0 2018-10-15 ITI Crypto – Quantum Seminars
DEPARTMENT OF INFORMATICS, INSTITUTE OF THEORETICAL INFORMATICS
Seminars “Quantum Complexity Theory” and “QuantumCryptography”
Initial Meeting
KIT – The Research University in the Helmholtz Association www.kit.edu
Formalities
1 2018-10-15 ITI Crypto – Quantum Seminars
Report: ≈ 10 pages (including references)– should be in english– review of one other report
Presentation: 25 minutes presentation, ≈ 10 minutes questions– english slides– talk can be either in german or in english
LATEX-templates for report and slides can be found on our websiteSubmission of reports/slides via E-Mail to the resp. supervisor
Basics of Quantum ComputationSupervisor: Sven Maier
2 2018-10-15 ITI Crypto – Quantum Seminars
Quantum computers work with qubits |φ〉 = α |0〉+ β |1〉, which aresuperpositions over (classical) states.
Intuition: Qubits as complex probability distribution:(|α|2 + |β|2
)!= 1.
A state can be manipulated by multiplication with unitary matrices.
Seminar topic: Introduce quantum computers, present the Bra-Ketnotation, introduce and motivate density matrices, introduce generalquantum gates and present Born’s rule for measurement of quantumstates.
Non-Cloning Theorem and TeleportationSupervisor: Alexander Koch
3 2018-10-15 ITI Crypto – Quantum Seminars
Qubit: quantum state, superposition of |0〉 and |1〉.
Main difference to classical bit: impossible to clone.
Sending classical bits (roughly): read bit, send copy through wire.⇒ Not possible for qubits.
Teleportation: given a pre-shared EPR-pair, how to send a quantumstate to an other person (using only a classical channel).
Optional: Superdense Coding: How can we prepare a quantum state toencode classical information efficiently?
The Quantum Turing MachineSupervisor: Akin Ünal
4 2018-10-15 ITI Crypto – Quantum Seminars
Classical computation: Turing Machine can analyze, if a given problemcan be solved efficiently by a computer.
Quantum computation: “Quantum Turing Machine” (or “UniversalQuantum Computer”) by Deutsch [Deu85].
Close resemblence to the classical Turing Machine, but with changes tosuit the quantum setting.
Bernstein and Vazirani [BV93] provide further important properties andconstructions.
Topic: Present the Quantum Turing Machine as a mathematical model,compare it to a classical Turing Machine and show, how a quantumalgorithm works on such a machine.
The Bounded-Error Quantum Polynomial TimeClass BQPSupervisor: Tobias Müller
5 2018-10-15 ITI Crypto – Quantum Seminars
Bounded-Error Quantum Polynomial Time Class (BQP) is the class ofproblems to which quantum Turing machines have efficient solutions.
Quelle: Script Randomisierte Algorithmen, Thomas Worsch
The goal is to introduce the BQP class and to show its relation toclassical complexity classes (BPP, P, NP, PSPACE...)
Error Correction for Quantum StatesSupervisor: Sven Maier
6 2018-10-15 ITI Crypto – Quantum Seminars
Main problem for quantum computers: Quantum Noise.– Physical errors in measuring the quantum state.
Considered one of the major problems in deploying quantum computersfor a long time.
Solution: Error correcting codes.
Problem: Non-cloning⇒ Most classical schemes unusable on qubits.
Seminar topic: Present a solution for quantum error correction.
Simon’s AlgorithmSupervisor: Bogdan Ursu
7 2018-10-15 ITI Crypto – Quantum Seminars
Consider any function f : 0,1n → 0,1n, that satisfies the followingproperty:
There exists s ∈ 0,1n, such that for all x , y ∈ 0,1n:
f (x) = f (y) if and only if x = y or x ⊕ y = s
Problem: find sif s = 0 . . . 0, then f isone-to-oneelse f is two-to-one
Function modelled as oracle
Classically, Ω(√
2n) queries are neededQuantumly, only O(n) queries are sufficient.
Shor’s algorithmSupervisor: Michael Klooß
8 2018-10-15 ITI Crypto – Quantum Seminars
Problem: f (x) has a period r , e.g. f : Z→ ZN , f (x) = x mod N.Solution: Shor’s algorithm.
Pre- and postprocessing: Classical.Quantum: Period-finding subroutine.
Example: ord(x) = r for x ∈ Z×N is the period of xk . Computing refficiently⇒ factoring efficiently.
Linear Systems of EquationsSupervisor: Akin Ünal
9 2018-10-15 ITI Crypto – Quantum Seminars
Let A ∈ RN×N be sparse with condition number κ and b ∈ RN be given.The algorithm of Harrow, Hassidim, and Lloyd [HHL09] (implemented byBarz et al. [Bar+14] and Pan et al. [Pan+14]) can find x such that
Ax = b
in time O(log(N)κ2) (where κ is the condition number).
Major speedup over classical algorithms (O(N√
κ)).
Topic: Present the algorithm, show, how it solves linear systems ofequations and analyse the resource requirement.
Overview Quantum Complexity Theory
10 2018-10-15 ITI Crypto – Quantum Seminars
1) Basics of QuantumComputation
Introduction to notational + mathe-matical background
SvenMaier
2) Non-Cloning Theo-rem and Teleportation
Phenomena relevant for QuantumComputers
AlexanderKoch
3) The Quantum TuringMachine
Quantum-version of the Turing Ma-chine
Akin Ünal
4) Bounded-ErrorQuantum PolynomialClass
Complexity class for quantum algo-rithms
TobiasMüller
5) Error Correction forQuantum States
A non-trivial key necessity for quan-tum computers
SvenMaier
6) Simon’s QuantumAlgorithm
Efficiently solving the Hidden OffsetProblem
BogdanUrsu
7) Shor’s Algorithm A poly-time solver for DLOG andfactoring problems
MichaelKlooß
8) Linear Systems ofEquations
Efficiently solving linear systems ofequations
Akin Ünal
Schedule
11 2018-10-15 ITI Crypto – Quantum Seminars
15th Oct Initial Meeting + Distribution of Topics12th Nov Presentation Topics 1 and 226th Nov Presentation Topics 3 and 410th Dec Presentation Topics 5 and 614th Jan Presentation Topics 7 and 815th Feb Deadline for reports + Assignment of Reviews1st Mar Deadline for reviews
29th Mar Rebuttal / deadline for final report
All deadlines are 23:59 (UTC+2).
Supervisors
12 2018-10-15 ITI Crypto – Quantum Seminars
Name Mail RoomMichael Klooß [email protected] 250Alexander Koch [email protected] 274Sven Maier [email protected] 272Tobias Müller [email protected] FZI, 1.1.27Bogdan Ursu [email protected] 246Akin Ünal [email protected] 255
Quantum Key DistributionSupervisor: Roland Gröll
13 2018-10-15 ITI Crypto – Quantum Seminars
Problem: We want to establish a shared key with unconditionalsecuritySolution: We use the fact that measuring quantum states collapsesthem to detect eavesdroppers. This ensures that Alice and Bob haveshared Randomness that an eavesdropper doesn’t know.
Device IndependenceSupervisor: Alexander Koch
14 2018-10-15 ITI Crypto – Quantum Seminars
Classical computation: corrupted device can break security of a protocol.
Quantum computation: self-testing abilities allow secure protocolexecutions even on corrupted devices.
Device Independence: Security of a protocol does not depend on thedevice the protocol is executed on.
Topic:Formally introduce device independence.Show example protocols that achieve device independence.
Impossibility Proofs for Unconditionally SecureBit Commitments and Quantum-OTsSupervisor: Sven Maier
15 2018-10-15 ITI Crypto – Quantum Seminars
Classic computers: unconditionally hiding and binding bit commitmentsimpossible.
Quantum computers: proof for classical computer doesn’t apply.
Even further: unconditionally secure quantum bit commitments enableunconditionally secure quantum MPC.
Unfortunately: Unconditionally secure quantum bit commitments are alsoimpossible.
Seminar topic: Present impossibility proof for unconditionally securequantum bit commitments and relevant background (Uhlman’s Theorem,pure and mixed states) and motivate the proof for quantum OTs.
Quantum Commitments from PhysicalAssumptionsSupervisor: Lukas Beeck
16 2018-10-15 ITI Crypto – Quantum Seminars
Problem: Unconditionally secure quantum bit commitments aredesirable, yet impossible in the standard-model.
Remedy: Use additional tools, e.g. stateless hardware tokens.⇒ Quantum One-Time Programs.
Topic:Introduce quantum stateless hardware tokens.Introduce quantum one-time programs.Show, how stateless hardware tokens are used to securely constructany one-time program.
Quantum RewindingSupervisor: Lukas Beeck
17 2018-10-15 ITI Crypto – Quantum Seminars
Classical computation: (Non-UC) simulation-based proofs use rewinding.⇒ Simulate until one part of a secret has been learned.⇒ Reset to a previous state.
Quantum computation:X Every transformation is unitary⇒ efficiently invertible.× Measurement destroys quantum state.⇒ Rewinding to a previous state is possible.⇒ But we don’t gain information from it.?⇒ Pointless.
Quantum Rewinding: (Meaningful) rewinding on quantum states.
Topic: Formally introduce problems with rewinding in a quantum worldand proposed solutions.
Quantum Universal ComposabilitySupervisor: Jeremias Mechler
18 2018-10-15 ITI Crypto – Quantum Seminars
The Universal Composability FrameworkExtension of the Real/Ideal paradigmSecurity under concurrent composition with arbitrary protocolsModel of computation: Interactive Turing Machines (ITMs)
Quantum UC (Unruh [Unr10]):Extend model of computation: Quantum computations, send quantumstatesFeasibility: Statistically secure OT from commitments
This is an advanced topic. Previous knowledge of the UC framework ishighly recommended!
Unruh TransformationSupervisor: Jessica Koch
19 2018-10-15 ITI Crypto – Quantum Seminars
Classical Computation: Transformation of Fiat and Shamir [FS86]:arbitrary (interactive) sigma-protocol for Zero-Knowledge (ZK)→non-interactive Zero-Knowledge (NIZK) protocolQuantum World: Transformation of Unruh [Unr15]Both in the Random Oracle Model (ROM)Goal:– introduce problems of Fiat-Shamir in the quantum world– possible solution by Unruh [Unr17]– compare solution to the Unruh-transformation
Grover’s Quantum Search AlgorithmSupervisor: Michael Klooß
20 2018-10-15 ITI Crypto – Quantum Seminars
Problem:Quantum oracle access to (blackbox) function f : X → 0,1Unique x ∈ X s.th. f (x) = 1.Goal: Find x .
Example: f (x) permutation-cipher. Find key x such thatf (x) := Enc(x ,m) = c for fixed m, c.Solution: Grover’s algorithm
O(√|X |) invocations
Non-negl sucess
Improving Brute-Force Attacks on AES withGrover’s AlgorithmSupervisor: Wasilij Beskorovajnov
21 2018-10-15 ITI Crypto – Quantum Seminars
The "classical" security of symmetric and public-key cryptography ismeasured by the metric of "N bits of Security", i.e. RSA-3072 hasappx. 128-bits of securityGrover’s Algorithm from [Gro96] defines a new way of searching overunstructured datasets, e.g., key-space.
With quadratic speedup, i.e., searching for a key in the space 0,1n
requires now√
2n = 2n2 steps
However, in order to perform the algorithm it is necessary toimplement AES as a quantum-circuit. The AES quantum-circuit needsto be as efficient as possible in order to achieve the full speedup.
Goal: sketch the AES quantum-circuit and show how it is incorporatedinto the Grover’s Search according to Grassl et al. [Gra+16]. Additionaly,one may try to analyze the required costs.
Overview Quantum Cryptography
22 2018-10-15 ITI Crypto – Quantum Seminars
1) Quantum Key Distri-bution
The Algorithm of Bennett and Bras-sard [BB84]
Roland Gröll
2) Device Indepen-dence
Executing Quantum Algorithms onuntrusted devices
AlexanderKoch
3) UnconditionallySecure Quantum BitCommitments
Present imposibility proof for un-conditionally secure quantum bitcommitments
Sven Maier
4) Commitments fromPhysical Assumptions
Perform commitments using state-ful quantum hardware
Lukas Beeck
5) Quantum Rewinding Rewinding while still learning some-thing
Lukas Beeck
6) Quantum UniversalComposability
UC-Framework for quantum com-puters
JeremiasMechler
7) Unruh Transforma-tion
Fiat-Shamir-type transformation inthe quantum world
Jessica Koch
8) Grover’s algorithm Quantum Search for unstructureddata
MichaelKlooß
9) Brute-Force on AESwith Grover
Using Grover’s algorithm to improveBrute-Force attacks on AES
Wasilij Besko-rovajnov
Schedule
23 2018-10-15 ITI Crypto – Quantum Seminars
15th Oct Initial Meeting + Distribution of Topics19th Nov Presentation Topics 1 and 23rd Dec Presentation Topics 3 and 4
17th Dec Presentation Topics 5 and 621st Jan Presentation Topics 7 and 828th Jan Presentation Topic 915th Feb Deadline for reports + Assignments of reviews
1st Mar Deadline for reviews29th Mar Deadline for final report
All deadlines are 23:59 (UTC+2).
Supervisors
24 2018-10-15 ITI Crypto – Quantum Seminars
Name Mail RoomLukas Beeck [email protected] 259Wasilij Beskorovajnov [email protected] FZI, 1.1.23Roland Gröll [email protected] FZI, 1.1.27Michael Klooß [email protected] 250Alexander Koch [email protected] 274Jessica Koch [email protected] 277Sven Maier [email protected] 272Jeremias Mechler [email protected] 276
References I
25 2018-10-15 ITI Crypto – Quantum Seminars
C. H. Bennett and G. Brassard. “Quantum cryptography:Public key distribution and coin tossing”. In: Proceedings ofIEEE International Conference on Computers, Systems, andSignal Processing. Bangalore, 1984, p. 175.
E. Bernstein and U. V. Vazirani. “Quantum complexity theory”.In: Proceedings of the Twenty-Fifth Annual ACM Symposiumon Theory of Computing, May 16-18, 1993, San Diego, CA,USA. Ed. by S. R. Kosaraju, D. S. Johnson, and A. Aggarwal.ACM, 1993, pp. 11–20. DOI: 10.1145/167088.167097. URL:http://doi.acm.org/10.1145/167088.167097.
References II
26 2018-10-15 ITI Crypto – Quantum Seminars
A. Fiat and A. Shamir. “How to Prove Yourself: PracticalSolutions to Identification and Signature Problems”. In:Advances in Cryptology - CRYPTO ’86, Santa Barbara,California, USA, 1986, Proceedings. Ed. by A. M. Odlyzko.Vol. 263. Lecture Notes in Computer Science. Springer, 1986,pp. 186–194. DOI: 10.1007/3-540-47721-7\_12. URL:https://doi.org/10.1007/3-540-47721-7\_12.
References III
27 2018-10-15 ITI Crypto – Quantum Seminars
M. Grassl, B. Langenberg, M. Roetteler, and R. Steinwandt.“Applying Grover’s Algorithm to AES: Quantum ResourceEstimates”. In: Post-Quantum Cryptography - 7thInternational Workshop, PQCrypto 2016, Fukuoka, Japan,February 24-26, 2016, Proceedings. Ed. by T. Takagi.Vol. 9606. Lecture Notes in Computer Science. Springer,2016, pp. 29–43. DOI: 10.1007/978-3-319-29360-8\_3. URL:https://doi.org/10.1007/978-3-319-29360-8\_3.
References IV
28 2018-10-15 ITI Crypto – Quantum Seminars
L. K. Grover. “A Fast Quantum Mechanical Algorithm forDatabase Search”. In: Proceedings of the Twenty-EighthAnnual ACM Symposium on the Theory of Computing,Philadelphia, Pennsylvania, USA, May 22-24, 1996. Ed. byG. L. Miller. ACM, 1996, pp. 212–219. DOI:10.1145/237814.237866. URL:http://doi.acm.org/10.1145/237814.237866.
A. W. Harrow, A. Hassidim, and S. Lloyd. “Quantum Algorithmfor Linear Systems of Equations”. In: Physical Review Letters103.15, 150502 (Oct. 2009), p. 150502. DOI:10.1103/PhysRevLett.103.150502. arXiv: 0811.3171[quant-ph].
References V
29 2018-10-15 ITI Crypto – Quantum Seminars
D. Unruh. “Universally Composable Quantum Multi-partyComputation”. In: Advances in Cryptology - EUROCRYPT2010, 29th Annual International Conference on the Theoryand Applications of Cryptographic Techniques, Monaco /French Riviera, May 30 - June 3, 2010. Proceedings. Ed. byH. Gilbert. Vol. 6110. Lecture Notes in Computer Science.Springer, 2010, pp. 486–505. DOI:10.1007/978-3-642-13190-5\_25. URL:https://doi.org/10.1007/978-3-642-13190-5\_25.
References VI
30 2018-10-15 ITI Crypto – Quantum Seminars
D. Unruh. “Non-Interactive Zero-Knowledge Proofs in theQuantum Random Oracle Model”. In: Advances in Cryptology- EUROCRYPT 2015 - 34th Annual International Conferenceon the Theory and Applications of Cryptographic Techniques,Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II. Ed. byE. Oswald and M. Fischlin. Vol. 9057. Lecture Notes inComputer Science. Springer, 2015, pp. 755–784. DOI:10.1007/978-3-662-46803-6\_25. URL:https://doi.org/10.1007/978-3-662-46803-6\_25.
References VII
31 2018-10-15 ITI Crypto – Quantum Seminars
D. Unruh. “Post-quantum Security of Fiat-Shamir”. In:Advances in Cryptology - ASIACRYPT 2017 - 23rdInternational Conference on the Theory and Applications ofCryptology and Information Security, Hong Kong, China,December 3-7, 2017, Proceedings, Part I. Ed. by T. Takagiand T. Peyrin. Vol. 10624. Lecture Notes in ComputerScience. Springer, 2017, pp. 65–95. DOI:10.1007/978-3-319-70694-8\_3. URL:https://doi.org/10.1007/978-3-319-70694-8\_3.
References VIII
32 2018-10-15 ITI Crypto – Quantum Seminars
S. Barz, I. Kassal, M. Ringbauer, Y. O. Lipp, B. Dakic,A. Aspuru-Guzik, and P. Walther. “A two-qubit photonicquantum processor and its application to solving systems oflinear equations”. In: Scientific Reports 4, 6115 (Aug. 2014),p. 6115. DOI: 10.1038/srep06115. arXiv: 1302.1210[quant-ph].
D. Deutsch. “Quantum theory, the Church-Turing principle andthe universal quantum computer”. In: Proceedings of theRoyal Society of London Series A 400 (July 1985),pp. 97–117. DOI: 10.1098/rspa.1985.0070.
References IX
33 2018-10-15 ITI Crypto – Quantum Seminars
J. Pan, Y. Cao, X. Yao, Z. Li, C. Ju, H. Chen, X. Peng, S. Kais,and J. Du. “Experimental realization of quantum algorithm forsolving linear systems of equations”. In: Physical Review A,Volume 89, Issue 2, id.022313 89.2, 022313 (Feb. 2014),p. 022313. DOI: 10.1103/PhysRevA.89.022313. arXiv:1302.1946 [quant-ph].
Top Related