-
Demonstrating Quantum Homomorphic Encryption Through Simulation
Authors:
Sohrab Ganjian,
Connor Paddock,
Anne Broadbent
Abstract:
Quantum homomorphic encryption (QHE), allows a quantum cloud server to compute on private data as uploaded by a client. We provide a proof-of-concept software simulation for QHE, according to the "EPR" scheme of Broadbent and Jeffery, for universal quantum circuits. We demonstrate the near-term viability of this scheme and provide verification that the additional cost of homomorphic circuit evalua…
▽ More
Quantum homomorphic encryption (QHE), allows a quantum cloud server to compute on private data as uploaded by a client. We provide a proof-of-concept software simulation for QHE, according to the "EPR" scheme of Broadbent and Jeffery, for universal quantum circuits. We demonstrate the near-term viability of this scheme and provide verification that the additional cost of homomorphic circuit evaluation is minor when compared to the simulation cost of the quantum operations. Our simulation toolkit is an open-source Python implementation, that serves as a step towards further hardware applications of quantum homomorphic encryption between networked quantum devices.
△ Less
Submitted 23 June, 2024;
originally announced June 2024.
-
Algebra of Nonlocal Boxes and the Collapse of Communication Complexity
Authors:
Pierre Botteron,
Anne Broadbent,
Reda Chhaibi,
Ion Nechita,
Clément Pellegrini
Abstract:
Communication complexity quantifies how difficult it is for two distant computers to evaluate a function f(X,Y), where the strings X and Y are distributed to the first and second computer respectively, under the constraint of exchanging as few bits as possible. Surprisingly, some nonlocal boxes, which are resources shared by the two computers, are so powerful that they allow to collapse communicat…
▽ More
Communication complexity quantifies how difficult it is for two distant computers to evaluate a function f(X,Y), where the strings X and Y are distributed to the first and second computer respectively, under the constraint of exchanging as few bits as possible. Surprisingly, some nonlocal boxes, which are resources shared by the two computers, are so powerful that they allow to collapse communication complexity, in the sense that any Boolean function f can be correctly estimated with the exchange of only one bit of communication. The Popescu-Rohrlich (PR) box is an example of such a collapsing resource, but a comprehensive description of the set of collapsing nonlocal boxes remains elusive.
In this work, we carry out an algebraic study of the structure of wirings connecting nonlocal boxes, thus defining the notion of the "product of boxes" $P\boxtimes Q$, and we show related associativity and commutativity results. This gives rise to the notion of the "orbit of a box", unveiling surprising geometrical properties about the alignment and parallelism of distilled boxes. The power of this new framework is that it allows us to prove previously-reported numerical observations concerning the best way to wire consecutive boxes, and to numerically and analytically recover recently-identified noisy PR boxes that collapse communication complexity for different types of noise models.
△ Less
Submitted 14 June, 2024; v1 submitted 1 December, 2023;
originally announced December 2023.
-
Uncloneable Quantum Advice
Authors:
Anne Broadbent,
Martti Karvonen,
Sébastien Lord
Abstract:
The famous no-cloning principle has been shown recently to enable a number of uncloneable functionalities. Here we address for the first time unkeyed quantum uncloneablity, via the study of a complexity-theoretic tool that enables a computation, but that is natively unkeyed: quantum advice. Remarkably, this is an application of the no-cloning principle in a context where the quantum states of inte…
▽ More
The famous no-cloning principle has been shown recently to enable a number of uncloneable functionalities. Here we address for the first time unkeyed quantum uncloneablity, via the study of a complexity-theoretic tool that enables a computation, but that is natively unkeyed: quantum advice. Remarkably, this is an application of the no-cloning principle in a context where the quantum states of interest are not chosen by a random process. We show the unconditional existence of promise problems admitting uncloneable quantum advice, and the existence of languages with uncloneable advice, assuming the feasibility of quantum copy-protecting certain functions. Along the way, we note that state complexity classes, introduced by Rosenthal and Yuen (ITCS 2022) - which concern the computational difficulty of synthesizing sequences of quantum states - can be naturally generalized to obtain state cloning complexity classes. We make initial observations on these classes, notably obtaining a result analogous to the existence of undecidable problems.
Our proof technique establishes the existence of ingenerable sequences of finite bit strings - essentially meaning that they cannot be generated by any uniform circuit family. We then prove a generic result showing that the difficulty of accomplishing a computational task on uniformly random inputs implies its difficulty on any fixed, ingenerable sequence. We use this result to derandomize quantum cryptographic games that relate to cloning, and then incorporate a result of Kundu and Tan (arXiv 2022) to obtain uncloneable advice. Applying this two-step process to a monogamy-of-entanglement game yields a promise problem with uncloneable advice, and applying it to the quantum copy-protection of pseudorandom functions with super-logarithmic output lengths yields a language with uncloneable advice.
△ Less
Submitted 10 September, 2023;
originally announced September 2023.
-
Quantum delegation with an off-the-shelf device
Authors:
Anne Broadbent,
Arthur Mehta,
Yuming Zhao
Abstract:
Given that reliable cloud quantum computers are becoming closer to reality, the concept of delegation of quantum computations and its verifiability is of central interest. Many models have been proposed, each with specific strengths and weaknesses. Here, we put forth a new model where the client trusts only its classical processing, makes no computational assumptions, and interacts with a quantum…
▽ More
Given that reliable cloud quantum computers are becoming closer to reality, the concept of delegation of quantum computations and its verifiability is of central interest. Many models have been proposed, each with specific strengths and weaknesses. Here, we put forth a new model where the client trusts only its classical processing, makes no computational assumptions, and interacts with a quantum server in a single round. In addition, during a set-up phase, the client specifies the size $n$ of the computation and receives an untrusted, off-the-shelf (OTS) quantum device that is used to report the outcome of a single measurement.
We show how to delegate polynomial-time quantum computations in the OTS model. This also yields an interactive proof system for all of QMA, which, furthermore, we show can be accomplished in statistical zero-knowledge. This provides the first relativistic (one-round), two-prover zero-knowledge proof system for QMA.
As a proof approach, we provide a new self-test for n EPR pairs using only constant-sized Pauli measurements, and show how it provides a new avenue for the use of simulatable codes for local Hamiltonian verification. Along the way, we also provide an enhanced version of a well-known stability result due to Gowers and Hatami and show how it completes a common argument used in self-testing.
△ Less
Submitted 5 December, 2023; v1 submitted 6 April, 2023;
originally announced April 2023.
-
High-Dimensional Quantum Certified Deletion
Authors:
Felix Hufnagel,
Anne Broadbent,
Ebrahim Karimi
Abstract:
Certified deletion is a protocol which allows two parties to share information, from Alice to Bob, in such a way that if Bob chooses to delete the information, he can prove to Alice that the deletion has taken place by providing a verification key. It is not possible for Bob to both provide this verification, and gain information about the message that was sent. This type of protocol is unique to…
▽ More
Certified deletion is a protocol which allows two parties to share information, from Alice to Bob, in such a way that if Bob chooses to delete the information, he can prove to Alice that the deletion has taken place by providing a verification key. It is not possible for Bob to both provide this verification, and gain information about the message that was sent. This type of protocol is unique to quantum information and cannot be done with classical approaches. Here, we expand on previous work to outline a high-dimensional version of certified deletion that can be used to incorporate multiple parties. We also experimentally verify the feasibility of these protocols for the first time, demonstrating the original 2-dimensional proposal, as well as the high-dimensional scenario up to dimension 8.
△ Less
Submitted 6 April, 2023;
originally announced April 2023.
-
Uncloneable Cryptographic Primitives with Interaction
Authors:
Anne Broadbent,
Eric Culf
Abstract:
Much of the strength of quantum cryptography may be attributed to the no-cloning property of quantum information. We construct three new cryptographic primitives whose security is based on uncloneability, and that have in common that their security can be established via a novel monogamy-of-entanglement (MoE) property:
- We define interactive uncloneable encryption, a version of the uncloneable…
▽ More
Much of the strength of quantum cryptography may be attributed to the no-cloning property of quantum information. We construct three new cryptographic primitives whose security is based on uncloneability, and that have in common that their security can be established via a novel monogamy-of-entanglement (MoE) property:
- We define interactive uncloneable encryption, a version of the uncloneable encryption defined by Broadbent and Lord [TQC 2020] where the receiver must partake in an interaction with the sender in order to decrypt the ciphertext. We provide a one-round construction that is secure in the information-theoretic setting, in the sense that no other receiver may learn the message even if she eavesdrops on all the interactions.
- We provide a way to make a bit string commitment scheme uncloneable. The scheme is augmented with a check step chronologically in between the commit and open steps, where an honest sender verifies that the commitment may not be opened by an eavesdropper, even if the receiver is malicious.
- We construct a receiver-independent quantum key distribution (QKD) scheme, which strengthens the notion of one-sided device independent QKD of Tomamichel, Fehr, Kaniewski, and Wehner (TFKW) [NJP 2013] by also permitting the receiver's classical device to be untrusted. Explicitly, the sender remains fully trusted while only the receiver's communication is trusted.
To show security, we prove an extension of the MoE property of coset states introduced by Coladangelo, Liu, Liu, and Zhandry [Crypto 2021]. In our stronger version, the player Charlie also receives Bob's answer prior to making his guess, simulating a party who eavesdrops on an interaction. To use this property, we express it as a new type of entropic uncertainty relation which arises naturally from the structure of the underlying MoE game.
△ Less
Submitted 28 February, 2023;
originally announced March 2023.
-
Extending the Known Region of Nonlocal Boxes that Collapse Communication Complexity
Authors:
Pierre Botteron,
Anne Broadbent,
Marc-Olivier Proulx
Abstract:
Non-signalling boxes (NS) are theoretical resources defined by the principle of no-faster-than-light communication. They generalize quantum correlations, and some of them are known to collapse communication complexity (CC). However, this collapse is strongly believed to be unachievable in Nature, so its study provides intuition on which theories are unrealistic. In the present letter, we find a be…
▽ More
Non-signalling boxes (NS) are theoretical resources defined by the principle of no-faster-than-light communication. They generalize quantum correlations, and some of them are known to collapse communication complexity (CC). However, this collapse is strongly believed to be unachievable in Nature, so its study provides intuition on which theories are unrealistic. In the present letter, we find a better sufficient condition for a nonlocal box to collapse CC, thus extending the known collapsing region. In some slices of NS, we show this condition coincides with an area outside of an ellipse.
△ Less
Submitted 16 February, 2024; v1 submitted 1 February, 2023;
originally announced February 2023.
-
Categorical composable cryptography: extended version
Authors:
Anne Broadbent,
Martti Karvonen
Abstract:
We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting s…
▽ More
We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting subsets of adversaries in a modular, flexible fashion. We conclude by using string diagrams to rederive the security of the one-time pad, correctness of Diffie-Hellman key exchange and no-go results concerning the limits of bipartite and tripartite cryptography, ruling out e.g., composable commitments and broadcasting. On the way, we exhibit two categorical constructions of resource theories that might be of independent interest: one capturing resources shared among multiple parties and one capturing resource conversions that succeed asymptotically.
△ Less
Submitted 15 December, 2023; v1 submitted 28 August, 2022;
originally announced August 2022.
-
Password authentication schemes on a quantum computer
Authors:
Sherry Wang,
Carlisle Adams,
Anne Broadbent
Abstract:
In a post-quantum world, where attackers may have access to full-scale quantum computers, all classical password-based authentication schemes will be compromised. Quantum copy-protection prevents adversaries from making copies of existing quantum software; we suggest this as a possible approach for designing post-quantum-secure password authentication systems. In this paper, we show an implementat…
▽ More
In a post-quantum world, where attackers may have access to full-scale quantum computers, all classical password-based authentication schemes will be compromised. Quantum copy-protection prevents adversaries from making copies of existing quantum software; we suggest this as a possible approach for designing post-quantum-secure password authentication systems. In this paper, we show an implementation of quantum copy-protection for password verification on IBM quantum computers. We also share our quantum computation results and analyses, as well as lessons learned.
△ Less
Submitted 29 January, 2022;
originally announced January 2022.
-
Device-Independent Oblivious Transfer from the Bounded-Quantum-Storage-Model and Computational Assumptions
Authors:
Anne Broadbent,
Peter Yuen
Abstract:
We present a device-independent protocol for oblivious transfer (DIOT) and analyze its security under the assumption that the receiver's quantum storage is bounded during protocol execution and that the device behaves independently and identically in each round. We additionally require that, for each device component, the input corresponding to the choice of measurement basis, and the resulting ou…
▽ More
We present a device-independent protocol for oblivious transfer (DIOT) and analyze its security under the assumption that the receiver's quantum storage is bounded during protocol execution and that the device behaves independently and identically in each round. We additionally require that, for each device component, the input corresponding to the choice of measurement basis, and the resulting output, is communicated only with the party holding that component. Our protocol is everlastingly secure and, compared to previous DIOT protocols, it is less strict about the non-communication assumptions that are typical from protocols that use Bell inequality violations; instead, the device-independence comes from a protocol for self-testing of a single (quantum) device which makes use of a post-quantum computational assumption.
△ Less
Submitted 2 May, 2023; v1 submitted 16 November, 2021;
originally announced November 2021.
-
Rigidity for Monogamy-of-Entanglement Games
Authors:
Anne Broadbent,
Eric Culf
Abstract:
In a monogamy-of-entanglement (MoE) game, two players who do not communicate try to simultaneously guess a referee's measurement outcome on a shared quantum state they prepared. We study the prototypical example of a game where the referee measures in either the computational or Hadamard basis and informs the players of her choice.
We show that this game satisfies a rigidity property similar to…
▽ More
In a monogamy-of-entanglement (MoE) game, two players who do not communicate try to simultaneously guess a referee's measurement outcome on a shared quantum state they prepared. We study the prototypical example of a game where the referee measures in either the computational or Hadamard basis and informs the players of her choice.
We show that this game satisfies a rigidity property similar to what is known for some nonlocal games. That is, in order to win optimally, the players' strategy must be of a specific form, namely a convex combination of four unentangled optimal strategies generated by the Breidbart state. We extend this to show that strategies that win near-optimally must also be near an optimal state of this form. We also show rigidity for multiple copies of the game played in parallel.
We give three applications: (1) We construct for the first time a weak string erasure (WSE) scheme where the security does not rely on limitations on the parties' hardware. Instead, we add a prover, which enables security via the rigidity of this MoE game. (2) We show that the WSE scheme can be used to achieve bit commitment in a model where it is impossible classically. (3) We achieve everlasting-secure randomness expansion in the model of trusted but leaky measurement and untrusted preparation and measurements by two isolated devices, while relying only on the temporary assumption of pseudorandom functions. This achieves randomness expansion without the need for shared entanglement.
△ Less
Submitted 1 March, 2023; v1 submitted 15 November, 2021;
originally announced November 2021.
-
Quantum Private Broadcasting
Authors:
Anne Broadbent,
Carlos E. González-Guillén,
Christine Schuknecht
Abstract:
In Private Broadcasting, a single plaintext is broadcast to multiple recipients in an encrypted form, such that each recipient can decrypt locally. When the message is classical, a straightforward solution is to encrypt the plaintext with a single key shared among all parties, and to send to each recipient a copy of the ciphertext. Surprisingly, the analogous method is insufficient in the case whe…
▽ More
In Private Broadcasting, a single plaintext is broadcast to multiple recipients in an encrypted form, such that each recipient can decrypt locally. When the message is classical, a straightforward solution is to encrypt the plaintext with a single key shared among all parties, and to send to each recipient a copy of the ciphertext. Surprisingly, the analogous method is insufficient in the case where the message is quantum (i.e. in Quantum Private Broadcasting (QPB)). In this work, we give three solutions to $t$-recipient Quantum Private Broadcasting ($t$-QPB) and compare them in terms of key lengths. The first method is the independent encryption with the quantum one-time pad, which requires a key linear in the number of recipients, $t$. We show that the key length can be decreased to be logarithmic in $t$ by using unitary $t$-designs. Our main contribution is to show that this can be improved to a key length that is logarithmic in the dimension of the symmetric subspace, using a new concept that we define of symmetric unitary $t$-designs, that may be of independent interest.
△ Less
Submitted 23 July, 2021;
originally announced July 2021.
-
Categorical composable cryptography
Authors:
Anne Broadbent,
Martti Karvonen
Abstract:
We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting s…
▽ More
We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting subsets of adversaries in a modular, flexible fashion. We conclude by using string diagrams to rederive the security of the one-time pad and no-go results concerning the limits of bipartite and tripartite cryptography, ruling out e.g., composable commitments and broadcasting.
△ Less
Submitted 28 August, 2022; v1 submitted 12 May, 2021;
originally announced May 2021.
-
Secure Software Leasing Without Assumptions
Authors:
Anne Broadbent,
Stacey Jeffery,
Sébastien Lord,
Supartha Podder,
Aarthi Sundaram
Abstract:
Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit $C$ from a circuit class, SSL produces an encoding of $C$ that enables a recipient to evaluate $C$, and also enables the originator of the software to verify that the softwar…
▽ More
Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit $C$ from a circuit class, SSL produces an encoding of $C$ that enables a recipient to evaluate $C$, and also enables the originator of the software to verify that the software has been returned -- meaning that the recipient has relinquished the possibility of any further use of the software. Clearly, such a functionality is unachievable using classical information alone, since it is impossible to prevent a user from kee** a copy of the software. Recent results have shown the achievability of SSL using quantum information for a class of functions called compute-and-compare (these are a generalization of the well-known point functions). These prior works, however all make use of setup or computational assumptions. Here, we show that SSL is achievable for compute-and-compare circuits without any assumptions.
Our technique involves the study of quantum copy-protection, which is a notion related to SSL, but where the encoding procedure inherently prevents a would-be quantum software pirate from splitting a single copy of an encoding for $C$ into two parts, each of which enables a user to evaluate $C$. We show that point functions can be copy-protected without any assumptions, for a novel security definition involving one honest and one malicious evaluator; this is achieved by showing that from any quantum message authentication code, we can derive such an honest-malicious copy-protection scheme. We then show that a generic honest-malicious copy-protection scheme implies SSL; by prior work, this yields SSL for compute-and-compare functions.
△ Less
Submitted 29 January, 2021;
originally announced January 2021.
-
Constructions for Quantum Indistinguishability Obfuscation
Authors:
Anne Broadbent,
Raza Ali Kazmi
Abstract:
An indistinguishability obfuscator is a probabilistic polynomial-time algorithm that takes a circuit as input and outputs a new circuit that has the same functionality as the input circuit, such that for any two circuits of the same size that compute the same function, the outputs of the indistinguishability obfuscator are indistinguishable. Here, we study schemes for indistinguishability obfuscat…
▽ More
An indistinguishability obfuscator is a probabilistic polynomial-time algorithm that takes a circuit as input and outputs a new circuit that has the same functionality as the input circuit, such that for any two circuits of the same size that compute the same function, the outputs of the indistinguishability obfuscator are indistinguishable. Here, we study schemes for indistinguishability obfuscation for quantum circuits. We present two definitions for indistinguishability obfuscation: in our first definition (qiO) the outputs of the obfuscator are required to be indistinguishable if the input circuits are perfectly equivalent, while in our second definition (qiOD), the outputs are required to be indistinguishable as long as the input circuits are approximately equivalent with respect to a pseudo-distance D. Our main results provide (1) a computationally-secure scheme for qiO where the size of the output of the obfuscator is exponential in the number of non-Clifford (T gates), which means that the construction is efficient as long as the number of T gates is logarithmic in the circuit size and (2)a statistically-secure qiOD, for circuits that are close to the kth level of the Gottesman-Chuang hierarchy (with respect to D); this construction is efficient as long as k is small and fixed.
△ Less
Submitted 5 March, 2021; v1 submitted 29 May, 2020;
originally announced May 2020.
-
QMA-hardness of Consistency of Local Density Matrices with Applications to Quantum Zero-Knowledge
Authors:
Anne Broadbent,
Alex B. Grilo
Abstract:
We provide several advances to the understanding of the class of Quantum Merlin-Arthur proof systems (QMA), the quantum analogue of NP. Our central contribution is proving a longstanding conjecture that the Consistency of Local Density Matrices (CLDM) problem is QMA-hard under Karp reductions. The input of CLDM consists of local reduced density matrices on sets of at most k qubits, and the problem…
▽ More
We provide several advances to the understanding of the class of Quantum Merlin-Arthur proof systems (QMA), the quantum analogue of NP. Our central contribution is proving a longstanding conjecture that the Consistency of Local Density Matrices (CLDM) problem is QMA-hard under Karp reductions. The input of CLDM consists of local reduced density matrices on sets of at most k qubits, and the problem asks if there is an n-qubit global quantum state that is consistent with all of the k-qubit local density matrices. The containment of this problem in QMA and the QMA-hardness under Turing reductions were proved by Liu [APPROX-RANDOM 2006]. Liu also conjectured that CLDM is QMA-hard under Karp reductions, which is desirable for applications, and we finally prove this conjecture. We establish this result using the techniques of simulatable codes of Grilo, Slofstra, and Yuen [FOCS 2019], simplifying their proofs and tailoring them to the context of QMA.
In order to develop applications of CLDM, we propose a framework that we call locally simulatable proofs for QMA: this provides QMA proofs that can be efficiently verified by probing only k qubits and, furthermore, the reduced density matrix of any k-qubit subsystem of an accepting witness can be computed in polynomial time, independently of the witness. Within this framework, we show advances in quantum zero-knowledge. We show the first commit-and-open computational zero-knowledge proof system for all of QMA, as a quantum analogue of a "sigma" protocol. We then define a Proof of Quantum Knowledge, which guarantees that a prover is effectively in possession of a quantum witness in an interactive proof, and show that our zero-knowledge proof system satisfies this definition. Finally, we show that our proof system can be used to establish that QMA has a quantum non-interactive zero-knowledge proof system in the secret parameter setting.
△ Less
Submitted 12 October, 2022; v1 submitted 18 November, 2019;
originally announced November 2019.
-
Quantum encryption with certified deletion
Authors:
Anne Broadbent,
Rabib Islam
Abstract:
Given a ciphertext, is it possible to prove the deletion of the underlying plaintext? Since classical ciphertexts can be copied, clearly such a feat is impossible using classical information alone. In stark contrast to this, we show that quantum encodings enable certified deletion. More precisely, we show that it is possible to encrypt classical data into a quantum ciphertext such that the recipie…
▽ More
Given a ciphertext, is it possible to prove the deletion of the underlying plaintext? Since classical ciphertexts can be copied, clearly such a feat is impossible using classical information alone. In stark contrast to this, we show that quantum encodings enable certified deletion. More precisely, we show that it is possible to encrypt classical data into a quantum ciphertext such that the recipient of the ciphertext can produce a classical string which proves to the originator that the recipient has relinquished any chance of recovering the plaintext should the decryption key be revealed. Our scheme is feasible with current quantum technology: the honest parties only require quantum devices for single-qubit preparation and measurements; the scheme is also robust against noise in these devices. Furthermore, we provide an analysis that is suitable in the finite-key regime.
△ Less
Submitted 13 November, 2020; v1 submitted 8 October, 2019;
originally announced October 2019.
-
Uncloneable Quantum Encryption via Oracles
Authors:
Anne Broadbent,
Sébastien Lord
Abstract:
Quantum information is well-known to achieve cryptographic feats that are unattainable using classical information alone. Here, we add to this repertoire by introducing a new cryptographic functionality called uncloneable encryption. This functionality allows the encryption of a classical message such that two collaborating but isolated adversaries are prevented from simultaneously recovering the…
▽ More
Quantum information is well-known to achieve cryptographic feats that are unattainable using classical information alone. Here, we add to this repertoire by introducing a new cryptographic functionality called uncloneable encryption. This functionality allows the encryption of a classical message such that two collaborating but isolated adversaries are prevented from simultaneously recovering the message, even when the encryption key is revealed. Clearly, such functionality is unattainable using classical information alone. We formally define uncloneable encryption, and show how to achieve it using Wiesner's conjugate coding, combined with a quantum-secure pseudorandom function (qPRF). Modelling the qPRF as a quantum random oracle, we show security by adapting techniques from the quantum one-way-to-hiding lemma, as well as using bounds from quantum monogamy-of-entanglement games.
△ Less
Submitted 8 October, 2019; v1 submitted 28 February, 2019;
originally announced March 2019.
-
Towards Quantum One-Time Memories from Stateless Hardware
Authors:
Anne Broadbent,
Sevag Gharibian,
Hong-Sheng Zhou
Abstract:
A central tenet of theoretical cryptography is the study of the minimal assumptions required to implement a given cryptographic primitive. One such primitive is the one-time memory (OTM), introduced by Goldwasser, Kalai, and Rothblum [CRYPTO 2008], which is a classical functionality modeled after a non-interactive 1-out-of-2 oblivious transfer, and which is complete for one-time classical and quan…
▽ More
A central tenet of theoretical cryptography is the study of the minimal assumptions required to implement a given cryptographic primitive. One such primitive is the one-time memory (OTM), introduced by Goldwasser, Kalai, and Rothblum [CRYPTO 2008], which is a classical functionality modeled after a non-interactive 1-out-of-2 oblivious transfer, and which is complete for one-time classical and quantum programs. It is known that secure OTMs do not exist in the standard model in both the classical and quantum settings. Here, we propose a scheme for using quantum information, together with the assumption of stateless (i.e., reusable) hardware tokens, to build statistically secure OTMs. Via the semidefinite programming-based quantum games framework of Gutoski and Watrous [STOC 2007], we prove security for a malicious receiver making at most 0.114n adaptive queries to the token (for n the key size), in the quantum universal composability framework, but leave open the question of security against a polynomial amount of queries. Compared to alternative schemes derived from the literature on quantum money, our scheme is technologically simple since it is of the "prepare-and-measure" type. We also give two impossibility results showing certain assumptions in our scheme cannot be relaxed.
△ Less
Submitted 1 April, 2021; v1 submitted 11 October, 2018;
originally announced October 2018.
-
Efficient Simulation for Quantum Message Authentication
Authors:
Anne Broadbent,
Evelyn Wainewright
Abstract:
Quantum message authentication codes are families of keyed encoding and decoding maps that enable the detection of tampering on encoded quantum data. Here, we study a new class of simulators for quantum message authentication schemes, and show how they are applied in the context of two codes: the Clifford and the trap code. Our results show for the first time that these codes admit an efficient si…
▽ More
Quantum message authentication codes are families of keyed encoding and decoding maps that enable the detection of tampering on encoded quantum data. Here, we study a new class of simulators for quantum message authentication schemes, and show how they are applied in the context of two codes: the Clifford and the trap code. Our results show for the first time that these codes admit an efficient simulation (assuming that the adversary is efficient). Such efficient simulation is typically crucial in order to establish a composable notion of security.
△ Less
Submitted 11 July, 2016;
originally announced July 2016.
-
Zero-knowledge proof systems for QMA
Authors:
Anne Broadbent,
Zhengfeng Ji,
Fang Song,
John Watrous
Abstract:
Prior work has established that all problems in NP admit classical zero-knowledge proof systems, and under reasonable hardness assumptions for quantum computations, these proof systems can be made secure against quantum attacks. We prove a result representing a further quantum generalization of this fact, which is that every problem in the complexity class QMA has a quantum zero-knowledge proof sy…
▽ More
Prior work has established that all problems in NP admit classical zero-knowledge proof systems, and under reasonable hardness assumptions for quantum computations, these proof systems can be made secure against quantum attacks. We prove a result representing a further quantum generalization of this fact, which is that every problem in the complexity class QMA has a quantum zero-knowledge proof system. More specifically, assuming the existence of an unconditionally binding and quantum computationally concealing commitment scheme, we prove that every problem in the complexity class QMA has a quantum interactive proof system that is zero-knowledge with respect to efficient quantum computations.
Our QMA proof system is sound against arbitrary quantum provers, but only requires an honest prover to perform polynomial-time quantum computations, provided that it holds a quantum witness for a given instance of the QMA problem under consideration. The proof system relies on a new variant of the QMA-complete local Hamiltonian problem in which the local terms are described by Clifford operations and standard basis measurements. We believe that the QMA-completeness of this problem may have other uses in quantum complexity.
△ Less
Submitted 11 April, 2016;
originally announced April 2016.
-
Computational Security of Quantum Encryption
Authors:
Gorjan Alagic,
Anne Broadbent,
Bill Fefferman,
Tommaso Gagliardoni,
Christian Schaffner,
Michael St. Jules
Abstract:
Quantum-mechanical devices have the potential to transform cryptography. Most research in this area has focused either on the information-theoretic advantages of quantum protocols or on the security of classical cryptographic schemes against quantum attacks. In this work, we initiate the study of another relevant topic: the encryption of quantum data in the computational setting.
In this directi…
▽ More
Quantum-mechanical devices have the potential to transform cryptography. Most research in this area has focused either on the information-theoretic advantages of quantum protocols or on the security of classical cryptographic schemes against quantum attacks. In this work, we initiate the study of another relevant topic: the encryption of quantum data in the computational setting.
In this direction, we establish quantum versions of several fundamental classical results. First, we develop natural definitions for private-key and public-key encryption schemes for quantum data. We then define notions of semantic security and indistinguishability, and, in analogy with the classical work of Goldwasser and Micali, show that these notions are equivalent. Finally, we construct secure quantum encryption schemes from basic primitives. In particular, we show that quantum-secure one-way functions imply IND-CCA1-secure symmetric-key quantum encryption, and that quantum-secure trapdoor one-way permutations imply semantically-secure public-key quantum encryption.
△ Less
Submitted 3 February, 2016;
originally announced February 2016.
-
Finite-key security analysis for multilevel quantum key distribution
Authors:
Kamil Bradler,
Mohammad Mirhosseini,
Robert Fickler,
Anne Broadbent,
Robert Boyd
Abstract:
We present a detailed security analysis of a d-dimensional quantum key distribution protocol based on two and three mutually unbiased bases (MUBs) both in an asymptotic and finite key length scenario. The finite secret key rates are calculated as a function of the length of the sifted key by (i) generalizing the uncertainly relation-based insight from BB84 to any d-level 2-MUB QKD protocol and (ii…
▽ More
We present a detailed security analysis of a d-dimensional quantum key distribution protocol based on two and three mutually unbiased bases (MUBs) both in an asymptotic and finite key length scenario. The finite secret key rates are calculated as a function of the length of the sifted key by (i) generalizing the uncertainly relation-based insight from BB84 to any d-level 2-MUB QKD protocol and (ii) by adopting recent advances in the second-order asymptotics for finite block length quantum coding (for both d-level 2- and 3-MUB QKD protocols). Since the finite and asymptotic secret key rates increase with d and the number of MUBs (together with the tolerable threshold) such QKD schemes could in principle offer an important advantage over BB84. We discuss the possibility of an experimental realization of the 3-MUB QKD protocol with the orbital angular momentum degrees of freedom of photons.
△ Less
Submitted 20 July, 2016; v1 submitted 16 December, 2015;
originally announced December 2015.
-
Popescu-Rohrlich correlations imply efficient instantaneous nonlocal quantum computation
Authors:
Anne Broadbent
Abstract:
In instantaneous nonlocal quantum computation, two parties cooperate in order to perform a quantum computation on their joint inputs, while being restricted to a single round of simultaneous communication. Previous results showed that instantaneous nonlocal quantum computation is possible, at the cost of an exponential amount of prior shared entanglement (in the size of the input). Here, we show t…
▽ More
In instantaneous nonlocal quantum computation, two parties cooperate in order to perform a quantum computation on their joint inputs, while being restricted to a single round of simultaneous communication. Previous results showed that instantaneous nonlocal quantum computation is possible, at the cost of an exponential amount of prior shared entanglement (in the size of the input). Here, we show that a linear amount of entanglement suffices, (in the size of the computation), as long as the parties share nonlocal correlations as given by the Popescu-Rohlich box. This means that communication is not required for efficient instantaneous nonlocal quantum computation. Exploiting the well-known relation to position-based cryptography, our result also implies the impossibility of secure position-based cryptography against adversaries with non-signalling correlations. Furthermore, our construction establishes a quantum analogue of the classical communication complexity collapse under non-signalling correlations.
△ Less
Submitted 26 April, 2016; v1 submitted 15 December, 2015;
originally announced December 2015.
-
Quantum One-Time Memories from Stateless Hardware
Authors:
Anne Broadbent,
Sevag Gharibian,
Hong-Sheng Zhou
Abstract:
A central tenet of theoretical cryptography is the study of the minimal assumptions required to implement a given cryptographic primitive. One such primitive is the one-time memory (OTM), introduced by Goldwasser, Kalai, and Rothblum [CRYPTO 2008], which is a classical functionality modeled after a non-interactive 1-out-of-2 oblivious transfer, and which is complete for one-time classical and quan…
▽ More
A central tenet of theoretical cryptography is the study of the minimal assumptions required to implement a given cryptographic primitive. One such primitive is the one-time memory (OTM), introduced by Goldwasser, Kalai, and Rothblum [CRYPTO 2008], which is a classical functionality modeled after a non-interactive 1-out-of-2 oblivious transfer, and which is complete for one-time classical and quantum programs. It is known that secure OTMs do not exist in the standard model in both the classical and quantum settings. Here, we show how to use quantum information, together with the assumption of stateless (i.e., reusable) hardware tokens, to build statistically secure OTMs. This is in sharp contrast with the classical case, where stateless hardware tokens alone cannot yield OTMs. In addition, our scheme is technologically simple. We prove security in the quantum universal composability framework, employing semi-definite programming results of Molina, Vidick and Watrous [TQC 2013] and combinatorial techniques of Pastawski et al. [Proc. Natl. Acad. Sci. 2012].
△ Less
Submitted 16 October, 2018; v1 submitted 4 November, 2015;
originally announced November 2015.
-
Quantum Cryptography Beyond Quantum Key Distribution
Authors:
Anne Broadbent,
Christian Schaffner
Abstract:
Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also stu…
▽ More
Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.
△ Less
Submitted 18 December, 2015; v1 submitted 20 October, 2015;
originally announced October 2015.
-
How to Verify a Quantum Computation
Authors:
Anne Broadbent
Abstract:
We give a new theoretical solution to a leading-edge experimental challenge, namely to the verification of quantum computations in the regime of high computational complexity. Our results are given in the language of quantum interactive proof systems. Specifically, we show that any language in $\mathsf{BQP}$ has a quantum interactive proof system with a polynomial-time classical verifier (who can…
▽ More
We give a new theoretical solution to a leading-edge experimental challenge, namely to the verification of quantum computations in the regime of high computational complexity. Our results are given in the language of quantum interactive proof systems. Specifically, we show that any language in $\mathsf{BQP}$ has a quantum interactive proof system with a polynomial-time classical verifier (who can also prepare random single-qubit pure states), and a quantum polynomial-time prover. Here, soundness is unconditional--i.e., it holds even for computationally unbounded provers. Compared to prior work achieving similar results, our technique does not require the encoding of the input or of the computation; instead, we rely on encryption of the input (together with a method to perform computations on encrypted inputs), and show that the random choice between three types of input (defining a computational run, versus two types of test runs) suffices. Because the overhead is very low for each run (it is linear in the size of the circuit), this shows that verification could be achieved at minimal cost compared to performing the computation. As a proof technique, we use a reduction to an entanglement-based protocol; to the best of our knowledge, this is the first time this technique has been used in the context of verification of quantum computations, and it enables a relatively straightforward analysis.
△ Less
Submitted 22 June, 2018; v1 submitted 30 September, 2015;
originally announced September 2015.
-
Delegating Private Quantum Computations
Authors:
Anne Broadbent
Abstract:
We give a protocol for the delegation of quantum computation on encrypted data. More specifically, we show that in a client-server scenario, where the client holds the encryption key for an encrypted quantum register held by the server, it is possible for the server to perform a universal set of quantum gates on the quantum data. All Clifford group gates are non-interactive, while the remaining no…
▽ More
We give a protocol for the delegation of quantum computation on encrypted data. More specifically, we show that in a client-server scenario, where the client holds the encryption key for an encrypted quantum register held by the server, it is possible for the server to perform a universal set of quantum gates on the quantum data. All Clifford group gates are non-interactive, while the remaining non-Clifford group gate that we implement (the p/8 gate) requires the client to prepare and send a single random auxiliary qubit (chosen among four possibilities), and exchange classical communication. This construction improves on previous work, which requires either multiple auxiliary qubits or two-way quantum communication. Using a reduction to an entanglement-based protocol, we show privacy against any adversarial server according to a simulation-based security definition.
△ Less
Submitted 3 June, 2015;
originally announced June 2015.
-
Quantum homomorphic encryption for circuits of low $T$-gate complexity
Authors:
Anne Broadbent,
Stacey Jeffery
Abstract:
Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only. Here, we formally define and give schemes for quantum homomorphic encryption, which is the encryption of quantum information such that quantum computations can be performed given the ciphertext only. Our schemes allows for ar…
▽ More
Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only. Here, we formally define and give schemes for quantum homomorphic encryption, which is the encryption of quantum information such that quantum computations can be performed given the ciphertext only. Our schemes allows for arbitrary Clifford group gates, but become inefficient for circuits with large complexity, measured in terms of the non-Clifford portion of the circuit (we use the "$π/8$" non-Clifford group gate, which is also known as the $T$-gate).
More specifically, two schemes are proposed: the first scheme has a decryption procedure whose complexity scales with the square of the number of $T$-gates (compared with a trivial scheme in which the complexity scales with the total number of gates); the second scheme uses a quantum evaluation key of length given by a polynomial of degree exponential in the circuit's $T$-gate depth, yielding a homomorphic scheme for quantum circuits with constant $T$-depth. Both schemes build on a classical fully homomorphic encryption scheme.
A further contribution of ours is to formally define the security of encryption schemes for quantum messages: we define quantum indistinguishability under chosen plaintext attacks in both the public and private-key settings. In this context, we show the equivalence of several definitions.
Our schemes are the first of their kind that are secure under modern cryptographic definitions, and can be seen as a quantum analogue of classical results establishing homomorphic encryption for circuits with a limited number of multiplication gates. Historically, such results appeared as precursors to the breakthrough result establishing classical fully homomorphic encryption.
△ Less
Submitted 4 June, 2015; v1 submitted 30 December, 2014;
originally announced December 2014.
-
Quantum computing on encrypted data
Authors:
K. Fisher,
A. Broadbent,
L. K. Shalm,
Z. Yan,
J. Lavoie,
R. Prevedel,
T. Jennewein,
K. J. Resch
Abstract:
The ability to perform computations on encrypted data is a powerful tool for protecting privacy. Recently, protocols to achieve this on classical computing systems have been found. Here we present an efficient solution to the quantum analogue of this problem that enables arbitrary quantum computations to be carried out on encrypted quantum data. We prove that an untrusted server can implement a un…
▽ More
The ability to perform computations on encrypted data is a powerful tool for protecting privacy. Recently, protocols to achieve this on classical computing systems have been found. Here we present an efficient solution to the quantum analogue of this problem that enables arbitrary quantum computations to be carried out on encrypted quantum data. We prove that an untrusted server can implement a universal set of quantum gates on encrypted quantum bits (qubits) without learning any information about the inputs, while the client, knowing the decryption key, can easily decrypt the results of the computation. We experimentally demonstrate, using single photons and linear optics, the encryption and decryption scheme on a set of gates sufficient for arbitrary quantum computations. Because our protocol requires few extra resources compared to other schemes it can be easily incorporated into the design of future quantum servers. These results will play a key role in enabling the development of secure distributed quantum systems.
△ Less
Submitted 10 September, 2013;
originally announced September 2013.
-
Quantum Private Information Retrieval has linear communication complexity
Authors:
Ämin Baumeler,
Anne Broadbent
Abstract:
In Private Information Retrieval (PIR), a client queries an n-bit database in order to retrieve an entry of her choice, while maintaining privacy of her query value. Chor, Goldreich, Kushilevitz, and Sudan showed that, in the information-theoretical setting, a linear amount of communication is required for classical PIR protocols (and thus that the trivial protocol is optimal). This linear lower b…
▽ More
In Private Information Retrieval (PIR), a client queries an n-bit database in order to retrieve an entry of her choice, while maintaining privacy of her query value. Chor, Goldreich, Kushilevitz, and Sudan showed that, in the information-theoretical setting, a linear amount of communication is required for classical PIR protocols (and thus that the trivial protocol is optimal). This linear lower bound was shown by Nayak to hold also in the quantum setting. Here, we extend Nayak's result by considering approximate privacy, and requiring security only against "specious" adversaries, which are, in analogy to classical honest-but-curious adversaries, the weakest reasonable quantum adversaries. We show that, even in this weakened scenario, Quantum Private Information Retrieval (QPIR) requires n qubits of communication. From this follows that Le Gall's recent QPIR protocol with sublinear communication complexity is not information-theoretically private, against the weakest reasonable cryptographic adversary.
△ Less
Submitted 29 January, 2014; v1 submitted 19 April, 2013;
originally announced April 2013.
-
Quantum one-time programs
Authors:
Anne Broadbent,
Gus Gutoski,
Douglas Stebila
Abstract:
One-time programs are modelled after a black box that allows a single evaluation of a function, and then self-destructs. Because software can, in principle, be copied, general one-time programs exists only in the hardware token model: it has been shown that any function admits a one-time program as long as we assume access to physical devices called one-time memories. Quantum information, with its…
▽ More
One-time programs are modelled after a black box that allows a single evaluation of a function, and then self-destructs. Because software can, in principle, be copied, general one-time programs exists only in the hardware token model: it has been shown that any function admits a one-time program as long as we assume access to physical devices called one-time memories. Quantum information, with its well-known property of no-cloning, would, at first glance, prevent the basic copying attack for classical programs. We show that this intuition is false: one-time programs for both classical and quantum maps, based solely on quantum information, do not exist, even with computational assumptions. We complement this strong impossibility proof by an equally strong possibility result: assuming the same basic one-time memories as used for classical one-time programs, we show that every quantum map has a quantum one-time program that is secure in the universal composability framework. Our construction relies on a new, simpler quantum authentication scheme and corresponding mechanism for computing on authenticated data.
△ Less
Submitted 5 November, 2012;
originally announced November 2012.
-
Experimental Demonstration of Blind Quantum Computing
Authors:
Stefanie Barz,
Elham Kashefi,
Anne Broadbent,
Joseph F. Fitzsimons,
Anton Zeilinger,
Philip Walther
Abstract:
Quantum computers, besides offering substantial computational speedups, are also expected to provide the possibility of preserving the privacy of a computation. Here we show the first such experimental demonstration of blind quantum computation where the input, computation, and output all remain unknown to the computer. We exploit the conceptual framework of measurement-based quantum computation t…
▽ More
Quantum computers, besides offering substantial computational speedups, are also expected to provide the possibility of preserving the privacy of a computation. Here we show the first such experimental demonstration of blind quantum computation where the input, computation, and output all remain unknown to the computer. We exploit the conceptual framework of measurement-based quantum computation that enables a client to delegate a computation to a quantum server. We demonstrate various blind delegated computations, including one- and two-qubit gates and the Deutsch and Grover algorithms. Remarkably, the client only needs to be able to prepare and transmit individual photonic qubits. Our demonstration is crucial for future unconditionally secure quantum cloud computing and might become a key ingredient for real-life applications, especially when considering the challenges of making powerful quantum computers widely available.
△ Less
Submitted 6 October, 2011;
originally announced October 2011.
-
Exact, Efficient and Information-Theoretically Secure Voting with an Arbitrary Number of Cheaters
Authors:
Anne Broadbent,
Stacey Jeffery,
Alain Tapp
Abstract:
We present three voting protocols with unconditional privacy and correctness, without assuming any bound on the number of corrupt participants. All protocols have polynomial complexity and require private channels and a simultaneous broadcast channel. Unlike previously proposed protocols in this model, the protocols that we present deterministically output the exact tally. Our first protocol is a…
▽ More
We present three voting protocols with unconditional privacy and correctness, without assuming any bound on the number of corrupt participants. All protocols have polynomial complexity and require private channels and a simultaneous broadcast channel. Unlike previously proposed protocols in this model, the protocols that we present deterministically output the exact tally. Our first protocol is a basic voting scheme which allows voters to interact in order to compute the tally. Privacy of the ballot is unconditional in the sense that regardless of the behavior of the dishonest participants nothing can be learned through the protocol that could not be learned in an ideal realisation. Unfortunately, a single dishonest participant can make the protocol abort, in which case the dishonest participants can nevertheless learn the outcome of the tally. Our second protocol introduces voting authorities which improves the communication complexity by limiting interaction to be only between voters and authorities and among the authorities themselves; the simultaneous broadcast is also limited to the authorities. In the second protocol, as long as a single authority is honest, the privacy is unconditional, however, a single corrupt authority or a single corrupt voter can cause the protocol to abort. Our final protocol provides a safeguard against corrupt voters by enabling a verification technique to allow the authorities to revoke incorrect votes without aborting the protocol. Finally, we discuss the implementation of a simultaneous broadcast channel with the use of temporary computational assumptions, yielding versions of our protocols that achieve everlasting security.
△ Less
Submitted 23 November, 2010;
originally announced November 2010.
-
QMIP = MIP*
Authors:
Anne Broadbent,
Joseph Fitzsimons,
Elham Kashefi
Abstract:
The way entanglement influences the power of quantum and classical multi-prover interactive proof systems is a long-standing open question. We show that the class of languages recognized by quantum multi-prover interactive proof systems, QMIP, is equal to MIP*, the class of languages recognized by classical multi-prover interactive proof systems where the provers share entanglement. After the rece…
▽ More
The way entanglement influences the power of quantum and classical multi-prover interactive proof systems is a long-standing open question. We show that the class of languages recognized by quantum multi-prover interactive proof systems, QMIP, is equal to MIP*, the class of languages recognized by classical multi-prover interactive proof systems where the provers share entanglement. After the recent result by Jain, Ji, Upadhyay and Watrous showing that QIP=IP, our work completes the picture from the verifier's perspective by showing that also in the setting of multiple provers with shared entanglement, a quantum verifier is no more powerful than a classical one: QMIP=MIP*. Our techniques are based on the adaptation of universal blind quantum computation (a protocol recently introduced by us) to the context of interactive proof systems. We show that in the multi-prover scenario, shared entanglement has a positive effect in removing the need for a quantum verifier. As a consequence, our results show that the entire power of quantum information in multi-prover interactive proof systems is captured by the shared entanglement and not by the quantum communication.
△ Less
Submitted 27 September, 2013; v1 submitted 7 April, 2010;
originally announced April 2010.
-
The Quantum Locker Puzzle
Authors:
David Avis,
Anne Broadbent
Abstract:
The locker puzzle is a game played by multiple players against a referee. It has been previously shown that the best strategy that exists cannot succeed with probability greater than 1-ln2 \approx 0.31, no matter how many players are involved. Our contribution is to show that quantum players can do much better--they can succeed with probability 1. By making the rules of the game significantly st…
▽ More
The locker puzzle is a game played by multiple players against a referee. It has been previously shown that the best strategy that exists cannot succeed with probability greater than 1-ln2 \approx 0.31, no matter how many players are involved. Our contribution is to show that quantum players can do much better--they can succeed with probability 1. By making the rules of the game significantly stricter, we show a scenario where the quantum players still succeed perfectly, while the classical players win with vanishing probability. Other variants of the locker puzzle are considered, as well as a cheating referee.
△ Less
Submitted 11 December, 2008; v1 submitted 11 December, 2008;
originally announced December 2008.
-
Can quantum mechanics help distributed computing?
Authors:
Anne Broadbent,
Alain Tapp
Abstract:
We present a brief survey of results where quantum information processing is useful to solve distributed computation tasks. We describe problems that are impossible to solve using classical resources but that become feasible with the help of quantum mechanics. We also give examples where the use of quantum information significantly reduces the need for communication. The main focus of the survey…
▽ More
We present a brief survey of results where quantum information processing is useful to solve distributed computation tasks. We describe problems that are impossible to solve using classical resources but that become feasible with the help of quantum mechanics. We also give examples where the use of quantum information significantly reduces the need for communication. The main focus of the survey is on communication complexity but we also address other distributed tasks.
△ Less
Submitted 30 November, 2009; v1 submitted 29 October, 2008;
originally announced October 2008.
-
The GHZ state in secret sharing and entanglement simulation
Authors:
Anne Broadbent,
Paul Robert Chouha,
Alain Tapp
Abstract:
In this note, we study some properties of the GHZ state. First, we present a quantum secret sharing scheme in which the participants require only classical channels in order to reconstruct the secret; our protocol is significantly more efficient than the trivial usage of teleportation. Second, we show that the classical simulation of an n-party GHZ state requires at least n log n - 2n bits of co…
▽ More
In this note, we study some properties of the GHZ state. First, we present a quantum secret sharing scheme in which the participants require only classical channels in order to reconstruct the secret; our protocol is significantly more efficient than the trivial usage of teleportation. Second, we show that the classical simulation of an n-party GHZ state requires at least n log n - 2n bits of communication. Finally, we present a problem simpler than the complete simulation of the multi-party GHZ state, that could lead to a no-go theorem for GHZ state simulation.
△ Less
Submitted 1 October, 2008;
originally announced October 2008.
-
Universal blind quantum computation
Authors:
Anne Broadbent,
Joseph Fitzsimons,
Elham Kashefi
Abstract:
We present a protocol which allows a client to have a server carry out a quantum computation for her such that the client's inputs, outputs and computation remain perfectly private, and where she does not require any quantum computational power or memory. The client only needs to be able to prepare single qubits randomly chosen from a finite set and send them to the server, who has the balance o…
▽ More
We present a protocol which allows a client to have a server carry out a quantum computation for her such that the client's inputs, outputs and computation remain perfectly private, and where she does not require any quantum computational power or memory. The client only needs to be able to prepare single qubits randomly chosen from a finite set and send them to the server, who has the balance of the required quantum computational resources. Our protocol is interactive: after the initial preparation of quantum states, the client and server use two-way classical communication which enables the client to drive the computation, giving single-qubit measurement instructions to the server, depending on previous measurement outcomes. Our protocol works for inputs and outputs that are either classical or quantum. We give an authentication protocol that allows the client to detect an interfering server; our scheme can also be made fault-tolerant.
We also generalize our result to the setting of a purely classical client who communicates classically with two non-communicating entangled servers, in order to perform a blind quantum computation. By incorporating the authentication protocol, we show that any problem in BQP has an entangled two-prover interactive proof with a purely classical verifier.
Our protocol is the first universal scheme which detects a cheating server, as well as the first protocol which does not require any quantum computation whatsoever on the client's side. The novelty of our approach is in using the unique features of measurement-based quantum computing which allows us to clearly distinguish between the quantum and classical aspects of a quantum computation.
△ Less
Submitted 12 December, 2009; v1 submitted 25 July, 2008;
originally announced July 2008.
-
Information-Theoretically Secure Voting Without an Honest Majority
Authors:
Anne Broadbent,
Alain Tapp
Abstract:
We present three voting protocols with unconditional privacy and information-theoretic correctness, without assuming any bound on the number of corrupt voters or voting authorities. All protocols have polynomial complexity and require private channels and a simultaneous broadcast channel. Our first protocol is a basic voting scheme which allows voters to interact in order to compute the tally. P…
▽ More
We present three voting protocols with unconditional privacy and information-theoretic correctness, without assuming any bound on the number of corrupt voters or voting authorities. All protocols have polynomial complexity and require private channels and a simultaneous broadcast channel. Our first protocol is a basic voting scheme which allows voters to interact in order to compute the tally. Privacy of the ballot is unconditional, but any voter can cause the protocol to fail, in which case information about the tally may nevertheless transpire. Our second protocol introduces voting authorities which allow the implementation of the first protocol, while reducing the interaction and limiting it to be only between voters and authorities and among the authorities themselves. The simultaneous broadcast is also limited to the authorities. As long as a single authority is honest, the privacy is unconditional, however, a single corrupt authority or a single corrupt voter can cause the protocol to fail. Our final protocol provides a safeguard against corrupt voters by enabling a verification technique to allow the authorities to revoke incorrect votes. We also discuss the implementation of a simultaneous broadcast channel with the use of temporary computational assumptions, yielding versions of our protocols achieving everlasting security.
△ Less
Submitted 11 June, 2008;
originally announced June 2008.
-
Anonymous quantum communication
Authors:
Gilles Brassard,
Anne Broadbent,
Joseph Fitzsimons,
Sebastien Gambs,
Alain Tapp
Abstract:
We present the first protocol for the anonymous transmission of a quantum state that is information-theoretically secure against an active adversary, without any assumption on the number of corrupt participants. The anonymity of the sender and receiver is perfectly preserved, and the privacy of the quantum state is protected except with exponentially small probability. Even though a single corru…
▽ More
We present the first protocol for the anonymous transmission of a quantum state that is information-theoretically secure against an active adversary, without any assumption on the number of corrupt participants. The anonymity of the sender and receiver is perfectly preserved, and the privacy of the quantum state is protected except with exponentially small probability. Even though a single corrupt participant can cause the protocol to abort, the quantum state can only be destroyed with exponentially small probability: if the protocol succeeds, the state is transferred to the receiver and otherwise it remains in the hands of the sender (provided the receiver is honest).
△ Less
Submitted 15 June, 2007;
originally announced June 2007.
-
Information-theoretic security without an honest majority
Authors:
Anne Broadbent,
Alain Tapp
Abstract:
We present six multiparty protocols with information-theoretic security that tolerate an arbitrary number of corrupt participants. All protocols assume pairwise authentic private channels and a broadcast channel (in a single case, we require a simultaneous broadcast channel). We give protocols for veto, vote, anonymous bit transmission, collision detection, notification and anonymous message tra…
▽ More
We present six multiparty protocols with information-theoretic security that tolerate an arbitrary number of corrupt participants. All protocols assume pairwise authentic private channels and a broadcast channel (in a single case, we require a simultaneous broadcast channel). We give protocols for veto, vote, anonymous bit transmission, collision detection, notification and anonymous message transmission. Not assuming an honest majority, in most cases, a single corrupt participant can make the protocol abort. All protocols achieve functionality never obtained before without the use of either computational assumptions or of an honest majority.
△ Less
Submitted 13 June, 2007;
originally announced June 2007.
-
Parallelizing Quantum Circuits
Authors:
Anne Broadbent,
Elham Kashefi
Abstract:
We present a novel automated technique for parallelizing quantum circuits via forward and backward translation to measurement-based quantum computing patterns and analyze the trade off in terms of depth and space complexity. As a result we distinguish a class of polynomial depth circuits that can be parallelized to logarithmic depth while adding only polynomial many auxiliary qubits. In particul…
▽ More
We present a novel automated technique for parallelizing quantum circuits via forward and backward translation to measurement-based quantum computing patterns and analyze the trade off in terms of depth and space complexity. As a result we distinguish a class of polynomial depth circuits that can be parallelized to logarithmic depth while adding only polynomial many auxiliary qubits. In particular, we provide for the first time a full characterization of patterns with flow of arbitrary depth, based on the notion of influencing paths and a simple rewriting system on the angles of the measurement. Our method leads to insightful knowledge for constructing parallel circuits and as applications, we demonstrate several constant and logarithmic depth circuits. Furthermore, we prove a logarithmic separation in terms of quantum depth between the quantum circuit model and the measurement-based model.
△ Less
Submitted 13 April, 2007;
originally announced April 2007.
-
On the logical structure of Bell theorems without inequalities
Authors:
Anne Broadbent,
Hilary A. Carteret,
Andre Allan Methot,
Jonathan Walgate
Abstract:
Bell theorems show how to experimentally falsify local realism. Conclusive falsification is highly desirable as it would provide support for the most profoundly counterintuitive feature of quantum theory - nonlocality. Despite the preponderance of evidence for quantum mechanics, practical limits on detector efficiency and the difficulty of coordinating space-like separated measurements have prov…
▽ More
Bell theorems show how to experimentally falsify local realism. Conclusive falsification is highly desirable as it would provide support for the most profoundly counterintuitive feature of quantum theory - nonlocality. Despite the preponderance of evidence for quantum mechanics, practical limits on detector efficiency and the difficulty of coordinating space-like separated measurements have provided loopholes for a classical worldview; these loopholes have never been simultaneously closed. A number of new experiments have recently been proposed to close both loopholes at once. We show some of these novel designs fail in the most basic way, by not ruling out local hidden variable models, and we provide an explicit classical model to demonstrate this. They share a common flaw, which reveals a basic misunderstanding of how nonlocality proofs work. Given the time and resources now being devoted to such experiments, theoretical clarity is essential. Our explanation is presented in terms of simple logic and should serve to correct misconceptions and avoid future mistakes. We also show a nonlocality proof involving four participants which has interesting theoretical properties.
△ Less
Submitted 23 July, 2006; v1 submitted 22 December, 2005;
originally announced December 2005.
-
Entanglement swap**, light cones and elements of reality
Authors:
A. Broadbent,
A. A. Methot
Abstract:
Recently, a number of two-participant all-versus-nothing Bell experiments have been proposed. Here, we give local realistic explanations for these experiments. More precisely, we examine the scenario where a participant swaps his entanglement with two other participants and then is removed from the experiment; we also examine the scenario where two particles are in the same light cone, i.e. belo…
▽ More
Recently, a number of two-participant all-versus-nothing Bell experiments have been proposed. Here, we give local realistic explanations for these experiments. More precisely, we examine the scenario where a participant swaps his entanglement with two other participants and then is removed from the experiment; we also examine the scenario where two particles are in the same light cone, i.e. belong to a single participant. Our conclusion is that, in both cases, the proposed experiments are not convincing proofs against local realism.
△ Less
Submitted 20 July, 2006; v1 submitted 6 November, 2005;
originally announced November 2005.
-
On the power of non-local boxes
Authors:
A. Broadbent,
A. A. Methot
Abstract:
A non-local box is a virtual device that has the following property: given that Alice inputs a bit at her end of the device and that Bob does likewise, it produces two bits, one at Alice's end and one at Bob's end, such that the XOR of the outputs is equal to the AND of the inputs. This box, inspired from the CHSH inequality, was first proposed by Popescu and Rohrlich to examine the question: gi…
▽ More
A non-local box is a virtual device that has the following property: given that Alice inputs a bit at her end of the device and that Bob does likewise, it produces two bits, one at Alice's end and one at Bob's end, such that the XOR of the outputs is equal to the AND of the inputs. This box, inspired from the CHSH inequality, was first proposed by Popescu and Rohrlich to examine the question: given that a maximally entangled pair of qubits is non-local, why is it not maximally non-local? We believe that understanding the power of this box will yield insight into the non-locality of quantum mechanics. It was shown recently by Cerf, Gisin, Massar and Popescu, that this imaginary device is able to simulate correlations from any measurement on a singlet state. Here, we show that the non-local box can in fact do much more: through the simulation of the magic square pseudo-telepathy game and the Mermin-GHZ pseudo-telepathy game, we show that the non-local box can simulate quantum correlations that no entangled pair of qubits can in a bipartite scenario and even in a multi-party scenario. Finally we show that a single non-local box cannot simulate all quantum correlations and propose a generalization for a multi-party non-local box. In particular, we show quantum correlations whose simulation requires an exponential amount of non-local boxes, in the number of maximally entangled qubit pairs.
△ Less
Submitted 7 November, 2005; v1 submitted 18 April, 2005;
originally announced April 2005.
-
Recasting Mermin's multi-player game into the framework of pseudo-telepathy
Authors:
Gilles Brassard,
Anne Broadbent,
Alain Tapp
Abstract:
Entanglement is perhaps the most non-classical manifestation of quantum mechanics. Among its many interesting applications to information processing, it can be harnessed to reduce the amount of communication required to process a variety of distributed computational tasks. Can it be used to eliminate communication altogether? Even though it cannot serve to signal information between remote parti…
▽ More
Entanglement is perhaps the most non-classical manifestation of quantum mechanics. Among its many interesting applications to information processing, it can be harnessed to reduce the amount of communication required to process a variety of distributed computational tasks. Can it be used to eliminate communication altogether? Even though it cannot serve to signal information between remote parties, there are distributed tasks that can be performed without any need for communication, provided the parties share prior entanglement: this is the realm of pseudo-telepathy.
One of the earliest uses of multi-party entanglement was presented by Mermin in 1990. Here we recast his idea in terms of pseudo-telepathy: we provide a new computer-scientist-friendly analysis of this game. We prove an upper bound on the best possible classical strategy for attempting to play this game, as well as a novel, matching lower bound. This leads us to considerations on how well imperfect quantum-mechanical apparatus must perform in order to exhibit a behaviour that would be classically impossible to explain. Our results include improved bounds that could help vanquish the infamous detection loophole.
△ Less
Submitted 16 June, 2005; v1 submitted 6 August, 2004;
originally announced August 2004.
-
Quantum Pseudo-Telepathy
Authors:
Gilles Brassard,
Anne Broadbent,
Alain Tapp
Abstract:
Quantum information processing is at the crossroads of physics, mathematics and computer science. It is concerned with that we can and cannot do with quantum information that goes beyond the abilities of classical information processing devices. Communication complexity is an area of classical computer science that aims at quantifying the amount of communication necessary to solve distributed co…
▽ More
Quantum information processing is at the crossroads of physics, mathematics and computer science. It is concerned with that we can and cannot do with quantum information that goes beyond the abilities of classical information processing devices. Communication complexity is an area of classical computer science that aims at quantifying the amount of communication necessary to solve distributed computational problems. Quantum communication complexity uses quantum mechanics to reduce the amount of communication that would be classically required.
Pseudo-telepathy is a surprising application of quantum information processing to communication complexity. Thanks to entanglement, perhaps the most nonclassical manifestation of quantum mechanics, two or more quantum players can accomplish a distributed task with no need for communication whatsoever, which would be an impossible feat for classical players.
After a detailed overview of the principle and purpose of pseudo-telepathy, we present a survey of recent and no-so-recent work on the subject. In particular, we describe and analyse all the pseudo-telepathy games currently known to the authors.
△ Less
Submitted 22 November, 2004; v1 submitted 27 July, 2004;
originally announced July 2004.
-
Multi-Party Pseudo-Telepathy
Authors:
Gilles Brassard,
Anne Broadbent,
Alain Tapp
Abstract:
Quantum entanglement, perhaps the most non-classical manifestation of quantum information theory, cannot be used to transmit information between remote parties. Yet, it can be used to reduce the amount of communication required to process a variety of distributed computational tasks. We speak of pseudo-telepathy when quantum entanglement serves to eliminate the classical need to communicate. In…
▽ More
Quantum entanglement, perhaps the most non-classical manifestation of quantum information theory, cannot be used to transmit information between remote parties. Yet, it can be used to reduce the amount of communication required to process a variety of distributed computational tasks. We speak of pseudo-telepathy when quantum entanglement serves to eliminate the classical need to communicate. In earlier examples of pseudo-telepathy, classical protocols could succeed with high probability unless the inputs were very large. Here we present a simple multi-party distributed problem for which the inputs and outputs consist of a single bit per player, and we present a perfect quantum protocol for it. We prove that no classical protocol can succeed with a probability that differs from 1/2 by more than a fraction that is exponentially small in the number of players. This could be used to circumvent the detection loophole in experimental tests of nonlocality.
△ Less
Submitted 5 June, 2003;
originally announced June 2003.
-
Detection of Large Scale Structure in a $B < 17^{m}$ Galaxy Redshift Survey
Authors:
A. Ratcliffe,
T. Shanks,
A. Broadbent,
Q. A. Parker,
F. G. Watson,
A. P. Oates,
R. Fong,
C. A. Collins
Abstract:
We report on results from the Durham/UKST Galaxy Redshift Survey where we have found large scale ``cellular'' features in the galaxy distribution. These have spatial 2-point correlation function power significantly in excess of the predictions of the standard cold dark matter cosmological model$^{1}$, supporting the previous observational results from the APM survey$^{2,3}$. At smaller scales, t…
▽ More
We report on results from the Durham/UKST Galaxy Redshift Survey where we have found large scale ``cellular'' features in the galaxy distribution. These have spatial 2-point correlation function power significantly in excess of the predictions of the standard cold dark matter cosmological model$^{1}$, supporting the previous observational results from the APM survey$^{2,3}$. At smaller scales, the 1-D pairwise galaxy velocity dispersion is measured to be $\bf 387^{+96}_{-62}$ kms$^{-1}$ which is also inconsistent with the prediction of the standard cold dark matter model$^{1}$. Finally, the survey has produced the most significant detection yet of large scale redshift space distortions due to dynamical infall of galaxies$^{4}$. An estimate of $\bf Ω^{0.6}/b = 0.55 \pm 0.12$ is obtained which is consistent either with a low density Universe or a critical density Universe where galaxies are biased tracers of the mass.
△ Less
Submitted 13 February, 1996;
originally announced February 1996.