The impossibility of non-signaling privacy amplification

Barrett, Hardy, and Kent have shown in 2005 that protocols for quantum key agreement exist the security of which can be proven under the assumption that quantum or relativity theory is correct. More precisely, this is based on the non-local behavior of certain quantum systems, combined with the non-signaling postulate from relativity. An advantage is that the resulting security is independent of what (quantum) systems the legitimate parties' devices operate on: they do not have to be trusted. Unfortunately, the protocol proposed by Barrett et al. cannot tolerate any errors caused by noise in the quantum channel. Furthermore, even in the error-free case it is inefficient: its communication complexity is Theta(1/epsilon) when forcing the attacker's information below epsilon, even if only a single key bit is generated. Potentially, the problem can be solved by privacy amplification of relativistic - or non-signaling - secrecy. We show, however, that such privacy amplification is impossible with respect to the most important form of non-local behavior, and application of arbitrary hash functions.Comment: 24 pages, 2 figure

Quantum Cryptography Based Solely on Bell's Theorem

Information-theoretic key agreement is impossible to achieve from scratch and must be based on some - ultimately physical - premise. In 2005, Barrett, Hardy, and Kent showed that unconditional security can be obtained in principle based on the impossibility of faster-than-light signaling; however, their protocol is inefficient and cannot tolerate any noise. While their key-distribution scheme uses quantum entanglement, its security only relies on the impossibility of superluminal signaling, rather than the correctness and completeness of quantum theory. In particular, the resulting security is device independent. Here we introduce a new protocol which is efficient in terms of both classical and quantum communication, and that can tolerate noise in the quantum channel. We prove that it offers device-independent security under the sole assumption that certain non-signaling conditions are satisfied. Our main insight is that the XOR of a number of bits that are partially secret according to the non-signaling conditions turns out to be highly secret. Note that similar statements have been well-known in classical contexts. Earlier results had indicated that amplification of such non-signaling-based privacy is impossible to achieve if the non-signaling condition only holds between events on Alice's and Bob's sides. Here, we show that the situation changes completely if such a separation is given within each of the laboratories.Comment: 32 pages, v2: changed introduction, added reference

Stronger Attacks on Causality-Based Key Agreement

Remarkably, it has been shown that in principle, security proofs for quantum key-distribution (QKD) protocols can be independent of assumptions on the devices used and even of the fact that the adversary is limited by quantum theory. All that is required instead is the absence of any hidden information flow between the laboratories, a condition that can be enforced either by shielding or by space-time causality. All known schemes for such Causal Key Distribution (CKD) that offer noise-tolerance (and, hence, must use privacy amplification as a crucial step) require multiple devices carrying out measurements in parallel on each end of the protocol, where the number of devices grows with the desired level of security. We investigate the power of the adversary for more practical schemes, where both parties each use a single device carrying out measurements consecutively. We provide a novel construction of attacks that is strictly more powerful than the best known attacks and has the potential to decide the question whether such practical CKD schemes are possible in the negative

Quantifying the randomness of copies of noisy Popescu-Rohrlich correlations

In a no-signaling world, the outputs of a nonlocal box cannot be completely predetermined, a feature that is exploited in many quantum information protocols exploiting non-locality, such as device-independent randomness generation and quantum key distribution. This relation between non-locality and randomness can be formally quantified through the min-entropy, a measure of the unpredictability of the outputs that holds conditioned on the knowledge of any adversary that is limited only by the no-signaling principle. This quantity can easily be computed for the noisy Popescu-Rohrlich (PR) box, the paradigmatic example of non-locality. In this paper, we consider the min-entropy associated to several copies of noisy PR boxes. In the case where n noisy PR-boxes are implemented using n non-communicating pairs of devices, it is known that each PR-box behaves as an independent biased coin: the min-entropy per PR-box is constant with the number of copies. We show that this doesn't hold in more general scenarios where several noisy PR-boxes are implemented from a single pair of devices, either used sequentially n times or producing n outcome bits in a single run. In this case, the min-entropy per PR-box is smaller than the min-entropy of a single PR-box, and it decreases as the number of copies increases.Comment: 14 pages + 8 figures. Mathematica files attached. Comments welcom

Quantum Cryptography Beyond Quantum Key Distribution

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference

Certified randomness in quantum physics

The concept of randomness plays an important role in many disciplines. On one hand, the question of whether random processes exist is fundamental for our understanding of nature. On the other hand, randomness is a resource for cryptography, algorithms and simulations. Standard methods for generating randomness rely on assumptions on the devices that are difficult to meet in practice. However, quantum technologies allow for new methods for generating certified randomness. These methods are known as device-independent because do not rely on any modeling of the devices. Here we review the efforts and challenges to design device-independent randomness generators.Comment: 18 pages, 3 figure

Some Physics And System Issues In The Security Analysis Of Quantum Key Distribution Protocols

In this paper we review a number of issues on the security of quantum key distribution (QKD) protocols that bear directly on the relevant physics or mathematical representation of the QKD cryptosystem. It is shown that the cryptosystem representation itself may miss out many possible attacks which are not accounted for in the security analysis and proofs. Hence the final security claims drawn from such analysis are not reliable, apart from foundational issues about the security criteria that are discussed elsewhere. The cases of continuous-variable QKD and multi-photon sources are elaborated upon