Quantum Turing Test. Elham Kashefi

Save this PDF as:

Size: px
Start display at page:

Transcription

1 Quantum Turing Test Elham Kashefi

2 Feynman Vision - 82 Quantum Computing as the technology for simulating quantum systems Spectacular Progress from complexity theory to cryptography from simulation to sampling from tomography to implementation from foundation to interpretation proving what we are actually performing and observing is indeed quantum

3 Quantum Algorithms - Speed Up Superpositions Non-local Correlations Interference &'()*'+,(-./01*2+3 4-(3315(-,67*70+1)13*158 \$;<=;!"#"\$% 4-(3315(-,90/:(:1-13*158 9 C 9 E \$;<=; 9 D &'()*'+8!"#"\$%! C! E \$;<=;! D

4 Deutsch s problem Quantum Algorithms - History Deutsch-Jozsa demonstrated the first speed up put: Given A boolean a function f : {0, 1} n! {0, 1} determine if it is constant or balanced utput: Determine if f is constant or balanced Deutsch s problem U f : 1 p 2 n U f : xi( 0i 1i)! x2{0,1} n xi xi( 0i 1i) if f(x) =0 fi xi( 0i = 1 X p 2 n 1i) if f(x) ( =1 x2{0,1} n 1) f(x) xi 0 1 X 0i 1i p 1 X f i for any constant function is ( orthogonal 1) f(x) xia 0i to 1i p the corresponding 2 2 n state for any The balanced state for any function. constant function is orthogonal x2{0,1} 2 to n the state for any balanced function Measurement on f i which distinguishes balanced from constant H n : xi! 1 p 2 n X y2{0,1} n ( 1) x y yi

5 Deutsch s problem Quantum Algorithms - History Deutsch-Jozsa demonstrated the first speed up Simo put: Given A boolean a function f : {0, 1} n! {0, 1} determine if it is constant or balanced utput: Determine if f is constant or balanced Simon s Algorithm Simon s Problem e are given Given function a function 2 1 f : {0,1} n {0,1} n,specifiedbyablackbox,withthepromisethat finds xi( 0i 1i) if f(x) a Forallxf(x such that + a)= f (x). =0 a {0,1} n Uwith f : xi( 0i a 0 n such 1i) that! xi( 0i 1i) if f(x) =1 Iff (x)= f (y) then either x = y or y = 0 Suppose we are given function 2 1 f : {0,1 there is an a {0,1} n with a 0 n such that 1 1) f(x) xia 0i 1i p 2 llxf(x + a)= f (x). 1 X 0i 1i U f : p xi p 1 Breakthrough X ( The challenge is to determine a. It should x)= f (y) 2 n then either x = y x2{0,1} 2 or y = x + a. 2 n n x2{0,1} (probabilistic) computer. This is because the n such that f (x)= f (y). Andthebestanalgorit nge is to determine a. Itshould 1994 be- Shor s intuitively Period clearfinding thatthisproblem isadifficulttaskfor a classical birthday paradox (actually its converse), the tic) computer. Given an This n-bit is because integer, the find algorithm the prime cannot factorisation. determine a until it finds two inputs x and y 2 n/2 inputs. Breaks Bythe contrast, RSA cryptosystem we will show an effi (x)= f (y). Andthebestanalgorithmcandoistryrandominputsx until it finds a match. By the radox (actually its converse), the chance of this isnegligibleif 1. Use f tof set is probed up random on many pre-image fewer than state. By contrast, we will show an efficient quantum algorithm. φ = 1/

6 Quantum Algorithms - History The oo - Stephen Jordan papers Buchman-Williams cryptosystem Elliptic curve cryptography Algebraic and Number Theoretic Algorithms Exponential Speed Up: Factoring, Discrete-log, Pell's Equation, Principal Ideal, Unit Group, Class Group, Gauss Sums, Matrix Elements of Group Representations Oracular Algorithms Broad Application: Unstructured Search, Amplitude Amplification, Collision Finding, Hidden subgroup Problem, Formula Evaluation, Linear Systems, Group Isomorphism, Network Flows Approximation and Simulation Algorithms Inspired by Physic : Quantum Walk, Quantum Simulation, Knot Invariants, Partition Functions, Adiabatic Optimization, Simulated Annealing

7 Quantum Algorithms - Perspective Quantum Simulators One controllable quantum system to investigate another, less accessible one tackling problems that are too demanding for classical computers Ultracold quantum gases, Trapped ions, Photonic, Superconducting circuits Refuting the Strong Church-Turing Thesis Our communication today is secure only if we cannot build a large scale quantum computer

8 Quantum Cryptography - Security Quantum cryptography relies on the laws of quantum mechanics to offer unconditional security Measurement perturbs the system Uncertainty Principles No Cloning No perturbation No measurement No eavesdropping

9 Quantum Cryptography - History Wiesner 1983 The first link between secrecy and quantum physics quantum money Bennett and Brassard 1984, Ekert 1991 Public key distribution problem Cleve, Gottesman and Lo, 1999; Crepeau, Gottesman and Smith, 2005 Quantum Secret Sharing

10 Quantum Cryptography - History Lo, Chau, Mayers 1997 Impossibility of quantum bit commitment Damgaard et al., 2005, 2007; Wehner, Schaffner and Terhal, 2008 New paradigms of bounded-storage models Gottesman and Chuang 2001 Quantum digital signature Kitaev 2003, Chailloux and Kerenidis 2009 Perfect quantum coin flipping is impossible, but better than classical protocols exist Broadbent, Fitzsimons and Kashefi 2009 Unconditionally secure quantum delegated computation

11 Quantum Cryptography - Perspective Quantum Key Distribution Networks SECOQC: 2008, 200 km of standard fibre optic cable to interconnect six locations across Vienna and St Poelten

12 Quantum Cryptography - Perspective Quantum Key Distribution Networks DARPA: 10-node, has been running since 2004 in Massachusetts BBN Technologies, Harvard University, Boston University and QinetiQ Tokyo QKD Network: 7 partners NEC, Mitsubishi Electric, NTT and NICT, Toshiba Research Europe Ltd. (UK), Id Quantique (Switzerland) and All Vienna China and Austria Earth - Satellite QKD

13 Secure Cloud Computing How to make cloud computing safe? A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources X Y Limited Client Untrusted Server Y F(Y) F(X) F(Y)

14 Secure Cloud Computing Rivest, Adleman and Dertouzos 1979 Can we process encrypted data without decrypting it first? Fully homomorphic encryption Classical: Gentry 2009 Only computational security assumption of limited computational power of the adversary Quantum: Broadbent, Fitzsimons, and Kashefi 2009 Unconditional security

15 Qcomputing + Qcryptography = Blind Q Computing Classical Communication Classical Computer random single qubit generator Unconditional Perfect Privacy Server learns nothing about client s computation

16 IG. 1: The control computer provides one bit of classical nformation (downward arrows) to each site (circles in the reource state) determining the choice of measurement basis. fter the measurement, one bit of classical information (upard arrow), such as the outcome of the binary measurement, an E. Browne 1 y, University College London, 6BT, United Kingdom. 8, 2008) Measurement-based Quantum Computing angled states exploited in measurement-based f the classical computer that controls the meaal resource power, leading naturally to a notion computation. Surprisingly, Program the Greenbergeroblems emerge naturally as Computation optimal examples. Power is encoded in the entanglement is encoded in the classical control computer the violation of local realistic models and the measurement sites measurement site control computer control computer resource state Hide Angles of measurements Results of Measurements

17 smeasurements.ifwewereto H rotocol J( 1 Universal + + r ) o reveal use information this principle 2. Bob s about for preparation Blind the blind Quantum quantum Computation computing, Alice would have to reve. iversal of Alice s ± states structure + +r Blind called Quantum of preparation J( + the the + brickwork underlying Computation graph state. We introduce a new family of st r ) s 2 {0, 1} ; X s+r 1 tsaration For andstates each thus rdo (Figure column 2.1 not require Bob 1) which x =1,...,n the creates are universal an entangled for J( ) X Y plane state measurements from all and states Universal initial Blind Quantum P Computings 1 { + for p( ) Tr (P ( 0 + } e iθ that computational do not requirebasis measurements. Other universal graph states mn For x =1,...,n each x,y row 1 ) y θapplying =1,...,m x,y =0, π/4,...,7π/4} ctrl- incorrect andb( )) sendsapple y 0 1 (e i 1.1 =1,...,m X =(Ũ,{ Alice prepares + x,y}) epares ψ x,y R { ψ x,y R { gates between the qubits ]. initial computational basis measurements have appeared in [CLN05]. nctionality To + +θx,y = 2 1 ( 0 + e iθ the has best beendefinition of achieved our knowledge, 1). this is the first time that x,y 1 ) a new θ x,y functio =0, in[rhg06,ms08]). thanks to MBQC +θx,y From (other = 1theoretical 2 1 ( 0 + 1e iθ advances x,y e 1 ) i due θ x,y to=0, MBQC π/4,...,7π/4 appear in s tremendous a the conceptual qubits to Bob. 3. Interaction potential point forof the view, B 1and our its to Bob. ± 1 A contribution measurement 0 shows that MBQC has trem. all Bob s received development ± preparation + +r For qubits, each of newaccording column protocols, to x and=1,...,n their maybe indices, even of algorithms. by aration bits 2.1in 1.3 Bob order Outline 1 { + creates to } create an entangled a brickwork state state fromg n m all received (see qubits, acco ates an{ + For entangled } each of Protocols row y =1,...,m uantum The random computation outline single qubit of the given generator state main asfrom protocol all received is as qubits, according to their 1 1 e i 2 e i e i g ctrl- Definition X gates =(Ũ,{ 3.1between 1). Alice computes x,y}) the qubits inφ order follows. x,y where Alice to create sx has a brickwork stat 1 2 on 1). e i 1. Interaction X =(Ũ,{ 0,y = mind s a 0,y =0. quant preparation a measurement and computation. ly from {1/ 2 ( pattern 0 + e andx,y}) iθ 1 ) on a brickwork state. There are two stages: prepa In the preparation 3.2 Alice stage, measurement chooses Alice prepares r x,y single R {0, qubits 1} and chosencomputes randomly fr all the θ =0, qubits, π/4, Bob 2π/4,...,7π/4} entangles and For each measurement column x,y =( 1) x sx x,y =1,...,n x,y + s and sends them to Bob. After receiving all t reveals upper x,y 3.3 bounds Alice on the them according to thetransmits brickwork 1 mn For x =1,...,n each row y =1,...,m s 2 {0, 1} ; X s J( ) 0. x,y =( 1) sx x,y r x,y R {0, 1} x,y + s state. δ x,y Note to Bob. that this Bob unavoidably measures reve length of the input and depth dimensions x,y 1 y 3.1 =1,...,m3.4of Bob Alice stransmits underlying graph state, it does not reveal any Alice tes δ x,y = φ computes x,y + θ x,y + πr x,y. 1 (e i mputes φ ures in basis { φ x,y where sx 0,y = x,y where thestate, sx s +δx,y, 0,y =0. 0,y = result that s 0,y =0. scorrespond x,y {0, to 1} thetolengt A stage involves the computation. interaction: 3.5 If r for However, due to universality of the brickwork stat 3.2 Alice r chooses x,y =1above,Aliceflipss x,y R δx,y {0, 1} and computes δ }. 1 e ooses r i x,y = x,y φ ;otherwise calmessagetobobtotellhim additional information on Alice s computation. The computation x,y R {0, 1}. o Alice. x,y R {0, 1} and computes δ x,y = φ x,y + θ x,y + π performs the measurement and 3.3 Alice transmits δ x,y to Bob. Bob measures x,y + θ x,y + πr x,y.. wiseshedoesnothing. ansmits δ x,y to Bob. Bob measures in the basis { in the basis { stage each layer of the brickwork state, for each qubit, Alice sendsaclassicalm swilldependonthesevalues. in which basis of X Y plane he should measure the qubit. Bob +δx,y perfor telychosensothat,nomatter 3.4communicates Bob s transmits the result s x,y {0, 1} to Alice. +δx,y, δx,y x,y := s x,y + r x,y }. The universality the outcome; Alice s of Protocol choice of angles 1 follows in future from rounds the will pattern. 3.5Importantly, IfIfAliceiscomputing r x,y =1above,Aliceflipss Alice s quantum states x,y and ;otherwiseshedoesnothing. classical messages areastutelyc applying ctrl- gates between the qubits in order to create a b nsmits the result s x,y {0, 1} to Alice.

18 me as a measurement in the + φ+θ, φ+θ basis on (θ) ψ (see Appendix A), and since + θ + πr, ifr =0,Bob smeasurementhasthesameeffect J( + + r ) as Alice s target measurement; if allaliceneedstodoisfliptheoutcome. now r Blindness define and prove the security of the protocol. Intuitively, we wish to prove that whatever ooses to do (including arbitrary deviations from the protocol), his knowledge on Alice s m computation does not increase. Note, + however that Bob does learn the dimensions of the ork state, giving an upper bound on the size of Alice s computation. This is unavoidable: leadaptationoftheproofoftheorem2from[afk89],confirms ± + +r this. We incorporate tion of leakage in our definition of blindness. Aquantum delegated computation protocol rotocol by which Alice interacts quantumly { + } with Bob in order to obtain the result of a tation, U(x), where X =(Ũ,x)isAlice sinputwithũ being a description of U. ition 2. Let P be a quantum Protocol delegated P on input computation X =(Ũ,{ on x,y}) input leaks X at and most let L(X) be any function input. We say that a quantum delegated computation protocol is blind while leaking at most f, on Alice s input X, for any2. fixed Given Y = the L(X), distribution the following of classical two hold information when givendescribed Y : in The distribution of the classical obtained information by Bob obtained P is fixed by Bob andis independent of X. e distribution of the classical information obtained by Bob in P is independent of X. 2. Given the distribution of classical Definition information 2 captures described the intuitive 1, the notion statethat of the Bob s quantum view of sy obtained The quantum by Bob state in P is fixed (when and given independent Y 5 ); since of X. his view consists of classical and quant distribution of the classical information should not depend on Definition 2 captures the intuitive choice notion of the classical that Bob s information, view of the protocol the stateshould of thenot quantum dependsy o (when given Y ); since his viewand consists not depend of classical on X and (given quantum Y ). We information, are now ready this means to state tha distribution of the classical information that Protocol should not 1, (n, depend m) isonx the dimension (given Y ) and of the that brickwork for any choice of the classical information, the state of the quantum system should be uniquely determ and not depend on X (given Theorem Y ). We are3 now (Blindness). ready to state Protocol and prove 1 is our blindmain while theorem. leaking Ra that in Protocol 1, (n, m) is the dimension of the brickwork state. Proof. Let (n, m) (the dimension of the brickwork state) be Theorem 3 (Blindness). Protocol the brickwork 1 is blind state while guarantees leaking atthat most Bob s (n, m). creating of the gra

19 Quarter/Half-wave Plate BBO crystal Experimental Implementation Polarization Controller Polarizing Beam Splitter Filter Barz, Kashefi, Broadbent, Fitzsimons, eilinger, Walther, Science a b c d 2 θ 3 θ 2 3 Alice Bob

20 Experimental Implementation Client: limited computational power Quantum server: full power of Quantum Computation Prepares random qubits Entangles qubits Measurement instruction for server Initial rotation of the qubit Target rotation Computes measurement angles Random bit flip

21 Experimental Implementation Client: limited computational power Quantum server: full power of Quantum Computation Entangles qubits Prepares random qubits Y X Measurement in X-Y plane Computes measurement angles Decryption: Output of the computation 0 0, 1

22 Quantum Cloud Quantum computing could head to 'the cloud', study says Girls lock-up quantum security Almost as intriguingly, the research has been carried out by a team three of them being women. The Blind Quantum Security Eschaton Quantum computers "can decrypt any non-quantum method near-instantly, in theory, rendering all existing forms of encryption obsolete," Enderle pointed out. "This will make the concerns surrounding Iran's nuclear efforts seem trivial by comparison if a [foreign] country gets there first."

23 Blind Q Computing World CC Other approaches D. Aharonov, M. Ben-Or, and E. Eban, ICS 10 (2010) A. Childs, Quant. Inf. Compt. (2005) P. Arrighi and L. Salvail, Int. J. Quant. Inf. (2006) Approximate Protocol Dunjko, Kashefi, Leverrier, PRL, 2012 Robust Protocol Morimae, Dunjko, Kashefi, arxiv: Morimae, Fujii, Nature Communications, 2012 Morimae, PRL, 2012 Minimal Protocol Dunjko, Kashefi, Markham Composable Protocol Dunjko, Fitzsimons, Portmann, Renner, arxiv: (2013) Other Models Datta, Kapourtionis, Kashefi, One-clean qubit

24 Big Picture n Still requires 2 parameters for a classical computer to simulate it How do we verify the Solution? Can we verify it with a classical Computer? BQP BPP NP Blind Computation with BPP* Alice Not all the problem in NP can be computed blindly with a BPP Alice Abadi, Feigenbaum and Kilian

25 The Ultimate Challenge Quantum Verification

26 Should we pay \$ for a quantum computer That kind of tests work only for a specific problem. We don t know if all the questions that quantum computer can solve are classically testable Simple test: We ask the box to factor a big number

27 Exponential World Hilbert space is a huge place. What makes quantum not classical makes its verification not classical either n particles = 2 n parameters

28 Quantum Turing Test

29 ± + +r Proof System { + } X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Verifier Prover r x,y R {0, 1} Yes X satisfies some property x,y R {0, NP - problems, 7 /4} s x,y := s x,y + r x,y

30 ± + +r Interactive Proofs { + } All problems X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Verifier Prover r x,y R {0, 1} Prover can cheat with exponentially small probability Yes X satisfies some property x,y R {0,, 7 /4} s x,y := s x,y + r x,y

31 { + } Can we Classically test Quantum Mechanics? X =(Ũ,{ x,y}) x,y =( 1) sx x,y x,y + s x,y Classical Verifier Quantum Prover Yes X satisfies some property r x,y R {0, 1} x,y R {0,, 7 /4} Gottesman (04) - Vazirani (07)- Aaronson \$25 Challenge (07) Does every language in the class BQP admit an interactive protocol s x,y := s x,y + r x,y where the prover is in BQP and the verifier is in BPP?

32 Verification Correctness: in the absence of any interference, client accepts and the output is correct Soundness: Client rejects an incorrect output, except with probability at most exponentially small in the security parameter Fitzsimons and Kashefi, arxiv: , 2012

33 m Authentication =2d +1. In this case, the code can detect d errors. Also, C k is self dual [BOCG + 06], namely, the cod s equal to the dual code subspace. ij nsverification = Mi J( ) vs s i Authentication = X s i M i j i J( ) E ij antum Authentication adapted G + 02]). from A quantum Barnum authentication et. al. [BCG + scheme 02]). A(QAS) quantum is aauthenticatio pair of finitions her quantum with aalgorithms set of classical A and keys B together KEve such that: with a set of classical keys K suc 3.1 (adapted from Barnum et. al. [BCG + 02]). A quantum authentication scheme (QAS) is a pair o M l(qas) time input and quantum is ana key m-qubit algorithms a pair Alice of Bob k K A message and and B together outputs system with a set transmitted M of and classical a key keys system K k such K that: Tand of m outputs + d a t kes as input an m-qubit ( message ) system M and a key k K and outputs a transmitted system T of m + its. system T of m + d kes ted input assystem input the the (possibly T andaltered) aaltered) classical transmitted transmitted key system k T and Ksystem and outputs T andtwo a classical systems: key a k Barnum, a classical Crepeau, keygottesman, k K andsmith outputs and Tapp, two systems: FOCS02 ubit message state M, and a single qubit V which indicate whether the state is considered valid or erroneou essage whichstate indicate M, J( ) and whether a single the state qubitis Vconsidered which indicate validwhether or erroneous. the state is basis states of V are called VAL, ABR. Forafixedk we denote the corresponding super-operators b tputs two systems: a d valid or erroneous.. g super-operators by Detect error and states R. B k Forafixedk. of V are called we denote VAL the, ABR. corresponding Forafixedk super-operators we denote the by cor a pure state ψ, consider the following test on the joint system M,V : output a 1 if the first m qubits are i r if the last qubit is in state ABR, otherwise, output 0. The corresponding projections are: s i state on the ψ, joint consider systemthem,v following : output testaon 1 if the the joint firstsystem m qubits M,V are: inoutpu P ψ 1 = ψ ψ I V +(I M ψ ψ ) ABR ABR (2 first last ise, m qubit output qubits is0. inthe state corresponding ABR, otherwise, projections output are: 0. The corresponding pr P ψ 0 are= in (I M ψ ψ ) 1 VAL VAL (3 are: e is secure if for all +(I M ψ ψ ) P ψ possible input states ψ and for all possible interventions by the adversary, the expecte 1 ( ) = ABR ABR ψ ψ 1 0 I (2) 1 V +(I M ψ ψ ) ABR ABR B s output 2 to the space defined by P 1 2 is high: 0

34 m Authentication y(n) length uniformly at random. The map from k to the group element represented as a product of Cliffo erators =2d +1. can be In computed this case, the code can detect d errors. Also, C k is self dual [BOCG + 06], namely, the cod k in s equal to the dual code subspace. 1 classical f(α 1 nsverification vs P 0 ). polynomial..k m time. Tr f(α m ) (1) aux [U I J( out = P O c E Authentication G ( in J( in ) E + + aux 0)I i ij = M J U i J( ) s ] V ri ) E G P O ci = X s i ef(f) d,f(0)=a Signed = Polynomial Tr M i j aux [U( Codes in aux 0)U ] i antum Authentication adapted n background G detect + on 02]). from d polynomial Aerrors. quantum Barnum Also, quantum authentication et. C codes k al. is see self Appendix [BCG dual + A. scheme 02]). [BOCG A(QAS) + quantum 06], is aauthenticatio pair of finitions Tr aux [U I J( her quantum with aalgorithms set of classical A and keys B together KEve in aux 0)I J namely, U code ] 2.3 ([BOCG + 06]) TheP signed + polynomial = M code with such that: with a set of classical keys K suc 3.1 (adapted= fromtr Barnum et. al. [BCG + 02]). A quantum authentication scheme (QAS) is a pair o M l(qas) time input and quantum is ana key m-qubit algorithms a pair Alice aux [U( in aux 0)U respect to a string k {±1} m (denoted C k ) i i i s i i ] of Bob S k K A k def a message and= and B together 1 outputs system with a set transmitted M of and classical k 1 f(α a key keys 1 )...k system K k m such f(α K that: q d T m ) and of m outputs + d a t kes as input an m-qubit message system P + f:def(f) d,f(0)=a P + E and = a M key k K and outputs ( a transmitted ) system T of m + i s i i ij = M i X s i E j ij X s i j Detect error its. use m =2d +1. In this case, the code i can detect d errors. i Also, C k is self dual [BOCG + 06], namely, space system is equal T toof them dual + code d subspace. kes ted input assystem input the the (possibly T andaltered) aaltered) classical transmitted transmitted key system k T and Ksystem anda classical outputs T key and k two Ka and classical systems: outputs twokey asystems: k ubit 0 message state M, and a single qubit V which indicate whether the state is considered valid or erroneou essage whichstate indicate M, and whether a single state qubitis Vconsidered which indicate validwhether or erroneous. the state is basis states of V are called P + VAL E J( ), ABR. Forafixedk we denote the corresponding super-operators b and tputs states R. B k Forafixedk. two systems: i ij = M a i X s i E j ij X s i Quantum J( ) E i Authentication ij = M j [BCG of + i J( ) s i = X s i M i j i ) E ij V02]). are called A we quantum denote VAL authentication, ABR. corresponding Forafixedk scheme super-operators (QAS) we denote is a the pair by cor of d valid Definitions or erroneous. ogether a. pure state ψ, consider the following test on the joint system M,V : output a 1 if the first m qubits are i gr ifsuper-operators the last qubit is in state by P 0 with a set of classical keys K J( ) E ABR, otherwise, output 0. The corresponding sprojections are: i ij = Mi J( ) s such that: Eve i = X s = i M i j Server finition 3.1 (adapted from Client Barnum et. al. [BCG + 02]). A quantum authentication i i J( ) scheme E (QAS) is a ynomial ij tem state onm time the ψ, and quantum joint consider a key algorithms system k the M,V K A and following and B together : outputs with testa a set on 1transmitted of classical keys if the the joint firstsystem msystem K such that: qubits M,V Tare of: m inoutpu + d Atakes as input P ψ 1 an m-qubit = ψ ψ message I V system +(I M and ψ ψ ) a key k ABR ABR K and outputs a transmitted system T (2 o first last ise, m qubit output qubits is0. inthe state corresponding ABR, otherwise, projections output are: 0. The corresponding pr qubits. P ψ 0 are= in (I M ψ ψ ) ( U VAL VAL 1 (3 ) are: esmitted is secure ifsystem for all +(I M ψ ψ ) P ψ Detect possible T error Btakes as input the (possibly and input altered) astates classical transmitted ψ and for key system all possible k1 T and Kinterventions anda classical outputs key by the k two adversary, K the expecte = ABR ABR ψ ψ I (2) 1 V +(I M ψ ψ ) ABR ABR B s output to the space defined by P ( ) = 1 and systems: outputs 0 twoasy m-qubit message state M, and a single bit V which indicate whether 1 is qubit high: V which indicate whether the state is considered the state 2 is considered valid or 2 erroneous. valid 0 or er The basis states of V are called VAL, ABR. Forafixedk we denote the corresponding super-oper

35 x,y R {0, x,y 0,, 7 /4} =( 1 1) sx x,y x,y + s x,y Adding Traps s x,y := s x,y + r x,y BPP QNC NC 2 QNC 1 r x,y R {0, 1} 0, 1 +, x,y Trap R {0, Measurements, 7 /4} BPP QNC s x,y := s x,y + r x,y NC 2 QNC 1 0, 1 +, 0, 1 M + s =0 M s =1 BPP QNC NC 2 QNC 1 M + +, s =0 M + s =0 M s =1 3 Trap positions and Measurement angles remain hidden

36 ε-verification ting an incorrect outcome density operator. Any outcome density operato r is contained within the subspace of correct and incorrect outcome state babilistically Aliceprojected intobob a correct or an incorrect state. Hence intuitiv to be verifiable if the corresponding outcome state is far from any inco owing P p( ) Tr (P incorrect B( )) apple the approach of [28], we first define the notion of correctness 9. random parameters.. For any server s strategy the probability of client accepting an incorrect outcome density operator is bounded by ε: 8. Let Pincorrect beb( ) the projection onto the subspace of all the possible inc rator for the fixed density choice operator of classical Alice s and random quantum output variables denoted with, thati P incorrect =(I ideal ih ideal ) r t ihr t eal ih ideal = Tr i62{o[{t}} (B 0 ( )). Let p( ) be the probability Accept of Alice Key ch arameterized by, that is the probability of choosing a position i amo the graph to be the trap position (denoted as a random variable t) and P p( ) Tr (P incorrect B( )) apple random variables,r,x, (as defined in Definition 6). Given 0 apple < be -verifiable, if for any choice of Bob s strategy (denoted by j) the prob

37 Verification with single trap Theorem. Protocol is (1 1/2N)-verifiable in general, and in the case of purely classical output it is (1 1/N)-verifiable, where N is the total number of qubits in the protocol.

38 Probability Amplification To increase the probability of any local error being detected O(N) many traps in random locations To increase the minimum weight of any operator which leads to an incorrect outcome Fault-Tolerance

39 P P1 H P= MComp Challenge: Traps break the graph Y 5. Y Y Y P H MComp P= MReduce MComp = K 5 2. Y Y 3. Y MReduce Y MP MReduce P1 M6. P P1 7. MA MA 7. P2 MP MP K 5 P3 P3 P Required 3D lattice for Raussendorf, Harrington Topological and Goyal error-correcting code with defect thickness d 6. MP K 5 4. Y 3. Y Y K 5 P K 5 3. Y P1 Y P 6. P MReduce P1 6. Y Y 2. P1 Y H = MComp Probability Amplification 1. H P3 P3

40 Probability Amplification P 3 K K 5 P 1 P 1 K 5 P 2 P 2 M P 7. P 3 P 3 K 5 K15 K5 K 5

41 P 2 Probability Amplification M P P 3 K5 7. M ocol 8. In this figure we replace the Raussendorf-Harringtona simpler computation, as to include a full encoding yields

42 Off to Vienna P 3 7. M

43 2 What can we do with 4-qubits FIG. 1: Concept of a quantum prover interactive proof system based on blind quantum computing. The verifier wants to find out if the prover can indeed perform quantum computations. While the question if a classical verifier can test a quantum system is still open, it was shown that a verifier that has access to certain quantum resources can verify quantum computations. Here, in the framework of blind quantum computing, the verifier needs the ability to generate single qubits and to transmit them to the prover. After the transmission of the qubits, the verifier and the prover exchange two-way classical communication.

44 Restricting to Classical Input and Output trapification trapification

45 A Complete new proof of verification was required Pauli ( i ) Trap Stabilizer Measurement Overall X I Y Y Y X X Y Y Y I X C C C C C C C A C C A C C C A A C A C C C A C A C A A C C A A A A C C C A C C A A C A C A C A A A A C C A A C A A A A C A A A A Table 4: Pauli terms in the deviation operator U and whether or not they are detected by a particular trap setup or not. Although there are 256 distinct 4-qubit Pauli operators, including the identity, these can be grouped into 16

46 Summery Only 4 qubit computation can be verified and a particular type of attack cannot be detected! What about D-Wave Problem Verification of 2-qubit entanglement Blind Verification of Entanglement

47 Blind Verification of Entanglement Barz, Fitzsimons, Kashefi, Walther, Nature Physics 2013

48 Quantum Turing Test We can test eﬃciently a quantum computer But we need quantum randomness

49 Perspective What is the lower bound Model independent Verification Is Nature Classically verifiable

50 Quantum Turing Test Quantum ero-knowledge Proof; Adiabatic UBQC; BBP vs BQP theory Computational practice lab Unconditionally Secure Cloud Computing; Hybrid Quantum-Classical Homomorphic Encryption Efficient Process Tomography;Testing Commercial Qubits with Scientific Qubits UBQC with superconducting qubits UBQC and Verification Implementation with Photonic Qubits and Coherent Pulses lab Blind Bell Test; Blind Contextuality Test; Distinguishing Relativistic Effects from Quantum Effects practice theory Physical Interactive Proof Quantum Turing Test Blind Trapification Measurement-based QC

Open Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary

Open Problems in Quantum Information Processing John Watrous Department of Computer Science University of Calgary #1 Open Problem Find new quantum algorithms. Existing algorithms: Shor s Algorithm (+ extensions)

How Quantum Can a Computer Be? 1

How Quantum Can a Computer Be? 1 Elham Kashefi 2 Prisme N 29 September 2014 1 This text is a transcription of the presentation given by Elham Kashefi at the Cournot seminar, «Quantum Turing Testing» in

24 th IEEE Annual Computer Communications Workshop (CCW)

24 th IEEE Annual Computer Communications Workshop (CCW) Exploration of Quantum Cryptography in Network Security Presented by Mehrdad S. Sharbaf Sharbaf & Associates Loyola Marymount University California

Authentic Digital Signature Based on Quantum Correlation

Authentic Digital Signature Based on Quantum Correlation Xiao-Jun Wen, Yun Liu School of Electronic Information Engineering, Beijing Jiaotong University, Beijing 00044, China Abstract: An authentic digital

arxiv:1206.3686v1 [quant-ph] 16 Jun 2012

Is Quantum Mechanics Falsifiable? A computational perspective on the foundations of Quantum Mechanics. Dorit Aharonov and Umesh Vazirani June 19, 2012 arxiv:1206.3686v1 [quant-ph] 16 Jun 2012 Abstract

Introduction to Quantum Computing

Introduction to Quantum Computing Javier Enciso encisomo@in.tum.de Joint Advanced Student School 009 Technische Universität München April, 009 Abstract In this paper, a gentle introduction to Quantum Computing

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp

Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert

Quantum Computing. Robert Sizemore

Quantum Computing Robert Sizemore Outline Introduction: What is quantum computing? What use is quantum computing? Overview of Quantum Systems Dirac notation & wave functions Two level systems Classical

Enhancing privacy with quantum networks

Enhancing privacy with quantum networks P. Mateus N. Paunković J. Rodrigues A. Souto SQIG- Instituto de Telecomunicações and DM - Instituto Superior Técnico - Universidade de Lisboa Abstract Using quantum

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

The New Approach of Quantum Cryptography in Network Security

The New Approach of Quantum Cryptography in Network Security Avanindra Kumar Lal 1, Anju Rani 2, Dr. Shalini Sharma 3 (Avanindra kumar) Abstract There are multiple encryption techniques at present time

Factoring by Quantum Computers

Factoring by Quantum Computers Ragesh Jaiswal University of California, San Diego A Quantum computer is a device that uses uantum phenomenon to perform a computation. A classical system follows a single

Introduction to computer science

Introduction to computer science Michael A. Nielsen University of Queensland Goals: 1. Introduce the notion of the computational complexity of a problem, and define the major computational complexity classes.

Continuous Variable Cryptography in the Noisy Storage Model

Continuous Variable Cryptography in the Noisy Storage Model QCrypt, 1.10.2015 Fabian Furrer NTT Basic Research Lab Joint work with: Christian Schaffner @ University of Amsterdam Stephanie Wehner @ TU Delft

1 Message Authentication

Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis

Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography

Computational complexity theory

Computational complexity theory Goal: A general theory of the resources needed to solve computational problems What types of resources? Time What types of computational problems? decision problem Decision

arxiv:0810.5375v2 [quant-ph] 18 Nov 2008

Interactive Proofs For Quantum Computations Dorit Aharonov Michael Ben-Or Elad Eban November 18, 2008 arxiv:0810.5375v2 [quant-ph] 18 Nov 2008 Abstract The widely held belief that BQP strictly contains

Quantum Key Distribution as a Next-Generation Cryptographic Protocol. Andrew Campbell

Quantum Key Distribution as a Next-Generation Cryptographic Protocol Andrew Campbell Abstract Promising advances in the field of quantum computing indicate a growing threat to cryptographic protocols based

A Probabilistic Quantum Key Transfer Protocol

A Probabilistic Quantum Key Transfer Protocol Abhishek Parakh Nebraska University Center for Information Assurance University of Nebraska at Omaha Omaha, NE 6818 Email: aparakh@unomaha.edu August 9, 01

230483 - QOT - Quantum Optical Technologies

Coordinating unit: Teaching unit: Academic year: Degree: ECTS credits: 2015 230 - ETSETB - Barcelona School of Telecommunications Engineering 739 - TSC - Department of Signal Theory and Communications

arxiv: v2 [quant-ph] 18 Aug 2013

Secure multiparty quantum computation based on bit commitment arxiv:1306.0447v2 [quant-ph] 18 Aug 2013 Min Liang Data Communication Science and Technology Research Institute, Beijing 100191, China Abstract

Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

1.Context... 3. What is the problem with current cryptographic techniques?... 3. 2.Current Quantum Key Distribution (QKD)... 4

Page 2 Table of contents 1.Context... 3 What is the problem with current cryptographic techniques?... 3 2.Current Quantum Key Distribution (QKD)... 4 What is Quantum Cryptography?... 4 How does QKD improve

Quantum Computing: Lecture Notes. Ronald de Wolf

Quantum Computing: Lecture Notes Ronald de Wolf Preface These lecture notes were formed in small chunks during my Quantum computing course at the University of Amsterdam, Feb-May 2011, and compiled into

Towards a Tight Finite Key Analysis for BB84

The Uncertainty Relation for Smooth Entropies joint work with Charles Ci Wen Lim, Nicolas Gisin and Renato Renner Institute for Theoretical Physics, ETH Zurich Group of Applied Physics, University of Geneva

Anonymous key quantum cryptography and unconditionally secure quantum bit commitment

Anonymous key quantum cryptography and unconditionally secure quantum bit commitment Horace P. Yuen Department of Electrical and Computer Engineering Department of Physics and Astronomy Northwestern University

Lecture 2: Complexity Theory Review and Interactive Proofs

600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

2.1 Complexity Classes

15-859(M): Randomized Algorithms Lecturer: Shuchi Chawla Topic: Complexity classes, Identity checking Date: September 15, 2004 Scribe: Andrew Gilpin 2.1 Complexity Classes In this lecture we will look

arxiv:quant-ph/9809016 v2 19 Jan 2000

An Introduction to Quantum Computing for Non-Physicists arxiv:quant-ph/9809016 v 19 Jan 000 Eleanor Rieffel FX Palo Alto Labratory and Wolfgang Polak Consultant FX Palo Alto Laboratory, 3400 Hillview Avenue,

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014

Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 ID Quantique Photon Counters Services Quantum Random Number Generators Technology

Quantum Computers. And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015. Quantum Computers

Quantum Computers And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, 2015 1 Includes joint work with Amlan Chakrabarti, U. Calcutta If you were designing Nature, how would

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

Recall that two vectors in are perpendicular or orthogonal provided that their dot

Orthogonal Complements and Projections Recall that two vectors in are perpendicular or orthogonal provided that their dot product vanishes That is, if and only if Example 1 The vectors in are orthogonal

6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008

MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.

Introduction to Quantum Computing

Introduction to Quantum Computing Frédéric Magniez LIAFA & PCQC, Université Paris Diderot The genesis 2 Copenhagen School (Bohr, Heisenberg, ) - The state of a quantum particule is only fixed after a measurement

Cryptographic and Physical Zero- Knowledge Proof Systems for Solutions of Sudoku Puzzles

Cryptographic and Physical Zero- Knowledge Proof Systems for Solutions of Sudoku Puzzles, University of Haifa Joint work with Ronen Gradwohl, Moni Naor and Guy Rothblum page 1 Sudoku Fill in the empty

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM

74 September 2007/Vol. 50, No. 9 COMMUNICATIONS OF THE ACM By Dave Bacon and Debbie Leung TOWARD A WORLD WITH QUANTUM COMPUTERS Surveying the recent past and projecting future developments and applications

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4

Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4 Computer Science and Engineering, KL University Green Fields, Vaddeswaram, PO Dt-522 502, Andhra Pradesh,

Introduction. Digital Signature

Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

QUANTUM LIGHT :! A BRIEF INTRODUCTION!

Quantum Physics QUANTUM LIGHT : A BRIEF INTRODUCTION Philippe Grangier Laboratoire Charles Fabry de l'institut d'optique, UMR 85 du CNRS, 927 Palaiseau, France Quantum Physics * Alain Aspect, in «Demain

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation

Quantum Computing. Eleanor Rieffel FX Palo Alto Laboratory. 1 Introduction 3. 2 Early history 4. 3 Basic concepts of quantum computation 6

Quantum Computing Eleanor Rieffel FX Palo Alto Laboratory Contents 1 Introduction 3 2 Early history 4 3 Basic concepts of quantum computation 6 4 Quantum algorithms 8 4.1 Grover s algorithm and generalizations.............

Lecture 3: One-Way Encryption, RSA Example

ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

Modular arithmetic. x ymodn if x = y +mn for some integer m. p. 1/??

p. 1/?? Modular arithmetic Much of modern number theory, and many practical problems (including problems in cryptography and computer science), are concerned with modular arithmetic. While this is probably

Midterm Exam Solutions CS161 Computer Security, Spring 2008

Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext

Associate Prof. Dr. Victor Onomza Waziri

BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

An Introduction to Quantum Algorithms

An Introduction to Quantum Algorithms Emma Strubell COS498 Chawathe Spring An Introduction to Quantum Algorithms Contents Contents What are quantum algorithms? 3. Background..................................

Quantum Computation CMU BB, Fall 2015

Quantum Computation CMU 5-859BB, Fall 205 Homework 3 Due: Tuesday, Oct. 6, :59pm, email the pdf to pgarriso@andrew.cmu.edu Solve any 5 out of 6. [Swap test.] The CSWAP (controlled-swap) linear operator

A Recent Improvements in Quantum Model and Counter Measures in Quantum Computing

A Recent Improvements in Quantum Model and Counter Measures in Quantum Computing J.Senthil Murugan 1, V.Parthasarathy 2, S.Sathya 3, M.Anand 4 Assistant Professor, VelTech HighTech Dr.Rangarajan Dr.Sakunthala

Keywords Quantum logic gates, Quantum computing, Logic gate, Quantum computer

Volume 3 Issue 10 October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Introduction

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

Quantum Computability and Complexity and the Limits of Quantum Computation

Quantum Computability and Complexity and the Limits of Quantum Computation Eric Benjamin, Kenny Huang, Amir Kamil, Jimmy Kittiyachavalit University of California, Berkeley December 7, 2003 This paper will

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

Lecture 13: Factoring Integers

CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method

Quantum Cryptography: The Ultimate Solution to Secure Data Transmission?

Quantum Cryptography: The Ultimate Solution to Secure Data Transmission? Ioannis P. Antoniades 1, Amalia N. Miliou 2, Miltiades K. Hatalis 3 1 Department of Informatics, Aristotle University of Thessaloniki,

Factoring & Primality

Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

Bits Superposition Quantum Parallelism

7-Qubit Quantum Computer Typical Ion Oscillations in a Trap Bits Qubits vs Each qubit can represent both a or at the same time! This phenomenon is known as Superposition. It leads to Quantum Parallelism

A New Quantum Algorithm for NP-complete Problems

CDMTCS Research Report Series A New Quantum Algorithm for NP-complete Problems Masanori Ohya Igor V. Volovich Science University of Tokyo Steklov Mathematical Institute CDMTCS-194 September 00 Centre for

Lecture 6 - Cryptography

Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

On Generating the Initial Key in the Bounded-Storage Model

On Generating the Initial Key in the Bounded-Storage Model Stefan Dziembowski Institute of Informatics, Warsaw University Banacha 2, PL-02-097 Warsaw, Poland, std@mimuw.edu.pl Ueli Maurer Department of

Solving systems of linear equations over finite fields

Solving systems of linear equations over finite fields June 1, 2007 1 Introduction 2 3 4 Basic problem Introduction x 1 + x 2 + x 3 = 1 x 1 + x 2 = 1 x 1 + x 2 + x 4 = 1 x 2 + x 4 = 0 x 1 + x 3 + x 4 =

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

Quantum Computing Lecture 7. Quantum Factoring. Anuj Dawar

Quantum Computing Lecture 7 Quantum Factoring Anuj Dawar Quantum Factoring A polynomial time quantum algorithm for factoring numbers was published by Peter Shor in 1994. polynomial time here means that

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION

Arun K. Pati Theoretical Physics Division QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION Introduction Quantum information theory is a marriage between two scientific pillars of the twentieth

CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

Quantum Cryptography Between Science and Business

Radboud Honours Academy 2011-12 May 29, 2012 Quantum Cryptography Between Science and Business Wilke Castelijns Maria van Rooijen David Venhoek Patrick Uiterwijk Preface In this report we discuss the results

Mathematics Course 111: Algebra I Part IV: Vector Spaces

Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are

Efficient General-Adversary Multi-Party Computation

Efficient General-Adversary Multi-Party Computation Martin Hirt, Daniel Tschudi ETH Zurich {hirt,tschudid}@inf.ethz.ch Abstract. Secure multi-party computation (MPC) allows a set P of n players to evaluate

"in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta". h is the Planck constant he called it

1 2 "in recognition of the services he rendered to the advancement of Physics by his discovery of energy quanta". h is the Planck constant he called it the quantum of action 3 Newton believed in the corpuscular

Chapter 9 Public Key Cryptography and RSA

Chapter 9 Public Key Cryptography and RSA Cryptography and Network Security: Principles and Practices (3rd Ed.) 2004/1/15 1 9.1 Principles of Public Key Private-Key Cryptography traditional private/secret/single

Factoring Algorithms Based on NMR Quantum

1295 2002 69-74 69 Factoring Algorithms Based on NMR Quantum Computers (Noboru Kunihiro) (Shigeru Yamashita) NTT NTT Abstract No polynomial time algorithms have been proposed for the factoring and discrete

A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

An Overview on Quantum Computing as a Service (QCaaS): Probability or Possibility

I.J. Mathematical Sciences and Computing, 2016, 1, 16-22 Published Online January 2016 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijmsc.2016.01.02 Available online at http://www.mecs-press.net/ijmsc

Quantum computers can search arbitrarily large databases by a single query

Quantum computers can search arbitrarily large databases by a single query Lov K. Grover, 3C-404A Bell Labs, 600 Mountain Avenue, Murray Hill J 07974 (lkgrover@bell-labs.com) Summary This paper shows that

α = u v. In other words, Orthogonal Projection

Orthogonal Projection Given any nonzero vector v, it is possible to decompose an arbitrary vector u into a component that points in the direction of v and one that points in a direction orthogonal to v

0.1 Phase Estimation Technique

Phase Estimation In this lecture we will describe Kitaev s phase estimation algorithm, and use it to obtain an alternate derivation of a quantum factoring algorithm We will also use this technique to design

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University

Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem

1. LINEAR EQUATIONS. A linear equation in n unknowns x 1, x 2,, x n is an equation of the form

1. LINEAR EQUATIONS A linear equation in n unknowns x 1, x 2,, x n is an equation of the form a 1 x 1 + a 2 x 2 + + a n x n = b, where a 1, a 2,..., a n, b are given real numbers. For example, with x and

Separation in Quantum and Randomized Query Complexity based on Cheat Sheet model

Separation in Quantum and Randomized Query Complexity based on Cheat Sheet model Hardik Bansal Advisor : Prof. Rajat Mittal Abstract Recent result by Shalev [1] have shown super-quadratic separation between

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study