Experimental Bit String Generation - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Experimental Bit String Generation

Description:

... on quantum coin tossing ... Coin Tossing (Blum) Two parties dont trust each other.They need to ... Easier than tossing a single coin because some ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 35
Provided by: ULB89
Category:

less

Transcript and Presenter's Notes

Title: Experimental Bit String Generation


1
Experimental Bit String Generation
  • Serge Massar
  • Université Libre de Bruxelles

2
Plan
  • Recall earlier work on quantum coin tossing
  • Theory of quantum bit string generation (joint
    work with Jonathan Barrett, PRA69(2004)022322 and
    quant-ph0408120)
  • Experimental implementation of bit string
    generation
  • (L.-Ph. Lamoureux, E. Brainis, D. Amans, J.
    Barrett, S. M., quant-ph/0408121)

3
Coin Tossing (Blum)
  • Two parties dont trust each other.They need to
    choose a random bit
  •  Alice (in the USA) and Bob (in the EU) are
    divorcing, they need to decide who keeps the
    children. They decide to toss a coin. 

Bit String Generation Tossing many coins
4
Applications of coin tossing
  • Divorce cases
  • Cryptographic primitive
  • Are there any good applications?
  • ??Classically certified bit committement secure
    against polynomial quantum attack (Kent03)??

5
How to toss a coin?
  • Trusted third party YES
  • Classical communication alone NO
  • Classical communication plus relativity OK. (But
    each party needs to be in multiple locations)
  • Quantum Communication yes, to some extent.

6
  • Weak coin tossing
  • Alice knows the outcome Bob wants
  • Bob knows the outcome Alice wants
  • Strong coin tossing
  • Alice and Bob do not know the outcome the other
    party wants.
  • We will be concerned with Strong coin tossing

7
Bit commitment impliesCoin Tossing
  • Alice chooses a0,1 at random
  • Alice commits a to Bob
  • Bob chooses b0,1 at random
  • Bob tells Alice the value of b
  • Alice reveals the commitment
  • Coin cab mod 2

8
Quantum protocol based on imperfect bit commitment
  • Alice chooses a0,1 at random
  • Commitment
  • Alice sends ?agt to Bob
  • lt?0?1gtcos?
  • Bob chooses b0,1 at random.
  • Bob tells Alice the value of b
  • Alice reveals a
  • Bob checks
  • measures in basis ?agt, space orthogonal to ?agt
  • If outcome is ?agt, coin cab mod 2
  • If outcome orthogonal to ?agt, Bob aborts

9
  • Wining means getting the outcome you want.
  • The protocol may abort. If the protocol aborts,
    everybody looses
  • Classical communication either ?A or ?B ½
  • There exists a quantum protocol with
  • ?A ?B ¼ (Ambainis)
  • For all quantum protocols,
  • ?gt 1/v2 ½ (Kitaev)

10
Alice cheats
  • Alice does not choose a
  • Commitment
  • Alice sends ?gtN(?0gt ?1gt) to Bob
  • lt?0?1gtcos?
  • Bob chooses b0,1 at random.
  • Bob tells Alice the value of b
  • Alice reveals a chosen so that ba has the
    desired value
  • Bob checks
  • measures in basis ?agt, space orthogonal to ?agt
  • Alice hopes outcome is ?agt, then
  • coin cab mod 2
  • Alice wins
  • If outcome orthogonal to ?agt, Bob aborts
  • It is easy for Alice to cheat if lt?0?1gtcos? is
    SMALL

11
Bob cheats
  • Alice chooses a0,1 at random
  • Commitment
  • Alice sends ?agt to Bob
  • lt?0?1gtcos?
  • Bob tries to learn whether a0 or a1
  • He measures the state
  • He chooses b so that if his measurement outcome
    was correct, he wins ba has the desired value
  • Bob tells Alice the value of b
  • Alice reveals a
  • Hopefully Bob has won (if his measurement outcome
    gave the correct value of a)
  • It is easy for Bob to cheat if cos? is LARGE

12
  • One can choose an optimal value of
    lt?0?1gtcos?1/v2 so that neither Alice nor Bob
    can cheat too much.
  • Then

13
Bit String Generation
  • Alice and Bob want to generate a string of n bits
    c1, c2, , cn
  • A. Kent (2003) noted that this should be easier
    than tossing a single coin. Proposed a protocol
    based on the parties sharing many singlets. No
    security analysis.

14
Present work
  • Bit string generation based on n repetitions of
    above protocol for coin tossing.
  • Detailed security analysis.

15
1) Classical Protocol for bit string generation
  • Best classical protocol we have found (optimal
    for some security criteria)
  • Alice chooses the value of half the bits
  • Bob chooses the value of the other half
  • Thus if Alice is dishonest, Bob honest, half the
    bits are random, half are fixed.

16
2) Quantum Protocol
  • For i1 to n
  • Alice chooses ai0,1 at random
  • Commitment
  • Alice sends ?aigt to Bob
  • lt?0?1gtcos?
  • Bob chooses bi0,1 at random.
  • Bob tells Alice the value of bi .
  • Alice reveals the value of ai to Bob
  • Bob checks
  • measures in basis ?aigt, space orthogonal to
    ?aigt
  • If outcome orthogonal to ?agt, Bob aborts
  • Next i
  • If Bob has not aborted, ciai bi mod 2

17
Cheating 1
  • Cheating Bob
  • He must measure the states received from Alice
    immediately ? Same security analysis than when
    tossing a single coin.
  • Cheating Alice
  • She can send an entangled state, measure her
    state, then decide on the value of ai depending
    on the measurement outcome.
  • She can correlate/entangle her strategy between
    rounds

18
Cheating 2
  • For fixed lt?0?1gtcos? it is more and more
    difficult for Alice to cheat when n increases
    (since Bob carries out n measurements)
  • ? One can decrease ? as n increases
  • This makes it more and more difficult for Bob to
    cheat
  • Optimal rate of decrease ?n- a for some a
  • ?Good security both with respect to Alice and Bob

19
Security CriteriaAverage Bias
20
Security CriteriaEntropy
21
Security criteriaMin Entropy
22
Summary
  • Open Questions
  • Improve quantum results. (Can entanglement help?)
  • Obtain Kitaev type bounds for the different
    security criteria.
  • Prove classical conjecture.

23
Experimental Bit String Generation
  • Easier than tossing a single coin because some
    experimental imperfections (detector efficiency,
    detector dark counts) can be subtracted.
  • Experiment reported by Zeilinger et al
    (quant-ph/0404027) but incomplete security
    analysis.
  • Our experiment we did our best to prove security
    against ALL attacks by a dishonest party.

24
Bobs Lab
Alices Lab
Communication line
  • Experimental imperfections
  • Alices state preparation may be noisy
  • The communication line may be noisy
  • Bobs measurement apparatus may be imperfect
  • A dishonest party can controle everything outside
    the other partys lab.
  • Thus in the presence of imperfections, the
    guaranteed bounds on randomness will be worse

25
Quantum Protocol with imperfections
  • For i1 to n
  • Alice chooses ai0,1 at random
  • Commitment
  • Alice sends ?aigt to Bob
  • lt?0?1gtcos?
  • Bob chooses bi0,1 at random.
  • Bob tells Alice the value of bi .
  • Alice reveals the value of ai to Bob
  • Bob checks
  • estimates fidelity of states sent by Alice
  • measures in basis ?aigt, space orthogonal to
    ?aigt
  • Next i
  • If fidelity too small, Bob aborts
  • If fidelity sufficiently large,
  • Bob does not abort and ciai bi mod 2

26
Security Analysis
  • Important parameters
  • Scalar product lt?0?1gtcos? between states
    prepared by Alice
  • Fidelity f of states as estimated by Bob.
  • Bounds on eB , HB depend on ? only.
  • Bounds on eA , HA depend on f and ?,
  • for instance
  • Thus choose good compromise between lt?0?1gtcos?
    and fidelity f

27
Implementation
  • ?0gtagt , ?1gt-agt are
  • two coherent states
  • (by changing the intensity a2,
  • one changes the overlap
  • lt?0?1gtexp-2a2)
  • Bobs measurement
  • displaces the states by Da
  • Uses a single photon detector to
  • check that the state is the vacuum.
  • If the detector clicks, then Alice could be
    cheating
  • Notes
  • Displacement is simply realised by an
    interferometer
  • No need to restrict Hilbert space to single
    photon subspace

28
Experimental setup
  • All fiber optics
  • Telecommunication wavelenghts
  • Based on  plug an play  system for quantum key
    distribution (N. Gisin)
  • ?suitable for long distance communication (our
    realisation table top)

29
  • Security Complication
  • Light pulses produced by Bob, then go to Alice,
    then reflected back to Bob
  • Remark upon attenuation, any state tends towards
    a mixture of coherent states
  • Typically A104

30
  • Security Solution
  • first measure intensity, then attenuate this
    produces a mixture of coherent states of known
    intensity

Mixture of coherent states of known intensity
A
Classical Detector
Intensity known
31
Experimental Results
  • Different choices of a, hence of
    lt?0?1gtexp-2a2
  • Curves assume a visibility v97 (but it is
    sometimes worse)
  • Number of coins tossed n104

32
Summary
  • Using quantum communication it is possible to
    generate very random strings of bits in the
    absence of noise.
  • In the presence of imperfections the randomness
    goes down. Nevertheless experimental
    demonstration of bit strings generation using
    quantum communication (bits are more random than
    can be achieved using classical communication, at
    least according to the average bias criterion).

33
Outlook
  • improve theoretical bounds,
  • Improve experiment
  • toss a single coin more random than possible
    using classical communication
  • long distance bit string generation

34
  • Collaborators
  • Jonathan Barrett
  • Louis-Philippe Lamoureux
  • Edouard Brainis
  • David Amans
  • Funding and Support
  • Université Libre de Bruxelles (ULB)
  • Fonds National de la Recherche Scientifique
    (FNRS)
  • Communauté Française de Belgique (ARC)
  • Gouvernement Fédéral Belge (PAI)
  • European Community (project RESQ)
Write a Comment
User Comments (0)
About PowerShow.com