Quantum to Classical Randomness Extractors

The goal of randomness extraction is to distill almost perfect randomness from a weak source of randomness. When the source outputs a classical string X, many extractor constructions are known. Yet, when considering a physical randomness source, X is itself ultimately the result of a measurement on an underlying quantum system. When characterizing the power of a source to supply randomness it is hence a natural question to ask, how much classical randomness we can extract from a quantum system. To tackle this question we here take on the study of quantum-to-classical randomness extractors QC-extractors. We provide constructions of QC-extractors based on measurements in a full set of mutually unbiased bases MUBs, and certain single qubit measurements. The latter are particularly appealing since they are not only easy to implement, but appear throughout quantum cryptography. We proceed to prove an upper bound on the maximum amount of randomness that we could hope to extract from any quantum state. Some of our QC-extractors almost match this bound. We show two applications of our results. First, we show that any QC-extractor gives rise to entropic uncertainty relations with respect to quantum side information. Such relations were previously only known for two measurements. In particular, we obtain strong relations in terms of the von Neumann Shannon entropy as well as the min-entropy for measurements in almost unitary 2-designs, a full set of MUBs, and single qubit measurements in three MUBs each. Second, we finally resolve the central open question in the noisy-storage model [Wehner et al., PRL 100, 220502 2008] by linking security to the quantum capacity of the adversary's storage device. More precisely, we show that any two-party cryptographic primitive can be implemented securely as long as the adversary's storage device has sufficiently low quantum capacity. Our protocol does not need any quantum storage to implement, and is technologically feasible using present-day technology.

[1]  Amnon Ta-Shma,et al.  Quantum Expanders: Motivation and Construction , 2010, Theory Comput..

[2]  F. Dupuis The decoupling approach to quantum information theory , 2010, 1004.1641.

[3]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[4]  Hoi-Kwong Lo,et al.  Is Quantum Bit Commitment Really Possible? , 1996, ArXiv.

[5]  A. Winter,et al.  Entropic uncertainty relations—a survey , 2009, 0907.3704.

[6]  Robert König,et al.  The Operational Meaning of Min- and Max-Entropy , 2008, IEEE Transactions on Information Theory.

[7]  Ueli Maurer,et al.  On the power of quantum memory , 2005, IEEE Transactions on Information Theory.

[8]  R. Renner,et al.  Uncertainty relation for smooth entropies. , 2010, Physical review letters.

[9]  Ueli Maurer,et al.  On Generating the Initial Key in the Bounded-Storage Model , 2004, EUROCRYPT.

[10]  Marco Tomamichel,et al.  Duality Between Smooth Min- and Max-Entropies , 2009, IEEE Transactions on Information Theory.

[11]  Roger Colbeck,et al.  Quantum And Relativistic Protocols For Secure Multi-Party Computation , 2009, 0911.3814.

[12]  Amnon Ta-Shma,et al.  Short seed extractors against quantum storage , 2008, STOC '09.

[13]  Jürg Wullschleger,et al.  Unconditional Security From Noisy Quantum Storage , 2009, IEEE Transactions on Information Theory.

[14]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[15]  Christian Schaffner,et al.  Cryptography from noisy storage. , 2007, Physical review letters.

[16]  Adrian Kent,et al.  Private randomness expansion with untrusted devices , 2010, 1011.4474.

[17]  S. Wehner,et al.  Implementation of two-party protocols in the noisy-storage model , 2009, 0911.2302.

[18]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[19]  Mario Berta,et al.  Entanglement cost of quantum channels , 2012, 2012 IEEE International Symposium on Information Theory Proceedings.

[20]  Anindya De,et al.  Trevisan's Extractor in the Presence of Quantum Side Information , 2009, SIAM J. Comput..

[21]  Rudolf Ahlswede,et al.  Strong converse for identification via quantum channels , 2000, IEEE Trans. Inf. Theory.

[22]  Christian Schaffner,et al.  Robust cryptography in the noisy-quantum-storage model , 2008, Quantum Inf. Comput..

[23]  Hoi-Kwong Lo,et al.  Making An Empty Promise With A Quantum Computer (Or, A Brief Review on the Impossibility of Quantum Bit Commitment) , 1998, IACR Cryptol. ePrint Arch..

[24]  Rudolf Ahlswede,et al.  Addendum to "Strong converse for identification via quantum channels" , 2003, IEEE Trans. Inf. Theory.

[25]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[26]  Maassen,et al.  Generalized entropic uncertainty relations. , 1988, Physical review letters.

[27]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[28]  Michal Horodecki,et al.  A Decoupling Approach to the Quantum Capacity , 2007, Open Syst. Inf. Dyn..

[29]  Stefano Pironio,et al.  Random numbers certified by Bell’s theorem , 2009, Nature.

[30]  Prabha Mandayam,et al.  Achieving the physical limits of the bounded-storage model , 2010, ArXiv.

[31]  Ivan Damgård,et al.  A Tight High-Order Entropic Quantum Uncertainty Relation with Applications , 2006, CRYPTO.

[32]  W. Wootters,et al.  Optimal state-determination by mutually unbiased measurements , 1989 .

[33]  Marco Tomamichel,et al.  Decoupling with unitary almost two-designs , 2011 .

[34]  Ran Raz,et al.  Exponential Separation for One-Way Quantum Communication Complexity, with Applications to Cryptography , 2008, SIAM J. Comput..

[35]  Adam D. Smith,et al.  Leftover Hashing Against Quantum Side Information , 2011, IEEE Transactions on Information Theory.

[36]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[37]  Renato Renner,et al.  Security of quantum key distribution , 2005, Ausgezeichnete Informatikdissertationen.

[38]  Andreas Winter Quantum information: Coping with uncertainty , 2010 .

[39]  J. Boileau,et al.  Conjectured strong complementary information tradeoff. , 2008, Physical review letters.

[40]  P. Hayden,et al.  Security of quantum bit string commitment depends on the information measure. , 2006, Physical review letters.

[41]  Hoi-Kwong Lo,et al.  Insecurity of Quantum Secure Computations , 1996, ArXiv.

[42]  Ivan Damgård,et al.  Cryptography in the bounded quantum-storage model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[43]  Barbara M. Terhal,et al.  The Bounded-Storage Model in the Presence of a Quantum Adversary , 2008, IEEE Transactions on Information Theory.

[44]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[45]  R. Renner,et al.  The Decoupling Theorem , 2011 .

[46]  Robert König,et al.  Universally Composable Privacy Amplification Against Quantum Adversaries , 2004, TCC.