From Low-Distortion Norm Embeddings to Explicit Uncertainty Relations and Efficient Information Locking

The existence of quantum uncertainty relations is the essential reason that some classically impossible cryptographic primitives become possible when quantum communication is allowed. One direct operational manifestation of these uncertainty relations is a purely quantum effect referred to as information locking. A locking scheme can be viewed as a cryptographic protocol in which a uniformly random n-bit message is encoded in a quantum system using a classical key of size much smaller than n. Without the key, no measurement of this quantum state can extract more than a negligible amount of information about the message, in which case the message is said to be "locked". Furthermore, knowing the key, it is possible to recover, that is "unlock", the message. In this paper, we make the following contributions by exploiting a connection between uncertainty relations and low-distortion embeddings of L2 into L1. We introduce the notion of metric uncertainty relations and connect it to low-distortion embeddings of L2 into L1. A metric uncertainty relation also implies an entropic uncertainty relation. We prove that random bases satisfy uncertainty relations with a stronger definition and better parameters than previously known. Our proof is also considerably simpler than earlier proofs. We apply this result to show the existence of locking schemes with key size independent of the message length. We give efficient constructions of metric uncertainty relations. The bases defining these metric uncertainty relations are computable by quantum circuits of almost linear size. This leads to the first explicit construction of a strong information locking scheme. Moreover, we present a locking scheme that is close to being implementable with current technology. We apply our metric uncertainty relations to exhibit communication protocols that perform quantum equality testing.Comment: 60 pages, 5 figures. v4: published versio

Variations on Classical and Quantum Extractors

Many constructions of randomness extractors are known to work in the presence of quantum side information, but there also exist extractors which do not [Gavinsky {\it et al.}, STOC'07]. Here we find that spectral extractors $\psi$ with a bound on the second largest eigenvalue $\lambda_{2}(\psi^{\dagger}\circ\psi)$ are quantum-proof. We then discuss fully quantum extractors and call constructions that also work in the presence of quantum correlations decoupling. As in the classical case we show that spectral extractors are decoupling. The drawback of classical and quantum spectral extractors is that they always have a long seed, whereas there exist classical extractors with exponentially smaller seed size. For the quantum case, we show that there exists an extractor with extremely short seed size $d=O(\log(1/\epsilon))$, where $\epsilon>0$ denotes the quality of the randomness. In contrast to the classical case this is independent of the input size and min-entropy and matches the simple lower bound $d\geq\log(1/\epsilon)$.Comment: 7 pages, slightly enhanced IEEE ISIT submission including all the proof

Quantum Data Locking for Secure Communication against an Eavesdropper with Time-Limited Storage

Quantum cryptography allows for unconditionally secure communication against an eavesdropper endowed with unlimited computational power and perfect technologies, who is only constrained by the laws of physics. We review recent results showing that, under the assumption that the eavesdropper can store quantum information only for a limited time, it is possible to enhance the performance of quantum key distribution in both a quantitative and qualitative fashion. We consider quantum data locking as a cryptographic primitive and discuss secure communication and key distribution protocols. For the case of a lossy optical channel, this yields the theoretical possibility of generating secret key at a constant rate of 1 bit per mode at arbitrarily long communication distances.United States. Army Research Office (United States. Defense Advanced Research Projects Agency. Quiness Program (W31P4Q-12-1-0019

Certainty relations, mutual entanglement and non-displacable manifolds

We derive explicit bounds for the average entropy characterizing measurements of a pure quantum state of size $N$ in $L$ orthogonal bases. Lower bounds lead to novel entropic uncertainty relations, while upper bounds allow us to formulate universal certainty relations. For $L=2$ the maximal average entropy saturates at $\log N$ as there exists a mutually coherent state, but certainty relations are shown to be nontrivial for $L \ge 3$ measurements. In the case of a prime power dimension, $N=p^k$, and the number of measurements $L=N+1$, the upper bound for the average entropy becomes minimal for a collection of mutually unbiased bases. Analogous approach is used to study entanglement with respect to $L$ different splittings of a composite system, linked by bi-partite quantum gates. We show that for any two-qubit unitary gate $U\in \mathcal{U}(4)$ there exist states being mutually separable or mutually entangled with respect to both splittings (related by $U$) of the composite system. The latter statement follows from the fact that the real projective space $\mathbb{R}P^{3}\subset\mathbb{C}P^{3}$ is non-displacable. For $L=3$ splittings the maximal sum of $L$ entanglement entropies is conjectured to achieve its minimum for a collection of three mutually entangled bases, formed by two mutually entangling gates

An All-But-One Entropic Uncertainty Relation, and Application to Password-based Identification

Entropic uncertainty relations are quantitative characterizations of Heisenberg's uncertainty principle, which make use of an entropy measure to quantify uncertainty. In quantum cryptography, they are often used as convenient tools in security proofs. We propose a new entropic uncertainty relation. It is the first such uncertainty relation that lower bounds the uncertainty in the measurement outcome for all but one choice for the measurement from an arbitrarily large (but specifically chosen) set of possible measurements, and, at the same time, uses the min-entropy as entropy measure, rather than the Shannon entropy. This makes it especially suited for quantum cryptography. As application, we propose a new quantum identification scheme in the bounded quantum storage model. It makes use of our new uncertainty relation at the core of its security proof. In contrast to the original quantum identification scheme proposed by Damg{\aa}rd et al., our new scheme also offers some security in case the bounded quantum storage assumption fails hold. Specifically, our scheme remains secure against an adversary that has unbounded storage capabilities but is restricted to non-adaptive single-qubit operations. The scheme by Damg{\aa}rd et al., on the other hand, completely breaks down under such an attack.Comment: 33 pages, v

Quantum enigma machines and the locking capacity of a quantum channel

The locking effect is a phenomenon which is unique to quantum information theory and represents one of the strongest separations between the classical and quantum theories of information. The Fawzi-Hayden-Sen (FHS) locking protocol harnesses this effect in a cryptographic context, whereby one party can encode n bits into n qubits while using only a constant-size secret key. The encoded message is then secure against any measurement that an eavesdropper could perform in an attempt to recover the message, but the protocol does not necessarily meet the composability requirements needed in quantum key distribution applications. In any case, the locking effect represents an extreme violation of Shannon's classical theorem, which states that information-theoretic security holds in the classical case if and only if the secret key is the same size as the message. Given this intriguing phenomenon, it is of practical interest to study the effect in the presence of noise, which can occur in the systems of both the legitimate receiver and the eavesdropper. This paper formally defines the locking capacity of a quantum channel as the maximum amount of locked information that can be reliably transmitted to a legitimate receiver by exploiting many independent uses of a quantum channel and an amount of secret key sublinear in the number of channel uses. We provide general operational bounds on the locking capacity in terms of other well-known capacities from quantum Shannon theory. We also study the important case of bosonic channels, finding limitations on these channels' locking capacity when coherent-state encodings are employed and particular locking protocols for these channels that might be physically implementable.Comment: 37 page