Towards a Tight Finite Key Analysis for BB84
|
|
- Felicia Wilcox
- 8 years ago
- Views:
Transcription
1 The Uncertainty Relation for Smooth Entropies joint work with Charles Ci Wen Lim, Nicolas Gisin and Renato Renner Institute for Theoretical Physics, ETH Zurich Group of Applied Physics, University of Geneva [arxiv: , 2011] Vienna, July 2011
2 1 Entropic Uncertainty Relations Heisenberg s Uncertainty Principle Variance vs. Shannon Entropy Entropic Uncertainty Relation Quantum Memory 2 Uncertainty Relation for Smooth Entropies The Uncertainty Relation for Smooth Entropies Guessing Probability Smooth Min-entropy Smooth Max-entropy 3 Application to Quantum Key Distribution Protocol and Security Numerical Results
3 Heisenberg s Uncertainty Principle Fresh from Wikipedia: In quantum mechanics, the Heisenberg uncertainty principle states by precise inequalities that certain pairs of physical properties, such as position and momentum, cannot be simultaneously known to arbitrarily high precision. That is, the more precisely one property is measured, the less precisely the other can be measured.
4 Heisenberg s Uncertainty Principle Fresh from Wikipedia: In quantum mechanics, the Heisenberg uncertainty principle states by precise inequalities that certain pairs of physical properties, such as position and momentum, cannot be simultaneously known to arbitrarily high precision. That is, the more precisely one property is measured, the less precisely the other can be measured.
5 Heisenberg s Uncertainty Principle Fresh from Wikipedia: In quantum mechanics, the Heisenberg uncertainty principle states by precise inequalities that certain pairs of physical properties, such as position and momentum, cannot be simultaneously known to arbitrarily high precision. That is, the more precisely one property can be measured, the less precisely the other can be measured. Think of it as a gedankenexperiment. No quantum states will be harmed (i.e. measured, forced to collapse) during this talk!
6 Robertson s Uncertainty Relation A common formalization of the uncertainty principle is due to Robertson: σ X σ Z 1 ψ [ ˆX, Ẑ] ψ, 2 where ˆX and Ẑ are two observables, [ ˆX, Ẑ] = ˆX Ẑ Ẑ ˆX is their commutator, ψ is the state of the system before measurement, and σ X and σ Z are the standard deviations of the two potential measurement outcomes.
7 Inadequacies of Robertson s Relation σ X σ Z 1 ψ [ ˆX, Ẑ] ψ 2 The lower bound on the uncertainty in general depends on the state ψ, which might be unknown. The standard deviation is not always a good measure of the uncertainty about the measurement outcome.
8 Uncertainty as Shannon Entropy The Shannon entropy of a random variable X, H(X ), is a functional of the probability distribution over outcomes, Pr[X = x], and not the outcomes themselves. H(X ) := x Pr[X = x] log 2 1 Pr[X = x].
9 Uncertainty as Shannon Entropy The Shannon entropy of a random variable X, H(X ), is a functional of the probability distribution over outcomes, Pr[X = x], and not the outcomes themselves. H(X ) := x Pr[X = x] log 2 1 Pr[X = x]. The entropies of the distributions on the previous slide are ( ) ( ) H = 1 and H 3.
10 Entropic Uncertainty Relation The entropic uncertainty relation gives a lower bound on the sum of the entropies of the two possible measurements in terms of the overlap of the measurements, c. Deutsch, Maassen/Uffink 1988 H(X ) + H(Z) log 2 1 c with c := max x z 2, x,z where x and z are the eigenvectors of the observables ˆX and Ẑ. For general positive operator valued measurements (POVMs) with elements {M x } for X and {N z } for Z, the overlap is c := max x,z M x Nz 2.
11 Quantum Memory What happens when we allow quantum memory? A ψ B
12 Quantum Memory What happens when we allow quantum memory? X σ X A σ Z Z ψ B
13 Quantum Memory What happens when we allow quantum memory? σ X A σ Z ψ σ X B σ Z X Z X Z
14 Quantum Memory What happens when we allow quantum memory? σ X A σ Z ψ σ X B σ Z X Z X Z For this example H(X B) = H(Z B) = 0 while c = 1/2. Hence, the following does not hold in general: H(X B) + H(Z B) log 2 1 c.
15 Uncertainty Relation for Quantum Memory An uncertainty relation is possible if we introduce an additional quantum memory, E. X A ρ ABE Z The monogamy of entanglement helps. B E Berta et al. 2010, Coles et al H(X E) + H(Z B) log 2 1 c.
16 Main Tool The uncertainty relation for smooth entropies: Tomamichel/Renner 2011 For any state ρ ABE, ε 0 and POVMs {M x } and {N z } on A: H ε min(x E) + H ε max(z B) log 2 1 c, c = max M x Nz x,z 2. This generalizes previous results for the Shannon/von Neumann entropy. It has direct applications in quantum cryptography.
17 Guessing Probability Let X be a random variable correlated to a memory E. We denote by p guess (X E) the probability that X is guessed correctly using the optimal strategy with access to E. E is empty: We pick the most probable event and p guess (X ) = max Pr[X = x]. x E is classical: We pick the most probable event given the state of our memory and p guess (X E) = e Pr[E = e] max Pr[X = x E = e]. x
18 Guessing Probability Let X be a random variable correlated to a memory E. We denote by p guess (X E) the probability that X is guessed correctly using the optimal strategy with access to E. E is quantum: The state of the joint system is of the form ρ XE = x Pr[X = x] x x ρ x E, where ρ x E is the state of the memory when x is measured. The guessing probability is p guess (X E) = sup Pr[X = x] tr ( F x ρ x ) E, {F x } where the optimization is over all POVM s {F x } on the quantum memory. x
19 Smooth Min-Entropy The min-entropy is defined as Renner 2005, König/Renner/Schaffner 2009 H min (X E) := log p guess (X E). The smooth min-entropy, Hmin ε (X E), results from a maximization of the min-entropy over an ε-neighborhood of the density operator of the state. It quantifies how many random bits that are independent of the memory E can be extracted from X. Renner/König 2005 l secr H ε min(x E).
20 Smooth Max-Entropy The smooth max-entropy, H ε max(z B), quantifies how many bits of additional information about Z are needed to reconstruct it from B. Renes/Renner 2010 l enc H ε max(z B). If Z = Z 1...Z n is a bit string and B = Z 1...Z n is classical, then H ε max(z 1...Z n Z 1...Z n) nh(δ), where δ is chosen such that the fraction of errors that Z has on Z is smaller than δ with high probability.
21 BB84 Type Protocol Alice encodes a random bit into a qubit in one of two bases, either X or Z, chosen at random. The X bits will be used to extract a key, while the Z are used to check security. She sends the qubit over a public channel to Bob, while the eavesdropper, Eve, may interfere as she wishes. Bob measures the system randomly either in the X or Z basis. Alice and Bob sift the strings containing their binary measurement outcomes so that they contain n bits where both used X, denoted X 1... X n, and k bits where they both used Z, denoted Z 1... Z k. If the security criterion is satisfied, they extract l bits of shared secret key, using classical post-processing (data reconciliation and privacy amplification).
22 Proof Sketch E A 1 B 1 A 2 B 2 A 3 B 3 A 4 B 4. ρ A1...A N B 1...B N E. A N 1 A N B N 1 B N
23 Proof Sketch E X 1 A 1 B 1 X 1 Z 1 A 2 B 2 Z 1 X 2 A 3 B 3 X 2 X 3 A 4 B 4 X 3. ρ A1...A N B 1...B N E X n A N 1 B N 1 X n Z k A N B N Z k.
24 Proof Sketch E X 1 A 1 B 1 X 1 Z 1 A 2 B 2 Z 1 X 2 A 3 B 3 X 2 X 3 A 4 B 4 X 3. ρ A1...A N B 1...B N E X n A N 1 B N 1 X n Z k A N B N Z k. l secr H ε min(x 1...X n E)
25 Proof Sketch E X 1 A 1 B 1 X 1 Z 1 A 2 B 2 Z 1 X 2 A 3 B 3 X 2 X 3 A 4 B 4 X 3. ρ A1...A N B 1...B N E X n A N 1 B N 1 X n Z k A N B N Z k. l secr H ε min(x 1...X n E) n H ε max(ẑ1...ẑn Ẑ 1...Ẑ n)
26 Proof Sketch E X 1 A 1 B 1 X 1 Z 1 A 2 B 2 Z 1 X 2 A 3 B 3 X 2 X 3 A 4 B 4 X 3. ρ A1...A N B 1...B N E X n A N 1 B N 1 X n Z k A N B N Z k. l secr H ε min(x 1...X n E) n H ε max(ẑ1...ẑn Ẑ 1...Ẑ n) n ( 1 h(δ) )
27 Proof Sketch E X 1 A 1 B 1 X 1 Z 1 A 2 B 2 Z 1 X 2 A 3 B 3 X 2 X 3 A 4 B 4 X 3. ρ A1...A N B 1...B N E X n A N 1 B N 1 X n Z k A N B N Z k. l secr Hmin(X ε 1...X n E) n Hmax(Ẑ1. ε..ẑn Ẑ 1...Ẑ n) n ( 1 h(δ) ) n ( ( 1 k ) ) 1 h Z i Z i k i=1
28 Secure Key Rate The extractable ɛ-secure key per block of size N = n + k is l ɛ n ( 1 h(q tol + µ) ) 3 log(3/ɛ) leak EC µ 1/k ln(1/ɛ) is the statistical deviation from the tolerated channel noise, Q tol. k is the number of test bits used for statistics. leak EC nh(q tol ) is the information about the key leaked during error correction. The achievable key rate, l/n, deviates from its optimal asymptotic value, 1 2h(Q tol ), only by (probably unavoidable) terms due to finite statistics.
29 Numerical Results Plot of the expected key rate as function of the block size n for channel bit error rates Q {1%, 2.5%, 5%} (from left to right). The security rate is fixed to ɛ/l =
30 Comparison to Scarani/Renner Asymptotic limit, Q=1.0% Asymptotic limit, Q=2.5% Asymptotic limit, Q=5.0% The plots show the rate l/n as a function of the sifted key size N = n + k and a security bound of ɛ =
31 Conclusion and Outlook The improved finite key bounds are due to the simplicity of the proof via the uncertainty relation. No tomography of single quantum systems is necessary. Instead, the min-entropy of the whole string can be bounded directly. Security against general attacks comes for free no De Finetti or Post-Selection necessary. This proof technique can (hopefully) be applied to other problems in quantum cryptography. As pointed out by Hayashi/Tsurumaru (arxiv: , yesterday), the key rates can be improved when we allow a dynamic protocol that chooses a different l in each run.
32 Thank you for your attention. Any questions?
24 th IEEE Annual Computer Communications Workshop (CCW)
24 th IEEE Annual Computer Communications Workshop (CCW) Exploration of Quantum Cryptography in Network Security Presented by Mehrdad S. Sharbaf Sharbaf & Associates Loyola Marymount University California
More informationOn the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments Suman Jana, Sriram Nandha Premnath Mike Clark, Sneha K. Kasera, Neal Patwari University of Utah Srikanth
More informationA Probabilistic Quantum Key Transfer Protocol
A Probabilistic Quantum Key Transfer Protocol Abhishek Parakh Nebraska University Center for Information Assurance University of Nebraska at Omaha Omaha, NE 6818 Email: aparakh@unomaha.edu August 9, 01
More information0.1 Phase Estimation Technique
Phase Estimation In this lecture we will describe Kitaev s phase estimation algorithm, and use it to obtain an alternate derivation of a quantum factoring algorithm We will also use this technique to design
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationKey Agreement from Close Secrets over Unsecured Channels Winter 2010
Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication
More informationTCOM 370 NOTES 99-4 BANDWIDTH, FREQUENCY RESPONSE, AND CAPACITY OF COMMUNICATION LINKS
TCOM 370 NOTES 99-4 BANDWIDTH, FREQUENCY RESPONSE, AND CAPACITY OF COMMUNICATION LINKS 1. Bandwidth: The bandwidth of a communication link, or in general any system, was loosely defined as the width of
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationQuantum Key Distribution as a Next-Generation Cryptographic Protocol. Andrew Campbell
Quantum Key Distribution as a Next-Generation Cryptographic Protocol Andrew Campbell Abstract Promising advances in the field of quantum computing indicate a growing threat to cryptographic protocols based
More informationMIMO CHANNEL CAPACITY
MIMO CHANNEL CAPACITY Ochi Laboratory Nguyen Dang Khoa (D1) 1 Contents Introduction Review of information theory Fixed MIMO channel Fading MIMO channel Summary and Conclusions 2 1. Introduction The use
More informationPractical security of quantum cryptography
Lars Vincent van de Wiel Lydersen Practical security of quantum cryptography Thesis for the degree of Philosophiae Doctor Trondheim, September 2011 Norwegian University of Science and Technology Faculty
More informationChapter 1 Introduction
Chapter 1 Introduction 1. Shannon s Information Theory 2. Source Coding theorem 3. Channel Coding Theory 4. Information Capacity Theorem 5. Introduction to Error Control Coding Appendix A : Historical
More informationA Numerical Study on the Wiretap Network with a Simple Network Topology
A Numerical Study on the Wiretap Network with a Simple Network Topology Fan Cheng and Vincent Tan Department of Electrical and Computer Engineering National University of Singapore Mathematical Tools of
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationBasics of information theory and information complexity
Basics of information theory and information complexity a tutorial Mark Braverman Princeton University June 1, 2013 1 Part I: Information theory Information theory, in its modern format was introduced
More informationEnhancing privacy with quantum networks
Enhancing privacy with quantum networks P. Mateus N. Paunković J. Rodrigues A. Souto SQIG- Instituto de Telecomunicações and DM - Instituto Superior Técnico - Universidade de Lisboa Abstract Using quantum
More informationPrivacy and Security in the Internet of Things: Theory and Practice. Bob Baxley; bob@bastille.io HitB; 28 May 2015
Privacy and Security in the Internet of Things: Theory and Practice Bob Baxley; bob@bastille.io HitB; 28 May 2015 Internet of Things (IoT) THE PROBLEM By 2020 50 BILLION DEVICES NO SECURITY! OSI Stack
More informationCHAPTER 6. Shannon entropy
CHAPTER 6 Shannon entropy This chapter is a digression in information theory. This is a fascinating subject, which arose once the notion of information got precise and quantifyable. From a physical point
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationEx. 2.1 (Davide Basilio Bartolini)
ECE 54: Elements of Information Theory, Fall 00 Homework Solutions Ex.. (Davide Basilio Bartolini) Text Coin Flips. A fair coin is flipped until the first head occurs. Let X denote the number of flips
More informationQuantum Cryptography: The Ultimate Solution to Secure Data Transmission?
Quantum Cryptography: The Ultimate Solution to Secure Data Transmission? Ioannis P. Antoniades 1, Amalia N. Miliou 2, Miltiades K. Hatalis 3 1 Department of Informatics, Aristotle University of Thessaloniki,
More informationThe New Approach of Quantum Cryptography in Network Security
The New Approach of Quantum Cryptography in Network Security Avanindra Kumar Lal 1, Anju Rani 2, Dr. Shalini Sharma 3 (Avanindra kumar) Abstract There are multiple encryption techniques at present time
More informationA New Interpretation of Information Rate
A New Interpretation of Information Rate reproduced with permission of AT&T By J. L. Kelly, jr. (Manuscript received March 2, 956) If the input symbols to a communication channel represent the outcomes
More informationNetwork Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4
Network Security Using Quantum Cryptography N.Kusuma#1, N.Sai Tejaswi#2, T.Anitha,#3, K.V.D Kiran*4 Computer Science and Engineering, KL University Green Fields, Vaddeswaram, PO Dt-522 502, Andhra Pradesh,
More informationNotes from Week 1: Algorithms for sequential prediction
CS 683 Learning, Games, and Electronic Markets Spring 2007 Notes from Week 1: Algorithms for sequential prediction Instructor: Robert Kleinberg 22-26 Jan 2007 1 Introduction In this course we will be looking
More informationQUANTUM RANDOM NUMBER GENERATOR
QUANTUM RANDOM NUMBER GENERATOR ON A MOBILE PHONE Bruno Sanguinetti, Anthony Martin, Hugo Zbinden and Nicolas Gisin THE SECURITY OF A CYPHER MUST RESIDE ENTIRELY IN THE KEY AUGUSTE KERCKHOFFS [] [] A.
More information1 Approximating Set Cover
CS 05: Algorithms (Grad) Feb 2-24, 2005 Approximating Set Cover. Definition An Instance (X, F ) of the set-covering problem consists of a finite set X and a family F of subset of X, such that every elemennt
More informationAuthentic Digital Signature Based on Quantum Correlation
Authentic Digital Signature Based on Quantum Correlation Xiao-Jun Wen, Yun Liu School of Electronic Information Engineering, Beijing Jiaotong University, Beijing 00044, China Abstract: An authentic digital
More informationOn extracting common random bits from correlated sources
On extracting common random bits from correlated sources Andrej Bogdanov Elchanan Mossel Abstract Suppose Alice and Bob receive strings of unbiased independent but noisy bits from some random source. They
More informationOn the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments Suman Jana Sriram Nandha Premnath Mike Clark Sneha K. Kasera Neal Patwari Srikanth V. Krishnamurthy School
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationI. INTRODUCTION. of the biometric measurements is stored in the database
122 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL 6, NO 1, MARCH 2011 Privacy Security Trade-Offs in Biometric Security Systems Part I: Single Use Case Lifeng Lai, Member, IEEE, Siu-Wai
More informationApplication of Quantum Cryptography to an Eavesdropping Detectable Data Transmission
Title Application of Quantum Cryptography Detectable Data Transmission Author(s) Kudo, Takamitsu; Usuda, Tsuyoshi Sa Masayasu IEICE Transactions on Fundamentals Citation Communications and Computer Science
More informationOn Key Agreement in Wireless Sensor Networks based on Radio Transmission Properties
On Key Agreement in Wireless Sensor Networks based on Radio Transmission Properties Matthias Wilhelm, Ivan Martinovic, and Jens B. Schmitt disco Distributed Computer Systems Lab TU Kaiserslautern, Germany
More informationGambling and Data Compression
Gambling and Data Compression Gambling. Horse Race Definition The wealth relative S(X) = b(x)o(x) is the factor by which the gambler s wealth grows if horse X wins the race, where b(x) is the fraction
More informationarxiv:quant-ph/9607009v1 11 Jul 1996
Distillability of Inseparable Quantum Systems Micha l Horodecki Department of Mathematics and Physics University of Gdańsk, 80 952 Gdańsk, Poland arxiv:quant-ph/9607009v1 11 Jul 1996 Pawe l Horodecki Faculty
More informationSecurity Analysis for Order Preserving Encryption Schemes
Security Analysis for Order Preserving Encryption Schemes Liangliang Xiao University of Texas at Dallas Email: xll052000@utdallas.edu Osbert Bastani Harvard University Email: obastani@fas.harvard.edu I-Ling
More informationSECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG
SECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG Chung-Chih Li, Hema Sagar R. Kandati, Bo Sun Dept. of Computer Science, Lamar University, Beaumont, Texas, USA 409-880-8748,
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationShor s algorithm and secret sharing
Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful
More informationLightweight and Secure PUF Key Storage Using Limits of Machine Learning
Lightweight and Secure PUF Key Storage Using Limits of Machine Learning Meng-Day (Mandel) Yu 1, David M Raïhi 1, Richard Sowell 1, Srinivas Devadas 2 1 Verayo, Inc., San Jose, CA, USA 2 MIT, Cambridge,
More informationA Uniform Asymptotic Estimate for Discounted Aggregate Claims with Subexponential Tails
12th International Congress on Insurance: Mathematics and Economics July 16-18, 2008 A Uniform Asymptotic Estimate for Discounted Aggregate Claims with Subexponential Tails XUEMIAO HAO (Based on a joint
More informationPredictive Models for Min-Entropy Estimation
Predictive Models for Min-Entropy Estimation John Kelsey Kerry A. McKay Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov September 15, 2015 Overview Cryptographic
More informationIntroduction to Quantum Computing
Introduction to Quantum Computing Javier Enciso encisomo@in.tum.de Joint Advanced Student School 009 Technische Universität München April, 009 Abstract In this paper, a gentle introduction to Quantum Computing
More informationBehavioral Entropy of a Cellular Phone User
Behavioral Entropy of a Cellular Phone User Santi Phithakkitnukoon 1, Husain Husna, and Ram Dantu 3 1 santi@unt.edu, Department of Comp. Sci. & Eng., University of North Texas hjh36@unt.edu, Department
More informationThe CUSUM algorithm a small review. Pierre Granjon
The CUSUM algorithm a small review Pierre Granjon June, 1 Contents 1 The CUSUM algorithm 1.1 Algorithm............................... 1.1.1 The problem......................... 1.1. The different steps......................
More information( ) = ( ) = {,,, } β ( ), < 1 ( ) + ( ) = ( ) + ( )
{ } ( ) = ( ) = {,,, } ( ) β ( ), < 1 ( ) + ( ) = ( ) + ( ) max, ( ) [ ( )] + ( ) [ ( )], [ ( )] [ ( )] = =, ( ) = ( ) = 0 ( ) = ( ) ( ) ( ) =, ( ), ( ) =, ( ), ( ). ln ( ) = ln ( ). + 1 ( ) = ( ) Ω[ (
More informationOn Generating the Initial Key in the Bounded-Storage Model
On Generating the Initial Key in the Bounded-Storage Model Stefan Dziembowski Institute of Informatics, Warsaw University Banacha 2, PL-02-097 Warsaw, Poland, std@mimuw.edu.pl Ueli Maurer Department of
More informationOne-Way Encryption and Message Authentication
One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationArithmetic Coding: Introduction
Data Compression Arithmetic coding Arithmetic Coding: Introduction Allows using fractional parts of bits!! Used in PPM, JPEG/MPEG (as option), Bzip More time costly than Huffman, but integer implementation
More informationMultiple Optimization Using the JMP Statistical Software Kodak Research Conference May 9, 2005
Multiple Optimization Using the JMP Statistical Software Kodak Research Conference May 9, 2005 Philip J. Ramsey, Ph.D., Mia L. Stephens, MS, Marie Gaudard, Ph.D. North Haven Group, http://www.northhavengroup.com/
More informationOpen Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary
Open Problems in Quantum Information Processing John Watrous Department of Computer Science University of Calgary #1 Open Problem Find new quantum algorithms. Existing algorithms: Shor s Algorithm (+ extensions)
More informationInfluences in low-degree polynomials
Influences in low-degree polynomials Artūrs Bačkurs December 12, 2012 1 Introduction In 3] it is conjectured that every bounded real polynomial has a highly influential variable The conjecture is known
More informationIntroduction To Security and Privacy Einführung in die IT-Sicherheit I
Introduction To Security and Privacy Einführung in die IT-Sicherheit I Prof. Dr. rer. nat. Doğan Kesdoğan Institut für Wirtschaftsinformatik kesdogan@fb5.uni-siegen.de http://www.uni-siegen.de/fb5/itsec/
More informationSecurity of Cloud Storage: - Deduplication vs. Privacy
Security of Cloud Storage: - Deduplication vs. Privacy Benny Pinkas - Bar Ilan University Shai Halevi, Danny Harnik, Alexandra Shulman-Peleg - IBM Research Haifa 1 Remote storage and security Easy to encrypt
More informationInformation Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay
Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay Lecture - 17 Shannon-Fano-Elias Coding and Introduction to Arithmetic Coding
More informationQuantum cryptography
Quantum cryptography Optical fibers to carry information 10 Kb/s 1Tb/s 10 12 b/s Optical fibers vs electrical cables Frequency: 10 8 Hz vs 10 15 Hz Bit rate for electrical interconnections B B 0 A l 2
More informationInformation Theoretic Analysis of Proactive Routing Overhead in Mobile Ad Hoc Networks
Information Theoretic Analysis of Proactive Routing Overhead in obile Ad Hoc Networks Nianjun Zhou and Alhussein A. Abouzeid 1 Abstract This paper considers basic bounds on the overhead of link-state protocols
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationQuantum Consequences on the Recycling of Timing Information
Are there quantum bounds on the recyclability of clock signals in low power computers? Dominik Janzing and Thomas Beth Institut für Algorithmen und Kognitive Systeme Universität Karlsruhe Am Fasanengarten
More informationDiscussion on the paper Hypotheses testing by convex optimization by A. Goldenschluger, A. Juditsky and A. Nemirovski.
Discussion on the paper Hypotheses testing by convex optimization by A. Goldenschluger, A. Juditsky and A. Nemirovski. Fabienne Comte, Celine Duval, Valentine Genon-Catalot To cite this version: Fabienne
More informationSecure Deduplication of Encrypted Data without Additional Independent Servers
Secure Deduplication of Encrypted Data without Additional Independent Servers Jian Liu Aalto University jian.liu@aalto.fi N. Asokan Aalto University and University of Helsinki asokan@acm.org Benny Pinkas
More informationThe Degrees of Freedom of Compute-and-Forward
The Degrees of Freedom of Compute-and-Forward Urs Niesen Jointly with Phil Whiting Bell Labs, Alcatel-Lucent Problem Setting m 1 Encoder m 2 Encoder K transmitters, messages m 1,...,m K, power constraint
More informationBetting with the Kelly Criterion
Betting with the Kelly Criterion Jane June 2, 2010 Contents 1 Introduction 2 2 Kelly Criterion 2 3 The Stock Market 3 4 Simulations 5 5 Conclusion 8 1 Page 2 of 9 1 Introduction Gambling in all forms,
More informationAdaptive Online Gradient Descent
Adaptive Online Gradient Descent Peter L Bartlett Division of Computer Science Department of Statistics UC Berkeley Berkeley, CA 94709 bartlett@csberkeleyedu Elad Hazan IBM Almaden Research Center 650
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationChapter 4: Vector Autoregressive Models
Chapter 4: Vector Autoregressive Models 1 Contents: Lehrstuhl für Department Empirische of Wirtschaftsforschung Empirical Research and und Econometrics Ökonometrie IV.1 Vector Autoregressive Models (VAR)...
More information12.0 Statistical Graphics and RNG
12.0 Statistical Graphics and RNG 1 Answer Questions Statistical Graphics Random Number Generators 12.1 Statistical Graphics 2 John Snow helped to end the 1854 cholera outbreak through use of a statistical
More informationQuantum Network Coding
Salah A. Aly Department of Computer Science Texas A& M University Quantum Computing Seminar April 26, 2006 Network coding example In this butterfly network, there is a source S 1 and two receivers R 1
More informationHow To Understand And Understand The History Of Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationAn example of a computable
An example of a computable absolutely normal number Verónica Becher Santiago Figueira Abstract The first example of an absolutely normal number was given by Sierpinski in 96, twenty years before the concept
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationQUANTUM LIGHT :! A BRIEF INTRODUCTION!
Quantum Physics QUANTUM LIGHT : A BRIEF INTRODUCTION Philippe Grangier Laboratoire Charles Fabry de l'institut d'optique, UMR 85 du CNRS, 927 Palaiseau, France Quantum Physics * Alain Aspect, in «Demain
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical public-key
More informationE3: PROBABILITY AND STATISTICS lecture notes
E3: PROBABILITY AND STATISTICS lecture notes 2 Contents 1 PROBABILITY THEORY 7 1.1 Experiments and random events............................ 7 1.2 Certain event. Impossible event............................
More informationChapter 6: Episode discovery process
Chapter 6: Episode discovery process Algorithmic Methods of Data Mining, Fall 2005, Chapter 6: Episode discovery process 1 6. Episode discovery process The knowledge discovery process KDD process of analyzing
More informationQUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION
Arun K. Pati Theoretical Physics Division QUANTUM INFORMATION, COMPUTATION AND FUNDAMENTAL LIMITATION Introduction Quantum information theory is a marriage between two scientific pillars of the twentieth
More information2 Binomial, Poisson, Normal Distribution
2 Binomial, Poisson, Normal Distribution Binomial Distribution ): We are interested in the number of times an event A occurs in n independent trials. In each trial the event A has the same probability
More informationTail inequalities for order statistics of log-concave vectors and applications
Tail inequalities for order statistics of log-concave vectors and applications Rafał Latała Based in part on a joint work with R.Adamczak, A.E.Litvak, A.Pajor and N.Tomczak-Jaegermann Banff, May 2011 Basic
More informationSecuring Your Data In Transit For The Long Term
Securing Your Data In Transit For The Long Term Or what happens when RSA encryption is finally broken by mathematicians or quantum computers? October 2014 ID Quantique Photon Counters Services Quantum
More informationCrittografia e sicurezza delle reti. Digital signatures- DSA
Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer
More informationSecurity in Malicious Environments: NSF Programs in Information-Theoretic Network Security
Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil Regalia Program Director Directorate for Computer & Information Science & Engineering Division of Computing
More informationAn Introduction to Information Theory
An Introduction to Information Theory Carlton Downey November 12, 2013 INTRODUCTION Today s recitation will be an introduction to Information Theory Information theory studies the quantification of Information
More informationLinear Codes. Chapter 3. 3.1 Basics
Chapter 3 Linear Codes In order to define codes that we can encode and decode efficiently, we add more structure to the codespace. We shall be mainly interested in linear codes. A linear code of length
More informationQuantum Cryptography: Privacy Through Uncertainty (Released October 2002) by Salvatore Vittorio
Quantum Cryptography: Privacy Through Uncertainty (Released October 2002) by Salvatore Vittorio Review Key Citations Web Sites Glossary Conferences Editor Review Article 1. Cryptography - an Overview I
More informationFirst Semester Examinations 2011/12 INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES
More informationLarge-Scale IP Traceback in High-Speed Internet
2004 IEEE Symposium on Security and Privacy Large-Scale IP Traceback in High-Speed Internet Jun (Jim) Xu Networking & Telecommunications Group College of Computing Georgia Institute of Technology (Joint
More informationEnd-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt CSG@IFI, University of Zurich
End-to-End Security in Wireless Sensor (WSNs) Talk by Supervised by Dr. Corinna Schmitt CSG@IFI, University of Zurich Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless
More informationOn the Efficiency of Competitive Stock Markets Where Traders Have Diverse Information
Finance 400 A. Penati - G. Pennacchi Notes on On the Efficiency of Competitive Stock Markets Where Traders Have Diverse Information by Sanford Grossman This model shows how the heterogeneous information
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography
More informationUniversal hashing. In other words, the probability of a collision for two different keys x and y given a hash function randomly chosen from H is 1/m.
Universal hashing No matter how we choose our hash function, it is always possible to devise a set of keys that will hash to the same slot, making the hash scheme perform poorly. To circumvent this, we
More informationRandom graphs with a given degree sequence
Sourav Chatterjee (NYU) Persi Diaconis (Stanford) Allan Sly (Microsoft) Let G be an undirected simple graph on n vertices. Let d 1,..., d n be the degrees of the vertices of G arranged in descending order.
More informationThe Cost of Offline Binary Search Tree Algorithms and the Complexity of the Request Sequence
The Cost of Offline Binary Search Tree Algorithms and the Complexity of the Request Sequence Jussi Kujala, Tapio Elomaa Institute of Software Systems Tampere University of Technology P. O. Box 553, FI-33101
More information1 Introduction. 2 Prediction with Expert Advice. Online Learning 9.520 Lecture 09
1 Introduction Most of the course is concerned with the batch learning problem. In this lecture, however, we look at a different model, called online. Let us first compare and contrast the two. In batch
More informationThis article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
IEEE/ACM TRANSACTIONS ON NETWORKING 1 A Greedy Link Scheduler for Wireless Networks With Gaussian Multiple-Access and Broadcast Channels Arun Sridharan, Student Member, IEEE, C Emre Koksal, Member, IEEE,
More informationHalloween Costume Ideas For the Wii Game 2010
INTERACTIVE TWO-CHANNEL MESSAGE AUTHENTICATION BASED ON INTERACTIVE-COLLISION RESISTANT HASH FUNCTIONS ATEFEH MASHATAN 1 AND DOUGLAS R STINSON 2 Abstract We propose an interactive message authentication
More informationReview Horse Race Gambling and Side Information Dependent horse races and the entropy rate. Gambling. Besma Smida. ES250: Lecture 9.
Gambling Besma Smida ES250: Lecture 9 Fall 2008-09 B. Smida (ES250) Gambling Fall 2008-09 1 / 23 Today s outline Review of Huffman Code and Arithmetic Coding Horse Race Gambling and Side Information Dependent
More informationWeek 1: Introduction to Online Learning
Week 1: Introduction to Online Learning 1 Introduction This is written based on Prediction, Learning, and Games (ISBN: 2184189 / -21-8418-9 Cesa-Bianchi, Nicolo; Lugosi, Gabor 1.1 A Gentle Start Consider
More information7. Show that the expectation value function that appears in Lecture 1, namely
Lectures on quantum computation by David Deutsch Lecture 1: The qubit Worked Examples 1. You toss a coin and observe whether it came up heads or tails. (a) Interpret this as a physics experiment that ends
More information