[Cryptography] The ultimate physical limits of privacy

Sat Mar 29 10:23:45 EDT 2014

I suspect much of this is based on http://arxiv.org/pdf/1012.3878.pdf, Esther Hänggi's ScD dissertation at ETH on "Device-Independent Quantum Key Distribution".  I've only glanced at it - tons of QM math that at this point is way beyond me.  Where the "randomness amplification" stuff comes in is interesting:  Every time quantum cryptography has been discussed on this list in the past, many have rejected it as uninteresting because it provides no way to assure authentication.  Well, recent work in the field deals with this quite explicitly.  The view taken in this dissertation is that authentication requires pre-sharing of some random bits between the two parties - the analogue of the old spy novel trick of cutting a dollar bill in half in some ragged line and giving each half to one of two parties that will then be able to authenticate to each other by matching the halves.  That initial randomness is then amplified securely and with authentication by the quantum protocol.

Another element here is that you assume a design for the system that delivers correlated "pre-bits" to the two parties, which then select some out as their random bits.  It turns out there are results in QM that guarantee the boxes that hand you the "pre-bits" cannot leak their information due to QM limits, like the No Cloning theorem, which says that you can't make an exact copy of a quantum state without destroying the original; and limits on correlation, which show that while you can have two particles whose states are correlated - the basis of quantum crypto - it's impossible to have three or more particles correlated.  So you don't need to trust whoever gave you the boxes that produces the "pre-bits" - you can *test* that it provides the necessary correlated particles, and then be sure it can't leak or record their states.  (The same arguments, working backward, indicate that the creator of the boxes couldn't have pre-recorded the outputs they would later deliver.)  These arguments are all about the quantum states themselves, not the details of how the boxes achieve them - going way beyond earlier work which focused on realizing particular systems.

The latest work - as noted, behind an expensive paywall - is likely more a matter of thinking through the broader implications of this work.  (If you're wondering what free will has to do with this, download Conway's talks on the Free Will Theorem http://web.math.princeton.edu/facultypapers/Conway/ - no advanced math or physics needed, great listening - as we said way back when, it'll blow your mind.
                                                        -- Jerry

On Mar 28, 2014, at 10:21 PM, R. Hirschfeld <ray at unipay.nl> wrote:

>> Date: Sat, 29 Mar 2014 01:09:42 +0100
>> From: tpb-crypto at laposte.net
> 
>>> http://www.nature.com/nature/journal/v507/n7493/full/nature13132.html?WT.ec_id=NATURE-20140327
> 
>> Can you please elaborate on the paper's contents? At least the
>> abstract?
> 
> I found a press release at
> 
>  http://www.eurekalert.org/pub_releases/2014-03/cfqt-ksi032414.php
> 
> that offers a bit more information.  Seems to be based on randomness
> amplification.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography