A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols

International audienceWe provide the first mechanized post-quantum sound security protocol proofs. We achieve this by developing PQ-BC, a computational first-order logic that is sound with respect to quantum attackers, and corresponding mechanization support in the form of the PQ-Squirrel prover. Our work builds on the classical BC logic [7] and its mechanization in the Squirrel [5] prover. Our development of PQ-BC requires making the BC logic sound for a single interactive quantum attacker. We implement the PQ-Squirrel prover by modifying Squirrel, relying on the soundness results of PQ-BC and enforcing a set of syntactic conditions; additionally, we provide new tactics for the logic that extend the tool’s scope. Using PQ-Squirrel, we perform several case studies, thereby giving the first mechanical proofs of their computational post-quantum security. These include two generic constructions of KEM based key exchange, two sub-protocols from IKEv1 and IKEv2, and a proposed post-quantum variant of Signal’s X3DH protocol. Additionally, we use PQ-Squirrel to prove that several classical Squirrel case studies are already post-quantum sound

Universal Algorithmic Intelligence: A mathematical top->down approach

Sequential decision theory formally solves the problem of rational agents in uncertain worlds if the true environmental prior probability distribution is known. Solomonoff's theory of universal induction formally solves the problem of sequence prediction for unknown prior distribution. We combine both ideas and get a parameter-free theory of universal Artificial Intelligence. We give strong arguments that the resulting AIXI model is the most intelligent unbiased agent possible. We outline how the AIXI model can formally solve a number of problem classes, including sequence prediction, strategic games, function minimization, reinforcement and supervised learning. The major drawback of the AIXI model is that it is uncomputable. To overcome this problem, we construct a modified algorithm AIXItl that is still effectively more intelligent than any other time t and length l bounded agent. The computation time of AIXItl is of the order t x 2^l. The discussion includes formal definitions of intelligence order relations, the horizon problem and relations of the AIXI theory to other AI approaches.Comment: 70 page

Extending ancilla driven universal quantum computation beyond stepwise determinism

A major research goal in the field of quantum computation is the construction of the universal quantum computer (UQC): a device that can implement any quantum algorithm. Several theoretical schemes for implementing UQC have been developed which require different sets of resources and capabilities with varying implications for the optimum experimental implementations. The ancilla driven quantum computation scheme (ADQC) comprises two subsystems: a memory register of qubits on which information is retained and processed and an ancilla system of qubits which couple to the register. This coupling is represented in the ADQC scheme by a fixed quantum gate.By preparing the ancilla in selected states before applying this gate and then measuring it in selected measurement basis afterwards, quantum gates are enacted on the register qubits. ADQC is deterministic in that the probability of the outcome after performing the entire procedure is 1 but we have to apply corrections to the procedure at each step that depend on the probabilistic outcome of the ancilla measurement. An important resource in this model is the availability of a maximally entangling two-qubit gate between the ancilla and register qubits because if the gate is not maximally entangling,the resulting gates on the register can not be selected with stepwise determinism.It is proven in this thesis that in fact ADQC with non-maximally entangling interaction gates is universal. This requires showing that single- and two-qubit unitary gates can be effciently implemented probabilistically. We also show a relationship between the expected time of the probabilistic implementation of a gate and the ability to control the ancilla. In the ADQC model, the ancilla is controlled with single qubit unitary gates just before interacting with the register and just before measurement.We show that the increase in time caused by a loss of maximally entangling two-qubit gates can be counteracted by control over the ancilla. This needs not be the ability to perform any single qubit unitary to the ancilla but just the ability to perform a specific small finite set of operations.This is important because the resource requirements described by a scheme affect the properties of possible experimental implementations. The ADQC scheme was originally designed to be used with physical implementations of quantum computing that involves qubits coming from different physical systems that have different properties.This may restrict the availability of couplings between the register and ancilla systems equivalent to maximally entangling quantum gates. By further focusing on the model under specific restrictions, such as minimal control of the ancilla system or long distance separation between register qubits, we find certain properties of the physical implementation that may best suit it for ADQC beyond stepwise determinism. Minimal control appears best suited for symmetric ancilla-register interactions; use overlong distances suits a transmitter going to an unknown receiver with possible small errors in the receiver's interaction with the ancilla.A major research goal in the field of quantum computation is the construction of the universal quantum computer (UQC): a device that can implement any quantum algorithm. Several theoretical schemes for implementing UQC have been developed which require different sets of resources and capabilities with varying implications for the optimum experimental implementations. The ancilla driven quantum computation scheme (ADQC) comprises two subsystems: a memory register of qubits on which information is retained and processed and an ancilla system of qubits which couple to the register. This coupling is represented in the ADQC scheme by a fixed quantum gate.By preparing the ancilla in selected states before applying this gate and then measuring it in selected measurement basis afterwards, quantum gates are enacted on the register qubits. ADQC is deterministic in that the probability of the outcome after performing the entire procedure is 1 but we have to apply corrections to the procedure at each step that depend on the probabilistic outcome of the ancilla measurement. An important resource in this model is the availability of a maximally entangling two-qubit gate between the ancilla and register qubits because if the gate is not maximally entangling,the resulting gates on the register can not be selected with stepwise determinism.It is proven in this thesis that in fact ADQC with non-maximally entangling interaction gates is universal. This requires showing that single- and two-qubit unitary gates can be effciently implemented probabilistically. We also show a relationship between the expected time of the probabilistic implementation of a gate and the ability to control the ancilla. In the ADQC model, the ancilla is controlled with single qubit unitary gates just before interacting with the register and just before measurement.We show that the increase in time caused by a loss of maximally entangling two-qubit gates can be counteracted by control over the ancilla. This needs not be the ability to perform any single qubit unitary to the ancilla but just the ability to perform a specific small finite set of operations.This is important because the resource requirements described by a scheme affect the properties of possible experimental implementations. The ADQC scheme was originally designed to be used with physical implementations of quantum computing that involves qubits coming from different physical systems that have different properties.This may restrict the availability of couplings between the register and ancilla systems equivalent to maximally entangling quantum gates. By further focusing on the model under specific restrictions, such as minimal control of the ancilla system or long distance separation between register qubits, we find certain properties of the physical implementation that may best suit it for ADQC beyond stepwise determinism. Minimal control appears best suited for symmetric ancilla-register interactions; use overlong distances suits a transmitter going to an unknown receiver with possible small errors in the receiver's interaction with the ancilla

Information flow at the quantum-classical boundary

We study the nature of the information preserved by a quantum channel via the observables which exist in its image (in the Heisenberg picture), and can therefore be simulated on the receiver's side. The sharp observables preserved by a channel form an operator algebra which can be characterized in terms of the channel's elements. The effect of the channel on these observables can be reversed by another physical transformation. These results generalize the theory of quantum error correction to codes characterized by arbitrary von Neumann algebras, which can represent hybrid quantum-classical information, continuous variable systems, or certain quantum field theories. The preserved unsharp observables (positive operator-valued measures) allow for a finer characterization of the information preserved by a channel. We show that the only type of information which can be duplicated arbitrarily many times consists of coarse-grainings of a single POVM. Based on these results, we propose a model of decoherence which can account for the emergence of a classical phase-space. This model supports the view that the quantum-classical correspondence is given by a quantum-to-classical channel, i.e. a POVM.Comment: Ph.D. Thesis in Applied Mathematics, University of Waterloo, 200

Dagstuhl News January - December 2000

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic