377 research outputs found
A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device
We give a protocol for producing certifiable randomness from a single untrusted quantum device that is polynomial-time bounded. The randomness is certified to be statistically close to uniform from the point of view of any computationally unbounded quantum adversary, that may share entanglement with the quantum device. The protocol relies on the existence of post-quantum secure trapdoor claw-free functions, and introduces a new primitive for constraining the power of an untrusted quantum device. We then show how to construct this primitive based on the hardness of the learning with errors (LWE) problem. The randomness protocol can also be used as the basis for an efficiently verifiable "quantum supremacy" proposal, thus answering an outstanding challenge in the field
A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device
We give a protocol for producing certifiable randomness from a single
untrusted quantum device that is polynomial-time bounded. The randomness is
certified to be statistically close to uniform from the point of view of any
computationally unbounded quantum adversary, that may share entanglement with
the quantum device. The protocol relies on the existence of post-quantum secure
trapdoor claw-free functions, and introduces a new primitive for constraining
the power of an untrusted quantum device. We show how to construct this
primitive based on the hardness of the learning with errors (LWE) problem, and
prove that it has a crucial adaptive hardcore bit property. The randomness
protocol can be used as the basis for an efficiently verifiable "test of
quantumness", thus answering an outstanding challenge in the field.Comment: 45 page
Recommended from our members
Characterizing Pseudoentropy and Simplifying Pseudorandom Generator Constructions
We provide a characterization of pseudoentropy in terms of hardness of sampling: Let (X,B) be jointly distributed random variables such that B takes values in a polynomial-sized set. We show that B is computationally indistinguishable from a random variable of higher Shannon entropy given X if and only if there is no probabilistic polynomial-time S such that (X,S(X)) has small KL divergence from (X,B). This can be viewed as an analogue of the Impagliazzo Hardcore Theorem (FOCS '95) for Shannon entropy (rather than min-entropy).
Using this characterization, we show that if f is a one-way function, then (f(Un),Un) has "next-bit pseudoentropy" at least n+log n, establishing a conjecture of Haitner, Reingold, and Vadhan (STOC '10). Plugging this into the construction of Haitner et al., this yields a simpler construction of pseudorandom generators from one-way functions. In particular, the construction only performs hashing once, and only needs the hash functions that are randomness extractors (e.g. universal hash functions) rather than needing them to support "local list-decoding" (as in the Goldreich--Levin hardcore predicate, STOC '89).
With an additional idea, we also show how to improve the seed length of the pseudorandom generator to ~{O}(n3), compared to O(n4) in the construction of Haitner et al.Engineering and Applied Science
On One-way Functions and Kolmogorov Complexity
We prove that the equivalence of two fundamental problems in the theory of
computing. For every polynomial , the
following are equivalent:
- One-way functions exists (which in turn is equivalent to the existence of
secure private-key encryption schemes, digital signatures, pseudorandom
generators, pseudorandom functions, commitment schemes, and more);
- -time bounded Kolmogorov Complexity, , is mildly hard-on-average
(i.e., there exists a polynomial such that no PPT algorithm can
compute , for more than a fraction of -bit strings).
In doing so, we present the first natural, and well-studied, computational
problem characterizing the feasibility of the central private-key primitives
and protocols in Cryptography
Pseudorandom generators and the BQP vs. PH problem
It is a longstanding open problem to devise an oracle relative to which BQP
does not lie in the Polynomial-Time Hierarchy (PH). We advance a natural
conjecture about the capacity of the Nisan-Wigderson pseudorandom generator
[NW94] to fool AC_0, with MAJORITY as its hard function. Our conjecture is
essentially that the loss due to the hybrid argument (which is a component of
the standard proof from [NW94]) can be avoided in this setting. This is a
question that has been asked previously in the pseudorandomness literature
[BSW03]. We then make three main contributions: (1) We show that our conjecture
implies the existence of an oracle relative to which BQP is not in the PH. This
entails giving an explicit construction of unitary matrices, realizable by
small quantum circuits, whose row-supports are "nearly-disjoint." (2) We give a
simple framework (generalizing the setting of Aaronson [A10]) in which any
efficiently quantumly computable unitary gives rise to a distribution that can
be distinguished from the uniform distribution by an efficient quantum
algorithm. When applied to the unitaries we construct, this framework yields a
problem that can be solved quantumly, and which forms the basis for the desired
oracle. (3) We prove that Aaronson's "GLN conjecture" [A10] implies our
conjecture; our conjecture is thus formally easier to prove. The GLN conjecture
was recently proved false for depth greater than 2 [A10a], but it remains open
for depth 2. If true, the depth-2 version of either conjecture would imply an
oracle relative to which BQP is not in AM, which is itself an outstanding open
problem. Taken together, our results have the following interesting
interpretation: they give an instantiation of the Nisan-Wigderson generator
that can be broken by quantum computers, but not by the relevant modes of
classical computation, if our conjecture is true.Comment: Updated in light of counterexample to the GLN conjectur
A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device
We give a protocol for producing certifiable randomness from a single untrusted quantum device that is polynomial-time bounded. The randomness is certified to be statistically close to uniform from the point of view of any computationally unbounded quantum adversary, that may share entanglement with the quantum device. The protocol relies on the existence of post-quantum secure trapdoor claw-free functions, and introduces a new primitive for constraining the power of an untrusted quantum device. We then show how to construct this primitive based on the hardness of the learning with errors (LWE) problem. The randomness protocol can also be used as the basis for an efficiently verifiable "quantum supremacy" proposal, thus answering an outstanding challenge in the field
Amplifying the Security of Functional Encryption, Unconditionally
Security amplification is a fundamental problem in cryptography. In this work, we study security amplification for functional encryption (FE). We show two main results:
1) For any constant epsilon in (0,1), we can amplify any FE scheme for P/poly which is epsilon-secure against all polynomial sized adversaries to a fully secure FE scheme for P/poly, unconditionally.
2) For any constant epsilon in (0,1), we can amplify any FE scheme for P/poly which is epsilon-secure against subexponential sized adversaries to a fully subexponentially secure FE scheme for P/poly, unconditionally.
Furthermore, both of our amplification results preserve compactness of the underlying FE scheme. Previously, amplification results for FE were only known assuming subexponentially secure LWE.
Along the way, we introduce a new form of homomorphic secret sharing called set homomorphic secret sharing that may be of independent interest. Additionally, we introduce a new technique, which allows one to argue security amplification of nested primitives, and prove a general theorem that can be used to analyze the security amplification of parallel repetitions
- …