Quantum Cryptography Based Solely on Bell's Theorem

Information-theoretic key agreement is impossible to achieve from scratch and must be based on some - ultimately physical - premise. In 2005, Barrett, Hardy, and Kent showed that unconditional security can be obtained in principle based on the impossibility of faster-than-light signaling; however, their protocol is inefficient and cannot tolerate any noise. While their key-distribution scheme uses quantum entanglement, its security only relies on the impossibility of superluminal signaling, rather than the correctness and completeness of quantum theory. In particular, the resulting security is device independent. Here we introduce a new protocol which is efficient in terms of both classical and quantum communication, and that can tolerate noise in the quantum channel. We prove that it offers device-independent security under the sole assumption that certain non-signaling conditions are satisfied. Our main insight is that the XOR of a number of bits that are partially secret according to the non-signaling conditions turns out to be highly secret. Note that similar statements have been well-known in classical contexts. Earlier results had indicated that amplification of such non-signaling-based privacy is impossible to achieve if the non-signaling condition only holds between events on Alice's and Bob's sides. Here, we show that the situation changes completely if such a separation is given within each of the laboratories.Comment: 32 pages, v2: changed introduction, added reference

The impossibility of non-signaling privacy amplification

Barrett, Hardy, and Kent have shown in 2005 that protocols for quantum key agreement exist the security of which can be proven under the assumption that quantum or relativity theory is correct. More precisely, this is based on the non-local behavior of certain quantum systems, combined with the non-signaling postulate from relativity. An advantage is that the resulting security is independent of what (quantum) systems the legitimate parties' devices operate on: they do not have to be trusted. Unfortunately, the protocol proposed by Barrett et al. cannot tolerate any errors caused by noise in the quantum channel. Furthermore, even in the error-free case it is inefficient: its communication complexity is Theta(1/epsilon) when forcing the attacker's information below epsilon, even if only a single key bit is generated. Potentially, the problem can be solved by privacy amplification of relativistic - or non-signaling - secrecy. We show, however, that such privacy amplification is impossible with respect to the most important form of non-local behavior, and application of arbitrary hash functions.Comment: 24 pages, 2 figure

Device-independent quantum key distribution

In this thesis, we study two approaches to achieve device-independent quantum key distribution: in the first approach, the adversary can distribute any system to the honest parties that cannot be used to communicate between the three of them, i.e., it must be non-signalling. In the second approach, we limit the adversary to strategies which can be implemented using quantum physics. For both approaches, we show how device-independent quantum key distribution can be achieved when imposing an additional condition. In the non-signalling case this additional requirement is that communication is impossible between all pairwise subsystems of the honest parties, while, in the quantum case, we demand that measurements on different subsystems must commute. We give a generic security proof for device-independent quantum key distribution in these cases and apply it to an existing quantum key distribution protocol, thus proving its security even in this setting. We also show that, without any additional such restriction there always exists a successful joint attack by a non-signalling adversary.Comment: PhD Thesis, ETH Zurich, August 2010. 188 pages, a

The non-locality of n noisy Popescu-Rohrlich boxes

We quantify the amount of non-locality contained in n noisy versions of so-called Popescu-Rohrlich boxes (PRBs), i.e., bipartite systems violating the CHSH Bell inequality maximally. Following the approach by Elitzur, Popescu, and Rohrlich, we measure the amount of non-locality of a system by representing it as a convex combination of a local behaviour, with maximal possible weight, and a non-signalling system. We show that the local part of n systems, each of which approximates a PRB with probability $1-\epsilon$, is of order $\Theta(\epsilon^{\lceil n/2\rceil})$ in the isotropic, and equal to $(3\epsilon)^n$ in the maximally biased case.Comment: 14 pages, v2: published versio

Secure bit commitment from relativistic constraints

We investigate two-party cryptographic protocols that are secure under assumptions motivated by physics, namely relativistic assumptions (no-signalling) and quantum mechanics. In particular, we discuss the security of bit commitment in so-called split models, i.e. models in which at least some of the parties are not allowed to communicate during certain phases of the protocol. We find the minimal splits that are necessary to evade the Mayers-Lo-Chau no-go argument and present protocols that achieve security in these split models. Furthermore, we introduce the notion of local versus global command, a subtle issue that arises when the split committer is required to delegate non-communicating agents to open the commitment. We argue that classical protocols are insecure under global command in the split model we consider. On the other hand, we provide a rigorous security proof in the global command model for Kent's quantum protocol [Kent 2011, Unconditionally Secure Bit Commitment by Transmitting Measurement Outcomes]. The proof employs two fundamental principles of modern physics, the no-signalling property of relativity and the uncertainty principle of quantum mechanics.Comment: published version, IEEE format, 18 pages, 8 figure

Nonlocality is transitive

We show a transitivity property of nonlocal correlations: There exist tripartite nonsignaling correlations of which the bipartite marginals between A and B as well as B and C are nonlocal and any tripartite nonsignaling system between A, B, and C consistent with them must be such that the bipartite marginal between A and C is also nonlocal. This property represents a step towards ruling out certain alternative models for the explanation of quantum correlations such as hidden communication at finite speed. Whereas it is not possible to rule out this model experimentally, it is the goal of our approach to demonstrate this explanation to be logically inconsistent: either the communication cannot remain hidden, or its speed has to be infinite. The existence of a three-party system that is pairwise nonlocal is of independent interest in the light of the monogamy property of nonlocality.Comment: 4 pages, 2 figures, v2: published versio

Security for adversarial wiretap channels

We consider the wiretap channel, where the individual channel uses have memory or are influenced by an adversary. We analyze the explicit and computationally efficient construction of information-theoretically secure coding schemes which use the inverse of an extractor and an error-correcting code. These schemes are known to achieve secrecy capacity on a large class of memoryless wiretap channels. We show that this also holds for certain channel types with memory. In particular, they can achieve secrecy capacity on channels where an adversary can pick a sequence of ``states'' governing the channel's behavior, as long as, given every possible state, the channel is strongly symmetric.Comment: 25 page