17,735 research outputs found
Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3
We investigate the cost of Grover's quantum search algorithm when used in the
context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions.
Our cost model assumes that the attack is run on a surface code based
fault-tolerant quantum computer. Our estimates rely on a time-area metric that
costs the number of logical qubits times the depth of the circuit in units of
surface code cycles. As a surface code cycle involves a significant classical
processing stage, our cost estimates allow for crude, but direct, comparisons
of classical and quantum algorithms.
We exhibit a circuit for a pre-image attack on SHA-256 that is approximately
surface code cycles deep and requires approximately
logical qubits. This yields an overall cost of
logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is
approximately surface code cycles deep and requires approximately
logical qubits for a total cost of, again,
logical-qubit-cycles. Both attacks require on the order of queries in
a quantum black-box model, hence our results suggest that executing these
attacks may be as much as billion times more expensive than one would
expect from the simple query analysis.Comment: Same as the published version to appear in the Selected Areas of
Cryptography (SAC) 2016. Comments are welcome
Entanglement cost and quantum channel simulation
This paper proposes a revised definition for the entanglement cost of a
quantum channel . In particular, it is defined here to be the
smallest rate at which entanglement is required, in addition to free classical
communication, in order to simulate calls to , such that the
most general discriminator cannot distinguish the calls to
from the simulation. The most general discriminator is one who tests the
channels in a sequential manner, one after the other, and this discriminator is
known as a quantum tester [Chiribella et al., Phys. Rev. Lett., 101, 060401
(2008)] or one who is implementing a quantum co-strategy [Gutoski et al., Symp.
Th. Comp., 565 (2007)]. As such, the proposed revised definition of
entanglement cost of a quantum channel leads to a rate that cannot be smaller
than the previous notion of a channel's entanglement cost [Berta et al., IEEE
Trans. Inf. Theory, 59, 6779 (2013)], in which the discriminator is limited to
distinguishing parallel uses of the channel from the simulation. Under this
revised notion, I prove that the entanglement cost of certain
teleportation-simulable channels is equal to the entanglement cost of their
underlying resource states. Then I find single-letter formulas for the
entanglement cost of some fundamental channel models, including dephasing,
erasure, three-dimensional Werner--Holevo channels, epolarizing channels
(complements of depolarizing channels), as well as single-mode pure-loss and
pure-amplifier bosonic Gaussian channels. These examples demonstrate that the
resource theory of entanglement for quantum channels is not reversible.
Finally, I discuss how to generalize the basic notions to arbitrary resource
theories.Comment: 28 pages, 7 figure
Preliminary Design of Reactive Distillation Columns
A procedure that combines feasibility analysis, synthesis and design of reactive distillation columns is introduced. The main interest of this methodology lies on a progressive
introduction of the process complexity. From minimal information concerning the physicochemical properties of the system, three steps lead to the design of
the unit and the specification of its operating conditions. Most of the methodology exploits and enriches approaches found in the literature. Each step is described and our contribution is underlined. Its application is currently limited to equilibrium reactive systems where degree of freedom is equal to 2 or less than 2. This methodology which provides a reliable initialization point for the optimization of the process has been applied with success to
different synthesis. The production of methyl-tert-butyl-ether (MTBE) and methyl acetate are presented as examples
Near-term quantum-repeater experiments with nitrogen-vacancy centers: Overcoming the limitations of direct transmission
Quantum channels enable the implementation of communication tasks
inaccessible to their classical counterparts. The most famous example is the
distribution of secret key. However, in the absence of quantum repeaters, the
rate at which these tasks can be performed is dictated by the losses in the
quantum channel. In practice, channel losses have limited the reach of quantum
protocols to short distances. Quantum repeaters have the potential to
significantly increase the rates and reach beyond the limits of direct
transmission. However, no experimental implementation has overcome the direct
transmission threshold. Here, we propose three quantum repeater schemes and
assess their ability to generate secret key when implemented on a setup using
nitrogen-vacancy (NV) centers in diamond with near-term experimental
parameters. We find that one of these schemes - the so-called single-photon
scheme, requiring no quantum storage - has the ability to surpass the capacity
- the highest secret-key rate achievable with direct transmission - by a factor
of 7 for a distance of approximately 9.2 km with near-term parameters,
establishing it as a prime candidate for the first experimental realization of
a quantum repeater.Comment: 19+17 pages, 17 figures. v2: added "Discussion and future outlook"
section and expanded introduction, published versio
Unconstrained distillation capacities of a pure-loss bosonic broadcast channel
Bosonic channels are important in practice as they form a simple model for
free-space or fiber-optic communication. Here we consider a single-sender
two-receiver pure-loss bosonic broadcast channel and determine the
unconstrained capacity region for the distillation of bipartite entanglement
and secret key between the sender and each receiver, whenever they are allowed
arbitrary public classical communication. We show how the state merging
protocol leads to achievable rates in this setting, giving an inner bound on
the capacity region. We also evaluate an outer bound on the region by using the
relative entropy of entanglement and a `reduction by teleportation' technique.
The outer bounds match the inner bounds in the infinite-energy limit, thereby
establishing the unconstrained capacity region for such channels. Our result
could provide a useful benchmark for implementing a broadcasting of
entanglement and secret key through such channels. An important open question
relevant to practice is to determine the capacity region in both this setting
and the single-sender single-receiver case when there is an energy constraint
on the transmitter.Comment: v2: 6 pages, 3 figures, introduction revised, appendix added where
the result is extended to the 1-to-m pure-loss bosonic broadcast channel. v3:
minor revision, typo error correcte
Separation of Reliability and Secrecy in Rate-Limited Secret-Key Generation
For a discrete or a continuous source model, we study the problem of
secret-key generation with one round of rate-limited public communication
between two legitimate users. Although we do not provide new bounds on the
wiretap secret-key (WSK) capacity for the discrete source model, we use an
alternative achievability scheme that may be useful for practical applications.
As a side result, we conveniently extend known bounds to the case of a
continuous source model. Specifically, we consider a sequential key-generation
strategy, that implements a rate-limited reconciliation step to handle
reliability, followed by a privacy amplification step performed with extractors
to handle secrecy. We prove that such a sequential strategy achieves the best
known bounds for the rate-limited WSK capacity (under the assumption of
degraded sources in the case of two-way communication). However, we show that,
unlike the case of rate-unlimited public communication, achieving the
reconciliation capacity in a sequential strategy does not necessarily lead to
achieving the best known bounds for the WSK capacity. Consequently, reliability
and secrecy can be treated successively but not independently, thereby
exhibiting a limitation of sequential strategies for rate-limited public
communication. Nevertheless, we provide scenarios for which reliability and
secrecy can be treated successively and independently, such as the two-way
rate-limited SK capacity, the one-way rate-limited WSK capacity for degraded
binary symmetric sources, and the one-way rate-limited WSK capacity for
Gaussian degraded sources.Comment: 18 pages, two-column, 9 figures, accepted to IEEE Transactions on
Information Theory; corrected typos; updated references; minor change in
titl
- ā¦