From Quantum Cheating to Quantum Security - PowerPoint PPT Presentation

1 / 73
About This Presentation
Title:

From Quantum Cheating to Quantum Security

Description:

List of most frequently asked questions. 1. What is quantum ... ( Brassard) 15 ... Gilles Brassard and Claude Crepeau. Problems: a) Real channels ... – PowerPoint PPT presentation

Number of Views:112
Avg rating:3.0/5.0
Slides: 74
Provided by: scs50
Category:

less

Transcript and Presenter's Notes

Title: From Quantum Cheating to Quantum Security


1
From Quantum Cheating to Quantum Security
  • Hoi-Kwong Lo
  • Department of Physics
  • Department of Elect. Computer Engineering (ECE)
  • University of Toronto
  • URL http//www.comm.utoronto.ca/hklo/
  • Email hklo_at_comm.utoronto.ca

2
List of most frequently asked questions
  • 1. What is quantum information processing?
  • 2. What is quantum information?
  • 3. What quantum code-breaking can do?
  • 4. What quantum code-making can do?
  • 5. What quantum code-making CANNOT do?

3
What is Quantum Information Processing?
.
Synthesis of quantum mechanics with other
subjects.
4
What is Quantum Information?
  • Classical Information
    Quantum Information
  • Bit 0 or 1
    Qubit (quantum bit) superposition of 0 and 1.



where
and
are complex numbers.
Qubit any two-level quantum system e.g. an
electron with spin
0 ,
1 .
Remark There exist quantum data compression,
quantum error correction, etc. Classical Informati
on can be regarded as A special case of quantum
info.
e.g. a photon with polarization
0 ,
1 .
Note that a general state is in a superposition
of 0 and 1.
5
Aside Classical vs Quantum Computation
  • Elementary Classical Operations
    Elementary Quantum Operations
  • Logical operations AND, OR, a)
    Single-qubit operations rotations
  • NOT, etc.
    b) Two-qubit operations e.g.

  • quantum controlled-NOT (XOR)




Schematic representation of a quantum computation
Steps 1) preparation
3) measurement
2) evolution
measure
measure
measure
time
Input 000
Output110
6
Quantum cryptanalysis
  • 1. Quantum efficient factoring (Shor 1994)
  • A quantum computer can efficiently factorize
    large integers, thus breaking RSA. More
    generally, Shors algorithm can break
    crypto-systems based on the discrete log problem
    and elliptic curves.
  • If a quantum computer is ever built, much of
    public-key cryptography will fall apart!

7
Mathematical structure behind Shors algorithm
  • Remark All those problems can be rephrased as an
    Abelian Hidden Subgroup Problem Given a finite
    group G and a set S and a mapping
  • f G S with the promise that
  • f (g1 ) f (g2 ) iff g1 and g2 are in the same
    coset of H where H is some (hidden) Abelian
    subgroup of G. The goal is to find H.
  • Remark Quantum computers can efficiently
    solve the Abelian Hidden Subgroup problem.
    Whether they can efficiently solve Non-Abelian
    Hidden Subgroup problem is a big open question in
    quantum algorithms.

8
Quantum cryptanalysis (contd.)
  • Grovers search algorithm Finding a needle in a
    haystack.
  • Given an unstructured data-base of N objects, how
    many searches are needed on average to find the
    correct object?
  • Mathematically, given a function, f X
    0,1 with the
  • Promise that f (x) 1 if x y for a unique y
    and 0 otherwise. Find y.
  • Classically, clearly O (N) searches are needed.
    Surprisingly, quantum mechanically, only order
    square root of N searches are needed.
  • Remark Grovers algorithm can be used for an
    exhaustive search, for example, exhaustive key
    search for DES (Data Encryption Standard) or AES
    (Advanced Encryption Standard). Therefore, a
    quantum computer can dramatically speed up the
    breaking of AES.
  • (Remedy Doubling the key length.)

9
  • Properties of
  • Quantum Information

10
Conjugate observables
0
1
0 1
Rectilinear basis
Diagonal basis
It is fundamentally IMPOSSIBLE to determine
the polarization of a single photon in the two
bases simultaneously. (The two self-adjoint
operators representing the two observables do
NOT commute. Therefore, they cannot be
simultaneously diagonalized. And, it makes no
sense to talk about their simultaneous
eigenvectors.)
11
Corollary Quantum No-cloning Theorem
a?
a
a
IMPOSSIBLE
An unknown quantum state CANNOT be cloned! Proof.
If it were possible to clone an unknown quantum
state, by repeating the cloning operation, one
could measure two conjugate observables simultaneo
usly, which is forbidden in quantum mechanics.
12
Defeating counterfeiters withunclonable quantum
checks (Wiesner)
Quantum Check Serial number 1011010

Quantum Check Serial number 1011010
( up, left, right, down, left, up )
Quantum checks are impossible to counterfeit
without basis information.
13
CONVENTIONALCRYPTOGRAPHY
MILITARY AND DIPLOMATIC APPLICATIONS
SECURE E-BUSINESS AND E-COMMERCE
CRYPTOGRAPHY
COMPUTATIONAL ASSUMPTIONS (e.g. factoring is hard)
14
What is wrong with conventional cryptography?
  • Unanticipated Advances in Hardware and
    Algorithms.
  • Quantum Code-breaking
  • Quantum computers can efficiently factor large
    numbers (exponential speed-up!) , thus breaking
    RSA, the best-known encryption scheme. (Shor
    1994)
  • If a quantum computer is ever built, much of
    conventional cryptography will fall apart!
    (Brassard)

15
Forward security?
  • Trade secrets and US government secrets are kept
    as secrets for decades.
  • A Big Problem RIGHT NOW
  • If adversary can factor in 2018, she can then
    decrypt all traffic sent in 2003.

16
CONVENTIONALCRYPTOGRAPHY
MILITARY AND DIPLOMATIC APPLICATIONS
SECURE E-BUSINESS AND E-COMMERCE
CRYPTOGRAPHY
COMPUTATIONAL ASSUMPTIONS
17
QUANTUM CRYPTOGRAPHY
MILITARY AND DIPLOMATIC APPLICATIONS
SECURE E-BUSINESS AND E-COMMERCE
CRYPTOGRAPHY
QUANTUM MECHANICS
18
Quantum Cryptography
  • Two potential applications
  • Quantum key distribution (QKD)
  • Quantum bit commitment

19
Key Distribution Problem
Alice
Bob
encryption key
decryption key
If Alice and Bob share a common long random
string of secret, then encryption is secure.
(Shannon 1949) QUESTION How to transfer the key?
20
Classical Key Distribution
Eves copying machine
Bob
(Representable as a string of Number 01101. )
Eve
All CLASSICAL key distribution schemes
are fundamentally INSECURE.
21
Quantum Key Distribution
a?
a
a
IMPOSSIBLE
Quantum No-cloning Theorem
Quantum information cannot be copied. An
eavesdropper Eve will be unable to copy a quantum
key without changing it.
22
Quantum key distribution
  • Absolute security based on fundamental laws of
    quantum mechanics, rather than computational
    assumptions.
  • Allow two persons who share a small amount of
    authentication information to communicate in
    absolute security in the presence of an
    eavesdropper.
  • Any eavesdropping attack will essentially always
    be caught.
  • Alice
    Bob

23
Quantum key distribution (QKD)
  • Absolute security based on fundamental laws of
    quantum mechanics, rather than computational
    assumptions.
  • Allow two persons who share a small amount of
    authentication information to communicate in
    absolute security in the presence of an
    eavesdropper.
  • Any eavesdropping attack will essentially always
    be caught.
  • Intrusion alert! Eve
    Intrusion alert!

24
The DARPA Quantum Network
Encrypted Traffic
Private
Private
via Internet
Enclave
Enclave
End-to-End Key Distribution
QKD Repeater
QKD Switch
QKD
QKD
Endpoint
Endpoint
QKD Switch
QKD Switch
Ultra-Long-
Distance Fiber
QKD Switch
Borrowed from BBNs website.
25
Procedure of standard BB84 QKD scheme
Step 5 Test for tampering by random sampling and
computing quantum bit error rate. If
error rate is OK, apply error correction
and privacy amplification. Otherwise, they
abort.
26
Experimental QKD
  • Quantum key distribution is feasible with current
    technology.
  • Over Telecom fibers
  • About 67km LANL, BT (now Corning),Geneva
  • Distance Limitation Need quantum repeaters.
  • Open air experiment (about 23km).
  • Proposal for ground to satellite experiments.

27
Proposed Ground to satellite QKD experiment
28
Long-term vision of global quantum network
Fibers For long-haul quantum communications
29
Is QKD secure?
The most important question in
quantum cryptography is to determine how secure
it really is. Gilles Brassard
and Claude Crepeau
Problems a) Real channels are all NOISY. Eve
may try to disguise herself as noise. b) Eve can
perform ANY attack consistent with quantum
mechanics. c) A priori, classical probabilistic
arguments do NOT work because of the well-known
Einstein-Podolsky-Rosen (EPR) paradox.
30
Proof of unconditional security of quantum key
distribution (QKD)
  • Mayers, quant-ph/9802025 Los Alamos preprint
    archive 1998 preliminary version Crypto96.
  • Lo and Chau, Science 283, 2050 (1999).
  • Biham et al., in Proceedings of Symposium on the
    Theory of Computing, STOC 2000, p. 715.
  • Ben-Or, to appear.
  • Shor and Preskill, Phys. Rev. Lett. 85, 441
    (2000).
  • Gottesman and Lo, http//xxx.lanl.gov/abs/quant-ph
    /0105121
  • Inamori, Lutkenhaus and Mayers, quant-ph/0107017
    Los Alamos preprint archive 2001. (Consider
    imperfect photon sources, channel loss and
    imperfect detectors.)

31
Techniques of proof
  • Noisy
  • Quantum
  • Problem

1)
Noiseless Quantum Problem
REDUCTION
Noiseless Classical Problem
2)
Noiseless Quantum Problem
REDUCTION
3) Use Classical Probability Theory
32
Techniques of proof
  • Noisy
  • Quantum
  • Problem

1)
Noiseless Quantum Problem
REDUCTION
Fault-Tolerant Quantum Computation
Noiseless Classical Problem
2)
Noiseless Quantum Problem
REDUCTION
3) Use Classical Probability Theory
33
Techniques of proof
  • Noisy
  • Quantum
  • Problem

1)
Noiseless Quantum Problem
REDUCTION
Fault-Tolerant Quantum Computation
Noiseless Classical Problem
2)
Noiseless Quantum Problem
REDUCTION
Use Commuting Observables
3) Use Classical Probability Theory
34
Innovation of Lo-Chaus proof
  • Innovation Apply CLASSICAL probability theory to
    solve a QUANTUM problem. (Not obvious because of
    well-known EPR paradox. Did not seem like a
    promising approach, at first sight.)
  • Solution Construct COMMUTING observables.
    (Mathematically, commuting Hermitian matrices
    have simultaneous eigenvectors.) This works even
    when those observables are non-local.
  • Remark Hard part is to the actual construction.
  • Example

commutes with
,
even though they are both non-local. Conclusion
One can safely assign CLASSICAL probabilities
to them.
35
Tolerable Bit Error Rates
Question Under what operating parameters will
BB84 be secure?
Proof (Quantum) Bit Error
Rate
Cf. Upper bound 25.
  • Significance of our result
  • Practical a) Extend distance of secure QKD.
  • b) Higher key generation rate.
  • c) Proved security of standard schemes e.g.
    Cascade
  • 2) Conceptual a) Demonstrate the advantage of
    using two-way
  • classical communications in classical
    post-processing
  • of data generated in QKD.
  • b) Introduce a new class of quantum codes.

36
Quantum Error Correction
  • A well-known class of quantum codes is the
    Calderbank-Shor-Steane (CSS) codes
  • Consider two binary linear codes, C1 and C2, of
    length n such that
  • C2 is a subcode of C1
  • C1 and the DUAL of C2 can each correct up to t
    errors.
  • Then, one can define a QUANTUM error correcting
    code
  • that can correct up to t general type of quantum
    errors in a quantum communication channel.
  • The resulting quantum code is called a CSS code.

37
Quantum Key Distribution
Eve
Alice
Bob
38
Beyond Quantum Key Distribution
666
666
Bob
Alice
39
Age Problem
Im Y years old.
Im X years old.
Alice
Bob
How to find out whether x gt y without disclosing
the exact value of x and y to each other?
40
Impossibility of Quantum Bit Commitment
  • Old belief The Age Problem can be solved through
    a basic primitive called quantum bit
    commitment.
  • Surprising result (Mayers 96, Lo and Chau 96)
    Unconditionally secure quantum bit commitment is
    IMPOSSIBLE.

41
Aside What is bit commitment?
1. Commit Phase
0
1
or
Alice
Bob
2. Opening Phase
Alice can prove to Bob that she has made up her
mind during the commit phase and she cannot
change it. Yet, Bob does not know her choice
until the opening phase.
42
Generality of the proof of impossibility of
quantum bit commitment
Any quantum/classical hybrid protocol can be
equivalently be described by a purely quantum
protocol. (Analogy Any expression involving both
real numbers and complex numbers can be evaluated
by using complex analysis. There is no need to
switch back and forth between real and complex
analyses.)
43
Foundation of security
DOABLE
IMPOSSIBLE
Quantum Key Distribution (No-cloning Theorem) M
ayers Lo and Chau Biham et al. Ben-Or Shor and
Preskill
Quantum bit commitment Quantum oblivious
transfer (Quantum cheating using Einstein-Podol
sky-Rosen Effect) Mayers Lo and Chau Lo
44
WHAT IS THE BOUNDARY WHY IS THERE SUCH A BOUNDARY?
DOABLE
IMPOSSIBLE
Quantum Key Distribution (No-cloning Theorem) M
ayers Lo and Chau Biham et al. Ben-Or Shor and
Preskill
Quantum bit commitment Quantum oblivious
transfer (Quantum cheating using Einstein-Podol
sky-Rosen Effect) Mayers Lo and Chau Lo
Unclonable quantum Encryption (Gottesman-
Chuang)
Quantum coin tossing (Kitaev 2002)
45
What is the physics?
Classical Description (Classical Probability Theo
ry) Simple
Quantum/ Classical Hybrid Description COMPLEX
Quantum Description (Unitary Description) Simple
Reduction?
Reduction?

46
What is the physics?
Classical Description (Classical Probability Theo
ry) Simple
Quantum/ Classical Hybrid Description COMPLEX
Quantum Description (Unitary Description) Simple
Reduction
Reduction
Construct Commuting Observables
Always Possible
Classical information can be regarded as a
special case of quantum information.
47
Prologue Model real-life QKD systems
  • 1) All models of QKD are idealizations of
    real-life systems.
  • Real-life QKD system is a complex system with
    many degrees of freedom.
  • 2) Imperfections
  • Imperfect single-photon sources
  • Lossy channels
  • Imperfect single-photon detection efficiency
  • Detectors dark counts
  • Trojan Horses attacks
  • Denial-of-service attacks
  • How to quantify (theoretically and
    experimentally) small imperfections and ensure
    security in the presence of those imperfections?
  • How to perform secure QKD with REALISTIC amounts
    of computational power, communication bandwidth
    and random number generation rate?
  • Cf. Mayers and Yao, quant-ph/9809039
  • Inamori, Lutkenhaus and Mayers, quant-ph/0107017
  • Gottesman, Lo, Lutkenhaus, and Preskill ,
    quant-ph/0212066

48
Open Question Quantum version of Shannons
channel coding theorem?
  • How to compute channel capacity of a quantum
    channel for transmitting classical information?
  • And, for transmitting quantum information?
  • Remark While many different types of channel
    capacities have been formally defined, the analog
    of Shannons channel coding theorem remains
    UNPROVEN in the quantum case.

49
Perspectives
  • There is only one information theory.
  • QUANTUM INFORMATION THEORY is the natural
    generalization of classical information theory.
    Classical information theory can be regarded as a
    special case of quantum information theory.
  • In the same way that the theory of complex
    numbers simplifies the theory of real numbers and
    makes it complete, Quantum information theory
    makes classical information complete.

50
List of most frequently asked questions
  • 1. What is quantum information processing?
  • 2. What is quantum information?
  • 3. What quantum code-breaking can do?
  • 4. What quantum code-making can do?
  • 5. What quantum code-making CANNOT do?

51
List of most frequently asked questions
  • 1. What is quantum information processing?
  • Synthesis of quantum mechanics with other
    subjects.
  • 2. What is quantum information?
  • Use superposition and manipulate quantum
    states.
  • 3. What quantum code-breaking can do?
  • Break standard encryption schemes including
    RSA.
  • 4. What quantum code-making can do?
  • Secure communications using unbreakable
    quantum key distribution.
  • 5. What quantum code-making CANNOT do?
  • Protect private information during public
    discussion,
  • e.g. the Age Problem.

52
Survey Paper
  • Gottesman and Lo, From quantum cheating to
    quantum security, Physics Today, Nov. 2000, p.
    22 www.physicstoday.org/pt/vol-53/iss-11/p22.html 
  • Recent paper
  • Gottesman and Lo, Security of Quantum Key
    Distribution with two-way classical
    communications, IEEE Transactions on Information
    Theory, Vol. 49,
  • No. 2, p. 457, Feb. 2003.

53
Students/Postdocs Wanted
  • For a combined study in the theory and
    implementation of quantum key distribution. From
    foundation of security, modeling physical
    devices, protocol design to software/hardware
    implementations. Please contact Hoi-Kwong Lo
    ( hklo_at_comm.utoronto.ca )
  • www.comm.utoronto.ca/hklo

54
Quantum cheating using Einstein-Podolsky-Rosen
effect
Quantum objects can exhibit correlations that are
stronger than what is allowed by any local
classical model.
Spin 0
When a spin-0 object decays into two spin-1/2
objects, from conservation of momentum, the two
resulting objects exhibit perfect
anti-correlations. Individual measurement
outcomes RANDOM Relative measurement outcomes
OPPOSITE Appearance of faster-than-light
transmission. Does not violate causality because
the outcomes are random.
55
Main step of Shors algorithm
  • Note that the factoring problem can be reduced
    to a periodicity problem.
  • Given an RSA number N pq and a random x
    co-prime with N. Suppose one can find the order,
    r, of x such that xr 1 (mod N).
  • Compute gcd(xr/2 1, n). This fails to give a
    factor of N only if either r is odd or if xr/2
    -1 (mod N). It can be shown that the algorithm
    finds a factor of n with a probability at least
    1/4.
  • Surprisingly, a quantum algorithm can find the
    periodicity of x efficiently (because quantum
    computers allow interference.)

56
Quantum Cryptography
  • My contributions (Theory. Asymptotic results.)
  • Proof of unconditional security of quantum key
    distribution (QKD)
  • Efficient classical post-processing protocols for
    QKD.
  • Impossibility of quantum bit commitment
  • Future directions (PRACTICE. Finite size codes.)
  • Develop classical post-processing layer of
    QKD.
  • Design practical protocols for classical
    post-processing of QKD.
  • Model real-life QKD systems.
  • Study eavesdropping attacks.
  • Work with others to construct a QKD test-bed with
    all layers (optical, classical post-processing
    and application) included.

57
Design practical protocols for classical
post-processing of QKD.
  • Remark Privacy amplification is a new
    concept in classical coding theory. (The dual of
    error correction.)
  • Finite size codes (convolutional codes or block
    codes?)
  • Security proofs usually deal with an infinitely
    long key.
  • In practice, it is necessary to consider a final
    key of finite length.
  • Fluctuations become very important.
  • Limited REAL random number generator rate.
  • Limited computational power.
  • Limited memory space.
  • Limited classical communication bandwidth.
  • Need REAL-TIME (hardware?) implementation.
  • Cost

58
Model real-life QKD systems
  • 1) All models of QKD are idealizations of
    real-life systems.
  • Real-life QKD system is a complex system with
    many degrees of freedom.
  • 2) Imperfections
  • Imperfect single-photon sources
  • Lossy channels
  • Imperfect single-photon detection efficiency
  • Detectors dark counts
  • Trojan Horses attacks
  • Denial-of-service attacks
  • How to quantify (experimentally) small
    imperfections and ensure security in the presence
    of those imperfections?

59
Study eavesdropping attacks.
  • The best way to build a secure cryptographic
    system is to try hard to break it.
  • Need to study theoretically and experimentally
    the feasibility and power of various
    eavesdropping attacks beam-splitting attacks,
    unambiguous state determination, Trojan Horse
    attacks, etc.

60
Future directions in other layers
  • Optical layer
  • integrated optics?
  • single-photon sources
  • single-photon detecting modules
  • low loss fibers
  • quantum switches
  • quantum repeaters
  • 2. Application layer
  • How to use the key? one-time-pad encryption?
    network multi-casting? Applications beyond key
    distribution?
  • System control issues
  • What are the states of a QKD system? How to
    recover a system after
  • Eavesdropping attacks? How to share the small
    initial authentication key?

61
Summary
  • 1. What is quantum information processing?
  • Synthesis of quantum mechanics with information
    processing.
  • 2. What quantum code-breaking can do?
  • Break standard encryption schemes including RSA.
  • 3. What quantum code-making can do?
  • Secure communications using unbreakable quantum
    key distribution (QKD).
  • 4. What quantum code-making CANNOT do?
  • Protect private information during
    discussionsAge problem.
  • 5. What are my future directions?
  • Design practical protocols for classical
    post-processing of data generated by QKD. Model
    real-life QKD systems. Study eavesdropping
    attacks. Construct test-bed QKD by integrating
    optical, classical post-processing and
    application layers.

62
Selected Original Papers
  • Impossibility of bit commitment and oblivious
    transfer
  • H.-K. Lo and H. F. Chau, Phys. Rev. Lett. 78,
    3410 (1997).
  • H.-K. Lo and H. F. Chau, Physica D 120, 177
    (1998).
  • H.-K. Lo, Phy. Rev. A 56, 1154 (1997).
  • Security Proof of quantum key distribution
  • H.-K. Lo and H. F. Chau, Science 283, 2050
    (1999).
  • Towards Practical QKD
  • D. Gottesman and H.-K. Lo, http//xxx.lanl.gov/abs
    /quant-ph/0105121
  • H.-K. Lo, http//xxx.lanl.gov/abs/quant-ph/0201030

63
Three layers of QKD
Application layer
data
data
Secret key
Secret key
Classical Post-Processing Layer Error
correction, Privacy amplification,
Authentication, etc.
Raw key, Basis info, etc
Raw key, Basis info, etc
Optical Layer
RNG Random Number generator
Sender optics
Receiver optics
Alice
Bob
64
Efficient classical post-processing protocols for
QKD
EPP with one-way Communications (modified Lo-Chau
protocol)
Shor-Preskill
BB84
Use CSS codes
Remark EPP is a generalization of quantum error
correcting codes.
??
EPP with two-way communications
BB84
Motivations 1) Entanglement purification
protocols (EPPs) with two-way classical
communications are known to be more powerful than
those with only one-way comm. (Bennett,
DiVincenzo, Smolin and Wootters. See also,
Deutsch et al.) 2) To prove unconditional
security of standard protocols such as "Cascade".
65
Efficient classical post-processing protocols for
QKD
Shor-Preskill
Modified Lo-Chau Protocol (with only one-way
classical Communications)
BB84 (essentially Mayers proof)
Use CSS codes
66
Security of QKD (Intuition)
  • A single photon cannot be split. Its polarization
    cannot be cloned. (Quantum No-Cloning Theorem.
    Heisenberg Uncertainty Principle.) Therefore,
    eavesdropper CANNOT have the same quantum
    information that Bob has.

a
a
a
IMPOSSIBLE
67
Experimental Implementations
  • Current status Small scale Implementations.
  • Entanglement of four atoms.
  • Factor 153 x 5 in nuclear magnetic resonance
    machines.
  • Proposals for scalable quantum computers Ion
    Traps, Cavity Quantum Electrodynamics, Nuclear
    Magnetic Resonance (NMR), Optical Lattices,
    Super-conducting qubits, Silicon-based proposal,
    Electrons flowing on Helium,

68
Towards scalable quantum computers III
Book Scalable Quantum Computers, edited
by Braunstein and Lo.
69
Towards scalablequantum computers
  • Proposals
  • Ion Traps
  • Cavity Quantum Electrodynamics
  • Nuclear Magnetic Resonance (NMR)
  • Optical Lattices
  • Super-conducting qubits
  • Silicon-based proposals
  • Electrons flowing on Helium
  • 8. .
  • 9. .

70
Towards scalable quantum computers IV
  • Summary
  • Primitive (small scale) quantum computing has
    successfully been performed in experiments.
  • Large scale experimental quantum computing is
    extremely challenging. But, this has not deterred
    researchers from working on the subject.
  • Success of quantum computing depends on efforts,
    not time. (Eli Yablonovitch UCLA)

71
Research activities in quantum information
processing
  • Industries MagiQ, ATT, Bell Labs, IBM,
    Microsoft,
  • Universities Too many to list. (e.g. Caltech,
    MIT, Stanford, Princeton, UC Berkeley, UCLA, UC
    Santa Barbara,)
  • National Labs NIST, Los Alamos
  • Funding Agencies DARPA, ARO, NSA, NIST, NASA,
  • (In the US alone, public government funding is
    over 50 million per year.)
  • Motivation Go beyond the demise of Moores law.
  • Quantum information processing as the Second
    Phase of the IT revolution.

72
What is oblivious transfer?
Alice sends two pieces of information to Bob. Bob
can only choose to learn one piece of the
information, NOT both. Alice does not know which
piece of information Bob has learnt. For
example, Alice sends her age and height to
Bob. Bob can learn either Alices age or height,
but not both.
73
Advances in quantum crypto
Write a Comment
User Comments (0)
About PowerShow.com