Quantum Turing Test. Elham Kashefi

Size: px
Start display at page:

Download "Quantum Turing Test. Elham Kashefi"

Transcription

1 Quantum Turing Test Elham Kashefi

2 Feynman Vision - 82 Quantum Computing as the technology for simulating quantum systems Spectacular Progress from complexity theory to cryptography from simulation to sampling from tomography to implementation from foundation to interpretation proving what we are actually performing and observing is indeed quantum

3 Quantum Algorithms - Speed Up Superpositions Non-local Correlations Interference &'()*'+,(-./01*2+3 4-(3315(-,67*70+1)13*158 $;<=;!"#"$% 4-(3315(-,90/:(:1-13*158 9 C 9 E $;<=; 9 D &'()*'+8!"#"$%! C! E $;<=;! D

4 Deutsch s problem Quantum Algorithms - History Deutsch-Jozsa demonstrated the first speed up put: Given A boolean a function f : {0, 1} n! {0, 1} determine if it is constant or balanced utput: Determine if f is constant or balanced Deutsch s problem U f : 1 p 2 n U f : xi( 0i 1i)! x2{0,1} n xi xi( 0i 1i) if f(x) =0 fi xi( 0i = 1 X p 2 n 1i) if f(x) ( =1 x2{0,1} n 1) f(x) xi 0 1 X 0i 1i p 1 X f i for any constant function is ( orthogonal 1) f(x) xia 0i to 1i p the corresponding 2 2 n state for any The balanced state for any function. constant function is orthogonal x2{0,1} 2 to n the state for any balanced function Measurement on f i which distinguishes balanced from constant H n : xi! 1 p 2 n X y2{0,1} n ( 1) x y yi

5 Deutsch s problem Quantum Algorithms - History Deutsch-Jozsa demonstrated the first speed up Simo put: Given A boolean a function f : {0, 1} n! {0, 1} determine if it is constant or balanced utput: Determine if f is constant or balanced Simon s Algorithm Simon s Problem e are given Given function a function 2 1 f : {0,1} n {0,1} n,specifiedbyablackbox,withthepromisethat finds xi( 0i 1i) if f(x) a Forallxf(x such that + a)= f (x). =0 a {0,1} n Uwith f : xi( 0i a 0 n such 1i) that! xi( 0i 1i) if f(x) =1 Iff (x)= f (y) then either x = y or y = 0 Suppose we are given function 2 1 f : {0,1 there is an a {0,1} n with a 0 n such that 1 1) f(x) xia 0i 1i p 2 llxf(x + a)= f (x). 1 X 0i 1i U f : p xi p 1 Breakthrough X ( The challenge is to determine a. It should x)= f (y) 2 n then either x = y x2{0,1} 2 or y = x + a. 2 n n x2{0,1} (probabilistic) computer. This is because the n such that f (x)= f (y). Andthebestanalgorit nge is to determine a. Itshould 1994 be- Shor s intuitively Period clearfinding thatthisproblem isadifficulttaskfor a classical birthday paradox (actually its converse), the tic) computer. Given an This n-bit is because integer, the find algorithm the prime cannot factorisation. determine a until it finds two inputs x and y 2 n/2 inputs. Breaks Bythe contrast, RSA cryptosystem we will show an effi (x)= f (y). Andthebestanalgorithmcandoistryrandominputsx until it finds a match. By the radox (actually its converse), the chance of this isnegligibleif 1. Use f tof set is probed up random on many pre-image fewer than state. By contrast, we will show an efficient quantum algorithm. φ = 1/

6 Quantum Algorithms - History The oo - Stephen Jordan papers Buchman-Williams cryptosystem Elliptic curve cryptography Algebraic and Number Theoretic Algorithms Exponential Speed Up: Factoring, Discrete-log, Pell's Equation, Principal Ideal, Unit Group, Class Group, Gauss Sums, Matrix Elements of Group Representations Oracular Algorithms Broad Application: Unstructured Search, Amplitude Amplification, Collision Finding, Hidden subgroup Problem, Formula Evaluation, Linear Systems, Group Isomorphism, Network Flows Approximation and Simulation Algorithms Inspired by Physic : Quantum Walk, Quantum Simulation, Knot Invariants, Partition Functions, Adiabatic Optimization, Simulated Annealing

7 Quantum Algorithms - Perspective Quantum Simulators One controllable quantum system to investigate another, less accessible one tackling problems that are too demanding for classical computers Ultracold quantum gases, Trapped ions, Photonic, Superconducting circuits Refuting the Strong Church-Turing Thesis Our communication today is secure only if we cannot build a large scale quantum computer

8 Quantum Cryptography - Security Quantum cryptography relies on the laws of quantum mechanics to offer unconditional security Measurement perturbs the system Uncertainty Principles No Cloning No perturbation No measurement No eavesdropping

9 Quantum Cryptography - History Wiesner 1983 The first link between secrecy and quantum physics quantum money Bennett and Brassard 1984, Ekert 1991 Public key distribution problem Cleve, Gottesman and Lo, 1999; Crepeau, Gottesman and Smith, 2005 Quantum Secret Sharing

10 Quantum Cryptography - History Lo, Chau, Mayers 1997 Impossibility of quantum bit commitment Damgaard et al., 2005, 2007; Wehner, Schaffner and Terhal, 2008 New paradigms of bounded-storage models Gottesman and Chuang 2001 Quantum digital signature Kitaev 2003, Chailloux and Kerenidis 2009 Perfect quantum coin flipping is impossible, but better than classical protocols exist Broadbent, Fitzsimons and Kashefi 2009 Unconditionally secure quantum delegated computation

11 Quantum Cryptography - Perspective Quantum Key Distribution Networks SECOQC: 2008, 200 km of standard fibre optic cable to interconnect six locations across Vienna and St Poelten

12 Quantum Cryptography - Perspective Quantum Key Distribution Networks DARPA: 10-node, has been running since 2004 in Massachusetts BBN Technologies, Harvard University, Boston University and QinetiQ Tokyo QKD Network: 7 partners NEC, Mitsubishi Electric, NTT and NICT, Toshiba Research Europe Ltd. (UK), Id Quantique (Switzerland) and All Vienna China and Austria Earth - Satellite QKD

13 Secure Cloud Computing How to make cloud computing safe? A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources X Y Limited Client Untrusted Server Y F(Y) F(X) F(Y)

14 Secure Cloud Computing Rivest, Adleman and Dertouzos 1979 Can we process encrypted data without decrypting it first? Fully homomorphic encryption Classical: Gentry 2009 Only computational security assumption of limited computational power of the adversary Quantum: Broadbent, Fitzsimons, and Kashefi 2009 Unconditional security

15 Qcomputing + Qcryptography = Blind Q Computing Classical Communication Classical Computer random single qubit generator Unconditional Perfect Privacy Server learns nothing about client s computation

16 IG. 1: The control computer provides one bit of classical nformation (downward arrows) to each site (circles in the reource state) determining the choice of measurement basis. fter the measurement, one bit of classical information (upard arrow), such as the outcome of the binary measurement, an E. Browne 1 y, University College London, 6BT, United Kingdom. 8, 2008) Measurement-based Quantum Computing angled states exploited in measurement-based f the classical computer that controls the meaal resource power, leading naturally to a notion computation. Surprisingly, Program the Greenbergeroblems emerge naturally as Computation optimal examples. Power is encoded in the entanglement is encoded in the classical control computer the violation of local realistic models and the measurement sites measurement site control computer control computer resource state Hide Angles of measurements Results of Measurements

17 smeasurements.ifwewereto H rotocol J( 1 Universal + + r ) o reveal use information this principle 2. Bob s about for preparation Blind the blind Quantum quantum Computation computing, Alice would have to reve. iversal of Alice s ± states structure + +r Blind called Quantum of preparation J( + the the + brickwork underlying Computation graph state. We introduce a new family of st r ) s 2 {0, 1} ; X s+r 1 tsaration For andstates each thus rdo (Figure column 2.1 not require Bob 1) which x =1,...,n the creates are universal an entangled for J( ) X Y plane state measurements from all and states Universal initial Blind Quantum P Computings 1 { + for p( ) Tr (P ( 0 + } e iθ that computational do not requirebasis measurements. Other universal graph states mn For x =1,...,n each x,y row 1 ) y θapplying =1,...,m x,y =0, π/4,...,7π/4} ctrl- incorrect andb( )) sendsapple y 0 1 (e i 1.1 =1,...,m X =(Ũ,{ Alice prepares + x,y}) epares ψ x,y R { ψ x,y R { gates between the qubits ]. initial computational basis measurements have appeared in [CLN05]. nctionality To + +θx,y = 2 1 ( 0 + e iθ the has best beendefinition of achieved our knowledge, 1). this is the first time that x,y 1 ) a new θ x,y functio =0, in[rhg06,ms08]). thanks to MBQC +θx,y From (other = 1theoretical 2 1 ( 0 + 1e iθ advances x,y e 1 ) i due θ x,y to=0, MBQC π/4,...,7π/4 appear in s tremendous a the conceptual qubits to Bob. 3. Interaction potential point forof the view, B 1and our its to Bob. ± 1 A contribution measurement 0 shows that MBQC has trem. all Bob s received development ± preparation + +r For qubits, each of newaccording column protocols, to x and=1,...,n their maybe indices, even of algorithms. by aration bits 2.1in 1.3 Bob order Outline 1 { + creates to } create an entangled a brickwork state state fromg n m all received (see qubits, acco ates an{ + For entangled } each of Protocols row y =1,...,m uantum The random computation outline single qubit of the given generator state main asfrom protocol all received is as qubits, according to their 1 1 e i 2 e i e i g ctrl- Definition X gates =(Ũ,{ 3.1between 1). Alice computes x,y}) the qubits inφ order follows. x,y where Alice to create sx has a brickwork stat 1 2 on 1). e i 1. Interaction X =(Ũ,{ 0,y = mind s a 0,y =0. quant preparation a measurement and computation. ly from {1/ 2 ( pattern 0 + e andx,y}) iθ 1 ) on a brickwork state. There are two stages: prepa In the preparation 3.2 Alice stage, measurement chooses Alice prepares r x,y single R {0, qubits 1} and chosencomputes randomly fr all the θ =0, qubits, π/4, Bob 2π/4,...,7π/4} entangles and For each measurement column x,y =( 1) x sx x,y =1,...,n x,y + s and sends them to Bob. After receiving all t reveals upper x,y 3.3 bounds Alice on the them according to thetransmits brickwork 1 mn For x =1,...,n each row y =1,...,m s 2 {0, 1} ; X s J( ) 0. x,y =( 1) sx x,y r x,y R {0, 1} x,y + s state. δ x,y Note to Bob. that this Bob unavoidably measures reve length of the input and depth dimensions x,y 1 y 3.1 =1,...,m3.4of Bob Alice stransmits underlying graph state, it does not reveal any Alice tes δ x,y = φ computes x,y + θ x,y + πr x,y. 1 (e i mputes φ ures in basis { φ x,y where sx 0,y = x,y where thestate, sx s +δx,y, 0,y =0. 0,y = result that s 0,y =0. scorrespond x,y {0, to 1} thetolengt A stage involves the computation. interaction: 3.5 If r for However, due to universality of the brickwork stat 3.2 Alice r chooses x,y =1above,Aliceflipss x,y R δx,y {0, 1} and computes δ }. 1 e ooses r i x,y = x,y φ ;otherwise calmessagetobobtotellhim additional information on Alice s computation. The computation x,y R {0, 1}. o Alice. x,y R {0, 1} and computes δ x,y = φ x,y + θ x,y + π performs the measurement and 3.3 Alice transmits δ x,y to Bob. Bob measures x,y + θ x,y + πr x,y.. wiseshedoesnothing. ansmits δ x,y to Bob. Bob measures in the basis { in the basis { stage each layer of the brickwork state, for each qubit, Alice sendsaclassicalm swilldependonthesevalues. in which basis of X Y plane he should measure the qubit. Bob +δx,y perfor telychosensothat,nomatter 3.4communicates Bob s transmits the result s x,y {0, 1} to Alice. +δx,y, δx,y x,y := s x,y + r x,y }. The universality the outcome; Alice s of Protocol choice of angles 1 follows in future from rounds the will pattern. 3.5Importantly, IfIfAliceiscomputing r x,y =1above,Aliceflipss Alice s quantum states x,y and ;otherwiseshedoesnothing. classical messages areastutelyc applying ctrl- gates between the qubits in order to create a b nsmits the result s x,y {0, 1} to Alice.

18 me as a measurement in the + φ+θ, φ+θ basis on (θ) ψ (see Appendix A), and since + θ + πr, ifr =0,Bob smeasurementhasthesameeffect J( + + r ) as Alice s target measurement; if allaliceneedstodoisfliptheoutcome. now r Blindness define and prove the security of the protocol. Intuitively, we wish to prove that whatever ooses to do (including arbitrary deviations from the protocol), his knowledge on Alice s m computation does not increase. Note, + however that Bob does learn the dimensions of the ork state, giving an upper bound on the size of Alice s computation. This is unavoidable: leadaptationoftheproofoftheorem2from[afk89],confirms ± + +r this. We incorporate tion of leakage in our definition of blindness. Aquantum delegated computation protocol rotocol by which Alice interacts quantumly { + } with Bob in order to obtain the result of a tation, U(x), where X =(Ũ,x)isAlice sinputwithũ being a description of U. ition 2. Let P be a quantum Protocol delegated P on input computation X =(Ũ,{ on x,y}) input leaks X at and most let L(X) be any function input. We say that a quantum delegated computation protocol is blind while leaking at most f, on Alice s input X, for any2. fixed Given Y = the L(X), distribution the following of classical two hold information when givendescribed Y : in The distribution of the classical obtained information by Bob obtained P is fixed by Bob andis independent of X. e distribution of the classical information obtained by Bob in P is independent of X. 2. Given the distribution of classical Definition information 2 captures described the intuitive 1, the notion statethat of the Bob s quantum view of sy obtained The quantum by Bob state in P is fixed (when and given independent Y 5 ); since of X. his view consists of classical and quant distribution of the classical information should not depend on Definition 2 captures the intuitive choice notion of the classical that Bob s information, view of the protocol the stateshould of thenot quantum dependsy o (when given Y ); since his viewand consists not depend of classical on X and (given quantum Y ). We information, are now ready this means to state tha distribution of the classical information that Protocol should not 1, (n, depend m) isonx the dimension (given Y ) and of the that brickwork for any choice of the classical information, the state of the quantum system should be uniquely determ and not depend on X (given Theorem Y ). We are3 now (Blindness). ready to state Protocol and prove 1 is our blindmain while theorem. leaking Ra that in Protocol 1, (n, m) is the dimension of the brickwork state. Proof. Let (n, m) (the dimension of the brickwork state) be Theorem 3 (Blindness). Protocol the brickwork 1 is blind state while guarantees leaking atthat most Bob s (n, m). creating of the gra

19 Quarter/Half-wave Plate BBO crystal Experimental Implementation Polarization Controller Polarizing Beam Splitter Filter Barz, Kashefi, Broadbent, Fitzsimons, eilinger, Walther, Science a b c d 2 θ 3 θ 2 3 Alice Bob

20 Experimental Implementation Client: limited computational power Quantum server: full power of Quantum Computation Prepares random qubits Entangles qubits Measurement instruction for server Initial rotation of the qubit Target rotation Computes measurement angles Random bit flip

21 Experimental Implementation Client: limited computational power Quantum server: full power of Quantum Computation Entangles qubits Prepares random qubits Y X Measurement in X-Y plane Computes measurement angles Decryption: Output of the computation 0 0, 1

22 Quantum Cloud Quantum computing could head to 'the cloud', study says Girls lock-up quantum security Almost as intriguingly, the research has been carried out by a team three of them being women. The Blind Quantum Security Eschaton Quantum computers "can decrypt any non-quantum method near-instantly, in theory, rendering all existing forms of encryption obsolete," Enderle pointed out. "This will make the concerns surrounding Iran's nuclear efforts seem trivial by comparison if a [foreign] country gets there first."

23 Blind Q Computing World CC Other approaches D. Aharonov, M. Ben-Or, and E. Eban, ICS 10 (2010) A. Childs, Quant. Inf. Compt. (2005) P. Arrighi and L. Salvail, Int. J. Quant. Inf. (2006) Approximate Protocol Dunjko, Kashefi, Leverrier, PRL, 2012 Robust Protocol Morimae, Dunjko, Kashefi, arxiv: Morimae, Fujii, Nature Communications, 2012 Morimae, PRL, 2012 Minimal Protocol Dunjko, Kashefi, Markham Composable Protocol Dunjko, Fitzsimons, Portmann, Renner, arxiv: (2013) Other Models Datta, Kapourtionis, Kashefi, One-clean qubit

24 Big Picture n Still requires 2 parameters for a classical computer to simulate it How do we verify the Solution? Can we verify it with a classical Computer? BQP BPP NP Blind Computation with BPP* Alice Not all the problem in NP can be computed blindly with a BPP Alice Abadi, Feigenbaum and Kilian

25 The Ultimate Challenge Quantum Verification

26 Should we pay $ for a quantum computer That kind of tests work only for a specific problem. We don t know if all the questions that quantum computer can solve are classically testable Simple test: We ask the box to factor a big number

27 Exponential World Hilbert space is a huge place. What makes quantum not classical makes its verification not classical either n particles = 2 n parameters

28 Quantum Turing Test

29 ± + +r Proof System { + } X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Verifier Prover r x,y R {0, 1} Yes X satisfies some property x,y R {0, NP - problems, 7 /4} s x,y := s x,y + r x,y

30 ± + +r Interactive Proofs { + } All problems X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Verifier Prover r x,y R {0, 1} Prover can cheat with exponentially small probability Yes X satisfies some property x,y R {0,, 7 /4} s x,y := s x,y + r x,y

31 { + } Can we Classically test Quantum Mechanics? X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Classical Verifier Quantum Prover Yes X satisfies some property r x,y R {0, 1} x,y R {0,, 7 /4} Gottesman (04) - Vazirani (07)- Aaronson $25 Challenge (07) Does every language in the class BQP admit an interactive protocol s x,y := s x,y + r x,y where the prover is in BQP and the verifier is in BPP?

32 Verification Correctness: in the absence of any interference, client accepts and the output is correct Soundness: Client rejects an incorrect output, except with probability at most exponentially small in the security parameter Fitzsimons and Kashefi, arxiv: , 2012

33 m Authentication =2d +1. In this case, the code can detect d errors. Also, C k is self dual [BOCG + 06], namely, the cod s equal to the dual code subspace. ij nsverification = Mi J( ) vs s i Authentication = X s i M i j i J( ) E ij antum Authentication adapted G + 02]). from A quantum Barnum authentication et. al. [BCG + scheme 02]). A(QAS) quantum is aauthenticatio pair of finitions her quantum with aalgorithms set of classical A and keys B together KEve such that: with a set of classical keys K suc 3.1 (adapted from Barnum et. al. [BCG + 02]). A quantum authentication scheme (QAS) is a pair o M l(qas) time input and quantum is ana key m-qubit algorithms a pair Alice of Bob k K A message and and B together outputs system with a set transmitted M of and classical a key keys system K k such K that: Tand of m outputs + d a t kes as input an m-qubit ( message ) system M and a key k K and outputs a transmitted system T of m + its. system T of m + d kes ted input assystem input the the (possibly T andaltered) aaltered) classical transmitted transmitted key system k T and Ksystem and outputs T andtwo a classical systems: key a k Barnum, a classical Crepeau, keygottesman, k K andsmith outputs and Tapp, two systems: FOCS02 ubit message state M, and a single qubit V which indicate whether the state is considered valid or erroneou essage whichstate indicate M, J( ) and whether a single the state qubitis Vconsidered which indicate validwhether or erroneous. the state is basis states of V are called VAL, ABR. Forafixedk we denote the corresponding super-operators b tputs two systems: a d valid or erroneous.. g super-operators by Detect error and states R. B k Forafixedk. of V are called we denote VAL the, ABR. corresponding Forafixedk super-operators we denote the by cor a pure state ψ, consider the following test on the joint system M,V : output a 1 if the first m qubits are i r if the last qubit is in state ABR, otherwise, output 0. The corresponding projections are: s i state on the ψ, joint consider systemthem,v following : output testaon 1 if the the joint firstsystem m qubits M,V are: inoutpu P ψ 1 = ψ ψ I V +(I M ψ ψ ) ABR ABR (2 first last ise, m qubit output qubits is0. inthe state corresponding ABR, otherwise, projections output are: 0. The corresponding pr P ψ 0 are= in (I M ψ ψ ) 1 VAL VAL (3 are: e is secure if for all +(I M ψ ψ ) P ψ possible input states ψ and for all possible interventions by the adversary, the expecte 1 ( ) = ABR ABR ψ ψ 1 0 I (2) 1 V +(I M ψ ψ ) ABR ABR B s output 2 to the space defined by P 1 2 is high: 0

34 m Authentication y(n) length uniformly at random. The map from k to the group element represented as a product of Cliffo erators =2d +1. can be In computed this case, the code can detect d errors. Also, C k is self dual [BOCG + 06], namely, the cod k in s equal to the dual code subspace. 1 classical f(α 1 nsverification vs P 0 ). polynomial..k m time. Tr f(α m ) (1) aux [U I J( out = P O c E Authentication G ( in J( in ) E + + aux 0)I i ij = M J U i J( ) s ] V ri ) E G P O ci = X s i ef(f) d,f(0)=a Signed = Polynomial Tr M i j aux [U( Codes in aux 0)U ] i antum Authentication adapted n background G detect + on 02]). from d polynomial Aerrors. quantum Barnum Also, quantum authentication et. C codes k al. is see self Appendix [BCG dual + A. scheme 02]). [BOCG A(QAS) + quantum 06], is aauthenticatio pair of finitions Tr aux [U I J( her quantum with aalgorithms set of classical A and keys B together KEve in aux 0)I J namely, U code ] 2.3 ([BOCG + 06]) TheP signed + polynomial = M code with such that: with a set of classical keys K suc 3.1 (adapted= fromtr Barnum et. al. [BCG + 02]). A quantum authentication scheme (QAS) is a pair o M l(qas) time input and quantum is ana key m-qubit algorithms a pair Alice aux [U( in aux 0)U respect to a string k {±1} m (denoted C k ) i i i s i i ] of Bob S k K A k def a message and= and B together 1 outputs system with a set transmitted M of and classical k 1 f(α a key keys 1 )...k system K k m such f(α K that: q d T m ) and of m outputs + d a t kes as input an m-qubit message system P + f:def(f) d,f(0)=a P + E and = a M key k K and outputs ( a transmitted ) system T of m + i s i i ij = M i X s i E j ij X s i j Detect error its. use m =2d +1. In this case, the code i can detect d errors. i Also, C k is self dual [BOCG + 06], namely, space system is equal T toof them dual + code d subspace. kes ted input assystem input the the (possibly T andaltered) aaltered) classical transmitted transmitted key system k T and Ksystem anda classical outputs T key and k two Ka and classical systems: outputs twokey asystems: k ubit 0 message state M, and a single qubit V which indicate whether the state is considered valid or erroneou essage whichstate indicate M, and whether a single state qubitis Vconsidered which indicate validwhether or erroneous. the state is basis states of V are called P + VAL E J( ), ABR. Forafixedk we denote the corresponding super-operators b and tputs states R. B k Forafixedk. two systems: i ij = M a i X s i E j ij X s i Quantum J( ) E i Authentication ij = M j [BCG of + i J( ) s i = X s i M i j i ) E ij V02]). are called A we quantum denote VAL authentication, ABR. corresponding Forafixedk scheme super-operators (QAS) we denote is a the pair by cor of d valid Definitions or erroneous. ogether a. pure state ψ, consider the following test on the joint system M,V : output a 1 if the first m qubits are i gr ifsuper-operators the last qubit is in state by P 0 with a set of classical keys K J( ) E ABR, otherwise, output 0. The corresponding sprojections are: i ij = Mi J( ) s such that: Eve i = X s = i M i j Server finition 3.1 (adapted from Client Barnum et. al. [BCG + 02]). A quantum authentication i i J( ) scheme E (QAS) is a ynomial ij tem state onm time the ψ, and quantum joint consider a key algorithms system k the M,V K A and following and B together : outputs with testa a set on 1transmitted of classical keys if the the joint firstsystem msystem K such that: qubits M,V Tare of: m inoutpu + d Atakes as input P ψ 1 an m-qubit = ψ ψ message I V system +(I M and ψ ψ ) a key k ABR ABR K and outputs a transmitted system T (2 o first last ise, m qubit output qubits is0. inthe state corresponding ABR, otherwise, projections output are: 0. The corresponding pr qubits. P ψ 0 are= in (I M ψ ψ ) ( U VAL VAL 1 (3 ) are: esmitted is secure ifsystem for all +(I M ψ ψ ) P ψ Detect possible T error Btakes as input the (possibly and input altered) astates classical transmitted ψ and for key system all possible k1 T and Kinterventions anda classical outputs key by the k two adversary, K the expecte = ABR ABR ψ ψ I (2) 1 V +(I M ψ ψ ) ABR ABR B s output to the space defined by P ( ) = 1 and systems: outputs 0 twoasy m-qubit message state M, and a single bit V which indicate whether 1 is qubit high: V which indicate whether the state is considered the state 2 is considered valid or 2 erroneous. valid 0 or er The basis states of V are called VAL, ABR. Forafixedk we denote the corresponding super-oper

35 x,y R {0, x,y 0,, 7 /4} =( 1 1) sx x,y x,y + s x,y Adding Traps s x,y := s x,y + r x,y BPP QNC NC 2 QNC 1 r x,y R {0, 1} 0, 1 +, x,y Trap R {0, Measurements, 7 /4} BPP QNC s x,y := s x,y + r x,y NC 2 QNC 1 0, 1 +, 0, 1 M + s =0 M s =1 BPP QNC NC 2 QNC 1 M + +, s =0 M + s =0 M s =1 3 Trap positions and Measurement angles remain hidden

36 ε-verification ting an incorrect outcome density operator. Any outcome density operato r is contained within the subspace of correct and incorrect outcome state babilistically Aliceprojected intobob a correct or an incorrect state. Hence intuitiv to be verifiable if the corresponding outcome state is far from any inco owing P p( ) Tr (P incorrect B( )) apple the approach of [28], we first define the notion of correctness 9. random parameters.. For any server s strategy the probability of client accepting an incorrect outcome density operator is bounded by ε: 8. Let Pincorrect beb( ) the projection onto the subspace of all the possible inc rator for the fixed density choice operator of classical Alice s and random quantum output variables denoted with, thati P incorrect =(I ideal ih ideal ) r t ihr t eal ih ideal = Tr i62{o[{t}} (B 0 ( )). Let p( ) be the probability Accept of Alice Key ch arameterized by, that is the probability of choosing a position i amo the graph to be the trap position (denoted as a random variable t) and P p( ) Tr (P incorrect B( )) apple random variables,r,x, (as defined in Definition 6). Given 0 apple < be -verifiable, if for any choice of Bob s strategy (denoted by j) the prob

37 Verification with single trap Theorem. Protocol is (1 1/2N)-verifiable in general, and in the case of purely classical output it is (1 1/N)-verifiable, where N is the total number of qubits in the protocol.

38 Probability Amplification To increase the probability of any local error being detected O(N) many traps in random locations To increase the minimum weight of any operator which leads to an incorrect outcome Fault-Tolerance

39 P P1 H P= MComp Challenge: Traps break the graph Y 5. Y Y Y P H MComp P= MReduce MComp = K 5 2. Y Y 3. Y MReduce Y MP MReduce P1 M6. P P1 7. MA MA 7. P2 MP MP K 5 P3 P3 P Required 3D lattice for Raussendorf, Harrington Topological and Goyal error-correcting code with defect thickness d 6. MP K 5 4. Y 3. Y Y K 5 P K 5 3. Y P1 Y P 6. P MReduce P1 6. Y Y 2. P1 Y H = MComp Probability Amplification 1. H P3 P3

40 Probability Amplification P 3 K K 5 P 1 P 1 K 5 P 2 P 2 M P 7. P 3 P 3 K 5 K15 K5 K 5

41 P 2 Probability Amplification M P P 3 K5 7. M ocol 8. In this figure we replace the Raussendorf-Harringtona simpler computation, as to include a full encoding yields

42 Off to Vienna P 3 7. M

43 2 What can we do with 4-qubits FIG. 1: Concept of a quantum prover interactive proof system based on blind quantum computing. The verifier wants to find out if the prover can indeed perform quantum computations. While the question if a classical verifier can test a quantum system is still open, it was shown that a verifier that has access to certain quantum resources can verify quantum computations. Here, in the framework of blind quantum computing, the verifier needs the ability to generate single qubits and to transmit them to the prover. After the transmission of the qubits, the verifier and the prover exchange two-way classical communication.

44 Restricting to Classical Input and Output trapification trapification

45 A Complete new proof of verification was required Pauli ( i ) Trap Stabilizer Measurement Overall X I Y Y Y X X Y Y Y I X C C C C C C C A C C A C C C A A C A C C C A C A C A A C C A A A A C C C A C C A A C A C A C A A A A C C A A C A A A A C A A A A Table 4: Pauli terms in the deviation operator U and whether or not they are detected by a particular trap setup or not. Although there are 256 distinct 4-qubit Pauli operators, including the identity, these can be grouped into 16

46 Summery Only 4 qubit computation can be verified and a particular type of attack cannot be detected! What about D-Wave Problem Verification of 2-qubit entanglement Blind Verification of Entanglement

47 Blind Verification of Entanglement Barz, Fitzsimons, Kashefi, Walther, Nature Physics 2013

48 Quantum Turing Test We can test efficiently a quantum computer But we need quantum randomness

49 Perspective What is the lower bound Model independent Verification Is Nature Classically verifiable

50 Quantum Turing Test Quantum ero-knowledge Proof; Adiabatic UBQC; BBP vs BQP theory Computational practice lab Unconditionally Secure Cloud Computing; Hybrid Quantum-Classical Homomorphic Encryption Efficient Process Tomography;Testing Commercial Qubits with Scientific Qubits UBQC with superconducting qubits UBQC and Verification Implementation with Photonic Qubits and Coherent Pulses lab Blind Bell Test; Blind Contextuality Test; Distinguishing Relativistic Effects from Quantum Effects practice theory Physical Interactive Proof Quantum Turing Test Blind Trapification Measurement-based QC

Open Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary

Open Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary Open Problems in Quantum Information Processing John Watrous Department of Computer Science University of Calgary #1 Open Problem Find new quantum algorithms. Existing algorithms: Shor s Algorithm (+ extensions)

More information

How Quantum Can a Computer Be? 1

How Quantum Can a Computer Be? 1 How Quantum Can a Computer Be? 1 Elham Kashefi 2 Prisme N 29 September 2014 1 This text is a transcription of the presentation given by Elham Kashefi at the Cournot seminar, «Quantum Turing Testing» in

More information

24 th IEEE Annual Computer Communications Workshop (CCW)

24 th IEEE Annual Computer Communications Workshop (CCW) 24 th IEEE Annual Computer Communications Workshop (CCW) Exploration of Quantum Cryptography in Network Security Presented by Mehrdad S. Sharbaf Sharbaf & Associates Loyola Marymount University California

More information

Authentic Digital Signature Based on Quantum Correlation

Authentic Digital Signature Based on Quantum Correlation Authentic Digital Signature Based on Quantum Correlation Xiao-Jun Wen, Yun Liu School of Electronic Information Engineering, Beijing Jiaotong University, Beijing 00044, China Abstract: An authentic digital

More information

arxiv:1206.3686v1 [quant-ph] 16 Jun 2012

arxiv:1206.3686v1 [quant-ph] 16 Jun 2012 Is Quantum Mechanics Falsifiable? A computational perspective on the foundations of Quantum Mechanics. Dorit Aharonov and Umesh Vazirani June 19, 2012 arxiv:1206.3686v1 [quant-ph] 16 Jun 2012 Abstract

More information

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert

More information

Quantum Computing. Robert Sizemore

Quantum Computing. Robert Sizemore Quantum Computing Robert Sizemore Outline Introduction: What is quantum computing? What use is quantum computing? Overview of Quantum Systems Dirac notation & wave functions Two level systems Classical

More information

Introduction to Quantum Computing

Introduction to Quantum Computing Introduction to Quantum Computing Javier Enciso encisomo@in.tum.de Joint Advanced Student School 009 Technische Universität München April, 009 Abstract In this paper, a gentle introduction to Quantum Computing

More information

Enhancing privacy with quantum networks

Enhancing privacy with quantum networks Enhancing privacy with quantum networks P. Mateus N. Paunković J. Rodrigues A. Souto SQIG- Instituto de Telecomunicações and DM - Instituto Superior Técnico - Universidade de Lisboa Abstract Using quantum

More information

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

More information

The New Approach of Quantum Cryptography in Network Security

The New Approach of Quantum Cryptography in Network Security The New Approach of Quantum Cryptography in Network Security Avanindra Kumar Lal 1, Anju Rani 2, Dr. Shalini Sharma 3 (Avanindra kumar) Abstract There are multiple encryption techniques at present time

More information

Factoring by Quantum Computers

Factoring by Quantum Computers Factoring by Quantum Computers Ragesh Jaiswal University of California, San Diego A Quantum computer is a device that uses uantum phenomenon to perform a computation. A classical system follows a single

More information

Introduction to computer science

Introduction to computer science Introduction to computer science Michael A. Nielsen University of Queensland Goals: 1. Introduce the notion of the computational complexity of a problem, and define the major computational complexity classes.

More information

Quantum Key Distribution as a Next-Generation Cryptographic Protocol. Andrew Campbell

Quantum Key Distribution as a Next-Generation Cryptographic Protocol. Andrew Campbell Quantum Key Distribution as a Next-Generation Cryptographic Protocol Andrew Campbell Abstract Promising advances in the field of quantum computing indicate a growing threat to cryptographic protocols based

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Computational complexity theory

Computational complexity theory Computational complexity theory Goal: A general theory of the resources needed to solve computational problems What types of resources? Time What types of computational problems? decision problem Decision

More information

230483 - QOT - Quantum Optical Technologies

230483 - QOT - Quantum Optical Technologies Coordinating unit: Teaching unit: Academic year: Degree: ECTS credits: 2015 230 - ETSETB - Barcelona School of Telecommunications Engineering 739 - TSC - Department of Signal Theory and Communications

More information

Anonymous key quantum cryptography and unconditionally secure quantum bit commitment

Anonymous key quantum cryptography and unconditionally secure quantum bit commitment Anonymous key quantum cryptography and unconditionally secure quantum bit commitment Horace P. Yuen Department of Electrical and Computer Engineering Department of Physics and Astronomy Northwestern University

More information

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography

More information

Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

More information

A Probabilistic Quantum Key Transfer Protocol

A Probabilistic Quantum Key Transfer Protocol A Probabilistic Quantum Key Transfer Protocol Abhishek Parakh Nebraska University Center for Information Assurance University of Nebraska at Omaha Omaha, NE 6818 Email: aparakh@unomaha.edu August 9, 01

More information

1.Context... 3. What is the problem with current cryptographic techniques?... 3. 2.Current Quantum Key Distribution (QKD)... 4

1.Context... 3. What is the problem with current cryptographic techniques?... 3. 2.Current Quantum Key Distribution (QKD)... 4 Page 2 Table of contents 1.Context... 3 What is the problem with current cryptographic techniques?... 3 2.Current Quantum Key Distribution (QKD)... 4 What is Quantum Cryptography?... 4 How does QKD improve

More information

Towards a Tight Finite Key Analysis for BB84

Towards a Tight Finite Key Analysis for BB84 The Uncertainty Relation for Smooth Entropies joint work with Charles Ci Wen Lim, Nicolas Gisin and Renato Renner Institute for Theoretical Physics, ETH Zurich Group of Applied Physics, University of Geneva

More information

Quantum Computing: Lecture Notes. Ronald de Wolf

Quantum Computing: Lecture Notes. Ronald de Wolf Quantum Computing: Lecture Notes Ronald de Wolf Preface These lecture notes were formed in small chunks during my Quantum computing course at the University of Amsterdam, Feb-May 2011, and compiled into

More information

arxiv:0810.5375v2 [quant-ph] 18 Nov 2008

arxiv:0810.5375v2 [quant-ph] 18 Nov 2008 Interactive Proofs For Quantum Computations Dorit Aharonov Michael Ben-Or Elad Eban November 18, 2008 arxiv:0810.5375v2 [quant-ph] 18 Nov 2008 Abstract The widely held belief that BQP strictly contains

More information

Lecture 2: Complexity Theory Review and Interactive Proofs

Lecture 2: Complexity Theory Review and Interactive Proofs 600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

More information

arxiv:quant-ph/9809016 v2 19 Jan 2000

arxiv:quant-ph/9809016 v2 19 Jan 2000 An Introduction to Quantum Computing for Non-Physicists arxiv:quant-ph/9809016 v 19 Jan 000 Eleanor Rieffel FX Palo Alto Labratory and Wolfgang Polak Consultant FX Palo Alto Laboratory, 3400 Hillview Avenue,

More information

2.1 Complexity Classes

2.1 Complexity Classes 15-859(M): Randomized Algorithms Lecturer: Shuchi Chawla Topic: Complexity classes, Identity checking Date: September 15, 2004 Scribe: Andrew Gilpin 2.1 Complexity Classes In this lecture we will look

More information

Quantum Computers. And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015. Quantum Computers

Quantum Computers. And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015. Quantum Computers Quantum Computers And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015 1 Includes joint work with Amlan Chakrabarti, U. Calcutta If you were designing Nature, how would

More information

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 ID Quantique Photon Counters Services Quantum Random Number Generators Technology

More information

Introduction to Quantum Computing

Introduction to Quantum Computing Introduction to Quantum Computing Frédéric Magniez LIAFA & PCQC, Université Paris Diderot The genesis 2 Copenhagen School (Bohr, Heisenberg, ) - The state of a quantum particule is only fixed after a measurement

More information

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6. 1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Recall that two vectors in are perpendicular or orthogonal provided that their dot

Recall that two vectors in are perpendicular or orthogonal provided that their dot Orthogonal Complements and Projections Recall that two vectors in are perpendicular or orthogonal provided that their dot product vanishes That is, if and only if Example 1 The vectors in are orthogonal

More information

Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4

Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4 Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4 Computer Science and Engineering, KL University Green Fields, Vaddeswaram, PO Dt-522 502, Andhra Pradesh,

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

QUANTUM LIGHT :! A BRIEF INTRODUCTION!

QUANTUM LIGHT :! A BRIEF INTRODUCTION! Quantum Physics QUANTUM LIGHT : A BRIEF INTRODUCTION Philippe Grangier Laboratoire Charles Fabry de l'institut d'optique, UMR 85 du CNRS, 927 Palaiseau, France Quantum Physics * Alain Aspect, in «Demain

More information

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008

6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.

More information

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation

More information

74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM

74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM 74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM By Dave Bacon and Debbie Leung TOWARD A WORLD WITH QUANTUM COMPUTERS Surveying the recent past and projecting future developments and applications

More information

A New Generic Digital Signature Algorithm

A New Generic Digital Signature Algorithm Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

More information

Quantum Computing. Eleanor Rieffel FX Palo Alto Laboratory. 1 Introduction 3. 2 Early history 4. 3 Basic concepts of quantum computation 6

Quantum Computing. Eleanor Rieffel FX Palo Alto Laboratory. 1 Introduction 3. 2 Early history 4. 3 Basic concepts of quantum computation 6 Quantum Computing Eleanor Rieffel FX Palo Alto Laboratory Contents 1 Introduction 3 2 Early history 4 3 Basic concepts of quantum computation 6 4 Quantum algorithms 8 4.1 Grover s algorithm and generalizations.............

More information

A Recent Improvements in Quantum Model and Counter Measures in Quantum Computing

A Recent Improvements in Quantum Model and Counter Measures in Quantum Computing A Recent Improvements in Quantum Model and Counter Measures in Quantum Computing J.Senthil Murugan 1, V.Parthasarathy 2, S.Sathya 3, M.Anand 4 Assistant Professor, VelTech HighTech Dr.Rangarajan Dr.Sakunthala

More information

Quantum Cryptography: The Ultimate Solution to Secure Data Transmission?

Quantum Cryptography: The Ultimate Solution to Secure Data Transmission? Quantum Cryptography: The Ultimate Solution to Secure Data Transmission? Ioannis P. Antoniades 1, Amalia N. Miliou 2, Miltiades K. Hatalis 3 1 Department of Informatics, Aristotle University of Thessaloniki,

More information

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

More information

Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

More information

A New Quantum Algorithm for NP-complete Problems

A New Quantum Algorithm for NP-complete Problems CDMTCS Research Report Series A New Quantum Algorithm for NP-complete Problems Masanori Ohya Igor V. Volovich Science University of Tokyo Steklov Mathematical Institute CDMTCS-194 September 00 Centre for

More information

On Generating the Initial Key in the Bounded-Storage Model

On Generating the Initial Key in the Bounded-Storage Model On Generating the Initial Key in the Bounded-Storage Model Stefan Dziembowski Institute of Informatics, Warsaw University Banacha 2, PL-02-097 Warsaw, Poland, std@mimuw.edu.pl Ueli Maurer Department of

More information

Keywords Quantum logic gates, Quantum computing, Logic gate, Quantum computer

Keywords Quantum logic gates, Quantum computing, Logic gate, Quantum computer Volume 3 Issue 10 October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Introduction

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information

Quantum Computability and Complexity and the Limits of Quantum Computation

Quantum Computability and Complexity and the Limits of Quantum Computation Quantum Computability and Complexity and the Limits of Quantum Computation Eric Benjamin, Kenny Huang, Amir Kamil, Jimmy Kittiyachavalit University of California, Berkeley December 7, 2003 This paper will

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

More information

Quantum Computing Lecture 7. Quantum Factoring. Anuj Dawar

Quantum Computing Lecture 7. Quantum Factoring. Anuj Dawar Quantum Computing Lecture 7 Quantum Factoring Anuj Dawar Quantum Factoring A polynomial time quantum algorithm for factoring numbers was published by Peter Shor in 1994. polynomial time here means that

More information

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

More information

Quantum Cryptography Between Science and Business

Quantum Cryptography Between Science and Business Radboud Honours Academy 2011-12 May 29, 2012 Quantum Cryptography Between Science and Business Wilke Castelijns Maria van Rooijen David Venhoek Patrick Uiterwijk Preface In this report we discuss the results

More information

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

More information

Bits Superposition Quantum Parallelism

Bits Superposition Quantum Parallelism 7-Qubit Quantum Computer Typical Ion Oscillations in a Trap Bits Qubits vs Each qubit can represent both a or at the same time! This phenomenon is known as Superposition. It leads to Quantum Parallelism

More information

Lecture 13: Factoring Integers

Lecture 13: Factoring Integers CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method

More information

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people

More information

An Overview on Quantum Computing as a Service (QCaaS): Probability or Possibility

An Overview on Quantum Computing as a Service (QCaaS): Probability or Possibility I.J. Mathematical Sciences and Computing, 2016, 1, 16-22 Published Online January 2016 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijmsc.2016.01.02 Available online at http://www.mecs-press.net/ijmsc

More information

Factoring & Primality

Factoring & Primality Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

More information

Factoring Algorithms Based on NMR Quantum

Factoring Algorithms Based on NMR Quantum 1295 2002 69-74 69 Factoring Algorithms Based on NMR Quantum Computers (Noboru Kunihiro) (Shigeru Yamashita) NTT NTT Abstract No polynomial time algorithms have been proposed for the factoring and discrete

More information

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

More information

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document? Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

More information

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptographic Hash Functions Message Authentication Digital Signatures Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Mathematics Course 111: Algebra I Part IV: Vector Spaces

Mathematics Course 111: Algebra I Part IV: Vector Spaces Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are

More information

Efficient General-Adversary Multi-Party Computation

Efficient General-Adversary Multi-Party Computation Efficient General-Adversary Multi-Party Computation Martin Hirt, Daniel Tschudi ETH Zurich {hirt,tschudid}@inf.ethz.ch Abstract. Secure multi-party computation (MPC) allows a set P of n players to evaluate

More information

Cryptography Lecture 8. Digital signatures, hash functions

Cryptography Lecture 8. Digital signatures, hash functions Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting

More information

A SOFTWARE COMPARISON OF RSA AND ECC

A SOFTWARE COMPARISON OF RSA AND ECC International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

More information

Quantum Computing and Grover s Algorithm

Quantum Computing and Grover s Algorithm Quantum Computing and Grover s Algorithm Matthew Hayward January 14, 2015 1 Contents 1 Motivation for Study of Quantum Computing 3 1.1 A Killer App for Quantum Computing.............. 3 2 The Quantum Computer

More information

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors

More information

0.1 Phase Estimation Technique

0.1 Phase Estimation Technique Phase Estimation In this lecture we will describe Kitaev s phase estimation algorithm, and use it to obtain an alternate derivation of a quantum factoring algorithm We will also use this technique to design

More information

QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION

QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION Arun K. Pati Theoretical Physics Division QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION Introduction Quantum information theory is a marriage between two scientific pillars of the twentieth

More information

QUANTUM ENIGMA Summer 2014 Ted McIrvine

QUANTUM ENIGMA Summer 2014 Ted McIrvine QUANTUM ENIGMA Summer 2014 Ted McIrvine June 17: Once Over Lightly & Newtonian Mechanics June 24: Electricity, Magnetism, Light & the Puzzles of 1900 July 1: Atomic Theory, Quantum Theory, Paradoxes and

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

Elliptic Curve Cryptography

Elliptic Curve Cryptography Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

More information

Quantum computing in practice

Quantum computing in practice Quantum computing in practice & applications to cryptography Renaud Lifchitz OPPIDA NoSuchCon, November 19-21, 2014 Renaud Lifchitz NoSuchCon, November 19-21, 2014 1 / 68 Speaker s bio French senior security

More information

OHJ-2306 Introduction to Theoretical Computer Science, Fall 2012 8.11.2012

OHJ-2306 Introduction to Theoretical Computer Science, Fall 2012 8.11.2012 276 The P vs. NP problem is a major unsolved problem in computer science It is one of the seven Millennium Prize Problems selected by the Clay Mathematics Institute to carry a $ 1,000,000 prize for the

More information

Simulation-Based Security with Inexhaustible Interactive Turing Machines

Simulation-Based Security with Inexhaustible Interactive Turing Machines Simulation-Based Security with Inexhaustible Interactive Turing Machines Ralf Küsters Institut für Informatik Christian-Albrechts-Universität zu Kiel 24098 Kiel, Germany kuesters@ti.informatik.uni-kiel.de

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

α = u v. In other words, Orthogonal Projection

α = u v. In other words, Orthogonal Projection Orthogonal Projection Given any nonzero vector v, it is possible to decompose an arbitrary vector u into a component that points in the direction of v and one that points in a direction orthogonal to v

More information

Revisiting a Limit on Efficient Quantum Computation

Revisiting a Limit on Efficient Quantum Computation Revisiting a Limit on Efficient Quantum Computation Tarsem S. Purewal Jr. Department of Computer Science University of Georgia Athens, GA 30602 purewal@cs.uga.edu ABSTRACT In this paper, we offer an exposition

More information

(67902) Topics in Theory and Complexity Nov 2, 2006. Lecture 7

(67902) Topics in Theory and Complexity Nov 2, 2006. Lecture 7 (67902) Topics in Theory and Complexity Nov 2, 2006 Lecturer: Irit Dinur Lecture 7 Scribe: Rani Lekach 1 Lecture overview This Lecture consists of two parts In the first part we will refresh the definition

More information

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

More information

Application of Quantum Cryptography to an Eavesdropping Detectable Data Transmission

Application of Quantum Cryptography to an Eavesdropping Detectable Data Transmission Title Application of Quantum Cryptography Detectable Data Transmission Author(s) Kudo, Takamitsu; Usuda, Tsuyoshi Sa Masayasu IEICE Transactions on Fundamentals Citation Communications and Computer Science

More information

Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

More information

Verifiable Delegation of Computation over Large Datasets

Verifiable Delegation of Computation over Large Datasets Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T Cloud Computing Data D Code F Y F(D) Cloud could be malicious

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

The Limits of Adiabatic Quantum Computation

The Limits of Adiabatic Quantum Computation The Limits of Adiabatic Quantum Computation Alper Sarikaya June 11, 2009 Presentation of work given on: Thesis and Presentation approved by: Date: Contents Abstract ii 1 Introduction to Quantum Computation

More information

"in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta". h is the Planck constant he called it

in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta. h is the Planck constant he called it 1 2 "in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta". h is the Planck constant he called it the quantum of action 3 Newton believed in the corpuscular

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information