FTh2C.3.pdf
FiO/LS Technical Digest © OSA 2012
A practical local hacking scheme on device-independent Bell test based quantum randomness expansion Junhui Li, Quanfu Yu, Yu Liu, and Hong Guo* CREAM Group, State Key Laboratory of Advanced Optical Communication Systems and Networks and Institute of Quantum Electronics, School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, P.R. China *Corresponding author:
[email protected]
Abstract: Violation of Bell inequality cannot guarantee non-locality, thus an applicable hacking scheme on device-independent Bell test based quantum randomness expansion is given, together with a more secure upper bound on generated randomness. OCIS codes: (270.5585) Quantum information and processing; (270.5568) Quantum cryptography.
1. Previous proposal S. Pironio et al. demonstrated a device-independent randomness expansion scheme [1], which used the violation of CHSH type Bell inequality to certify the presence of genuine randomness of generated random numbers. A simplified version is shown in Fig. 1.
Fig. 1 Simplified proposal of [1]: x, y from seed string s, generates outcome a, b, whose randomness estimated by H∞, and privacy guaranteed by CHSH violation.
The measure system is divided into to two parts, A and B, which are “separated and non-interacting during each measurement”. In every trial, each part takes one bit as input from the binary seed random number string s, say, x and y separately, and gives one bit to form the output random number string r, namely a and b. Minentropy H∞(r|s)=-log2[ maxr P(r|s)] is used to quantify the randomness of output string r, where P(r|s) is the conditional probability to obtain outcomes r when the input is s. In order to guarantee the privacy of generated random string from possible adversary, CHSH correlation function is measured xy I 1 P a b xy P a b xy . (1) x, y
I ≤2 is predicted by local deterministic theory, so I > 2, which is called a violation of the CHSH inequality, guarantees the quantum feature of the system. It means that any possible adversary, even he can take control of the whole measure system, until he has a full quantum memory, cannot determine the value of output string completely. In this view, the randomness of generated random numbers is related to the CHSH violation I. In fact, authors of [1] found a tight numerical upper bound of that relation, which gives the maximum min-entropy can be achieved with different I. 2. Hacking scheme We want to point out that a local theory has not to be deterministic necessarily. In other words, violation of CHSH inequality can be caused by either the existence of non-local correlation, such as quantum entanglement, or indeterministic phenomena, like quantum state superposition. The previous proposal has omitted the second origination of CHSH violation, which leads to an over-estimation of secure min-entropy against adversary. Taking advantage of this, we propose a practical hacking scheme as shown in Fig. 2:
Fig. 2 Our hacking scheme: Part A (top): with input x, chooses state ρx, conducts measurement O, and get a as output; Part B (bottom): conducts exclusive or with input y and 0, outputs b.
The adversary can take control of the internal structure of the measure system, since the proposal is deviceindependent. At part A, according to the input bit x (x=0,1), a local quantum superposition state ρx is generated,
FTh2C.3.pdf
FiO/LS Technical Digest © OSA 2012
then measurement O is conducted, whose result serves as the output bit a (a=0,1). As to part B, the only operation is to do y⊕0 and set the result as output b. ρx and O are as below: eix 2 1 1 x ix 2 , 2 e 1 (2) a 1 ei 1 1 . Oa 2 1a ei 1 In fact, ρx and O is based on [2], and they are practical since they can be realized using polarization coding of photons, which is common in the field of quantum communication. And we can get I 2 cos sin 2 2 sin . (3) 4 It's clear that when 0 < θ < π/2, we can get CHSH violation, meanwhile there isn't any non-local correlation. On the contrary, no correlation exists in this condition between the two parts, and we have P(ab|xy)=P(a|x)· P(b|y), and P(a|x)=tr(ρx Oa). In this situation, the relation between I and min-entropy H∞ is
H 1 log 2 1 cos 3 log 2 4 I 8 I 2 ,
(4)
and it serves as a tight upper bound of min-entropy. Here “tight” only means it’s valid under this hacking scheme. Comparing with the bounds given in [1], the huge gap in Fig. 3 shows the effect of the hacking.
Fig. 3 Comparison of our tight upper bound and bounds in [1]: (tight bound a in Fig. 2 [1]) is not included since it’s numerical) their lower bound c (dash-dot line) by non-signaling, b (dash line) by H∞(ab|xy) ≥ H∞(a|x) and our tight upper bound (solid line). Our bound is even tighter then the most loose in [1]. Difference between bound a in [1] and our bound is nearly 1 when I=2.828.
Here we want to point out that effect of our hacking is due to the strong assumption of device-independent. A tradeoff exists, that either to hold the device-independent assumption with a low bound of secure min-entropy, or to generate more random numbers with the price of abandoning the assumption. 3. Conclusion We report a practical hacking scheme on Bell test type device independent quantum randomness expansion proposal of [1], based on the fact that violation of Bell inequality can be caused not only by non-local correlation but also by local indeterministic feature, and a corresponding upper bound on min-entropy of generated string is given. This scheme has a general meaning to various topics in the fields of non-locality based device-independent quantum information processing [3, 4]. This work is supported by the Key Project of the National Natural Science Foundation of China (Grant No. 60837004). References [1] S. Pironio, et al. “Random numbers certified by Bell's theorem,” Nature 465, 1021-1024 (2010). [2] R. Gallego, N. Brunner, C. Hadley, and A. Acín, “Device-independent test of classical and quantum dimensions,” Phys. Rev. Lett. 105, 230501 (2010). [3] A. Acín, et al. “Device-independent security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 98, 230501 (2007). [4] R. Rabelo, M. Ho, D. Cavalcanti, N. Brunner, and V. Scarani, “Device-independent certification of entangled measurements,” Phys. Rev. Lett. 107, 050502 (2011).
