infinite randomness expansion with a constant number of devices
DESCRIPTION
Infinite Randomness Expansion with a Constant Number of Devices. Matthew Coudron , Henry Yuen MIT EECS arXiv 1310.6755. Goal: Testing RNG’s …. Goal: Testing RNG’s …. … in a “black box” manner. Goal: Testing RNG’s …. … in a “black box” manner - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/1.jpg)
Infinite Randomness Expansion with a Constant Number of Devices
Matthew Coudron, Henry YuenMIT EECS
arXiv 1310.6755
![Page 2: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/2.jpg)
Goal: Testing RNG’s …
![Page 3: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/3.jpg)
Goal: Testing RNG’s …
… in a “black box” manner
![Page 4: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/4.jpg)
Goal: Testing RNG’s …
… in a “black box” manner
• “Stealthy Dopant-Level Hardware Trojans”[Becker, Regazzoni, Paar, Burleson 2013]
![Page 5: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/5.jpg)
With interactive proofs …S1 = Input 1
Test = T(S, O)
O1 = Output 1
… we still can’t test that (classical) provers are producing randomness.
Problem: All prover strategies are contained in the convex hull of deterministic strategies (linearity of expectation).
S2 = Input 2
O2 = Output 2
![Page 6: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/6.jpg)
The CHSH game (Bell’s Theorem - 1964)
![Page 7: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/7.jpg)
The CHSH game (Bell’s Theorem - 1964)
𝜔𝐶=0.75
![Page 8: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/8.jpg)
The CHSH game (Bell’s Theorem - 1964)
𝜔𝐶=0.75
![Page 9: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/9.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
![Page 10: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/10.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
S = Input Seed
A B
![Page 11: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/11.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
b = 1a = 1
S = Input Seed
A B
![Page 12: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/12.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
x0
y0
a1
b1
b = 1a = 1
S = Input Seed
A B
![Page 13: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/13.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
x1
0
y0
0
a0
1
b0
1
b = 0a = 0
S = Input Seed
A B
![Page 14: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/14.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
x0
1
0
y1
0
0
a0
0
1
b0
0
1
b = 0a = 0
S = Input Seed
A B
![Page 15: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/15.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
x1
0
1
0
y1
1
0
0
a1
0
0
1
b1
0
0
1
b = 1a = 1
S = Input Seed
A B
![Page 16: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/16.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
A B
O = Output
![Page 17: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/17.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
Test
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
A B
O = Output
![Page 18: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/18.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
Test
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
A B
Pass
O has high Min-Entropy (high “randomness”)
O = Output
![Page 19: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/19.jpg)
Randomness Expansion
• Roger Colbeck – PhD Thesis, 2006
• Serial rounds “Query and Response”
Test
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
A B
Fail
Pass
Fail Abort Protocol
O has high Min-Entropy (high “randomness”)
O = Output
![Page 20: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/20.jpg)
VV Protocol [Vazirani, Vidick ‘11]
• Exponential expansion
n bit seed -> O has Min Entropy • Secure against quantum eavesdropper
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
Randomness Expansion
A B
O = Output
![Page 21: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/21.jpg)
VV Protocol [Vazirani, Vidick ‘11]
• Exponential expansion
n bit seed -> O has Min Entropy • Secure against quantum eavesdropper
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
Randomness Expansion
A B
O = Output
![Page 22: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/22.jpg)
VV Protocol [Vazirani, Vidick ‘11]
• Exponential expansion
n bit seed -> (O)
• Secure against quantum eavesdropper
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
Randomness Expansion
A B
O = Output
![Page 23: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/23.jpg)
VV Protocol [Vazirani, Vidick ‘11]
• Exponential expansion
n bit seed -> (O) • Secure against quantum eavesdropper
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
Randomness Expansion
A B
O = Output
![Page 24: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/24.jpg)
VV Protocol [Vazirani, Vidick ‘11]
• Exponential expansion
n bit seed -> (O) • Secure against quantum eavesdropper
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
Randomness Expansion
A B
EO = Output
![Page 25: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/25.jpg)
VV Protocol [Vazirani, Vidick ‘11]
• Exponential expansion
n bit seed -> (O) • Secure against quantum eavesdropper ≈ ⊗ ≈ ⊗
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
Randomness Expansion
A B
EO = Output
![Page 26: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/26.jpg)
Question
What is the greatest possible rate of randomness expansion? Exponential? Higher?
![Page 27: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/27.jpg)
Question
What is the greatest possible rate of randomness expansion? Exponential? Higher?
Doubly exponential upper bound for analysis of existing non-adaptive protocols. [C, Vidick, Yuen]
![Page 28: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/28.jpg)
Question
What is the greatest possible rate of randomness expansion? Exponential? Higher?
Doubly exponential upper bound for analysis of existing non-adaptive protocols. [C, Vidick, Yuen]
Our Result: Infinite randomness expansion with 8 devices.
(We can also do 6)
![Page 29: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/29.jpg)
EXTRACTOR
Compose?
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
Input Seed
A B
O
![Page 30: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/30.jpg)
EXTRACTOR
Compose?
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
Input Seed
A B
O
![Page 31: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/31.jpg)
EXTRACTOR
Compose?
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
Input Seed
A B
O
EXTRACTOR
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
O
![Page 32: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/32.jpg)
EXTRACTOR
Compose?
S1
A B
O1
Group 1 S2
A B
O2
Group 2
![Page 33: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/33.jpg)
EXTRACTOR
Compose?
Secure Against Eavesdropper
S1
A B
O1
Group 1 S2
A B
O2
Group 2
![Page 34: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/34.jpg)
E
EXTRACTOR
Compose?
Secure Against Eavesdropper
S1
A B
O1
Group 1 S2
A B
O2
Group 2
![Page 35: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/35.jpg)
E
EXTRACTOR
Compose?
Secure Against Eavesdropper
S1
A B
O1
Group 1 S2
A B
O2
Group 2
≈ ≈ ⊗ ⊗
![Page 36: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/36.jpg)
EXTRACTOR
Alternate?
S2
A B
Group 1
A B
O2
Group 2EXTRACTOR
![Page 37: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/37.jpg)
EXTRACTOR
Alternate?
S2
A B
Group 1
A B
O2
Group 2EXTRACTOR
![Page 38: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/38.jpg)
EXTRACTOR
Alternate?
Secure Against Eavesdropper
S2
A B
Group 1
A B
O2
Group 2EXTRACTOR
![Page 39: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/39.jpg)
EXTRACTOR
Alternate?
Secure Against Eavesdropper
S2
A B
Group 1
A B
O2
Group 2
E
EXTRACTOR
![Page 40: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/40.jpg)
EXTRACTOR
Alternate?
Secure Against Eavesdropper
S2
A B
Group 1
A B
O2
Group 2
E
≈ ≈ ⊗ ⊗
EXTRACTOR
![Page 41: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/41.jpg)
EXTRACTOR
Alternate?
Secure Against Eavesdropper
S2
A B
Group 1
A B
O2
Group 2
E
≈ ≈ ⊗ ⊗
EXTRACTOR
![Page 42: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/42.jpg)
EXTRACTOR
Compose?
S1
A B
O1
Group 1 S2
A B
O2
Group 2
![Page 43: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/43.jpg)
EXTRACTOR
Alternate?
Secure Against Eavesdropper
S2
A B
Group 1
A B
O2
Group 2
E
≈ ≈ ⊗ ⊗
EXTRACTOR
![Page 44: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/44.jpg)
EXTRACTOR
Alternate?
Secure Against Eavesdropper
S2
A B
Group 1
A B
O2
Group 2
E
≈ ≈ ⊗ ⊗
EXTRACTOR
![Page 45: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/45.jpg)
Input Security
• Provably input secure randomness expansion protocol Infinite randomness expansion.
• Can we obtain input security in a randomness expansion protocol?
• Randomness Extractors are provably not input secure.
≈ ⊗ ≈ ⊗Secure Against Q. Eavesdropper “Input Secure”
![Page 46: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/46.jpg)
Input Security
• Provably input secure randomness expansion protocol Infinite randomness expansion.
• Can we obtain input security in a randomness expansion protocol?
• Randomness Extractors are provably not input secure.
≈ ⊗ ≈ ⊗Secure Against Q. Eavesdropper “Input Secure”
![Page 47: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/47.jpg)
Input Security
• Provably input secure randomness expansion protocol Infinite randomness expansion.
• Can we obtain input security in a randomness expansion protocol?
• Randomness Extractors are provably not input secure.
≈ ⊗ ≈ ⊗Secure Against Q. Eavesdropper “Input Secure”
![Page 48: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/48.jpg)
A New Tool[Reichardt, Unger, Vazirani 2012]“RUV” Protocol• Device Independent protocol• Gives a test for special structure in the
devices’ strategy.• Certifies that devices are employing the ideal
CHSH strategy in certain rounds.
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
S = Input Seed
A B
![Page 49: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/49.jpg)
The RUV protocol seems Input Secure!
.
Input Secure?
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 50: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/50.jpg)
The RUV protocol seems Input Secure!
.
Input Secure?
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 51: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/51.jpg)
The RUV protocol seems Input Secure!
.
Input Secure?E
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 52: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/52.jpg)
The RUV protocol seems Input Secure!
.
Input Secure?
≈ ⊗“Input Secure”
E
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 53: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/53.jpg)
The RUV protocol seems Input Secure!
However: 1) Not randomness expanding.
Input Secure?
≈ ⊗“Input Secure”
E
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 54: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/54.jpg)
Obtaining Expansion
• VV– Exponential
Expansion– Q. Secure
• RUV:– Polynomial
Contraction• Net:– Exponential
Expansion
![Page 55: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/55.jpg)
This RUV protocol seems Input Secure!
However: 1) Not randomness expanding. 2) Not input secure conditioned
on passing.
Input Secure?
≈ ⊗“Input Secure”
E
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 56: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/56.jpg)
Input Security revisited• We only use the output of RUV in the
event that the protocol passes• In general conditioning on this event
can reveal output information to the eavesdropper
• This would invalidate the Input Security gained from RUV
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 57: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/57.jpg)
Input Security revisited• We only use the output of RUV in the
event that the protocol passes• In general conditioning on this event
can reveal output information to the eavesdropper
• This would invalidate the Input Security gained from RUV
E
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 58: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/58.jpg)
Input Security revisited• We only use the output of RUV in the
event that the protocol passes• In general conditioning on this event
can reveal output information to the eavesdropper
• This would invalidate the Input Security gained from RUV
E
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 59: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/59.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
• Divide the output X into blocks
• On average each block will be nearly unentangled with the combined system FE
• Output a random block
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 60: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/60.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
• Divide the output X into blocks
• On average each block will be nearly unentangled with the combined system FE
• Output a random block
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 61: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/61.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
• Divide the output X into blocks
• On average each block will be nearly unentangled with the combined system FE
• Output a random block
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 62: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/62.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
• Divide the output X into blocks
• On average each block will be nearly unentangled with the combined system FE
• Output a random block
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 63: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/63.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 64: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/64.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 65: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/65.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 66: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/66.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
![Page 67: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/67.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
Pinsker’s Inequality
![Page 68: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/68.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
Pinsker’s Inequality
![Page 69: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/69.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
Pinsker’s Inequality
![Page 70: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/70.jpg)
Input Security: The Solution
X
X1
X3
X2 EFPass Fail
F = 1 F = 0
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
Pinsker’s Inequality
![Page 71: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/71.jpg)
Selecting Random Blocks• Our solution selects output
blocks at random…. ….using an input seed unknown to the devices• But could the seed be
correlated with the position of “bad” blocks?
X
X1
X3
X2
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
E
![Page 72: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/72.jpg)
Selecting Random Blocks• Our solution selects output
blocks at random…. ….using an input seed unknown to the devices• But could the seed be
correlated with the position of “bad” blocks?
X
X1
X3
X2
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
E
![Page 73: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/73.jpg)
Selecting Random Blocks• Our solution selects output
blocks at random…. ….using an input seed unknown to the devices• But could the seed be
correlated with the position of “bad” blocks?
X
X1
X3
X2
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
E
![Page 74: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/74.jpg)
Selecting Random Blocks• Such adversarial correlations
can be ruled out using a purification and simulation argument.
• This implies full input security for this composition of VV and RUV.
X
X1
X3
X2
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
E
![Page 75: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/75.jpg)
Selecting Random Blocks• Such adversarial correlations
can be ruled out using a purification and simulation argument.
• This implies full input security for this composition of VV and RUV.
X
X1
X3
X2
x0
1
1
0
1
0
1
0
y0
0
1
0
1
1
0
0
a1
0
0
1
1
0
0
1
b0
1
1
0
1
0
0
1
b = 0a = 1
A B
E
![Page 76: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/76.jpg)
Our Protocol
EXTRACTOR
VV
BA
RUV
BA
EXTRACTOR
VV
BA
RUV
BA
S = Input Seed
![Page 77: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/77.jpg)
Our Protocol
EXTRACTOR
VV
BA
RUV
BA
EXTRACTOR
VV
BA
RUV
BA
S = Input Seed
![Page 78: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/78.jpg)
Our Protocol
EXTRACTOR
VV
BA
RUV
BA
EXTRACTOR
VV
BA
RUV
BA
S = Input Seed
![Page 79: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/79.jpg)
Our Protocol
EXTRACTOR
VV
BA
RUV
BA
EXTRACTOR
VV
BA
RUV
BA
S = Input Seed
![Page 80: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/80.jpg)
Our Protocol
EXTRACTOR
VV
BA
RUV
BA
EXTRACTOR
VV
BA
RUV
BA
S = Input Seed
![Page 81: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/81.jpg)
Infinite Randomness Expansion
• Accumulated error converges• Output is -close to uniform and secure against quantum eavesdropper.
VV
BA
RUV
BA
VV
BA
RUV
BA
S = Input Seed
![Page 82: Infinite Randomness Expansion with a Constant Number of Devices](https://reader035.vdocuments.mx/reader035/viewer/2022062501/568166ee550346895ddb433f/html5/thumbnails/82.jpg)
Related Work and Open Problems
• Robust protocols [Miller, Shi], [Chung, Shi, Wu]– MS gives a protocol for robust exponential
expansion with two devices.– The results of MS and CSW can be combined to
give a provably robust infinite expansion protocol using four devices.
• Extracting from a min-entropy source (without an independent seed) [Chung, Shi, Wu]– Different proof and application for “Input
Security”