The Closeting of Secrets - Physics and Cryptography - Professor Adrian Kent, University of Cambridge
Вставка
- Опубліковано 6 лют 2023
- The definition and properties of information may seem to be fundamental features of the world that are independent of how particles, fields and space-time behave. In fact, though, information is fundamentally physical and twentieth century physics has radically changed our understanding of its nature and properties. Einstein’s relativity theories tell us that information cannot travel faster than the speed of light in vacuum. Quantum theory tells us that the information carried by microscopic systems is qualitatively different from the familiar ``classical’’ information with which we presently communicate and compute: for example, quantum information cannot be copied. These realisations have led to new applications and emerging new technologies, including relativistic quantum cryptography and new forms of quantum communication and computation in space-time. This lecture will illustrate several ways in which physics-based cryptography and communication allow otherwise unachievable forms of security and flexibility, including guaranteeing a fair coin toss for mistrustful parties, making and later revealing secret predictions that carry a guaranteed time stamp, and secure forms of money that emulate quantum particles by following multiple paths and recombining to solve otherwise insoluble trading problems. We will also ask how confident we should be that we now fully understand how information is carried and processed in nature, and whether new physics discoveries might yet change our understanding and lead to further technological advances.
Adrian Kent is Professor of Quantum Physics at the Department of Applied Mathematics and Theoretical Physics, University of Cambridge, a Fellow of Wolfson College and Director of Studies in Mathematics at Darwin College. He is also a Distinguished Visiting Research Chair at Perimeter Institute for Theoretical Physics, Fellow of the UK Institute of Physics, Founder Member of the Foundational Questions Institute and Charter Honorary Fellow of the John Bell Institute for the Foundations of Physics. Adrian’s research interests include the nature of physical reality, fundamental tests of quantum theory and its relationship to gravity, the properties of quantum information in space-time, and applications of fundamental physics to new forms of quantum and relativistic cryptography, communication and computation.
Thanks for the comments. I struggle to relate them directly to the talk material, though. What's being discussed at 17:00 is the task of remote coin tossing between mistrustful parties. The discussion at this point doesn't explicitly involve quantum physics at all. What the protocol given achieves is to produce a coin toss that both parties will agree is random, despite their mistrust, assuming that they each have trusted coin tosses/random number generators in their own labs. The focus here is on overcoming mistrust. At 24:50, the discussion describes standard measurement rules of quantum theory; those rules are the "lesson". At 35:00 the discussion describes quantum teleportation. Insofar as I can find a relevant theme to the comments, it's that all practical implementations will have imperfections and errors. That's true, of course. But there are standard ways of minimizing these (for example by entanglement purification) and/or allowing for these (for example by allowing for some fixed and suitably small proportion of errors when the quantum states in quantum money are verified). Each of the protocols described still achieves what's claimed, up to appropriate epsilons, in the presence of errors and imperfections.
Apologies for being a picky expert here. 17:00 : Quantum physics doesn't let you make full entropy or even IID coin tosses. So the XOR of the two coins isn't full entropy. So you don't have unconditional security from that construct. Most of the 'perfect' quantum cryptosystems fall on this sword. While a bound has been put on the knowledge of the sender at the time of transmission, what do you then do with that information? If it contains say a nonce, an identity and some information to be sent while protected by the XOR of the coin tosses, then all is lost when they turn out to be biased. 24:50 - The lesson from this part is that the up/downs from your detector cannot be perfectly 50/50 because the detector cannot be perfectly aligned or orthogonal. 35:00 entangled data will provide a perfect key stream. But it won't. It will fail to be a full entropy key stream. So you are back to performing classical entropy extractor theory algorithms and back to the standard cryptographic qualifications that you have without relying on perfect microscopic entanglement or perfectly aligned detectors.