Grover's Quantum Search Algorithm for an Arbitrary Initial Mixed State

The Grover quantum search algorithm is generalized to deal with an arbitrary mixed initial state. The probability to measure a marked state as a function of time is calculated, and found to depend strongly on the specific initial state. The form of the function, though, remains as it is in the case of initial pure state. We study the role of the von Neumann entropy of the initial state, and show that the entropy cannot be a measure for the usefulness of the algorithm. We give few examples and show that for some extremely mixed initial states carrying high entropy, the generalized Grover algorithm is considerably faster than any classical algorithm.Comment: 4 pages. See http://www.cs.technion.ac.il/~danken/MSc-thesis.pdf for extended discussio

Algebraic analysis of quantum search with pure and mixed states

An algebraic analysis of Grover's quantum search algorithm is presented for the case in which the initial state is an arbitrary pure quantum state of n qubits. This approach reveals the geometrical structure of the quantum search process, which turns out to be confined to a four-dimensional subspace of the Hilbert space. This work unifies and generalizes earlier results on the time evolution of the amplitudes during the quantum search, the optimal number of iterations and the success probability. Furthermore, it enables a direct generalization to the case in which the initial state is a mixed state, providing an exact formula for the success probability.Comment: 13 page

A simple proof of the unconditional security of quantum key distribution

Quantum key distribution is the most well-known application of quantum cryptography. Previous proposed proofs of security of quantum key distribution contain various technical subtleties. Here, a conceptually simpler proof of security of quantum key distribution is presented. The new insight is the invariance of the error rate of a teleportation channel: We show that the error rate of a teleportation channel is independent of the signals being transmitted. This is because the non-trivial error patterns are permuted under teleportation. This new insight is combined with the recently proposed quantum to classical reduction theorem. Our result shows that assuming that Alice and Bob have fault-tolerant quantum computers, quantum key distribution can be made unconditionally secure over arbitrarily long distances even against the most general type of eavesdropping attacks and in the presence of all types of noises.Comment: 13 pages, extended abstract. Comments will be appreciate

Modified Bennett-Brassard 1984 Quantum Key Distribution With Two-way Classical Communications

The quantum key distribution protocol without public announcement of bases is equipped with a two-way classical communication symmetric entanglement purification protocol. This modified key distribution protocol is unconditionally secure and has a higher tolerable error rate of 20%, which is higher than previous scheme without public announcement of bases.Comment: 5 pages. To appear in Physical Review

On differential uniformity of maps that may hide an algebraic trapdoor

We investigate some differential properties for permutations in the affine group, of a vector space V over the binary field, with respect to a new group operation $\circ$, inducing an alternative vector space structure on $V$ .Comment: arXiv admin note: text overlap with arXiv:1411.768

Quantum Key Distribution with Classical Bob

Secure key distribution among two remote parties is impossible when both are classical, unless some unproven (and arguably unrealistic) computation-complexity assumptions are made, such as the difficulty of factorizing large numbers. On the other hand, a secure key distribution is possible when both parties are quantum. What is possible when only one party (Alice) is quantum, yet the other (Bob) has only classical capabilities? We present a protocol with this constraint, and prove its robustness against attacks: we prove that any attempt of an adversary to obtain information (and even a tiny amount of information) necessarily induces some errors that the legitimate users could notice.Comment: 4 and a bit pages, 1 figure, RevTe

Boomerang Connectivity Table:A New Cryptanalysis Tool

A boomerang attack is a cryptanalysis framework that regards a block cipher $E$ as the composition of two sub-ciphers $E_1\circ E_0$ and builds a particular characteristic for $E$ with probability $p^2q^2$ by combining differential characteristics for $E_0$ and $E_1$ with probability $p$ and $q$, respectively. Crucially the validity of this figure is under the assumption that the characteristics for $E_0$ and $E_1$ can be chosen independently. Indeed, Murphy has shown that independently chosen characteristics may turn out to be incompatible. On the other hand, several researchers observed that the probability can be improved to $p$ or $q$ around the boundary between $E_0$ and $E_1$ by considering a positive dependency of the two characteristics, e.g.~the ladder switch and S-box switch by Biryukov and Khovratovich. This phenomenon was later formalised by Dunkelman et al.~as a sandwich attack that regards $E$ as $E_1\circ E_m \circ E_0$, where $E_m$ satisfies some differential propagation among four texts with probability $r$, and the entire probability is $p^2q^2r$. In this paper, we revisit the issue of dependency of two characteristics in $E_m$, and propose a new tool called Boomerang Connectivity Table (BCT), which evaluates $r$ in a systematic and easy-to-understand way when $E_m$ is composed of a single S-box layer. With the BCT, previous observations on the S-box including the incompatibility, the ladder switch and the S-box switch are represented in a unified manner. Moreover, the BCT can detect a new switching effect, which shows that the probability around the boundary may be even higher than $p$ or $q$. To illustrate the power of the BCT-based analysis, we improve boomerang attacks against Deoxys-BC, and disclose the mechanism behind an unsolved probability amplification for generating a quartet in SKINNY. Lastly, we discuss the issue of searching for S-boxes having good BCT and extending the analysis to modular addition