This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard and Robert [1] for a special scenario. The results have applications to unconditionally-secure secret-key agreement protocols, quantum cryptography and to a non-asymptotic and constructive treatment of the secrecy capacity of wire-tap and broadcast channels, even for a considerably strengthened definition of secrecy capacity. I. Introduction This paper is concerned with unconditionally-secure secretkey agreement by two communicating parties Alice and Bob who both know a random variable W, for instance a random n--bit string, about which an eavesdropper Eve has incomplete information characterized by the random variable V jointly distributed with W according to PV W . This distribution may partially be under Eve's control. Alice and Bob know nothing about PV W , except that it satisfies a certain constraint. We present protocols by which Alice and Bob can us...

We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally 3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party's expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power. A preliminary version of this paper was presented at Eurocrypt '90, May 21 ...

Quantum cryptography could well be the first application of quantum mechanics at the individual quanta level. The very fast progress in both theory and experiments over the recent years are reviewed, with emphasis on open questions and technological issues. Contents I

In this paper, I try once again to cause some good-natured trouble. The issue remains, when will we ever stop burdening the taxpayer with conferences devoted to the quantum foundations? The suspicion is expressed that no end will be in sight until a means is found to reduce quantum theory to two or three statements of crisp physical (rather than abstract, axiomatic) significance. In this regard, no tool appears better calibrated for a direct assault than quantum information theory. Far from a strained application of the latest fad to a time-honored problem, this method holds promise precisely because a large part—but not all—of the structure of quantum theory has always concerned information. It is just that the physics community needs reminding. This paper, though takingquant-ph/0106166 as its core, corrects one mistake and offers several observations beyond the previous version. In particular, I identify one element of quantum mechanics that I would not label a subjective term in the theory—it is the integer parameter D traditionally ascribed to a quantum system via its Hilbert-space dimension. 1

This is a non-technical survey paper of recent quantum-mechanical discoveries that challenge generally accepted complexity-theoretic versions of the Church--Turing thesis. In particular, building on pionering work of David Deutsch and Richard Jozsa, we construct an oracle relative to which there exists a set that can be recognized in Quantum Polynomial Time (QP), yet any Turing machine that recognizes it would require exponential time even if allowed to be probabilistic, provided that errors are not tolerated. In particular, QP 6` ZPP relative to this oracle. Furthermore, there are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive Turing machines, yet they can be implemented even in practice by quantum mechanical apparatus. 1 Deutsch's Quantum Computer In a bold paper published in the Proceedings of the Royal Society, David Deutsch put forth in 1985 the quantum computer [7] (see also [8]). Even though this may c...

Abstract. We prove the unconditional security of a quantum key distribution (QKD) protocol on a noisy channel against the most general attack allowed by quantum physics. We use the fact that in a previous paper we have reduced the proof of the unconditionally security of this QKD protocol to a proof that a corresponding Quantum String Oblivious Transfer (String-QOT) protocol would be unconditionally secure against Bob if implemented on top of an unconditionally secure bit commitment scheme. We prove a lemma that extends a security proof given by Yao for a (one bit) QOT protocol to this String-QOT protocol. This result and the reduction mentioned above implies the unconditional security of our QKD protocol despite our previous proof that unconditionally secure bit commitment schemes are impossible. 1

Abstract. This paper presents a new paradigm of cryptography, quantum public-key cryptosystems. In quantum public-key cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) poly-time Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor one-way function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum public-key cryptosystems: a quantum public-key encryption scheme or quantum trapdoor one-way function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subset-sum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.

We devise a simple modification that essentially doubles the efficiency of the BB84 quantum key distribution scheme proposed by Bennett and Brassard. We also prove the security of our modified scheme against the most general eavesdropping attack that is allowed by the laws of physics. The first major ingredient of our scheme is the assignment of significantly different probabilities to the different polarization bases during both transmission and reception, thus reducing the fraction of discarded data. A second major ingredient of our scheme is a refined analysis of accepted data: We separate the accepted data into various subsets according to the basis employed and estimate an error rate for each subset separately. We then show that such a refined data analysis guarantees the security of our scheme against the most general eavesdropping strategy, thus generalizing Shor and Preskill’s proof of security of BB84 to our new scheme. Up till now, most proposed proofs of security of singleparticle type quantum key distribution schemes have relied heavily upon the fact that the bases are chosen uniformly, randomly and independently. Our proof removes this symmetry requirement.

Quantum theory has found a new field of applications in the realm of information and computation during the recent years. This paper reviews how quantum physics allows information coding in classically unexpected and subtle nonlocal ways, as well as information processing with an efficiency largely surpassing that of the present and foreseeable classical computers. Some outstanding aspects of classical and quantum information theory will be addressed here. Quantum teleportation, dense coding, and quantum cryptography are discussed as a few samples of the impact of quanta in the transmission of information. Quantum logic gates and quantum algorithms are also discussed as instances of the improvement in information processing by a quantum computer. We provide finally some examples of current experimental

Abstract not found