected evaluations of the function. Assuming the function is given by a black box, this is more efficient than the best possible classical algorithm, even allowing probabilism. We also give a similar algorithm for finding claws in pairs of functions. Furthermore, we exhibit…
▽ More
In this note, we give a quantum algorithm that finds collisions in arbitrary r-to-one functions after only O((N/r)^(1/3)) expected evaluations of the function. Assuming the function is given by a black box, this is more efficient than the best possible classical algorithm, even allowing probabilism. We also give a similar algorithm for finding claws in pairs of functions. Furthermore, we exhibit a space-time tradeoff for our technique. Our approach uses Grover's quantum searching algorithm in a novel way.
△ Less
Submitted 1 May, 1997;
originally announced May 1997.
-
An Exact Quantum Polynomial-Time Algorithm for Simon's Problem
Authors:
Gilles Brassard,
Peter Hoyer
Abstract:
We investigate the power of quantum computers when they are required to return an answer that is guaranteed to be correct after a time that is upper-bounded by a polynomial in the worst case. We show that a natural generalization of Simon's problem can be solved in this way, whereas previous algorithms required quantum polynomial time in the expected sense only, without upper bounds on the worst…
▽ More
We investigate the power of quantum computers when they are required to return an answer that is guaranteed to be correct after a time that is upper-bounded by a polynomial in the worst case. We show that a natural generalization of Simon's problem can be solved in this way, whereas previous algorithms required quantum polynomial time in the expected sense only, without upper bounds on the worst-case running time. This is achieved by generalizing both Simon's and Grover's algorithms and combining them in a novel way. It follows that there is a decision problem that can be solved in exact quantum polynomial time, which would require expected exponential time on any classical bounded-error probabilistic computer if the data is supplied as a black box.
△ Less
Submitted 14 April, 1997;
originally announced April 1997.
-
Strengths and Weaknesses of Quantum Computing
Authors:
Charles H. Bennett,
Ethan Bernstein,
Gilles Brassard,
Umesh Vazirani
Abstract:
Recently a great deal of attention has focused on quantum computation following a sequence of results suggesting that quantum computers are more powerful than classical probabilistic computers. Following Shor's result that factoring and the extraction of discrete logarithms are both solvable in quantum polynomial time, it is natural to ask whether all of NP can be efficiently solved in quantum p…
▽ More
Recently a great deal of attention has focused on quantum computation following a sequence of results suggesting that quantum computers are more powerful than classical probabilistic computers. Following Shor's result that factoring and the extraction of discrete logarithms are both solvable in quantum polynomial time, it is natural to ask whether all of NP can be efficiently solved in quantum polynomial time. In this paper, we address this question by proving that relative to an oracle chosen uniformly at random, with probability 1, the class NP cannot be solved on a quantum Turing machine in time $o(2^{n/2})$. We also show that relative to a permutation oracle chosen uniformly at random, with probability 1, the class $NP \cap coNP$ cannot be solved on a quantum Turing machine in time $o(2^{n/3})$. The former bound is tight since recent work of Grover shows how to accept the class NP relative to any oracle on a quantum computer in time $O(2^{n/2})$.
△ Less
Submitted 1 January, 1997;
originally announced January 1997.
-
On The Power of Exact Quantum Polynomial Time
Authors:
Gilles Brassard,
Peter Hoyer
Abstract:
We investigate the power of quantum computers when they are required to return an answer that is guaranteed correct after a time that is upper-bounded by a polynomial in the worst case. In an oracle setting, it is shown that such machines can solve problems that would take exponential time on any classical bounded-error probabilistic computer.
We investigate the power of quantum computers when they are required to return an answer that is guaranteed correct after a time that is upper-bounded by a polynomial in the worst case. In an oracle setting, it is shown that such machines can solve problems that would take exponential time on any classical bounded-error probabilistic computer.
△ Less
Submitted 3 December, 1996;
originally announced December 1996.
-
Teleportation as a quantum computation
Authors:
Gilles Brassard
Abstract:
An explicit quantum circuit is given to implement quantum teleportation. This circuit makes teleportation straightforward to anyone who believes that quantum computation is a reasonable proposition. It could also be genuinely used inside a quantum computer if teleportation is needed to move quantum information around. An unusual feature of this circuit is that there are points in the computation…
▽ More
An explicit quantum circuit is given to implement quantum teleportation. This circuit makes teleportation straightforward to anyone who believes that quantum computation is a reasonable proposition. It could also be genuinely used inside a quantum computer if teleportation is needed to move quantum information around. An unusual feature of this circuit is that there are points in the computation at which the quantum information can be completely disrupted by a measurement (or some types of interaction with the environment) without ill effects: the same final result is obtained whether or not these measurements takes place.
△ Less
Submitted 23 May, 1996;
originally announced May 1996.
-
Tight bounds on quantum searching
Authors:
Michel Boyer,
Gilles Brassard,
Peter Hoeyer,
Alain Tapp
Abstract:
We provide a tight analysis of Grover's recent algorithm for quantum database searching. We give a simple closed-form formula for the probability of success after any given number of iterations of the algorithm. This allows us to determine the number of iterations necessary to achieve almost certainty of finding the answer. Furthermore, we analyse the behaviour of the algorithm when the element…
▽ More
We provide a tight analysis of Grover's recent algorithm for quantum database searching. We give a simple closed-form formula for the probability of success after any given number of iterations of the algorithm. This allows us to determine the number of iterations necessary to achieve almost certainty of finding the answer. Furthermore, we analyse the behaviour of the algorithm when the element to be found appears more than once in the table and we provide a new algorithm to find such an element even when the number of solutions is not known ahead of time. Using techniques from Shor's quantum factoring algorithm in addition to Grover's approach, we introduce a new technique for approximate quantum counting, which allows to estimate the number of solutions. Finally we provide a lower bound on the efficiency of any possible quantum database searching algorithm and we show that Grover's algorithm nearly comes within a factor 2 of being optimal in terms of the number of probes required in the table.
△ Less
Submitted 23 May, 1996;
originally announced May 1996.
-
New Trends in Quantum Computing
Authors:
Gilles Brassard
Abstract:
Classical and quantum information are very different. Together they can perform feats that neither could achieve alone, such as quantum computing, quantum cryptography and quantum teleportation. Some of the applications range from hel** to preventing spies from reading private communications. Among the tools that will facilitate their implementation, we note quantum purification and quantum er…
▽ More
Classical and quantum information are very different. Together they can perform feats that neither could achieve alone, such as quantum computing, quantum cryptography and quantum teleportation. Some of the applications range from hel** to preventing spies from reading private communications. Among the tools that will facilitate their implementation, we note quantum purification and quantum error correction. Although some of these ideas are still beyond the grasp of current technology, quantum cryptography has been implemented and the prospects are encouraging for small-scale prototypes of quantum computation devices before the end of the millennium.
△ Less
Submitted 19 February, 1996;
originally announced February 1996.
-
Purification of Noisy Entanglement and Faithful Teleportation via Noisy Channels
Authors:
Charles H. Bennett,
Gilles Brassard,
Sandu Popescu,
Benjamin Schumacher,
John A. Smolin,
William K. Wootters
Abstract:
Two separated observers, by applying local operations to a supply of not-too-impure entangled states ({\em e.g.} singlets shared through a noisy channel), can prepare a smaller number of entangled pairs of arbitrarily high purity ({\em e.g.} near-perfect singlets). These can then be used to faithfully teleport unknown quantum states from one observer to the other, thereby achieving faithful tran…
▽ More
Two separated observers, by applying local operations to a supply of not-too-impure entangled states ({\em e.g.} singlets shared through a noisy channel), can prepare a smaller number of entangled pairs of arbitrarily high purity ({\em e.g.} near-perfect singlets). These can then be used to faithfully teleport unknown quantum states from one observer to the other, thereby achieving faithful transfrom one observer to the other, thereby achieving faithful transmission of quantum information through a noisy channel. We give upper and lower bounds on the yield $D(M)$ of pure singlets ($\ket{Ψ^-}$) distillable from mixed states $M$, showing $D(M)>0$ if $\bra{Ψ^-}M\ket{Ψ^-}>\half$.
△ Less
Submitted 22 November, 1995; v1 submitted 20 November, 1995;
originally announced November 1995.