A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device

We give a protocol for producing certifiable randomness from a single untrusted quantum device that is polynomial-time bounded. The randomness is certified to be statistically close to uniform from the point of view of any computationally unbounded quantum adversary, that may share entanglement with the quantum device. The protocol relies on the existence of post-quantum secure trapdoor claw-free functions, and introduces a new primitive for constraining the power of an untrusted quantum device. We then show how to construct this primitive based on the hardness of the learning with errors (LWE) problem. The randomness protocol can also be used as the basis for an efficiently verifiable "quantum supremacy" proposal, thus answering an outstanding challenge in the field

A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device

We give a protocol for producing certifiable randomness from a single untrusted quantum device that is polynomial-time bounded. The randomness is certified to be statistically close to uniform from the point of view of any computationally unbounded quantum adversary, that may share entanglement with the quantum device. The protocol relies on the existence of post-quantum secure trapdoor claw-free functions, and introduces a new primitive for constraining the power of an untrusted quantum device. We show how to construct this primitive based on the hardness of the learning with errors (LWE) problem, and prove that it has a crucial adaptive hardcore bit property. The randomness protocol can be used as the basis for an efficiently verifiable "test of quantumness", thus answering an outstanding challenge in the field.Comment: 45 page

Trading locality for time: certifiable randomness from low-depth circuits

The generation of certifiable randomness is the most fundamental information-theoretic task that meaningfully separates quantum devices from their classical counterparts. We propose a protocol for exponential certified randomness expansion using a single quantum device. The protocol calls for the device to implement a simple quantum circuit of constant depth on a 2D lattice of qubits. The output of the circuit can be verified classically in linear time, and is guaranteed to contain a polynomial number of certified random bits assuming that the device used to generate the output operated using a (classical or quantum) circuit of sub-logarithmic depth. This assumption contrasts with the locality assumption used for randomness certification based on Bell inequality violation or computational assumptions. To demonstrate randomness generation it is sufficient for a device to sample from the ideal output distribution within constant statistical distance. Our procedure is inspired by recent work of Bravyi et al. (Science 2018), who introduced a relational problem that can be solved by a constant-depth quantum circuit, but provably cannot be solved by any classical circuit of sub-logarithmic depth. We develop the discovery of Bravyi et al. into a framework for robust randomness expansion. Our proposal does not rest on any complexity-theoretic conjectures, but relies on the physical assumption that the adversarial device being tested implements a circuit of sub-logarithmic depth. Success on our task can be easily verified in classical linear time. Finally, our task is more noise-tolerant than most other existing proposals that can only tolerate multiplicative error, or require additional conjectures from complexity theory; in contrast, we are able to allow a small constant additive error in total variation distance between the sampled and ideal distributions.Comment: 36 pages, 2 figure

A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device

We give a protocol for producing certifiable randomness from a single untrusted quantum device that is polynomial-time bounded. The randomness is certified to be statistically close to uniform from the point of view of any computationally unbounded quantum adversary, that may share entanglement with the quantum device. The protocol relies on the existence of post-quantum secure trapdoor claw-free functions, and introduces a new primitive for constraining the power of an untrusted quantum device. We then show how to construct this primitive based on the hardness of the learning with errors (LWE) problem. The randomness protocol can also be used as the basis for an efficiently verifiable "quantum supremacy" proposal, thus answering an outstanding challenge in the field

Test of Quantumness with Small-Depth Quantum Circuits

Recently Brakerski, Christiano, Mahadev, Vazirani and Vidick (FOCS 2018) have shown how to construct a test of quantumness based on the learning with errors (LWE) assumption: a test that can be solved efficiently by a quantum computer but cannot be solved by a classical polynomial-time computer under the LWE assumption. This test has lead to several cryptographic applications. In particular, it has been applied to producing certifiable randomness from a single untrusted quantum device, self-testing a single quantum device and device-independent quantum key distribution. In this paper, we show that this test of quantumness, and essentially all the above applications, can actually be implemented by a very weak class of quantum circuits: constant-depth quantum circuits combined with logarithmic-depth classical computation. This reveals novel complexity-theoretic properties of this fundamental test of quantumness and gives new concrete evidence of the superiority of small-depth quantum circuits over classical computation

Unbounded randomness certification using sequences of measurements

Unpredictability, or randomness, of the outcomes of measurements made on an entangled state can be certified provided that the statistics violate a Bell inequality. In the standard Bell scenario where each party performs a single measurement on its share of the system, only a finite amount of randomness, of at most $4 log_2 d$ bits, can be certified from a pair of entangled particles of dimension $d$. Our work shows that this fundamental limitation can be overcome using sequences of (nonprojective) measurements on the same system. More precisely, we prove that one can certify any amount of random bits from a pair of qubits in a pure state as the resource, even if it is arbitrarily weakly entangled. In addition, this certification is achieved by near-maximal violation of a particular Bell inequality for each measurement in the sequence.Comment: 4 + 5 pages (1 + 3 images), published versio

Optimal randomness generation from optical Bell experiments

Genuine randomness can be certified from Bell tests without any detailed assumptions on the working of the devices with which the test is implemented. An important class of experiments for implementing such tests is optical setups based on polarisation measurements of entangled photons distributed from a spontaneous parametric down conversion source. Here we compute the maximal amount of randomness which can be certified in such setups under realistic conditions. We provide relevant yet unexpected numerical values for the physical parameters and achieve four times more randomness than previous methods.Comment: 15 pages, 4 figure

Measurement-device-independent quantification of entanglement for given Hilbert space dimension

We address the question of how much entanglement can be certified from the observed correlations and the knowledge of the Hilbert space dimension of the measured systems. We focus on the case in which both systems are known to be qubits. For several correlations (though not for all), one can certify the same amount of entanglement as with state tomography, but with fewer assumptions, since nothing is assumed about the measurements. We also present security proofs of quantum key distribution without any assumption on the measurements. We discuss how both the amount of entanglement and the security of quantum key distribution (QKD) are affected by the inefficiency of detectors in this scenario.Comment: 19 pages, 6 figure