Showing papers on "Alice and Bob published in 2006"

Quantum direct communication with authentication

Abstract: We propose two quantum direct communication (QDC) protocols with user authentication. Users can identify each other by checking the correlation of Greenberger-Horne-Zeilinger (GHZ) states. Alice can directly send a secret message to Bob without any previously shared secret using the remaining GHZ states after authentication. Our second QDC protocol can be used even though there is no quantum link between Alice and Bob. The security of the transmitted message is guaranteed by properties of entanglement of GHZ states.

Parallel repetition: simplifications and the no-signaling case

Abstract: Consider a game where a refereed a referee chooses (x,y) according to a publicly known distribution P_XY, sends x to Alice, and y to Bob. Without communicating with each other, Alice responds with a value "a" and Bob responds with a value "b". Alice and Bob jointly win if a publicly known predicate Q(x,y,a,b) holds. Let such a game be given and assume that the maximum probability that Alice and Bob can win is v<1. Raz (SIAM J. Comput. 27, 1998) shows that if the game is repeated n times in parallel, then the probability that Alice and Bob win all games simultaneously is at most v'^(n/log(s)), where s is the maximal number of possible responses from Alice and Bob in the initial game, and v' is a constant depending only on v. In this work, we simplify Raz's proof in various ways and thus shorten it significantly. Further we study the case where Alice and Bob are not restricted to local computations and can use any strategy which does not imply communication among them.

Quantum mutual information and the one-time pad

Abstract: Alice and Bob share a correlated composite quantum system AB. If AB is used as the key for a one-time pad cryptographic system, we show that the maximum amount of information that Alice can send securely to Bob is the quantum mutual information of AB.

Of Malicious Motes and Suspicious Sensors : On the Efficiency of Malicious Interference in Wireless Networks

Abstract: How efficiently can a malicious device disrupt communication in a wireless network? Imagine a basic game involving two honest players, Alice and Bob, who want to exchange information, and an adversary, Collin, who can disrupt communication using a limited budget of β broadcasts. How long can Collin delay Alice and Bob from communicating? In fact, the trials and tribulations of Alice and Bob capture the fundamental difficulty shared by several n-player problems, including reliable broadcast, leader election, static k-selection, and t-resilient consensus. We provide round complexity lower bounds-and (nearly) tight upper bounds- for each of those problems. These results imply bounds on adversarial efficiency, which we analyze in terms of jamming gain and disruption-free complexity.

Of malicious motes and suspicious sensors: on the efficiency of malicious interference in wireless networks

Abstract: How efficiently can a malicious device disrupt communication in a wireless network? Imagine a basic game involving two honest players, Alice and Bob, who want to exchange information, and an adversary, Collin, who can disrupt communication using a limited budget of β broadcasts. How long can Collin delay Alice and Bob from communicating? In fact, the trials and tribulations of Alice and Bob capture the fundamental difficulty shared by several n–player problems, including reliable broadcast, leader election, static k–selection, and t–resilient consensus. We provide round complexity lower bounds—and (nearly) tight upper bounds—for each of those problems. These results imply bounds on adversarial efficiency, which we analyze in terms of jamming gain and disruption–free complexity.

Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles

Abstract: In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice’s credentials satisfy Bob’s access policy. The literature contains many examples where protecting the credentials and the access control policies is useful, and there are numerous protocols that achieve this. In many of these schemes, the server does not learn whether the client obtained access (e.g., to a message, or a service via an eticket). A consequence of this property is that the client can use all of her credentials without fear of “probing” attacks by the server, because the server cannot glean information about which credentials the client has (when this property is lacking, the literature uses a framework where the very use of a credential is subject to a policy specific to that credential). The main result of this paper is a protocol for negotiating trust between Alice and Bob without revealing either credentials or policies, when each credential has its own access policy associated with it (e.g., “a top-secret clearance credential can only be used when the other party is a government employee and has a top-secret clearance”). Our protocol carries out this privacy-preserving trust negotiation between Alice and Bob, while enforcing each credential’s policy (thereby protecting sensitive credentials). Note that there can be a deep nesting of dependencies between credential policies, and that there can be (possibly overlapping) policy cycles of these dependencies. Our result is not achieved through the routine use of standard techniques to implement, in this framework, one of the known strategies for trust negotiations (such as the “eager strategy”). Rather, this paper uses novel techniques to implement a non-standard trust negotiation strategy specifically suited to this framework (and in fact unusable outside of this framework, as will become clear). Our work is therefore Portions of this work were supported by Grants IIS-0325345, IIS0219560, IIS-0312357, and IIS-0242421 from the National Science Foundation, Contract N00014-02-1-0364 from the Office of Naval Research, by sponsors of the Center for Education and Research in Information Assurance and Security, and by Purdue Discovery Park’s e-enterprise Center. a substantial extension of the state-of-the-art in privacypreserving trust negotiations.

Advances in signatures, encryption, and e-cash from bilinear groups

Abstract: We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups . (1) Re-signatures. We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. (2) Re-encryption. We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage. (3) Compact e-cash with tracing and bounded-anonymity . We present an offline e-cash system where 2e coins can be stored in O(e + k) bits and withdrawn or spent in O(e + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be O(2 e · k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)

Quantum Secure Direct Communication with Cluster State

Abstract: We propose a novel protocol for quantum secure direct communication with cluster states. In this protocol, the two legitimate users, Alice and Bob, can directly transmit the secret messages by using the Bell-basis measurement and Z-basis measurement, respectively, in classical communication. Since our quantum secure direct communication protocol is based on the cluster state, it is easily processed by a one-way quantum computer.

Succinct Non-Interactive Zero-Knowledge Proofs with Preprocessing for LOGSNP

Abstract: Let \Lambda : {0, 1}^n ? {0, 1}^m \to {0, 1} be a Boolean formula of size d, or more generally, an arithmetic circuit of degree d, known to both Alice and Bob, and let y \in {0, 1}^m be an input known only to Alice. Assume that Alice and Bob interacted in the past in a preamble phase (that is, applied a preamble protocol that depends only on the parameters, and not on \Lambda, y). We show that Alice can (non-interactively) commit to y, by a message of size poly(m, log d), and later on prove to Bob any N statements of the form \Lambda(x_1, y) = z_1, . . . , \Lambda(x_{N}, y) = z_N by a (computationally sound) non-interactive zero-knowledge proof of size poly(d, logN). (Note the logarithmic dependence on N). We give many applications and motivations for this result. In particular, assuming that Alice and Bob applied in the past the (poly-logarithmic size) preamble protocol: 1. Given a CNF formula \Psi(w_1, . . . , w_m ) of size N, Alice can prove the satisfiability of \Psi by a (computationally sound) non-interactive zero-knowledge proof of size poly(m). That is, the size of the proof depends only on the size of the witness and not on the size of the formula. 2. Given a language L in the class LOGSNP and an input x \in {0,|1}^n , Alice can prove the membership x \in L by a (computationally sound) non-interactive zero-knowledge proof of size polylogn. 3. Alice can commit to a Boolean formula y of size m, by a message of size poly(m), and later on prove to Bob any N statements of the form y(x_1 ) = z_1 , . . . , y(x_N ) = z_N by a (computationally sound) non-interactive zero-knowledge proof of size poly(m, logN). Our cryptographic assumptions include the existence of a poly-logarithmic Symmetric-Private-Information- Retrieval (SPIR) scheme, as defined in [4], and the existence of commitment schemes, secure against circuits of size exponential in the security parameter.

Generalized decoding, effective channels, and simplified security proofs in quantum key distribution

Abstract: Prepare and measure quantum key distribution protocols can be decomposed into two basic steps: delivery of the signals over a quantum channel and distillation of a secret key from the signal and measurement records by classical processing and public communication. Here we formalize the distillation process for a general protocol in a purely quantum-mechanical framework and demonstrate that it can be viewed as creating an ``effective'' quantum channel between the legitimate users Alice and Bob. The process of secret key generation can then be viewed as entanglement distribution using this channel, which enables application of entanglement-based security proofs to essentially any prepare and measure protocol. To ensure secrecy of the key, Alice and Bob must be able to estimate the channel noise from errors in the key, and we further show how symmetries of the distillation process simplify this task. Applying this method, we prove the security of several key distribution protocols based on equiangular spherical codes.

Entanglement of assistance is not a bipartite measure nor a tripartite monotone

Abstract: The entanglement of assistance quantifies the entanglement that can be generated between two parties, Alice and Bob, given assistance from a third party, Charlie, when the three share a tripartite state and where the assistance consists of Charlie initially performing a measurement on his share and communicating the result to Alice and Bob through a one-way classical channel. We argue that if this quantity is to be considered an operational measure of entanglement, then it must be understood to be a tripartite rather than a bipartite measure. We compare it with a distinct tripartite measure that quantifies the entanglement that can be generated between Alice and Bob when they are allowed to make use of a two-way classical channel with Charlie. We show that the latter quantity, which we call the entanglement of collaboration, can be greater than the entanglement of assistance. This demonstrates that the entanglement of assistance (considered as a tripartite measure of entanglement), and its multipartite generalizations such as the localizable entanglement, are not entanglement monotones, thereby undermining their operational significance.

Unifying classical and quantum key distillation

Abstract: Assume that two distant parties, Alice and Bob, as well as an adversary, Eve, have access to (quantum) systems prepared jointly according to a tripartite state. In addition, Alice and Bob can use local operations and authenticated public classical communication. Their goal is to establish a key which is unknown to Eve. We initiate the study of this scenario as a unification of two standard scenarios: (i) key distillation (agreement) from classical correlations and (ii) key distillation from pure tripartite quantum states. Firstly, we obtain generalisations of fundamental results related to scenarios (i) and (ii), including upper bounds on the key rate. Moreover, based on an embedding of classical distributions into quantum states, we are able to find new connections between protocols and quantities in the standard scenarios (i) and (ii). Secondly, we study specific properties of key distillation protocols. In particular, we show that every protocol that makes use of pre-shared key can be transformed into an equally efficient protocol which needs no pre-shared key. This result is of practical significance as it applies to quantum key distribution (QKD) protocols, but it also implies that the key rate cannot be locked with information on Eve's side. Finally, we exhibit an arbitrarily large separation between the key rate in the standard setting where Eve is equipped with quantum memory and the key rate in a setting where Eve is only given classical memory. This shows that assumptions on the nature of Eve's memory are important in order to determine the correct security threshold in QKD.

Point-based trust: define how much privacy is worth

Abstract: This paper studies the notion of point-based policies for trust management, and gives protocols for realizing them in a disclosure-minimizing fashion. Specifically, Bob values each credential with a certain number of points, and requires a minimum total threshold of points before granting Alice access to a resource. In turn, Alice values each of her credentials with a privacy score that indicates her reluctance to reveal that credential. Bob's valuation of credentials and his threshold are private. Alice's privacy-valuation of her credentials is also private. Alice wants to find a subset of her credentials that achieves Bob's required threshold for access, yet is of as small a value to her as possible. We give protocols for computing such a subset of Alice's credentials without revealing any of the two parties' above-mentioned private information.

Point-based trust : Define how much privacy is worth

Abstract: This paper studies the notion of point-based policies for trust management, and gives protocols for realizing them in a disclosure-minimizing fashion. Specifically, Bob values each credential with a certain number of points, and requires a minimum total threshold of points before granting Alice access to a resource. In turn, Alice values each of her credentials with a privacy score that indicates her reluctance to reveal that credential. Bob's valuation of credentials and his threshold are private. Alice's privacy-valuation of her credentials is also private. Alice wants to find a subset of her credentials that achieves Bob's required threshold for access, yet is of as small a value to her as possible. We give protocols for computing such a subset of Alice's credentials without revealing any of the two parties' above-mentioned private information.

Secure Linear Algebra Using Linearly Recurrent Sequences.

Abstract: In this work we present secure two-party protocols for various core problems in linear algebra. Our main building block is a protocol to obliviously decide singularity of an encrypted matrix: Bob holds an $n imes n$ matrix $M$, encrypted with Alice's secret key, and wants to learn whether the matrix is singular or not (and nothing beyond that). We give an interactive protocol between Alice and Bob that solves the above problem with optimal communication complexity while at the same time achieving low round complexity. More precisely, the number of communication rounds in our protocol is $polylog(n)$ and the overall communication is roughly $O(n^2)$ (note that the input size is $n^2$). At the core of our protocol we exploit some nice mathematical properties of linearly recurrent sequences and their relation to the characteristic polynomial of the matrix $M$, following [Wiedemann, 1986]. With our new techniques we are able to improve the round complexity of the communication efficient solution of [Nissim and Weinreb, 2006] from $n^{0.275}$ to $polylog(n)$. Based on our singularity protocol we further extend our result to the problems of securely computing the rank of an encrypted matrix and solving systems of linear equations.

Learning to impersonate

Abstract: Consider Alice and Bob, who have some shared secret which helps Alice to identify Bob-impersonators, and Eve, who does not know their secret. Eve wants to impersonate Bob and "fool" Alice. If Eve is computationally unbounded, how long does she need to observe Bob before she can impersonate him? What is a good strategy for Eve? If (cryptographic) one-way functions exist, an efficient Eve cannot impersonate even very simple Bobs, but if they do not exist, can Eve learn to impersonate any efficient Bob?We formalize these questions in a new computational learning model, which we believe captures a wide variety of natural learning tasks, and tightly bound the number of observations Eve makes in terms of the secret's entropy. We then show that if one-way functions do not exist, then an efficient Eve can learn to impersonate any efficient Bob nearly as well as an unbounded Eve.For the full version of this work see (Naor & Rothblum, 2006).

Private Updates to Anonymous Databases

Abstract: Suppose that Alice, owner of a k-anonymous database, needs to determine whether her database, when adjoined with a tuple owned by Bob, is still k-anonymous. Suppose moreover that access to the database is strictly controlled, because for example data are used for experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob; on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus the problem is to check whether the database adjoined with the tuple is still k-anonymous, without letting Alice and Bob know the contents of, respectively, the tuple and the database. In this paper, we propose two protocols solving this problem.

The Man-in-the-Middle Defence

Abstract: The man-in-the-middle defence is all about rehabilitating Charlie. For 20 years we’ve worried about this guy in the middle, Charlie, who’s forever intercalating himself into the communications between Alice and Bob, and people have been very judgemental about poor Charlie, saying that Charlie is a wicked person. Well, we’re not entirely convinced.

Natural Language Steganography and an \AI-complete" Security Primitive

Abstract: In order to sketch, why steganography is such an important topic, and has received far too little attention from the hacker community in the past, let me quickly challenge our view of cryptosystems as commonly built in the context of military or commercial applications: Cryptosystems are designed to protect our sensitive data from evil arbitrators. Wrong. Well, maybe not. But then again, what is evil? Basically one could say, hacker ethics is about protecting a good individual from a bad society and this has some severe consequences in the construction of secure communication systems. In particular, I would like to draw our attention to the evil spy, we are envisioning, when we think about cryptosystems, who intercepts sensitive military communication, and to the criminal who fakes banking transactions. Most often, what we have in mind, when we build cryptosystems is a bad individual in a good society, which is rather some instance of witch hunt ethics. In practice this assumption has the simple incarnation, that cryptograms are vulnerable to detection, since a good society would encourage the use of cryptography as a means to protect everyone’s privacy. But under the assumption of a bad society, would Alice and Bob be allowed to use cryptography? What would witchhunt ethics assert about people who use cryptography? Do they have something to hide? Something evil? The central shift in views that is necessary, is the fact that it is not Alice and Bob who control their communication channel, so they can make sure, that evil Wendy won’t be able to recover their communication, but evil Wendy controls the channel and wants to make sure Alice and Bob can’t exchange unwanted messages. This communication setup has rst been stated by Gustavus J. Simmons, which he popularly introduced via the prisoner’s dilemma. In this scenario we assume Alice and Bob are arrested, and \their only means of communication after they are locked up will be by way of messages conveyed for them by trustees { who are known to be agents of the warden... However since he has every reason to suspect that the prisoners want to coordinate an escape plan, the warden will only permit the exchanges to occur if the information contained in the messages is completely open to him { and presumably innocuous." (Simmons 1984).

Two-Party Private Vector Dominance: The All-Or-Nothing Deal

Abstract: Alice holds a secret integer a while Bob holds a secret integer b, they want to decide on the predicate a > b with no information revealed other than the result. This is the well known Yao's millionaires' problem. In some e-commerce applications, Alice holds an n-dimension secret vector alpha = (a1, ..., an) while Bob holds an n-dimension secret vector beta = (b1,..., bn). Alice and Bob want to decide on one of the three possible domination results, alpha beta, beta alpha, or no domination exists, with no information revealed other than the result. i.e., in case there is a domination, no information is revealed about any dimension, whereas, in case no domination exists, no information is revealed about the predicate ai > bi for any i = 1, ..., n. In the honest-but-curious scenario and without the help of a third party, in this paper we propose an efficient solution to this problem. We give a complete security proof. Up to our knowledge, no practical solution to this problem - that does not incorporate a third party - has been proposed

Quantum key distribution system and quantum key creating method

Abstract: PROBLEM TO BE SOLVED: To provide a quantum key distribution technology capable of increasing the key creating rate. SOLUTION: The quantum key distribution system separates a pair of quantum entangled photons into a low frequency and high frequency bands from its center frequency and sends one to an Alice's communication apparatus and the other to a Bob's communication apparatus. The Alice's and Bob's communication apparatus comprise a plurality of wavelength channel separation filters having mutually symmetric bands to the center frequency and measure the quantum entangled statuses of a light at selected bases on each wavelength channel. Alice and Bob exchange the measuring times and the measured bases of the light measured on each wavelength channel through the classical communication to thereby know the party's measurement result from own measurement result of the corresponding measuring time and the party's measured base, resulting in that both commonly have a common secret key. This increases the channel number of QKD, using one quantum entangled light source and hence rapidly makes the great increase of the key creating rate on the whole system. COPYRIGHT: (C)2008,JPO&INPIT

Elementary team strategies in a monotone game

Abstract: We face a complex game between Alice and Bob where the victory probability of each contender grows monotonically by unknown amounts with the resources s/he employs. For a fixed effort on Alice's part Bob increases his resources on the basis of the results of the individual contests (victory, tie or defeat) with the aim of reducing the defeat probability under a given threshold. We read this goal in terms of computing a confidence interval for the losing probability and in a previous paper we identified this interval on the basis of two joint statistics regarding the game history. In this paper we move to a contest between teams where each member plays a monotone game with a member of the adversary team, with the additional benefit of a coordinating action on the parts of Alice and Bob in the role of team leaders. With analogous constraints on Alice's teammates and the same joint statistics collected by each contender, we show how the statistics combine to reach the goal of binding the overall losing probability of Bob's team. The analysis of the course of the bounds with the statistics suggests a pair of strategies for reducing the resources that are necessary to achieve the goal.

Measuring-basis-encrypted six-state quantum key distribution scheme

Abstract: A six-state quantum key distribution scheme with measuring-basis encryption technique, which is based on the six-state protocol and the MBE protocol, is proposed. In this modified six-state quantum key distribution protocol, Alice and Bob use a control key to synchronize the use of their measuring-basis so that they always use the same measuring-basis. This modified six-state quantum key distribution protocol retains the advantage of higher security and at the same time has a higher efficiency.

Of Malicious Motes and Suspicious Sensors

Abstract: How efficiently can a malicious device disrupt communication in a wireless network? Imagine a basic game involving two honest players, Alice and Bob, who want to exchange information, and an adversary, Collin, who can disrupt communication using a limited budget of B broadcasts. How long can Collin delay Alice and Bob from communicating? In fact, the trials and tribulations of Alice and Bob capture the fundamental difficulty shared by several n-player problems, including reliable broadcast, leader election, static k-selection, and t-resilient consensus. We provide round complexity lower bounds—and (nearly) tight upper bounds—for each of those problems. These results imply bounds on adversarial efficiency, which we analyze in terms of jamming gain and disruption-free complexity.

Enhancing Dependability through Quantum Entanglement In a Real-Time Distributed System

Abstract: Alice and Bob play beach volleyball as teammates. When the opponent starts to serve, they both run toward the ball and show their intentions by shouting "It's mine". However, sometimes they collide with each other and sometimes neither of them attempts to receive the ball. In both cases they will blame each other for having made the same decisions. This can be formulated as a dependability problem as follows. Two processors jointly provide a real-time service which can be completed by exactly one processor. Assuming each processor is allowed to announce only one-bit information to decide which one to process the job, inevitably some of the jobs will get lost if only classical resources are used. In this paper, we show if these two processors share quantum entanglement, not only the system dependability can be enhanced; the faulty processor can also be identified.

Private Approximate Heavy Hitters

Abstract: We consider the problem of private computation of approximate Heavy Hitters Alice and Bob each hold a vector and, in the vector sum, they want to find the B largest values along with their indices While the exact problem requires linear communication, protocols in the literature solve this problem approximately using polynomial computation time, polylogarithmic communication, and constantly many rounds We show how to solve the problem privately with comparable cost, in the sense that nothing is learned by Alice and Bob beyond what is implied by their input, the ideal top-B output, and goodness of approximation (equivalently, the Euclidean norm of the vector sum) We give lower bounds showing that the Euclidean norm must leak by any efficient algorithm

Error Correcting Codes, Block Designs, Perfect Secrecy and Finite Fields

Abstract: The ancient difficulty for establishing a common cryptographic secret key between two communicating parties Alice and Bob is nicely summarized by the Catch-22 dictum of S.J. Lomonaco [1999], to wit: “in order to communicate in secret one must first communicate in secret”. In other words, to communicate in secret, Alice and Bob must already have a shared secret key. In this paper we analyse an algorithm for establishing such a common secret key by public discussion, under the modest and practical requirement that Alice and Bob are initially in possession of keys \(A\) and \(B\), respectively, of a common length \(N\) which are not necessarily equal but are such that the mutual information \(I(A,B)\) is non-zero. This assumption is tantamount to assuming only that the corresponding statistical variables are correlated. The common secret key distilled by the algorithm will enjoy perfect secrecy in the sense of Shannon. The method thus provides a profound generalization of traditional symmetric key cryptography and applies also to quantum cryptography. Here, by purely elementary methods, we give a rigorous proof that the method proposed by Bennett, Bessette, Brassard, Salvail, and Smolin will in general converge to a non-empty common key under moderate assumptions on the choice of block lengths provided the initial bit strings are sufficiently long. Full details on the length requirements are presented. Furthermore, we consider the question of which block lengths should be chosen for optimal performance with respect to the length of the resulting common key. A new and fundamental aspect of this paper is the explicit utilization of finite fields and error-correcting codes both for checking equality of the generated keys and, later, for the construction of various hash functions. Traditionally this check has been done by performing a few times a comparison of the parity of a random subset of the bits. Here we give a much more efficient procedure by using the powerful methods of error-correcting codes. More general situations are treated in Section 8.

'Lazy' quantum ensembles

Abstract: We compare different strategies aimed to prepare an ensemble with a given density matrix ρ. Preparing the ensemble of eigenstates of ρ with appropriate probabilities can be treated as 'generous' strategy: it provides maximal accessible information about the state. Another extremity is the so-called 'Scrooge' ensemble, which is mostly stingy in sharing the information. We introduce 'lazy' ensembles which require minimal effort to prepare the density matrix by selecting pure states with respect to completely random choice. We consider two parties, Alice and Bob, playing a kind of game. Bob wishes to guess which pure state is prepared by Alice. His null hypothesis, based on the lack of any information about Alice's intention, is that Alice prepares any pure state with equal probability. Then, the average quantum state measured by Bob turns out to be ρ, and he has to make a new hypothesis about Alice's intention solely based on the information that the observed density matrix is ρ. The arising 'lazy' ensemble is shown to be the alternative hypothesis which minimizes type I error.

Quantum encryption communication equipment and private key generating method using quantum encryption communication equipment

Abstract: PROBLEM TO BE SOLVED: To provide a system having a long transmission distance in a differential phase shift quantum key delivery system. SOLUTION: By performing quantum encryption by using light (signal and idler) sent out from a first light source generating an entanglement photon pair provided in the middle of a first device (Alice) and a third device (Charlie) and light sent out from a second light source generating an entanglement photon pair provided in the middle of the third device and a second device (Bob), a delivery distance to transmit sufficient light can be prolonged as a total. Charlie communicates the fact that photons are detected continuously in one photon detector and the time or the fact that the photons are alternately detected in two photon detectors and the time to Alice and Bob. Alice and Bob transmit and receive the time at which they respectively detect the photons to/from each other. Alice and Bob generate a key bit by using the event that Charlie continuously detects the photons from time information and the event that both of Alice and Bob detect the photons corresponding to that. COPYRIGHT: (C)2006,JPO&NCIPI