Quantum Turing Test. Elham Kashefi


 William Hoover
 1 years ago
 Views:
Transcription
1 Quantum Turing Test Elham Kashefi
2 Feynman Vision  82 Quantum Computing as the technology for simulating quantum systems Spectacular Progress from complexity theory to cryptography from simulation to sampling from tomography to implementation from foundation to interpretation proving what we are actually performing and observing is indeed quantum
3 Quantum Algorithms  Speed Up Superpositions Nonlocal Correlations Interference &'()*'+,(./01*2+3 4(3315(,67*70+1)13*158 $;<=;!"#"$% 4(3315(,90/:(:113*158 9 C 9 E $;<=; 9 D &'()*'+8!"#"$%! C! E $;<=;! D
4 Deutsch s problem Quantum Algorithms  History DeutschJozsa demonstrated the first speed up put: Given A boolean a function f : {0, 1} n! {0, 1} determine if it is constant or balanced utput: Determine if f is constant or balanced Deutsch s problem U f : 1 p 2 n U f : xi( 0i 1i)! x2{0,1} n xi xi( 0i 1i) if f(x) =0 fi xi( 0i = 1 X p 2 n 1i) if f(x) ( =1 x2{0,1} n 1) f(x) xi 0 1 X 0i 1i p 1 X f i for any constant function is ( orthogonal 1) f(x) xia 0i to 1i p the corresponding 2 2 n state for any The balanced state for any function. constant function is orthogonal x2{0,1} 2 to n the state for any balanced function Measurement on f i which distinguishes balanced from constant H n : xi! 1 p 2 n X y2{0,1} n ( 1) x y yi
5 Deutsch s problem Quantum Algorithms  History DeutschJozsa demonstrated the first speed up Simo put: Given A boolean a function f : {0, 1} n! {0, 1} determine if it is constant or balanced utput: Determine if f is constant or balanced Simon s Algorithm Simon s Problem e are given Given function a function 2 1 f : {0,1} n {0,1} n,specifiedbyablackbox,withthepromisethat finds xi( 0i 1i) if f(x) a Forallxf(x such that + a)= f (x). =0 a {0,1} n Uwith f : xi( 0i a 0 n such 1i) that! xi( 0i 1i) if f(x) =1 Iff (x)= f (y) then either x = y or y = 0 Suppose we are given function 2 1 f : {0,1 there is an a {0,1} n with a 0 n such that 1 1) f(x) xia 0i 1i p 2 llxf(x + a)= f (x). 1 X 0i 1i U f : p xi p 1 Breakthrough X ( The challenge is to determine a. It should x)= f (y) 2 n then either x = y x2{0,1} 2 or y = x + a. 2 n n x2{0,1} (probabilistic) computer. This is because the n such that f (x)= f (y). Andthebestanalgorit nge is to determine a. Itshould 1994 be Shor s intuitively Period clearfinding thatthisproblem isadifficulttaskfor a classical birthday paradox (actually its converse), the tic) computer. Given an This nbit is because integer, the find algorithm the prime cannot factorisation. determine a until it finds two inputs x and y 2 n/2 inputs. Breaks Bythe contrast, RSA cryptosystem we will show an effi (x)= f (y). Andthebestanalgorithmcandoistryrandominputsx until it finds a match. By the radox (actually its converse), the chance of this isnegligibleif 1. Use f tof set is probed up random on many preimage fewer than state. By contrast, we will show an efficient quantum algorithm. φ = 1/
6 Quantum Algorithms  History The oo  Stephen Jordan papers BuchmanWilliams cryptosystem Elliptic curve cryptography Algebraic and Number Theoretic Algorithms Exponential Speed Up: Factoring, Discretelog, Pell's Equation, Principal Ideal, Unit Group, Class Group, Gauss Sums, Matrix Elements of Group Representations Oracular Algorithms Broad Application: Unstructured Search, Amplitude Amplification, Collision Finding, Hidden subgroup Problem, Formula Evaluation, Linear Systems, Group Isomorphism, Network Flows Approximation and Simulation Algorithms Inspired by Physic : Quantum Walk, Quantum Simulation, Knot Invariants, Partition Functions, Adiabatic Optimization, Simulated Annealing
7 Quantum Algorithms  Perspective Quantum Simulators One controllable quantum system to investigate another, less accessible one tackling problems that are too demanding for classical computers Ultracold quantum gases, Trapped ions, Photonic, Superconducting circuits Refuting the Strong ChurchTuring Thesis Our communication today is secure only if we cannot build a large scale quantum computer
8 Quantum Cryptography  Security Quantum cryptography relies on the laws of quantum mechanics to offer unconditional security Measurement perturbs the system Uncertainty Principles No Cloning No perturbation No measurement No eavesdropping
9 Quantum Cryptography  History Wiesner 1983 The first link between secrecy and quantum physics quantum money Bennett and Brassard 1984, Ekert 1991 Public key distribution problem Cleve, Gottesman and Lo, 1999; Crepeau, Gottesman and Smith, 2005 Quantum Secret Sharing
10 Quantum Cryptography  History Lo, Chau, Mayers 1997 Impossibility of quantum bit commitment Damgaard et al., 2005, 2007; Wehner, Schaffner and Terhal, 2008 New paradigms of boundedstorage models Gottesman and Chuang 2001 Quantum digital signature Kitaev 2003, Chailloux and Kerenidis 2009 Perfect quantum coin flipping is impossible, but better than classical protocols exist Broadbent, Fitzsimons and Kashefi 2009 Unconditionally secure quantum delegated computation
11 Quantum Cryptography  Perspective Quantum Key Distribution Networks SECOQC: 2008, 200 km of standard fibre optic cable to interconnect six locations across Vienna and St Poelten
12 Quantum Cryptography  Perspective Quantum Key Distribution Networks DARPA: 10node, has been running since 2004 in Massachusetts BBN Technologies, Harvard University, Boston University and QinetiQ Tokyo QKD Network: 7 partners NEC, Mitsubishi Electric, NTT and NICT, Toshiba Research Europe Ltd. (UK), Id Quantique (Switzerland) and All Vienna China and Austria Earth  Satellite QKD
13 Secure Cloud Computing How to make cloud computing safe? A model for enabling convenient, ondemand network access to a shared pool of configurable computing resources X Y Limited Client Untrusted Server Y F(Y) F(X) F(Y)
14 Secure Cloud Computing Rivest, Adleman and Dertouzos 1979 Can we process encrypted data without decrypting it first? Fully homomorphic encryption Classical: Gentry 2009 Only computational security assumption of limited computational power of the adversary Quantum: Broadbent, Fitzsimons, and Kashefi 2009 Unconditional security
15 Qcomputing + Qcryptography = Blind Q Computing Classical Communication Classical Computer random single qubit generator Unconditional Perfect Privacy Server learns nothing about client s computation
16 IG. 1: The control computer provides one bit of classical nformation (downward arrows) to each site (circles in the reource state) determining the choice of measurement basis. fter the measurement, one bit of classical information (upard arrow), such as the outcome of the binary measurement, an E. Browne 1 y, University College London, 6BT, United Kingdom. 8, 2008) Measurementbased Quantum Computing angled states exploited in measurementbased f the classical computer that controls the meaal resource power, leading naturally to a notion computation. Surprisingly, Program the Greenbergeroblems emerge naturally as Computation optimal examples. Power is encoded in the entanglement is encoded in the classical control computer the violation of local realistic models and the measurement sites measurement site control computer control computer resource state Hide Angles of measurements Results of Measurements
17 smeasurements.ifwewereto H rotocol J( 1 Universal + + r ) o reveal use information this principle 2. Bob s about for preparation Blind the blind Quantum quantum Computation computing, Alice would have to reve. iversal of Alice s ± states structure + +r Blind called Quantum of preparation J( + the the + brickwork underlying Computation graph state. We introduce a new family of st r ) s 2 {0, 1} ; X s+r 1 tsaration For andstates each thus rdo (Figure column 2.1 not require Bob 1) which x =1,...,n the creates are universal an entangled for J( ) X Y plane state measurements from all and states Universal initial Blind Quantum P Computings 1 { + for p( ) Tr (P ( 0 + } e iθ that computational do not requirebasis measurements. Other universal graph states mn For x =1,...,n each x,y row 1 ) y θapplying =1,...,m x,y =0, π/4,...,7π/4} ctrl incorrect andb( )) sendsapple y 0 1 (e i 1.1 =1,...,m X =(Ũ,{ Alice prepares + x,y}) epares ψ x,y R { ψ x,y R { gates between the qubits ]. initial computational basis measurements have appeared in [CLN05]. nctionality To + +θx,y = 2 1 ( 0 + e iθ the has best beendefinition of achieved our knowledge, 1). this is the first time that x,y 1 ) a new θ x,y functio =0, in[rhg06,ms08]). thanks to MBQC +θx,y From (other = 1theoretical 2 1 ( 0 + 1e iθ advances x,y e 1 ) i due θ x,y to=0, MBQC π/4,...,7π/4 appear in s tremendous a the conceptual qubits to Bob. 3. Interaction potential point forof the view, B 1and our its to Bob. ± 1 A contribution measurement 0 shows that MBQC has trem. all Bob s received development ± preparation + +r For qubits, each of newaccording column protocols, to x and=1,...,n their maybe indices, even of algorithms. by aration bits 2.1in 1.3 Bob order Outline 1 { + creates to } create an entangled a brickwork state state fromg n m all received (see qubits, acco ates an{ + For entangled } each of Protocols row y =1,...,m uantum The random computation outline single qubit of the given generator state main asfrom protocol all received is as qubits, according to their 1 1 e i 2 e i e i g ctrl Definition X gates =(Ũ,{ 3.1between 1). Alice computes x,y}) the qubits inφ order follows. x,y where Alice to create sx has a brickwork stat 1 2 on 1). e i 1. Interaction X =(Ũ,{ 0,y = mind s a 0,y =0. quant preparation a measurement and computation. ly from {1/ 2 ( pattern 0 + e andx,y}) iθ 1 ) on a brickwork state. There are two stages: prepa In the preparation 3.2 Alice stage, measurement chooses Alice prepares r x,y single R {0, qubits 1} and chosencomputes randomly fr all the θ =0, qubits, π/4, Bob 2π/4,...,7π/4} entangles and For each measurement column x,y =( 1) x sx x,y =1,...,n x,y + s and sends them to Bob. After receiving all t reveals upper x,y 3.3 bounds Alice on the them according to thetransmits brickwork 1 mn For x =1,...,n each row y =1,...,m s 2 {0, 1} ; X s J( ) 0. x,y =( 1) sx x,y r x,y R {0, 1} x,y + s state. δ x,y Note to Bob. that this Bob unavoidably measures reve length of the input and depth dimensions x,y 1 y 3.1 =1,...,m3.4of Bob Alice stransmits underlying graph state, it does not reveal any Alice tes δ x,y = φ computes x,y + θ x,y + πr x,y. 1 (e i mputes φ ures in basis { φ x,y where sx 0,y = x,y where thestate, sx s +δx,y, 0,y =0. 0,y = result that s 0,y =0. scorrespond x,y {0, to 1} thetolengt A stage involves the computation. interaction: 3.5 If r for However, due to universality of the brickwork stat 3.2 Alice r chooses x,y =1above,Aliceflipss x,y R δx,y {0, 1} and computes δ }. 1 e ooses r i x,y = x,y φ ;otherwise calmessagetobobtotellhim additional information on Alice s computation. The computation x,y R {0, 1}. o Alice. x,y R {0, 1} and computes δ x,y = φ x,y + θ x,y + π performs the measurement and 3.3 Alice transmits δ x,y to Bob. Bob measures x,y + θ x,y + πr x,y.. wiseshedoesnothing. ansmits δ x,y to Bob. Bob measures in the basis { in the basis { stage each layer of the brickwork state, for each qubit, Alice sendsaclassicalm swilldependonthesevalues. in which basis of X Y plane he should measure the qubit. Bob +δx,y perfor telychosensothat,nomatter 3.4communicates Bob s transmits the result s x,y {0, 1} to Alice. +δx,y, δx,y x,y := s x,y + r x,y }. The universality the outcome; Alice s of Protocol choice of angles 1 follows in future from rounds the will pattern. 3.5Importantly, IfIfAliceiscomputing r x,y =1above,Aliceflipss Alice s quantum states x,y and ;otherwiseshedoesnothing. classical messages areastutelyc applying ctrl gates between the qubits in order to create a b nsmits the result s x,y {0, 1} to Alice.
18 me as a measurement in the + φ+θ, φ+θ basis on (θ) ψ (see Appendix A), and since + θ + πr, ifr =0,Bob smeasurementhasthesameeffect J( + + r ) as Alice s target measurement; if allaliceneedstodoisfliptheoutcome. now r Blindness define and prove the security of the protocol. Intuitively, we wish to prove that whatever ooses to do (including arbitrary deviations from the protocol), his knowledge on Alice s m computation does not increase. Note, + however that Bob does learn the dimensions of the ork state, giving an upper bound on the size of Alice s computation. This is unavoidable: leadaptationoftheproofoftheorem2from[afk89],confirms ± + +r this. We incorporate tion of leakage in our definition of blindness. Aquantum delegated computation protocol rotocol by which Alice interacts quantumly { + } with Bob in order to obtain the result of a tation, U(x), where X =(Ũ,x)isAlice sinputwithũ being a description of U. ition 2. Let P be a quantum Protocol delegated P on input computation X =(Ũ,{ on x,y}) input leaks X at and most let L(X) be any function input. We say that a quantum delegated computation protocol is blind while leaking at most f, on Alice s input X, for any2. fixed Given Y = the L(X), distribution the following of classical two hold information when givendescribed Y : in The distribution of the classical obtained information by Bob obtained P is fixed by Bob andis independent of X. e distribution of the classical information obtained by Bob in P is independent of X. 2. Given the distribution of classical Definition information 2 captures described the intuitive 1, the notion statethat of the Bob s quantum view of sy obtained The quantum by Bob state in P is fixed (when and given independent Y 5 ); since of X. his view consists of classical and quant distribution of the classical information should not depend on Definition 2 captures the intuitive choice notion of the classical that Bob s information, view of the protocol the stateshould of thenot quantum dependsy o (when given Y ); since his viewand consists not depend of classical on X and (given quantum Y ). We information, are now ready this means to state tha distribution of the classical information that Protocol should not 1, (n, depend m) isonx the dimension (given Y ) and of the that brickwork for any choice of the classical information, the state of the quantum system should be uniquely determ and not depend on X (given Theorem Y ). We are3 now (Blindness). ready to state Protocol and prove 1 is our blindmain while theorem. leaking Ra that in Protocol 1, (n, m) is the dimension of the brickwork state. Proof. Let (n, m) (the dimension of the brickwork state) be Theorem 3 (Blindness). Protocol the brickwork 1 is blind state while guarantees leaking atthat most Bob s (n, m). creating of the gra
19 Quarter/Halfwave Plate BBO crystal Experimental Implementation Polarization Controller Polarizing Beam Splitter Filter Barz, Kashefi, Broadbent, Fitzsimons, eilinger, Walther, Science a b c d 2 θ 3 θ 2 3 Alice Bob
20 Experimental Implementation Client: limited computational power Quantum server: full power of Quantum Computation Prepares random qubits Entangles qubits Measurement instruction for server Initial rotation of the qubit Target rotation Computes measurement angles Random bit flip
21 Experimental Implementation Client: limited computational power Quantum server: full power of Quantum Computation Entangles qubits Prepares random qubits Y X Measurement in XY plane Computes measurement angles Decryption: Output of the computation 0 0, 1
22 Quantum Cloud Quantum computing could head to 'the cloud', study says Girls lockup quantum security Almost as intriguingly, the research has been carried out by a team three of them being women. The Blind Quantum Security Eschaton Quantum computers "can decrypt any nonquantum method nearinstantly, in theory, rendering all existing forms of encryption obsolete," Enderle pointed out. "This will make the concerns surrounding Iran's nuclear efforts seem trivial by comparison if a [foreign] country gets there first."
23 Blind Q Computing World CC Other approaches D. Aharonov, M. BenOr, and E. Eban, ICS 10 (2010) A. Childs, Quant. Inf. Compt. (2005) P. Arrighi and L. Salvail, Int. J. Quant. Inf. (2006) Approximate Protocol Dunjko, Kashefi, Leverrier, PRL, 2012 Robust Protocol Morimae, Dunjko, Kashefi, arxiv: Morimae, Fujii, Nature Communications, 2012 Morimae, PRL, 2012 Minimal Protocol Dunjko, Kashefi, Markham Composable Protocol Dunjko, Fitzsimons, Portmann, Renner, arxiv: (2013) Other Models Datta, Kapourtionis, Kashefi, Oneclean qubit
24 Big Picture n Still requires 2 parameters for a classical computer to simulate it How do we verify the Solution? Can we verify it with a classical Computer? BQP BPP NP Blind Computation with BPP* Alice Not all the problem in NP can be computed blindly with a BPP Alice Abadi, Feigenbaum and Kilian
25 The Ultimate Challenge Quantum Verification
26 Should we pay $ for a quantum computer That kind of tests work only for a specific problem. We don t know if all the questions that quantum computer can solve are classically testable Simple test: We ask the box to factor a big number
27 Exponential World Hilbert space is a huge place. What makes quantum not classical makes its verification not classical either n particles = 2 n parameters
28 Quantum Turing Test
29 ± + +r Proof System { + } X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Verifier Prover r x,y R {0, 1} Yes X satisfies some property x,y R {0, NP  problems, 7 /4} s x,y := s x,y + r x,y
30 ± + +r Interactive Proofs { + } All problems X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Verifier Prover r x,y R {0, 1} Prover can cheat with exponentially small probability Yes X satisfies some property x,y R {0,, 7 /4} s x,y := s x,y + r x,y
31 { + } Can we Classically test Quantum Mechanics? X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Classical Verifier Quantum Prover Yes X satisfies some property r x,y R {0, 1} x,y R {0,, 7 /4} Gottesman (04)  Vazirani (07) Aaronson $25 Challenge (07) Does every language in the class BQP admit an interactive protocol s x,y := s x,y + r x,y where the prover is in BQP and the verifier is in BPP?
32 Verification Correctness: in the absence of any interference, client accepts and the output is correct Soundness: Client rejects an incorrect output, except with probability at most exponentially small in the security parameter Fitzsimons and Kashefi, arxiv: , 2012
33 m Authentication =2d +1. In this case, the code can detect d errors. Also, C k is self dual [BOCG + 06], namely, the cod s equal to the dual code subspace. ij nsverification = Mi J( ) vs s i Authentication = X s i M i j i J( ) E ij antum Authentication adapted G + 02]). from A quantum Barnum authentication et. al. [BCG + scheme 02]). A(QAS) quantum is aauthenticatio pair of finitions her quantum with aalgorithms set of classical A and keys B together KEve such that: with a set of classical keys K suc 3.1 (adapted from Barnum et. al. [BCG + 02]). A quantum authentication scheme (QAS) is a pair o M l(qas) time input and quantum is ana key mqubit algorithms a pair Alice of Bob k K A message and and B together outputs system with a set transmitted M of and classical a key keys system K k such K that: Tand of m outputs + d a t kes as input an mqubit ( message ) system M and a key k K and outputs a transmitted system T of m + its. system T of m + d kes ted input assystem input the the (possibly T andaltered) aaltered) classical transmitted transmitted key system k T and Ksystem and outputs T andtwo a classical systems: key a k Barnum, a classical Crepeau, keygottesman, k K andsmith outputs and Tapp, two systems: FOCS02 ubit message state M, and a single qubit V which indicate whether the state is considered valid or erroneou essage whichstate indicate M, J( ) and whether a single the state qubitis Vconsidered which indicate validwhether or erroneous. the state is basis states of V are called VAL, ABR. Forafixedk we denote the corresponding superoperators b tputs two systems: a d valid or erroneous.. g superoperators by Detect error and states R. B k Forafixedk. of V are called we denote VAL the, ABR. corresponding Forafixedk superoperators we denote the by cor a pure state ψ, consider the following test on the joint system M,V : output a 1 if the first m qubits are i r if the last qubit is in state ABR, otherwise, output 0. The corresponding projections are: s i state on the ψ, joint consider systemthem,v following : output testaon 1 if the the joint firstsystem m qubits M,V are: inoutpu P ψ 1 = ψ ψ I V +(I M ψ ψ ) ABR ABR (2 first last ise, m qubit output qubits is0. inthe state corresponding ABR, otherwise, projections output are: 0. The corresponding pr P ψ 0 are= in (I M ψ ψ ) 1 VAL VAL (3 are: e is secure if for all +(I M ψ ψ ) P ψ possible input states ψ and for all possible interventions by the adversary, the expecte 1 ( ) = ABR ABR ψ ψ 1 0 I (2) 1 V +(I M ψ ψ ) ABR ABR B s output 2 to the space defined by P 1 2 is high: 0
34 m Authentication y(n) length uniformly at random. The map from k to the group element represented as a product of Cliffo erators =2d +1. can be In computed this case, the code can detect d errors. Also, C k is self dual [BOCG + 06], namely, the cod k in s equal to the dual code subspace. 1 classical f(α 1 nsverification vs P 0 ). polynomial..k m time. Tr f(α m ) (1) aux [U I J( out = P O c E Authentication G ( in J( in ) E + + aux 0)I i ij = M J U i J( ) s ] V ri ) E G P O ci = X s i ef(f) d,f(0)=a Signed = Polynomial Tr M i j aux [U( Codes in aux 0)U ] i antum Authentication adapted n background G detect + on 02]). from d polynomial Aerrors. quantum Barnum Also, quantum authentication et. C codes k al. is see self Appendix [BCG dual + A. scheme 02]). [BOCG A(QAS) + quantum 06], is aauthenticatio pair of finitions Tr aux [U I J( her quantum with aalgorithms set of classical A and keys B together KEve in aux 0)I J namely, U code ] 2.3 ([BOCG + 06]) TheP signed + polynomial = M code with such that: with a set of classical keys K suc 3.1 (adapted= fromtr Barnum et. al. [BCG + 02]). A quantum authentication scheme (QAS) is a pair o M l(qas) time input and quantum is ana key mqubit algorithms a pair Alice aux [U( in aux 0)U respect to a string k {±1} m (denoted C k ) i i i s i i ] of Bob S k K A k def a message and= and B together 1 outputs system with a set transmitted M of and classical k 1 f(α a key keys 1 )...k system K k m such f(α K that: q d T m ) and of m outputs + d a t kes as input an mqubit message system P + f:def(f) d,f(0)=a P + E and = a M key k K and outputs ( a transmitted ) system T of m + i s i i ij = M i X s i E j ij X s i j Detect error its. use m =2d +1. In this case, the code i can detect d errors. i Also, C k is self dual [BOCG + 06], namely, space system is equal T toof them dual + code d subspace. kes ted input assystem input the the (possibly T andaltered) aaltered) classical transmitted transmitted key system k T and Ksystem anda classical outputs T key and k two Ka and classical systems: outputs twokey asystems: k ubit 0 message state M, and a single qubit V which indicate whether the state is considered valid or erroneou essage whichstate indicate M, and whether a single state qubitis Vconsidered which indicate validwhether or erroneous. the state is basis states of V are called P + VAL E J( ), ABR. Forafixedk we denote the corresponding superoperators b and tputs states R. B k Forafixedk. two systems: i ij = M a i X s i E j ij X s i Quantum J( ) E i Authentication ij = M j [BCG of + i J( ) s i = X s i M i j i ) E ij V02]). are called A we quantum denote VAL authentication, ABR. corresponding Forafixedk scheme superoperators (QAS) we denote is a the pair by cor of d valid Definitions or erroneous. ogether a. pure state ψ, consider the following test on the joint system M,V : output a 1 if the first m qubits are i gr ifsuperoperators the last qubit is in state by P 0 with a set of classical keys K J( ) E ABR, otherwise, output 0. The corresponding sprojections are: i ij = Mi J( ) s such that: Eve i = X s = i M i j Server finition 3.1 (adapted from Client Barnum et. al. [BCG + 02]). A quantum authentication i i J( ) scheme E (QAS) is a ynomial ij tem state onm time the ψ, and quantum joint consider a key algorithms system k the M,V K A and following and B together : outputs with testa a set on 1transmitted of classical keys if the the joint firstsystem msystem K such that: qubits M,V Tare of: m inoutpu + d Atakes as input P ψ 1 an mqubit = ψ ψ message I V system +(I M and ψ ψ ) a key k ABR ABR K and outputs a transmitted system T (2 o first last ise, m qubit output qubits is0. inthe state corresponding ABR, otherwise, projections output are: 0. The corresponding pr qubits. P ψ 0 are= in (I M ψ ψ ) ( U VAL VAL 1 (3 ) are: esmitted is secure ifsystem for all +(I M ψ ψ ) P ψ Detect possible T error Btakes as input the (possibly and input altered) astates classical transmitted ψ and for key system all possible k1 T and Kinterventions anda classical outputs key by the k two adversary, K the expecte = ABR ABR ψ ψ I (2) 1 V +(I M ψ ψ ) ABR ABR B s output to the space defined by P ( ) = 1 and systems: outputs 0 twoasy mqubit message state M, and a single bit V which indicate whether 1 is qubit high: V which indicate whether the state is considered the state 2 is considered valid or 2 erroneous. valid 0 or er The basis states of V are called VAL, ABR. Forafixedk we denote the corresponding superoper
35 x,y R {0, x,y 0,, 7 /4} =( 1 1) sx x,y x,y + s x,y Adding Traps s x,y := s x,y + r x,y BPP QNC NC 2 QNC 1 r x,y R {0, 1} 0, 1 +, x,y Trap R {0, Measurements, 7 /4} BPP QNC s x,y := s x,y + r x,y NC 2 QNC 1 0, 1 +, 0, 1 M + s =0 M s =1 BPP QNC NC 2 QNC 1 M + +, s =0 M + s =0 M s =1 3 Trap positions and Measurement angles remain hidden
36 εverification ting an incorrect outcome density operator. Any outcome density operato r is contained within the subspace of correct and incorrect outcome state babilistically Aliceprojected intobob a correct or an incorrect state. Hence intuitiv to be verifiable if the corresponding outcome state is far from any inco owing P p( ) Tr (P incorrect B( )) apple the approach of [28], we first define the notion of correctness 9. random parameters.. For any server s strategy the probability of client accepting an incorrect outcome density operator is bounded by ε: 8. Let Pincorrect beb( ) the projection onto the subspace of all the possible inc rator for the fixed density choice operator of classical Alice s and random quantum output variables denoted with, thati P incorrect =(I ideal ih ideal ) r t ihr t eal ih ideal = Tr i62{o[{t}} (B 0 ( )). Let p( ) be the probability Accept of Alice Key ch arameterized by, that is the probability of choosing a position i amo the graph to be the trap position (denoted as a random variable t) and P p( ) Tr (P incorrect B( )) apple random variables,r,x, (as defined in Definition 6). Given 0 apple < be verifiable, if for any choice of Bob s strategy (denoted by j) the prob
37 Verification with single trap Theorem. Protocol is (1 1/2N)verifiable in general, and in the case of purely classical output it is (1 1/N)verifiable, where N is the total number of qubits in the protocol.
38 Probability Amplification To increase the probability of any local error being detected O(N) many traps in random locations To increase the minimum weight of any operator which leads to an incorrect outcome FaultTolerance
39 P P1 H P= MComp Challenge: Traps break the graph Y 5. Y Y Y P H MComp P= MReduce MComp = K 5 2. Y Y 3. Y MReduce Y MP MReduce P1 M6. P P1 7. MA MA 7. P2 MP MP K 5 P3 P3 P Required 3D lattice for Raussendorf, Harrington Topological and Goyal errorcorrecting code with defect thickness d 6. MP K 5 4. Y 3. Y Y K 5 P K 5 3. Y P1 Y P 6. P MReduce P1 6. Y Y 2. P1 Y H = MComp Probability Amplification 1. H P3 P3
40 Probability Amplification P 3 K K 5 P 1 P 1 K 5 P 2 P 2 M P 7. P 3 P 3 K 5 K15 K5 K 5
41 P 2 Probability Amplification M P P 3 K5 7. M ocol 8. In this figure we replace the RaussendorfHarringtona simpler computation, as to include a full encoding yields
42 Off to Vienna P 3 7. M
43 2 What can we do with 4qubits FIG. 1: Concept of a quantum prover interactive proof system based on blind quantum computing. The verifier wants to find out if the prover can indeed perform quantum computations. While the question if a classical verifier can test a quantum system is still open, it was shown that a verifier that has access to certain quantum resources can verify quantum computations. Here, in the framework of blind quantum computing, the verifier needs the ability to generate single qubits and to transmit them to the prover. After the transmission of the qubits, the verifier and the prover exchange twoway classical communication.
44 Restricting to Classical Input and Output trapification trapification
45 A Complete new proof of verification was required Pauli ( i ) Trap Stabilizer Measurement Overall X I Y Y Y X X Y Y Y I X C C C C C C C A C C A C C C A A C A C C C A C A C A A C C A A A A C C C A C C A A C A C A C A A A A C C A A C A A A A C A A A A Table 4: Pauli terms in the deviation operator U and whether or not they are detected by a particular trap setup or not. Although there are 256 distinct 4qubit Pauli operators, including the identity, these can be grouped into 16
46 Summery Only 4 qubit computation can be verified and a particular type of attack cannot be detected! What about DWave Problem Verification of 2qubit entanglement Blind Verification of Entanglement
47 Blind Verification of Entanglement Barz, Fitzsimons, Kashefi, Walther, Nature Physics 2013
48 Quantum Turing Test We can test eﬃciently a quantum computer But we need quantum randomness
49 Perspective What is the lower bound Model independent Verification Is Nature Classically verifiable
50 Quantum Turing Test Quantum eroknowledge Proof; Adiabatic UBQC; BBP vs BQP theory Computational practice lab Unconditionally Secure Cloud Computing; Hybrid QuantumClassical Homomorphic Encryption Efficient Process Tomography;Testing Commercial Qubits with Scientific Qubits UBQC with superconducting qubits UBQC and Verification Implementation with Photonic Qubits and Coherent Pulses lab Blind Bell Test; Blind Contextuality Test; Distinguishing Relativistic Effects from Quantum Effects practice theory Physical Interactive Proof Quantum Turing Test Blind Trapification Measurementbased QC
Open Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary
Open Problems in Quantum Information Processing John Watrous Department of Computer Science University of Calgary #1 Open Problem Find new quantum algorithms. Existing algorithms: Shor s Algorithm (+ extensions)
More informationHow Quantum Can a Computer Be? 1
How Quantum Can a Computer Be? 1 Elham Kashefi 2 Prisme N 29 September 2014 1 This text is a transcription of the presentation given by Elham Kashefi at the Cournot seminar, «Quantum Turing Testing» in
More information24 th IEEE Annual Computer Communications Workshop (CCW)
24 th IEEE Annual Computer Communications Workshop (CCW) Exploration of Quantum Cryptography in Network Security Presented by Mehrdad S. Sharbaf Sharbaf & Associates Loyola Marymount University California
More informationAuthentic Digital Signature Based on Quantum Correlation
Authentic Digital Signature Based on Quantum Correlation XiaoJun Wen, Yun Liu School of Electronic Information Engineering, Beijing Jiaotong University, Beijing 00044, China Abstract: An authentic digital
More informationarxiv:1206.3686v1 [quantph] 16 Jun 2012
Is Quantum Mechanics Falsifiable? A computational perspective on the foundations of Quantum Mechanics. Dorit Aharonov and Umesh Vazirani June 19, 2012 arxiv:1206.3686v1 [quantph] 16 Jun 2012 Abstract
More informationQuantum Computers vs. Computers Security. @veorq http://aumasson.jp
Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert
More informationQuantum Computing. Robert Sizemore
Quantum Computing Robert Sizemore Outline Introduction: What is quantum computing? What use is quantum computing? Overview of Quantum Systems Dirac notation & wave functions Two level systems Classical
More informationIntroduction to Quantum Computing
Introduction to Quantum Computing Javier Enciso encisomo@in.tum.de Joint Advanced Student School 009 Technische Universität München April, 009 Abstract In this paper, a gentle introduction to Quantum Computing
More informationEnhancing privacy with quantum networks
Enhancing privacy with quantum networks P. Mateus N. Paunković J. Rodrigues A. Souto SQIG Instituto de Telecomunicações and DM  Instituto Superior Técnico  Universidade de Lisboa Abstract Using quantum
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Postquantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationThe New Approach of Quantum Cryptography in Network Security
The New Approach of Quantum Cryptography in Network Security Avanindra Kumar Lal 1, Anju Rani 2, Dr. Shalini Sharma 3 (Avanindra kumar) Abstract There are multiple encryption techniques at present time
More informationFactoring by Quantum Computers
Factoring by Quantum Computers Ragesh Jaiswal University of California, San Diego A Quantum computer is a device that uses uantum phenomenon to perform a computation. A classical system follows a single
More informationIntroduction to computer science
Introduction to computer science Michael A. Nielsen University of Queensland Goals: 1. Introduce the notion of the computational complexity of a problem, and define the major computational complexity classes.
More informationComputational complexity theory
Computational complexity theory Goal: A general theory of the resources needed to solve computational problems What types of resources? Time What types of computational problems? decision problem Decision
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationCh.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis
Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography
More informationQuantum Key Distribution as a NextGeneration Cryptographic Protocol. Andrew Campbell
Quantum Key Distribution as a NextGeneration Cryptographic Protocol Andrew Campbell Abstract Promising advances in the field of quantum computing indicate a growing threat to cryptographic protocols based
More information230483  QOT  Quantum Optical Technologies
Coordinating unit: Teaching unit: Academic year: Degree: ECTS credits: 2015 230  ETSETB  Barcelona School of Telecommunications Engineering 739  TSC  Department of Signal Theory and Communications
More informationAnonymous key quantum cryptography and unconditionally secure quantum bit commitment
Anonymous key quantum cryptography and unconditionally secure quantum bit commitment Horace P. Yuen Department of Electrical and Computer Engineering Department of Physics and Astronomy Northwestern University
More informationShor s algorithm and secret sharing
Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful
More informationA Probabilistic Quantum Key Transfer Protocol
A Probabilistic Quantum Key Transfer Protocol Abhishek Parakh Nebraska University Center for Information Assurance University of Nebraska at Omaha Omaha, NE 6818 Email: aparakh@unomaha.edu August 9, 01
More informationarxiv:0810.5375v2 [quantph] 18 Nov 2008
Interactive Proofs For Quantum Computations Dorit Aharonov Michael BenOr Elad Eban November 18, 2008 arxiv:0810.5375v2 [quantph] 18 Nov 2008 Abstract The widely held belief that BQP strictly contains
More informationTowards a Tight Finite Key Analysis for BB84
The Uncertainty Relation for Smooth Entropies joint work with Charles Ci Wen Lim, Nicolas Gisin and Renato Renner Institute for Theoretical Physics, ETH Zurich Group of Applied Physics, University of Geneva
More informationLecture 2: Complexity Theory Review and Interactive Proofs
600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography
More information1.Context... 3. What is the problem with current cryptographic techniques?... 3. 2.Current Quantum Key Distribution (QKD)... 4
Page 2 Table of contents 1.Context... 3 What is the problem with current cryptographic techniques?... 3 2.Current Quantum Key Distribution (QKD)... 4 What is Quantum Cryptography?... 4 How does QKD improve
More informationQuantum Computing: Lecture Notes. Ronald de Wolf
Quantum Computing: Lecture Notes Ronald de Wolf Preface These lecture notes were formed in small chunks during my Quantum computing course at the University of Amsterdam, FebMay 2011, and compiled into
More information2.1 Complexity Classes
15859(M): Randomized Algorithms Lecturer: Shuchi Chawla Topic: Complexity classes, Identity checking Date: September 15, 2004 Scribe: Andrew Gilpin 2.1 Complexity Classes In this lecture we will look
More informationarxiv:quantph/9809016 v2 19 Jan 2000
An Introduction to Quantum Computing for NonPhysicists arxiv:quantph/9809016 v 19 Jan 000 Eleanor Rieffel FX Palo Alto Labratory and Wolfgang Polak Consultant FX Palo Alto Laboratory, 3400 Hillview Avenue,
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationQuantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014
Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 ID Quantique Photon Counters Services Quantum Random Number Generators Technology
More informationRecall that two vectors in are perpendicular or orthogonal provided that their dot
Orthogonal Complements and Projections Recall that two vectors in are perpendicular or orthogonal provided that their dot product vanishes That is, if and only if Example 1 The vectors in are orthogonal
More informationQuantum Computers. And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015. Quantum Computers
Quantum Computers And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015 1 Includes joint work with Amlan Chakrabarti, U. Calcutta If you were designing Nature, how would
More informationIntroduction to Quantum Computing
Introduction to Quantum Computing Frédéric Magniez LIAFA & PCQC, Université Paris Diderot The genesis 2 Copenhagen School (Bohr, Heisenberg, )  The state of a quantum particule is only fixed after a measurement
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More information6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008
MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
More informationNetwork Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4
Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4 Computer Science and Engineering, KL University Green Fields, Vaddeswaram, PO Dt522 502, Andhra Pradesh,
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationNonBlackBox Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
NonBlackBox Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More information1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More information74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM
74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM By Dave Bacon and Debbie Leung TOWARD A WORLD WITH QUANTUM COMPUTERS Surveying the recent past and projecting future developments and applications
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationVerifiable Outsourced Computations Outsourcing Computations to Untrusted Servers
Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation
More informationQUANTUM LIGHT :! A BRIEF INTRODUCTION!
Quantum Physics QUANTUM LIGHT : A BRIEF INTRODUCTION Philippe Grangier Laboratoire Charles Fabry de l'institut d'optique, UMR 85 du CNRS, 927 Palaiseau, France Quantum Physics * Alain Aspect, in «Demain
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationA Recent Improvements in Quantum Model and Counter Measures in Quantum Computing
A Recent Improvements in Quantum Model and Counter Measures in Quantum Computing J.Senthil Murugan 1, V.Parthasarathy 2, S.Sathya 3, M.Anand 4 Assistant Professor, VelTech HighTech Dr.Rangarajan Dr.Sakunthala
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationQuantum Computing. Eleanor Rieffel FX Palo Alto Laboratory. 1 Introduction 3. 2 Early history 4. 3 Basic concepts of quantum computation 6
Quantum Computing Eleanor Rieffel FX Palo Alto Laboratory Contents 1 Introduction 3 2 Early history 4 3 Basic concepts of quantum computation 6 4 Quantum algorithms 8 4.1 Grover s algorithm and generalizations.............
More informationQuantum Cryptography: The Ultimate Solution to Secure Data Transmission?
Quantum Cryptography: The Ultimate Solution to Secure Data Transmission? Ioannis P. Antoniades 1, Amalia N. Miliou 2, Miltiades K. Hatalis 3 1 Department of Informatics, Aristotle University of Thessaloniki,
More informationOn Generating the Initial Key in the BoundedStorage Model
On Generating the Initial Key in the BoundedStorage Model Stefan Dziembowski Institute of Informatics, Warsaw University Banacha 2, PL02097 Warsaw, Poland, std@mimuw.edu.pl Ueli Maurer Department of
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture  PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationLecture 3: OneWay Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: OneWay Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationKeywords Quantum logic gates, Quantum computing, Logic gate, Quantum computer
Volume 3 Issue 10 October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Introduction
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationLecture 9  Message Authentication Codes
Lecture 9  Message Authentication Codes Boaz Barak March 1, 2010 Reading: BonehShoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationFactoring & Primality
Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount
More informationA New Quantum Algorithm for NPcomplete Problems
CDMTCS Research Report Series A New Quantum Algorithm for NPcomplete Problems Masanori Ohya Igor V. Volovich Science University of Tokyo Steklov Mathematical Institute CDMTCS194 September 00 Centre for
More informationFAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION
FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people
More informationLecture 6  Cryptography
Lecture 6  Cryptography CSE497b  Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497bs07 Question 2 Setup: Assume you and I don t know anything about
More informationQuantum Computability and Complexity and the Limits of Quantum Computation
Quantum Computability and Complexity and the Limits of Quantum Computation Eric Benjamin, Kenny Huang, Amir Kamil, Jimmy Kittiyachavalit University of California, Berkeley December 7, 2003 This paper will
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationQuantum Computing Lecture 7. Quantum Factoring. Anuj Dawar
Quantum Computing Lecture 7 Quantum Factoring Anuj Dawar Quantum Factoring A polynomial time quantum algorithm for factoring numbers was published by Peter Shor in 1994. polynomial time here means that
More informationEmbedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume4, Issue3 EISSN: 23472693 Embedding more security in digital signature system by using combination of public
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationMathematics Course 111: Algebra I Part IV: Vector Spaces
Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 19967 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are
More informationQuantum Cryptography Between Science and Business
Radboud Honours Academy 201112 May 29, 2012 Quantum Cryptography Between Science and Business Wilke Castelijns Maria van Rooijen David Venhoek Patrick Uiterwijk Preface In this report we discuss the results
More informationBits Superposition Quantum Parallelism
7Qubit Quantum Computer Typical Ion Oscillations in a Trap Bits Qubits vs Each qubit can represent both a or at the same time! This phenomenon is known as Superposition. It leads to Quantum Parallelism
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationAn Overview on Quantum Computing as a Service (QCaaS): Probability or Possibility
I.J. Mathematical Sciences and Computing, 2016, 1, 1622 Published Online January 2016 in MECS (http://www.mecspress.net) DOI: 10.5815/ijmsc.2016.01.02 Available online at http://www.mecspress.net/ijmsc
More informationEfficient GeneralAdversary MultiParty Computation
Efficient GeneralAdversary MultiParty Computation Martin Hirt, Daniel Tschudi ETH Zurich {hirt,tschudid}@inf.ethz.ch Abstract. Secure multiparty computation (MPC) allows a set P of n players to evaluate
More informationQuantum Computing and Grover s Algorithm
Quantum Computing and Grover s Algorithm Matthew Hayward January 14, 2015 1 Contents 1 Motivation for Study of Quantum Computing 3 1.1 A Killer App for Quantum Computing.............. 3 2 The Quantum Computer
More informationFactoring Algorithms Based on NMR Quantum
1295 2002 6974 69 Factoring Algorithms Based on NMR Quantum Computers (Noboru Kunihiro) (Shigeru Yamashita) NTT NTT Abstract No polynomial time algorithms have been proposed for the factoring and discrete
More informationα = u v. In other words, Orthogonal Projection
Orthogonal Projection Given any nonzero vector v, it is possible to decompose an arbitrary vector u into a component that points in the direction of v and one that points in a direction orthogonal to v
More information0.1 Phase Estimation Technique
Phase Estimation In this lecture we will describe Kitaev s phase estimation algorithm, and use it to obtain an alternate derivation of a quantum factoring algorithm We will also use this technique to design
More informationQuantum computers can search arbitrarily large databases by a single query
Quantum computers can search arbitrarily large databases by a single query Lov K. Grover, 3C404A Bell Labs, 600 Mountain Avenue, Murray Hill J 07974 (lkgrover@belllabs.com) Summary This paper shows that
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIENCHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationQUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION
Arun K. Pati Theoretical Physics Division QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION Introduction Quantum information theory is a marriage between two scientific pillars of the twentieth
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBCMAC Digital signatures 2 Encryption/Decryption
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the mostcommon used algorithms for publickey
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationComputer Science 308547A Cryptography and Data Security. Claude Crépeau
Computer Science 308547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308647A)
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 97413 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationApplication of Quantum Cryptography to an Eavesdropping Detectable Data Transmission
Title Application of Quantum Cryptography Detectable Data Transmission Author(s) Kudo, Takamitsu; Usuda, Tsuyoshi Sa Masayasu IEICE Transactions on Fundamentals Citation Communications and Computer Science
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More information"in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta". h is the Planck constant he called it
1 2 "in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta". h is the Planck constant he called it the quantum of action 3 Newton believed in the corpuscular
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationPublic Key (asymmetric) Cryptography
PublicKey Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBCMAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first
More informationQUANTUM ENIGMA Summer 2014 Ted McIrvine
QUANTUM ENIGMA Summer 2014 Ted McIrvine June 17: Once Over Lightly & Newtonian Mechanics June 24: Electricity, Magnetism, Light & the Puzzles of 1900 July 1: Atomic Theory, Quantum Theory, Paradoxes and
More information1. LINEAR EQUATIONS. A linear equation in n unknowns x 1, x 2,, x n is an equation of the form
1. LINEAR EQUATIONS A linear equation in n unknowns x 1, x 2,, x n is an equation of the form a 1 x 1 + a 2 x 2 + + a n x n = b, where a 1, a 2,..., a n, b are given real numbers. For example, with x and
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer
More informationQuantum computing in practice
Quantum computing in practice & applications to cryptography Renaud Lifchitz OPPIDA NoSuchCon, November 1921, 2014 Renaud Lifchitz NoSuchCon, November 1921, 2014 1 / 68 Speaker s bio French senior security
More informationOHJ2306 Introduction to Theoretical Computer Science, Fall 2012 8.11.2012
276 The P vs. NP problem is a major unsolved problem in computer science It is one of the seven Millennium Prize Problems selected by the Clay Mathematics Institute to carry a $ 1,000,000 prize for the
More informationSimulationBased Security with Inexhaustible Interactive Turing Machines
SimulationBased Security with Inexhaustible Interactive Turing Machines Ralf Küsters Institut für Informatik ChristianAlbrechtsUniversität zu Kiel 24098 Kiel, Germany kuesters@ti.informatik.unikiel.de
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More information(67902) Topics in Theory and Complexity Nov 2, 2006. Lecture 7
(67902) Topics in Theory and Complexity Nov 2, 2006 Lecturer: Irit Dinur Lecture 7 Scribe: Rani Lekach 1 Lecture overview This Lecture consists of two parts In the first part we will refresh the definition
More informationQuantum Algorithms Lecture Notes Summer School on Theory and Technology in Quantum Information, Communication, Computation and Cryptography
Quantum Algorithms Lecture Notes Summer School on Theory and Technology in Quantum Information, Communication, Computation and Cryptography Julia Kempe CNRS & LRI, Université de ParisSud 9405 Orsay, France
More information