Increasing the power of the verifier in Quantum Zero Knowledge

In quantum zero knowledge, the assumption was made that the verifier is only using unitary operations. Under this assumption, many nice properties have been shown about quantum zero knowledge, including the fact that Honest-Verifier Quantum Statistical Zero Knowledge (HVQSZK) is equal to Cheating-Verifier Quantum Statistical Zero Knowledge (QSZK) (see [Wat02,Wat06]). In this paper, we study what happens when we allow an honest verifier to flip some coins in addition to using unitary operations. Flipping a coin is a non-unitary operation but doesn't seem at first to enhance the cheating possibilities of the verifier since a classical honest verifier can flip coins. In this setting, we show an unexpected result: any classical Interactive Proof has an Honest-Verifier Quantum Statistical Zero Knowledge proof with coins. Note that in the classical case, honest verifier SZK is no more powerful than SZK and hence it is not believed to contain even NP. On the other hand, in the case of cheating verifiers, we show that Quantum Statistical Zero Knowledge where the verifier applies any non-unitary operation is equal to Quantum Zero-Knowledge where the verifier uses only unitaries. One can think of our results in two complementary ways. If we would like to use the honest verifier model as a means to study the general model by taking advantage of their equivalence, then it is imperative to use the unitary definition without coins, since with the general one this equivalence is most probably not true. On the other hand, if we would like to use quantum zero knowledge protocols in a cryptographic scenario where the honest-but-curious model is sufficient, then adding the unitary constraint severely decreases the power of quantum zero knowledge protocols.Comment: 17 pages, 0 figures, to appear in FSTTCS'0

Power Allocation in MIMO Wiretap Channel with Statistical CSI and Finite-Alphabet Input

In this paper, we consider the problem of power allocation in MIMO wiretap channel for secrecy in the presence of multiple eavesdroppers. Perfect knowledge of the destination channel state information (CSI) and only the statistical knowledge of the eavesdroppers CSI are assumed. We first consider the MIMO wiretap channel with Gaussian input. Using Jensen's inequality, we transform the secrecy rate max-min optimization problem to a single maximization problem. We use generalized singular value decomposition and transform the problem to a concave maximization problem which maximizes the sum secrecy rate of scalar wiretap channels subject to linear constraints on the transmit covariance matrix. We then consider the MIMO wiretap channel with finite-alphabet input. We show that the transmit covariance matrix obtained for the case of Gaussian input, when used in the MIMO wiretap channel with finite-alphabet input, can lead to zero secrecy rate at high transmit powers. We then propose a power allocation scheme with an additional power constraint which alleviates this secrecy rate loss problem, and gives non-zero secrecy rates at high transmit powers

Power Estimation Technique for DSP Architectures.

The main goal of power estimation is to optimize the power consumption of a electronic design. Power is a strongly pattern dependent function. Input statistics greatly influence on average power. We solve the pattern dependence problem for intellectual property (IP) designs. In this paper, we present a power macro-modeling technique for digital signal processing (DSP) architectures in terms of the statistical knowledge of their primary inputs. During the power estimation procedure, the sequence of an input stream is generated by a genetic algorithm using input metrics. Then, a Monte Carlo zero delay simulation is performed and a power dissipation macro-model function is built from power dissipation results. From then on, this macro-model function can be used to estimate power dissipation of the system just by using the statistics of the macro-block’s primary in puts. In experiments with the DSP system, the average error is 26%

Outage Efficient Strategies for Network MIMO with Partial CSIT

We consider a multi-cell MIMO downlink (network MIMO) where $B$ base-stations (BS) with $M$ antennas connected to a central station (CS) serve $K$ single-antenna user terminals (UT). Although many works have shown the potential benefits of network MIMO, the conclusion critically depends on the underlying assumptions such as channel state information at transmitters (CSIT) and backhaul links. In this paper, by focusing on the impact of partial CSIT, we propose an outage-efficient strategy. Namely, with side information of all UT's messages and local CSIT, each BS applies zero-forcing (ZF) beamforming in a distributed manner. For a small number of UTs ($K\leq M$), the ZF beamforming creates $K$ parallel MISO channels. Based on the statistical knowledge of these parallel channels, the CS performs a robust power allocation that simultaneously minimizes the outage probability of all UTs and achieves a diversity gain of $B(M-K+1)$ per UT. With a large number of UTs ($K \geq M$), we propose a so-called distributed diversity scheduling (DDS) scheme to select a subset of \Ks UTs with limited backhaul communication. It is proved that DDS achieves a diversity gain of B\frac{K}{\Ks}(M-\Ks+1), which scales optimally with the number of cooperative BSs $B$ as well as UTs. Numerical results confirm that even under realistic assumptions such as partial CSIT and limited backhaul communications, network MIMO can offer high data rates with a sufficient reliability to individual UTs.Comment: 26 pages, 8 figures, submitted to IEEE Trans. on Signal Processin

Quantum Distinguishing Complexity, Zero-Error Algorithms, and Statistical Zero Knowledge

We define a new query measure we call quantum distinguishing complexity, denoted QD(f) for a Boolean function f. Unlike a quantum query algorithm, which must output a state close to |0> on a 0-input and a state close to |1> on a 1-input, a "quantum distinguishing algorithm" can output any state, as long as the output states for any 0-input and 1-input are distinguishable. Using this measure, we establish a new relationship in query complexity: For all total functions f, Q_0(f)=O~(Q(f)^5), where Q_0(f) and Q(f) denote the zero-error and bounded-error quantum query complexity of f respectively, improving on the previously known sixth power relationship. We also define a query measure based on quantum statistical zero-knowledge proofs, QSZK(f), which is at most Q(f). We show that QD(f) in fact lower bounds QSZK(f) and not just Q(f). QD(f) also upper bounds the (positive-weights) adversary bound, which yields the following relationships for all f: Q(f) >= QSZK(f) >= QD(f) = Omega(Adv(f)). This sheds some light on why the adversary bound proves suboptimal bounds for problems like Collision and Set Equality, which have low QSZK complexity. Lastly, we show implications for lifting theorems in communication complexity. We show that a general lifting theorem for either zero-error quantum query complexity or for QSZK would imply a general lifting theorem for bounded-error quantum query complexity

Two-message quantum interactive proofs and the quantum separability problem

Suppose that a polynomial-time mixed-state quantum circuit, described as a sequence of local unitary interactions followed by a partial trace, generates a quantum state shared between two parties. One might then wonder, does this quantum circuit produce a state that is separable or entangled? Here, we give evidence that it is computationally hard to decide the answer to this question, even if one has access to the power of quantum computation. We begin by exhibiting a two-message quantum interactive proof system that can decide the answer to a promise version of the question. We then prove that the promise problem is hard for the class of promise problems with "quantum statistical zero knowledge" (QSZK) proof systems by demonstrating a polynomial-time Karp reduction from the QSZK-complete promise problem "quantum state distinguishability" to our quantum separability problem. By exploiting Knill's efficient encoding of a matrix description of a state into a description of a circuit to generate the state, we can show that our promise problem is NP-hard with respect to Cook reductions. Thus, the quantum separability problem (as phrased above) constitutes the first nontrivial promise problem decidable by a two-message quantum interactive proof system while being hard for both NP and QSZK. We also consider a variant of the problem, in which a given polynomial-time mixed-state quantum circuit accepts a quantum state as input, and the question is to decide if there is an input to this circuit which makes its output separable across some bipartite cut. We prove that this problem is a complete promise problem for the class QIP of problems decidable by quantum interactive proof systems. Finally, we show that a two-message quantum interactive proof system can also decide a multipartite generalization of the quantum separability problem.Comment: 34 pages, 6 figures; v2: technical improvements and new result for the multipartite quantum separability problem; v3: minor changes to address referee comments, accepted for presentation at the 2013 IEEE Conference on Computational Complexity; v4: changed problem names; v5: updated references and added a paragraph to the conclusion to connect with prior work on separability testin

Efficient noninteractive certification of RSA moduli and beyond

In many applications, it is important to verify that an RSA public key (N; e) speci es a permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and e cient noninteractive zero-knowledge protocol (in the random oracle model) for this task. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modi cations to existing code or cryptographic libraries. Users need only perform a one-time veri cation of the proof to ensure that raising to the power e is a permutation of the integers modulo N. For typical parameter settings, the proof consists of nine integers modulo N; generating the proof and verifying it both require about nine modular exponentiations. We extend our results beyond RSA keys and also provide e cient noninteractive zero- knowledge proofs for other properties of N, which can be used to certify that N is suitable for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for similar languages, our protocols are more e cient and do not require interaction, which enables a broader class of applications.https://eprint.iacr.org/2018/057First author draf