The Parity Bit in Quantum Cryptography

An $n$-bit string is encoded as a sequence of non-orthogonal quantum states. The parity bit of that $n$-bit string is described by one of two density matrices, $\rho_0^{(n)}$ and $\rho_1^{(n)}$, both in a Hilbert space of dimension $2^n$. In order to derive the parity bit the receiver must distinguish between the two density matrices, e.g., in terms of optimal mutual information. In this paper we find the measurement which provides the optimal mutual information about the parity bit and calculate that information. We prove that this information decreases exponentially with the length of the string in the case where the single bit states are almost fully overlapping. We believe this result will be useful in proving the ultimate security of quantum crytography in the presence of noise.Comment: 19 pages, RevTe

Simple Proof of Security of the BB84 Quantum Key Distribution Protocol

We prove the security of the 1984 protocol of Bennett and Brassard (BB84) for quantum key distribution. We first give a key distribution protocol based on entanglement purification, which can be proven secure using methods from Lo and Chau's proof of security for a similar protocol. We then show that the security of this protocol implies the security of BB84. The entanglement-purification based protocol uses Calderbank-Shor-Steane (CSS) codes, and properties of these codes are used to remove the use of quantum computation from the Lo-Chau protocol.Comment: 5 pages, Latex, minor changes to improve clarity and fix typo

On entanglement-assisted classical capacity

This paper is essentially a lecture from the author's course on quantum information theory, which is devoted to the result of C. H. Bennett, P. W. Shor, J. A. Smolin and A. V. Thapliyal (quant-ph/0106052) concerning entanglement-assisted classical capacity of a quantum channel. A modified proof of this result is given and relation between entanglement-assisted and unassisted classical capacities is discussed.Comment: 10 pages, LATE

A Universal Two--Bit Gate for Quantum Computation

We prove the existence of a class of two--input, two--output gates any one of which is universal for quantum computation. This is done by explicitly constructing the three--bit gate introduced by Deutsch [Proc.~R.~Soc.~London.~A {\bf 425}, 73 (1989)] as a network consisting of replicas of a single two--bit gate.Comment: 3 pages, RevTeX, two figures in a uuencoded fil

Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulses implementations

We introduce a new class of quantum quantum key distribution protocols, tailored to be robust against photon number splitting (PNS) attacks. We study one of these protocols, which differs from the BB84 only in the classical sifting procedure. This protocol is provably better than BB84 against PNS attacks at zero error.Comment: 4 pages, 2 figure

Quantum privacy amplification and the security of quantum cryptography over noisy channels

Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacy-amplification techniques, the resulting schemes are difficult to analyse and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an `entanglement purification' procedure which, because it requires only a few quantum Controlled-Not and single-qubit operations, could be implemented using technology that is currently being developed. The scheme allows an arbitrarily small bound to be placed on the information that any eavesdropper may extract from the encrypted message.Comment: 13 pages, Latex including 2 postcript files included using psfig macro

Shadow Tomography of Quantum States

We introduce the problem of *shadow tomography*: given an unknown $D$-dimensional quantum mixed state $\rho$, as well as known two-outcome measurements $E_{1},\ldots,E_{M}$, estimate the probability that $E_{i}$ accepts $\rho$, to within additive error $\varepsilon$, for each of the $M$ measurements. How many copies of $\rho$ are needed to achieve this, with high probability? Surprisingly, we give a procedure that solves the problem by measuring only $\widetilde{O}\left( \varepsilon^{-4}\cdot\log^{4} M\cdot\log D\right)$ copies. This means, for example, that we can learn the behavior of an arbitrary $n$-qubit state, on all accepting/rejecting circuits of some fixed polynomial size, by measuring only $n^{O\left( 1\right)}$ copies of the state. This resolves an open problem of the author, which arose from his work on private-key quantum money schemes, but which also has applications to quantum copy-protected software, quantum advice, and quantum one-way communication. Recently, building on this work, Brand\~ao et al. have given a different approach to shadow tomography using semidefinite programming, which achieves a savings in computation time.Comment: 29 pages, extended abstract appeared in Proceedings of STOC'2018, revised to give slightly better upper bound (1/eps^4 rather than 1/eps^5) and lower bounds with explicit dependence on the dimension

The trumping relation and the structure of the bipartite entangled states

The majorization relation has been shown to be useful in classifying which transformations of jointly held quantum states are possible using local operations and classical communication. In some cases, a direct transformation between two states is not possible, but it becomes possible in the presence of another state (known as a catalyst); this situation is described mathematically by the trumping relation, an extension of majorization. The structure of the trumping relation is not nearly as well understood as that of majorization. We give an introduction to this subject and derive some new results. Most notably, we show that the dimension of the required catalyst is in general unbounded; there is no integer $k$ such that it suffices to consider catalysts of dimension $k$ or less in determining which states can be catalyzed into a given state. We also show that almost all bipartite entangled states are potentially useful as catalysts.Comment: 7 pages, RevTe

A classical analogue of entanglement

We show that quantum entanglement has a very close classical analogue, namely secret classical correlations. The fundamental analogy stems from the behavior of quantum entanglement under local operations and classical communication and the behavior of secret correlations under local operations and public communication. A large number of derived analogies follow. In particular teleportation is analogous to the one-time-pad, the concept of ``pure state'' exists in the classical domain, entanglement concentration and dilution are essentially classical secrecy protocols, and single copy entanglement manipulations have such a close classical analog that the majorization results are reproduced in the classical setting. This analogy allows one to import questions from the quantum domain into the classical one, and vice-versa, helping to get a better understanding of both. Also, by identifying classical aspects of quantum entanglement it allows one to identify those aspects of entanglement which are uniquely quantum mechanical.Comment: 13 pages, references update