-
Learning-to-learn enables rapid learning with phase-change memory-based in-memory computing
Authors:
Thomas Ortner,
Horst Petschenig,
Athanasios Vasilopoulos,
Roland Renner,
Špela Brglez,
Thomas Limbacher,
Enrique Piñero,
Alejandro Linares Barranco,
Angeliki Pantazi,
Robert Legenstein
Abstract:
There is a growing demand for low-power, autonomously learning artificial intelligence (AI) systems that can be applied at the edge and rapidly adapt to the specific situation at deployment site. However, current AI models struggle in such scenarios, often requiring extensive fine-tuning, computational resources, and data. In contrast, humans can effortlessly adjust to new tasks by transferring kn…
▽ More
There is a growing demand for low-power, autonomously learning artificial intelligence (AI) systems that can be applied at the edge and rapidly adapt to the specific situation at deployment site. However, current AI models struggle in such scenarios, often requiring extensive fine-tuning, computational resources, and data. In contrast, humans can effortlessly adjust to new tasks by transferring knowledge from related ones. The concept of learning-to-learn (L2L) mimics this process and enables AI models to rapidly adapt with only little computational effort and data. In-memory computing neuromorphic hardware (NMHW) is inspired by the brain's operating principles and mimics its physical co-location of memory and compute. In this work, we pair L2L with in-memory computing NMHW based on phase-change memory devices to build efficient AI models that can rapidly adapt to new tasks. We demonstrate the versatility of our approach in two scenarios: a convolutional neural network performing image classification and a biologically-inspired spiking neural network generating motor commands for a real robotic arm. Both models rapidly learn with few parameter updates. Deployed on the NMHW, they perform on-par with their software equivalents. Moreover, meta-training of these models can be performed in software with high-precision, alleviating the need for accurate hardware models.
△ Less
Submitted 22 April, 2024;
originally announced May 2024.
-
The debate over QKD: A rebuttal to the NSA's objections
Authors:
Renato Renner,
Ramona Wolf
Abstract:
A recent publication by the NSA assessing the usability of quantum cryptography has generated significant attention, concluding that this technology is not recommended for use. Here, we reply to this criticism and argue that some of the points raised are unjustified, whereas others are problematic now but can be expected to be resolved in the foreseeable future.
A recent publication by the NSA assessing the usability of quantum cryptography has generated significant attention, concluding that this technology is not recommended for use. Here, we reply to this criticism and argue that some of the points raised are unjustified, whereas others are problematic now but can be expected to be resolved in the foreseeable future.
△ Less
Submitted 27 July, 2023;
originally announced July 2023.
-
Quantum Advantage in Cryptography
Authors:
Renato Renner,
Ramona Wolf
Abstract:
Ever since its inception, cryptography has been caught in a vicious circle: Cryptographers keep inventing methods to hide information, and cryptanalysts break them, prompting cryptographers to invent even more sophisticated encryption schemes, and so on. But could it be that quantum information technology breaks this circle? At first sight, it looks as if it just lifts the competition between cryp…
▽ More
Ever since its inception, cryptography has been caught in a vicious circle: Cryptographers keep inventing methods to hide information, and cryptanalysts break them, prompting cryptographers to invent even more sophisticated encryption schemes, and so on. But could it be that quantum information technology breaks this circle? At first sight, it looks as if it just lifts the competition between cryptographers and cryptanalysts to the next level. Indeed, quantum computers will render most of today's public key cryptosystems insecure. Nonetheless, there are good reasons to believe that cryptographers will ultimately prevail over cryptanalysts. Quantum cryptography allows us to build communication schemes whose secrecy relies only on the laws of physics and some minimum assumptions about the cryptographic hardware - leaving basically no room for an attack. While we are not yet there, this article provides an overview of the principles and state of the art of quantum cryptography, as well as an assessment of current challenges and prospects for overcoming them.
△ Less
Submitted 11 January, 2023; v1 submitted 8 June, 2022;
originally announced June 2022.
-
Generalised entropy accumulation
Authors:
Tony Metger,
Omar Fawzi,
David Sutter,
Renato Renner
Abstract:
Consider a sequential process in which each step outputs a system $A_i$ and updates a side information register $E$. We prove that if this process satisfies a natural "non-signalling" condition between past outputs and future side information, the min-entropy of the outputs $A_1, \dots, A_n$ conditioned on the side information $E$ at the end of the process can be bounded from below by a sum of von…
▽ More
Consider a sequential process in which each step outputs a system $A_i$ and updates a side information register $E$. We prove that if this process satisfies a natural "non-signalling" condition between past outputs and future side information, the min-entropy of the outputs $A_1, \dots, A_n$ conditioned on the side information $E$ at the end of the process can be bounded from below by a sum of von Neumann entropies associated with the individual steps. This is a generalisation of the entropy accumulation theorem (EAT), which deals with a more restrictive model of side information: there, past side information cannot be updated in subsequent rounds, and newly generated side information has to satisfy a Markov condition. Due to its more general model of side-information, our generalised EAT can be applied more easily and to a broader range of cryptographic protocols. As examples, we give the first multi-round security proof for blind randomness expansion and a simplified analysis of the E91 QKD protocol. The proof of our generalised EAT relies on a new variant of Uhlmann's theorem and new chain rules for the Renyi divergence and entropy, which might be of independent interest.
△ Less
Submitted 28 October, 2022; v1 submitted 9 March, 2022;
originally announced March 2022.
-
Experimental quantum key distribution certified by Bell's theorem
Authors:
D. P. Nadlinger,
P. Drmota,
B. C. Nichol,
G. Araneda,
D. Main,
R. Srinivas,
D. M. Lucas,
C. J. Ballance,
K. Ivanov,
E. Y-Z. Tan,
P. Sekatski,
R. L. Urbanke,
R. Renner,
N. Sangouard,
J-D. Bancal
Abstract:
Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorisation to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols like the one proposed by Bennett and Brassard provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. H…
▽ More
Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorisation to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols like the one proposed by Bennett and Brassard provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. However, quantum protocols realised so far are subject to a new class of attacks exploiting implementation defects in the physical devices involved, as demonstrated in numerous ingenious experiments. Following the pioneering work of Ekert proposing the use of entanglement to bound an adversary's information from Bell's theorem, we present here the experimental realisation of a complete quantum key distribution protocol immune to these vulnerabilities. We achieve this by combining theoretical developments on finite-statistics analysis, error correction, and privacy amplification, with an event-ready scheme enabling the rapid generation of high-fidelity entanglement between two trapped-ion qubits connected by an optical fibre link. The secrecy of our key is guaranteed device-independently: it is based on the validity of quantum theory, and certified by measurement statistics observed during the experiment. Our result shows that provably secure cryptography with real-world devices is possible, and paves the way for further quantum information applications based on the device-independence principle.
△ Less
Submitted 5 September, 2023; v1 submitted 29 September, 2021;
originally announced September 2021.
-
Security in Quantum Cryptography
Authors:
Christopher Portmann,
Renato Renner
Abstract:
Quantum cryptography exploits principles of quantum physics for the secure processing of information. A prominent example is secure communication, i.e., the task of transmitting confidential messages from one location to another. The cryptographic requirement here is that the transmitted messages remain inaccessible to anyone other than the designated recipients, even if the communication channel…
▽ More
Quantum cryptography exploits principles of quantum physics for the secure processing of information. A prominent example is secure communication, i.e., the task of transmitting confidential messages from one location to another. The cryptographic requirement here is that the transmitted messages remain inaccessible to anyone other than the designated recipients, even if the communication channel is untrusted. In classical cryptography, this can usually only be guaranteed under computational hardness assumptions, e.g., that factoring large integers is infeasible. In contrast, the security of quantum cryptography relies entirely on the laws of quantum mechanics. Here we review this physical notion of security, focusing on quantum key distribution and secure communication.
△ Less
Submitted 30 August, 2021; v1 submitted 29 January, 2021;
originally announced February 2021.
-
Operationally meaningful representations of physical systems in neural networks
Authors:
Hendrik Poulsen Nautrup,
Tony Metger,
Raban Iten,
Sofiene Jerbi,
Lea M. Trenkwalder,
Henrik Wilming,
Hans J. Briegel,
Renato Renner
Abstract:
To make progress in science, we often build abstract representations of physical systems that meaningfully encode information about the systems. The representations learnt by most current machine learning techniques reflect statistical structure present in the training data; however, these methods do not allow us to specify explicit and operationally meaningful requirements on the representation.…
▽ More
To make progress in science, we often build abstract representations of physical systems that meaningfully encode information about the systems. The representations learnt by most current machine learning techniques reflect statistical structure present in the training data; however, these methods do not allow us to specify explicit and operationally meaningful requirements on the representation. Here, we present a neural network architecture based on the notion that agents dealing with different aspects of a physical system should be able to communicate relevant information as efficiently as possible to one another. This produces representations that separate different parameters which are useful for making statements about the physical system in different experimental settings. We present examples involving both classical and quantum physics. For instance, our architecture finds a compact representation of an arbitrary two-qubit system that separates local parameters from parameters describing quantum correlations. We further show that this method can be combined with reinforcement learning to enable representation learning within interactive scenarios where agents need to explore experimental settings to identify relevant variables.
△ Less
Submitted 2 January, 2020;
originally announced January 2020.
-
A chain rule for the quantum relative entropy
Authors:
Kun Fang,
Omar Fawzi,
Renato Renner,
David Sutter
Abstract:
The chain rule for the classical relative entropy ensures that the relative entropy between probability distributions on multipartite systems can be decomposed into a sum of relative entropies of suitably chosen conditional distributions on the individual systems. Here, we prove a similar chain rule inequality for the quantum relative entropy in terms of channel relative entropies. The new chain r…
▽ More
The chain rule for the classical relative entropy ensures that the relative entropy between probability distributions on multipartite systems can be decomposed into a sum of relative entropies of suitably chosen conditional distributions on the individual systems. Here, we prove a similar chain rule inequality for the quantum relative entropy in terms of channel relative entropies. The new chain rule allows us to solve an open problem in the context of asymptotic quantum channel discrimination: surprisingly, adaptive protocols cannot improve the error rate for asymmetric channel discrimination compared to non-adaptive strategies. In addition, we give examples of quantum channels showing that the channel relative entropy is not additive under the tensor product.
△ Less
Submitted 12 September, 2019;
originally announced September 2019.
-
Bounds on Lyapunov exponents via entropy accumulation
Authors:
David Sutter,
Omar Fawzi,
Renato Renner
Abstract:
Lyapunov exponents describe the asymptotic behavior of the singular values of large products of random matrices. A direct computation of these exponents is however often infeasible. By establishing a link between Lyapunov exponents and an information theoretic tool called entropy accumulation theorem we derive an upper and a lower bound for the maximal and minimal Lyapunov exponent, respectively.…
▽ More
Lyapunov exponents describe the asymptotic behavior of the singular values of large products of random matrices. A direct computation of these exponents is however often infeasible. By establishing a link between Lyapunov exponents and an information theoretic tool called entropy accumulation theorem we derive an upper and a lower bound for the maximal and minimal Lyapunov exponent, respectively. The bounds assume independence of the random matrices, are analytical, and are tight in the commutative case as well as in other scenarios. They can be expressed in terms of an optimization problem that only involves single matrices rather than large products. The upper bound for the maximal Lyapunov exponent can be evaluated efficiently via the theory of convex optimization.
△ Less
Submitted 22 September, 2020; v1 submitted 8 May, 2019;
originally announced May 2019.
-
Discovering physical concepts with neural networks
Authors:
Raban Iten,
Tony Metger,
Henrik Wilming,
Lidia del Rio,
Renato Renner
Abstract:
Despite the success of neural networks at solving concrete physics problems, their use as a general-purpose tool for scientific discovery is still in its infancy. Here, we approach this problem by modelling a neural network architecture after the human physical reasoning process, which has similarities to representation learning. This allows us to make progress towards the long-term goal of machin…
▽ More
Despite the success of neural networks at solving concrete physics problems, their use as a general-purpose tool for scientific discovery is still in its infancy. Here, we approach this problem by modelling a neural network architecture after the human physical reasoning process, which has similarities to representation learning. This allows us to make progress towards the long-term goal of machine-assisted scientific discovery from experimental data without making prior assumptions about the system. We apply this method to toy examples and show that the network finds the physically relevant parameters, exploits conservation laws to make predictions, and can help to gain conceptual insights, e.g. Copernicus' conclusion that the solar system is heliocentric.
△ Less
Submitted 23 January, 2020; v1 submitted 26 July, 2018;
originally announced July 2018.
-
Communication Complexity of One-Shot Remote State Preparation
Authors:
Shima Bab Hadiashar,
Ashwin Nayak,
Renato Renner
Abstract:
Quantum teleportation uses prior shared entanglement and classical communication to send an unknown quantum state from one party to another. Remote state preparation (RSP) is a similar distributed task in which the sender knows the entire classical description of the state to be sent. (This may also be viewed as the task of non-oblivious compression of a single sample from an ensemble of quantum s…
▽ More
Quantum teleportation uses prior shared entanglement and classical communication to send an unknown quantum state from one party to another. Remote state preparation (RSP) is a similar distributed task in which the sender knows the entire classical description of the state to be sent. (This may also be viewed as the task of non-oblivious compression of a single sample from an ensemble of quantum states.) We study the communication complexity of approximate remote state preparation, in which the goal is to prepare an approximation of the desired quantum state. Jain [Quant. Inf. & Comp., 2006] showed that the worst-case communication complexity of approximate RSP can be bounded from above in terms of the maximum possible information in an encoding. He also showed that this quantity is a lower bound for communication complexity of (exact) remote state preparation. In this work, we tightly characterize the worst-case and average-case communication complexity of remote state preparation in terms of non-asymptotic information-theoretic quantities. We also show that the average-case communication complexity of RSP can be much smaller than the worst-case one. In the process, we show that n bits cannot be communicated with less than n transmitted bits in LOCC protocols. This strengthens a result due to Nayak and Salzman [J. ACM, 2006] and may be of independent interest.
△ Less
Submitted 21 February, 2018;
originally announced February 2018.
-
Toward an Algebraic Theory of Systems
Authors:
Christian Matt,
Ueli Maurer,
Christopher Portmann,
Renato Renner,
Björn Tackmann
Abstract:
We propose the concept of a system algebra with a parallel composition operation and an interface connection operation, and formalize composition-order invariance, which postulates that the order of composing and connecting systems is irrelevant, a generalized form of associativity. Composition-order invariance explicitly captures a common property that is implicit in any context where one can dra…
▽ More
We propose the concept of a system algebra with a parallel composition operation and an interface connection operation, and formalize composition-order invariance, which postulates that the order of composing and connecting systems is irrelevant, a generalized form of associativity. Composition-order invariance explicitly captures a common property that is implicit in any context where one can draw a figure (hiding the drawing order) of several connected systems, which appears in many scientific contexts. This abstract algebra captures settings where one is interested in the behavior of a composed system in an environment and wants to abstract away anything internal not relevant for the behavior. This may include physical systems, electronic circuits, or interacting distributed systems.
One specific such setting, of special interest in computer science, are functional system algebras, which capture, in the most general sense, any type of system that takes inputs and produces outputs depending on the inputs, and where the output of a system can be the input to another system. The behavior of such a system is uniquely determined by the function mapping inputs to outputs. We consider several instantiations of this very general concept. In particular, we show that Kahn networks form a functional system algebra and prove their composition-order invariance.
Moreover, we define a functional system algebra of causal systems, characterized by the property that inputs can only influence future outputs, where an abstract partial order relation captures the notion of "later". This system algebra is also shown to be composition-order invariant and appropriate instantiations thereof allow to model and analyze systems that depend on time.
△ Less
Submitted 22 September, 2018; v1 submitted 13 September, 2016;
originally announced September 2016.
-
Simple and tight device-independent security proofs
Authors:
Rotem Arnon,
Renato Renner,
Thomas Vidick
Abstract:
Device-independent security is the gold standard for quantum cryptography: not only is security based entirely on the laws of quantum mechanics, but it holds irrespective of any a priori assumptions on the quantum devices used in a protocol, making it particularly applicable in a quantum-wary environment. While the existence of device-independent protocols for tasks such as randomness expansion an…
▽ More
Device-independent security is the gold standard for quantum cryptography: not only is security based entirely on the laws of quantum mechanics, but it holds irrespective of any a priori assumptions on the quantum devices used in a protocol, making it particularly applicable in a quantum-wary environment. While the existence of device-independent protocols for tasks such as randomness expansion and quantum key distribution has recently been established, the underlying proofs of security remain very challenging, yield rather poor key rates, and demand very high-quality quantum devices, thus making them all but impossible to implement in practice.
We introduce a technique for the analysis of device-independent cryptographic protocols. We provide a flexible protocol and give a security proof that provides quantitative bounds that are asymptotically tight, even in the presence of general quantum adversaries. At a high level our approach amounts to establishing a reduction to the scenario in which the untrusted device operates in an identical and independent way in each round of the protocol. This is achieved by leveraging the sequential nature of the protocol, and makes use of a newly developed tool, the "entropy accumulation theorem" of Dupuis et al.
As concrete applications we give simple and modular security proofs for device-independent quantum key distribution and randomness expansion protocols based on the CHSH inequality. For both tasks we establish essentially optimal asymptotic key rates and noise tolerance. In view of recent experimental progress, which has culminated in loophole-free Bell tests, it is likely that these protocols can be practically implemented in the near future.
△ Less
Submitted 26 March, 2019; v1 submitted 6 July, 2016;
originally announced July 2016.
-
Entropy accumulation
Authors:
Frederic Dupuis,
Omar Fawzi,
Renato Renner
Abstract:
We ask the question whether entropy accumulates, in the sense that the operationally relevant total uncertainty about an $n$-partite system $A = (A_1, \ldots A_n)$ corresponds to the sum of the entropies of its parts $A_i$. The Asymptotic Equipartition Property implies that this is indeed the case to first order in $n$, under the assumption that the parts $A_i$ are identical and independent of eac…
▽ More
We ask the question whether entropy accumulates, in the sense that the operationally relevant total uncertainty about an $n$-partite system $A = (A_1, \ldots A_n)$ corresponds to the sum of the entropies of its parts $A_i$. The Asymptotic Equipartition Property implies that this is indeed the case to first order in $n$, under the assumption that the parts $A_i$ are identical and independent of each other. Here we show that entropy accumulation occurs more generally, i.e., without an independence assumption, provided one quantifies the uncertainty about the individual systems $A_i$ by the von Neumann entropy of suitably chosen conditional states. The analysis of a large system can hence be reduced to the study of its parts. This is relevant for applications. In device-independent cryptography, for instance, the approach yields essentially optimal security bounds valid for general attacks, as shown by Arnon-Friedman et al.
△ Less
Submitted 24 September, 2020; v1 submitted 6 July, 2016;
originally announced July 2016.
-
Causal Boxes: Quantum Information-Processing Systems Closed under Composition
Authors:
Christopher Portmann,
Christian Matt,
Ueli Maurer,
Renato Renner,
Björn Tackmann
Abstract:
Complex information-processing systems, for example quantum circuits, cryptographic protocols, or multi-player games, are naturally described as networks composed of more basic information-processing systems. A modular analysis of such systems requires a mathematical model of systems that is closed under composition, i.e., a network of these objects is again an object of the same type. We propose…
▽ More
Complex information-processing systems, for example quantum circuits, cryptographic protocols, or multi-player games, are naturally described as networks composed of more basic information-processing systems. A modular analysis of such systems requires a mathematical model of systems that is closed under composition, i.e., a network of these objects is again an object of the same type. We propose such a model and call the corresponding systems causal boxes.
Causal boxes capture superpositions of causal structures, e.g., messages sent by a causal box A can be in a superposition of different orders or in a superposition of being sent to box B and box C. Furthermore, causal boxes can model systems whose behavior depends on time. By instantiating the Abstract Cryptography framework with causal boxes, we obtain the first composable security framework that can handle arbitrary quantum protocols and relativistic protocols.
△ Less
Submitted 21 March, 2017; v1 submitted 7 December, 2015;
originally announced December 2015.
-
Universal recovery maps and approximate sufficiency of quantum relative entropy
Authors:
Marius Junge,
Renato Renner,
David Sutter,
Mark M. Wilde,
Andreas Winter
Abstract:
The data processing inequality states that the quantum relative entropy between two states $ρ$ and $σ$ can never increase by applying the same quantum channel $\mathcal{N}$ to both states. This inequality can be strengthened with a remainder term in the form of a distance between $ρ$ and the closest recovered state $(\mathcal{R} \circ \mathcal{N})(ρ)$, where $\mathcal{R}$ is a recovery map with th…
▽ More
The data processing inequality states that the quantum relative entropy between two states $ρ$ and $σ$ can never increase by applying the same quantum channel $\mathcal{N}$ to both states. This inequality can be strengthened with a remainder term in the form of a distance between $ρ$ and the closest recovered state $(\mathcal{R} \circ \mathcal{N})(ρ)$, where $\mathcal{R}$ is a recovery map with the property that $σ= (\mathcal{R} \circ \mathcal{N})(σ)$. We show the existence of an explicit recovery map that is universal in the sense that it depends only on $σ$ and the quantum channel $\mathcal{N}$ to be reversed. This result gives an alternate, information-theoretic characterization of the conditions for approximate quantum error correction.
△ Less
Submitted 7 August, 2018; v1 submitted 23 September, 2015;
originally announced September 2015.
-
Universal recovery map for approximate Markov chains
Authors:
David Sutter,
Omar Fawzi,
Renato Renner
Abstract:
A central question in quantum information theory is to determine how well lost information can be reconstructed. Crucially, the corresponding recovery operation should perform well without knowing the information to be reconstructed. In this work, we show that the quantum conditional mutual information measures the performance of such recovery operations. More precisely, we prove that the conditio…
▽ More
A central question in quantum information theory is to determine how well lost information can be reconstructed. Crucially, the corresponding recovery operation should perform well without knowing the information to be reconstructed. In this work, we show that the quantum conditional mutual information measures the performance of such recovery operations. More precisely, we prove that the conditional mutual information $I(A:C|B)$ of a tripartite quantum state $ρ_{ABC}$ can be bounded from below by its distance to the closest recovered state $\mathcal{R}_{B \to BC}(ρ_{AB})$, where the $C$-part is reconstructed from the $B$-part only and the recovery map $\mathcal{R}_{B \to BC}$ merely depends on $ρ_{BC}$. One particular application of this result implies the equivalence between two different approaches to define topological order in quantum systems.
△ Less
Submitted 23 September, 2015; v1 submitted 27 April, 2015;
originally announced April 2015.
-
Approximate Degradable Quantum Channels
Authors:
David Sutter,
Volkher B. Scholz,
Andreas Winter,
Renato Renner
Abstract:
Degradable quantum channels are an important class of completely positive trace-preserving maps. Among other properties, they offer a single-letter formula for the quantum and the private classical capacity and are characterized by the fact that a complementary channel can be obtained from the channel by applying a degrading channel. In this work we introduce the concept of approximate degradable…
▽ More
Degradable quantum channels are an important class of completely positive trace-preserving maps. Among other properties, they offer a single-letter formula for the quantum and the private classical capacity and are characterized by the fact that a complementary channel can be obtained from the channel by applying a degrading channel. In this work we introduce the concept of approximate degradable channels, which satisfy this condition up to some finite $\varepsilon\geq0$. That is, there exists a degrading channel which upon composition with the channel is $\varepsilon$-close in the diamond norm to the complementary channel. We show that for any fixed channel the smallest such $\varepsilon$ can be efficiently determined via a semidefinite program. Moreover, these approximate degradable channels also approximately inherit all other properties of degradable channels. As an application, we derive improved upper bounds to the quantum and private classical capacity for certain channels of interest in quantum communication.
△ Less
Submitted 17 October, 2017; v1 submitted 2 December, 2014;
originally announced December 2014.
-
Non-signalling parallel repetition using de Finetti reductions
Authors:
Rotem Arnon,
Renato Renner,
Thomas Vidick
Abstract:
In the context of multiplayer games, the parallel repetition problem can be phrased as follows: given a game $G$ with optimal winning probability $1-α$ and its repeated version $G^n$ (in which $n$ games are played together, in parallel), can the players use strategies that are substantially better than ones in which each game is played independently? This question is relevant in physics for the st…
▽ More
In the context of multiplayer games, the parallel repetition problem can be phrased as follows: given a game $G$ with optimal winning probability $1-α$ and its repeated version $G^n$ (in which $n$ games are played together, in parallel), can the players use strategies that are substantially better than ones in which each game is played independently? This question is relevant in physics for the study of correlations and plays an important role in computer science in the context of complexity and cryptography. In this work the case of multiplayer non-signalling games is considered, i.e., the only restriction on the players is that they are not allowed to communicate during the game. For complete-support games (games where all possible combinations of questions have non-zero probability to be asked) with any number of players we prove a threshold theorem stating that the probability that non-signalling players win more than a fraction $1-α+β$ of the $n$ games is exponentially small in $nβ^2$, for every $0\leq β\leq α$. For games with incomplete support we derive a similar statement, for a slightly modified form of repetition. The result is proved using a new technique, based on a recent de Finetti theorem, which allows us to avoid central technical difficulties that arise in standard proofs of parallel repetition theorems.
△ Less
Submitted 6 November, 2014;
originally announced November 2014.
-
Cryptographic security of quantum key distribution
Authors:
Christopher Portmann,
Renato Renner
Abstract:
This work is intended as an introduction to cryptographic security and a motivation for the widely used Quantum Key Distribution (QKD) security definition. We review the notion of security necessary for a protocol to be usable in a larger cryptographic context, i.e., for it to remain secure when composed with other secure protocols. We then derive the corresponding security criterion for QKD. We p…
▽ More
This work is intended as an introduction to cryptographic security and a motivation for the widely used Quantum Key Distribution (QKD) security definition. We review the notion of security necessary for a protocol to be usable in a larger cryptographic context, i.e., for it to remain secure when composed with other secure protocols. We then derive the corresponding security criterion for QKD. We provide several examples of QKD composed in sequence and parallel with different cryptographic schemes to illustrate how the error of a composed protocol is the sum of the errors of the individual protocols. We also discuss the operational interpretations of the distance metric used to quantify these errors.
△ Less
Submitted 11 September, 2014;
originally announced September 2014.
-
Efficient Approximation of Quantum Channel Capacities
Authors:
David Sutter,
Tobias Sutter,
Peyman Mohajerin Esfahani,
Renato Renner
Abstract:
We propose an iterative method for approximating the capacity of classical-quantum channels with a discrete input alphabet and a finite dimensional output, possibly under additional constraints on the input distribution. Based on duality of convex programming, we derive explicit upper and lower bounds for the capacity. To provide an $\varepsilon$-close estimate to the capacity, the presented algor…
▽ More
We propose an iterative method for approximating the capacity of classical-quantum channels with a discrete input alphabet and a finite dimensional output, possibly under additional constraints on the input distribution. Based on duality of convex programming, we derive explicit upper and lower bounds for the capacity. To provide an $\varepsilon$-close estimate to the capacity, the presented algorithm requires $O(\tfrac{(N \vee M) M^3 \log(N)^{1/2}}{\varepsilon})$, where $N$ denotes the input alphabet size and $M$ the output dimension. We then generalize the method for the task of approximating the capacity of classical-quantum channels with a bounded continuous input alphabet and a finite dimensional output. For channels with a finite dimensional quantum mechanical input and output, the idea of a universal encoder allows us to approximate the Holevo capacity using the same method. In particular, we show that the problem of approximating the Holevo capacity can be reduced to a multidimensional integration problem. For families of quantum channels fulfilling a certain assumption we show that the complexity to derive an $\varepsilon$-close solution to the Holevo capacity is subexponential or even polynomial in the problem size. We provide several examples to illustrate the performance of the approximation scheme in practice.
△ Less
Submitted 30 July, 2014;
originally announced July 2014.
-
Classical leakage resilience from fault-tolerant quantum computation
Authors:
Felipe G. Lacerda,
Joseph M. Renes,
Renato Renner
Abstract:
Physical implementations of cryptographic algorithms leak information, which makes them vulnerable to so-called side-channel attacks. The problem of secure computation in the presence of leakage is generally known as leakage resilience. In this work, we establish a connection between leakage resilience and fault-tolerant quantum computation. We first prove that for a general leakage model, there e…
▽ More
Physical implementations of cryptographic algorithms leak information, which makes them vulnerable to so-called side-channel attacks. The problem of secure computation in the presence of leakage is generally known as leakage resilience. In this work, we establish a connection between leakage resilience and fault-tolerant quantum computation. We first prove that for a general leakage model, there exists a corresponding noise model in which fault tolerance implies leakage resilience. Then we show how to use constructions for fault-tolerant quantum computation to implement classical circuits that are secure in specific leakage models.
△ Less
Submitted 29 April, 2014;
originally announced April 2014.
-
True randomness from realistic quantum devices
Authors:
Daniela Frauchiger,
Renato Renner,
Matthias Troyer
Abstract:
Even if the output of a Random Number Generator (RNG) is perfectly uniformly distributed, it may be correlated to pre-existing information and therefore be predictable. Statistical tests are thus not sufficient to guarantee that an RNG is usable for applications, e.g., in cryptography or gambling, where unpredictability is important. To enable such applications a stronger notion of randomness, ter…
▽ More
Even if the output of a Random Number Generator (RNG) is perfectly uniformly distributed, it may be correlated to pre-existing information and therefore be predictable. Statistical tests are thus not sufficient to guarantee that an RNG is usable for applications, e.g., in cryptography or gambling, where unpredictability is important. To enable such applications a stronger notion of randomness, termed "true randomness", is required, which includes independence from prior information.
Quantum systems are particularly suitable for true randomness generation, as their unpredictability can be proved based on physical principles. Practical implementations of Quantum RNGs (QRNGs) are however always subject to noise, i.e., influences which are not fully controlled. This reduces the quality of the raw randomness generated by the device, making it necessary to post-process it. Here we provide a framework to analyse realistic QRNGs and to determine the post-processing that is necessary to turn their raw output into true randomness.
△ Less
Submitted 18 November, 2013;
originally announced November 2013.
-
Smooth Max-Information as One-Shot Generalization for Mutual Information
Authors:
Nikola Ciganović,
Normand J. Beaudry,
Renato Renner
Abstract:
We study formal properties of smooth max-information, a generalization of von Neumann mutual information derived from the max-relative entropy. Recent work suggests that it is a useful quantity in one-shot channel coding, quantum rate distortion theory and the physics of quantum many-body systems.
Max-information can be defined in multiple ways. We demonstrate that different smoothed definitions…
▽ More
We study formal properties of smooth max-information, a generalization of von Neumann mutual information derived from the max-relative entropy. Recent work suggests that it is a useful quantity in one-shot channel coding, quantum rate distortion theory and the physics of quantum many-body systems.
Max-information can be defined in multiple ways. We demonstrate that different smoothed definitions are essentially equivalent (up to logarithmic terms in the smoothing parameters). These equivalence relations allow us to derive new chain rules for the max-information in terms of min- and max-entropies, thus extending the smooth entropy formalism to mutual information.
△ Less
Submitted 27 August, 2013;
originally announced August 2013.
-
Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization
Authors:
David Sutter,
Joseph M. Renes,
Renato Renner
Abstract:
We introduce explicit schemes based on the polarization phenomenon for the tasks of one-way secret key agreement from common randomness and private channel coding. For the former task, we show how to use common randomness and insecure one-way communication to obtain a strongly secure key such that the key construction has a complexity essentially linear in the blocklength and the rate at which the…
▽ More
We introduce explicit schemes based on the polarization phenomenon for the tasks of one-way secret key agreement from common randomness and private channel coding. For the former task, we show how to use common randomness and insecure one-way communication to obtain a strongly secure key such that the key construction has a complexity essentially linear in the blocklength and the rate at which the key is produced is optimal, i.e., equal to the one-way secret-key rate. For the latter task, we present a private channel coding scheme that achieves the secrecy capacity using the condition of strong secrecy and whose encoding and decoding complexity are again essentially linear in the blocklength.
△ Less
Submitted 12 April, 2013;
originally announced April 2013.
-
One-shot lossy quantum data compression
Authors:
Nilanjana Datta,
Joseph M. Renes,
Renato Renner,
Mark M. Wilde
Abstract:
We provide a framework for one-shot quantum rate distortion coding, in which the goal is to determine the minimum number of qubits required to compress quantum information as a function of the probability that the distortion incurred upon decompression exceeds some specified level. We obtain a one-shot characterization of the minimum qubit compression size for an entanglement-assisted quantum rate…
▽ More
We provide a framework for one-shot quantum rate distortion coding, in which the goal is to determine the minimum number of qubits required to compress quantum information as a function of the probability that the distortion incurred upon decompression exceeds some specified level. We obtain a one-shot characterization of the minimum qubit compression size for an entanglement-assisted quantum rate-distortion code in terms of the smooth max-information, a quantity previously employed in the one-shot quantum reverse Shannon theorem. Next, we show how this characterization converges to the known expression for the entanglement-assisted quantum rate distortion function for asymptotically many copies of a memoryless quantum information source. Finally, we give a tight, finite blocklength characterization for the entanglement-assisted minimum qubit compression size of a memoryless isotropic qubit source subject to an average symbol-wise distortion constraint.
△ Less
Submitted 17 September, 2013; v1 submitted 8 April, 2013;
originally announced April 2013.
-
Composable security of delegated quantum computation
Authors:
Vedran Dunjko,
Joseph F. Fitzsimons,
Christopher Portmann,
Renato Renner
Abstract:
Delegating difficult computations to remote large computation facilities, with appropriate security guarantees, is a possible solution for the ever-growing needs of personal computing power. For delegated computation protocols to be usable in a larger context---or simply to securely run two protocols in parallel---the security definitions need to be composable. Here, we define composable security…
▽ More
Delegating difficult computations to remote large computation facilities, with appropriate security guarantees, is a possible solution for the ever-growing needs of personal computing power. For delegated computation protocols to be usable in a larger context---or simply to securely run two protocols in parallel---the security definitions need to be composable. Here, we define composable security for delegated quantum computation. We distinguish between protocols which provide only blindness---the computation is hidden from the server---and those that are also verifiable---the client can check that it has received the correct result. We show that the composable security definition capturing both these notions can be reduced to a combination of several distinct "trace-distance-type" criteria---which are, individually, non-composable security definitions.
Additionally, we study the security of some known delegated quantum computation protocols, including Broadbent, Fitzsimons and Kashefi's Universal Blind Quantum Computation protocol. Even though these protocols were originally proposed with insufficient security criteria, they turn out to still be secure given the stronger composable definitions.
△ Less
Submitted 13 September, 2014; v1 submitted 16 January, 2013;
originally announced January 2013.
-
Reply to recent scepticism about the foundations of quantum cryptography
Authors:
Renato Renner
Abstract:
In a series of recent papers, Hirota and Yuen claim to have identified a fundamental flaw in the theory underlying quantum cryptography, which would invalidate existing security proofs. In this short note, we sketch their argument and show that their conclusion is unjustified --- it originates from a confusion between necessary and sufficient criteria for secrecy.
In a series of recent papers, Hirota and Yuen claim to have identified a fundamental flaw in the theory underlying quantum cryptography, which would invalidate existing security proofs. In this short note, we sketch their argument and show that their conclusion is unjustified --- it originates from a confusion between necessary and sufficient criteria for secrecy.
△ Less
Submitted 11 September, 2012;
originally announced September 2012.
-
Achieving the Capacity of any DMC using only Polar Codes
Authors:
David Sutter,
Joseph M. Renes,
Frédéric Dupuis,
Renato Renner
Abstract:
We construct a channel coding scheme to achieve the capacity of any discrete memoryless channel based solely on the techniques of polar coding. In particular, we show how source polarization and randomness extraction via polarization can be employed to "shape" uniformly-distributed i.i.d. random variables into approximate i.i.d. random variables distributed ac- cording to the capacity-achieving di…
▽ More
We construct a channel coding scheme to achieve the capacity of any discrete memoryless channel based solely on the techniques of polar coding. In particular, we show how source polarization and randomness extraction via polarization can be employed to "shape" uniformly-distributed i.i.d. random variables into approximate i.i.d. random variables distributed ac- cording to the capacity-achieving distribution. We then combine this shaper with a variant of polar channel coding, constructed by the duality with source coding, to achieve the channel capacity. Our scheme inherits the low complexity encoder and decoder of polar coding. It differs conceptually from Gallager's method for achieving capacity, and we discuss the advantages and disadvantages of the two schemes. An application to the AWGN channel is discussed.
△ Less
Submitted 27 August, 2012; v1 submitted 16 May, 2012;
originally announced May 2012.
-
Efficient Quantum Polar Coding
Authors:
Joseph M. Renes,
Frederic Dupuis,
Renato Renner
Abstract:
Polar coding, introduced 2008 by Arikan, is the first (very) efficiently encodable and decodable coding scheme whose information transmission rate provably achieves the Shannon bound for classical discrete memoryless channels in the asymptotic limit of large block sizes. Here we study the use of polar codes for the transmission of quantum information. Focusing on the case of qubit Pauli channels a…
▽ More
Polar coding, introduced 2008 by Arikan, is the first (very) efficiently encodable and decodable coding scheme whose information transmission rate provably achieves the Shannon bound for classical discrete memoryless channels in the asymptotic limit of large block sizes. Here we study the use of polar codes for the transmission of quantum information. Focusing on the case of qubit Pauli channels and qubit erasure channels, we use classical polar codes to construct a coding scheme which, using some pre-shared entanglement, asymptotically achieves a net transmission rate equal to the coherent information using efficient encoding and decoding operations and code construction. Furthermore, for channels with sufficiently low noise level, we demonstrate that the rate of preshared entanglement required is zero.
△ Less
Submitted 24 March, 2012; v1 submitted 14 September, 2011;
originally announced September 2011.
-
Noisy channel coding via privacy amplification and information reconciliation
Authors:
Joseph M. Renes,
Renato Renner
Abstract:
We show that optimal protocols for noisy channel coding of public or private information over either classical or quantum channels can be directly constructed from two more primitive information-theoretic tools: privacy amplification and information reconciliation, also known as data compression with side information. We do this in the one-shot scenario of structureless resources, and formulate ou…
▽ More
We show that optimal protocols for noisy channel coding of public or private information over either classical or quantum channels can be directly constructed from two more primitive information-theoretic tools: privacy amplification and information reconciliation, also known as data compression with side information. We do this in the one-shot scenario of structureless resources, and formulate our results in terms of the smooth min- and max-entropy. In the context of classical information theory, this shows that essentially all two-terminal protocols can be reduced to these two primitives, which are in turn governed by the smooth min- and max-entropies, respectively. In the context of quantum information theory, the recently-established duality of these two protocols means essentially all two-terminal protocols can be constructed using just a single primitive.
△ Less
Submitted 24 March, 2012; v1 submitted 21 December, 2010;
originally announced December 2010.
-
Device-Independent Quantum Key Distribution with Commuting Measurements
Authors:
Esther Hänggi,
Renato Renner
Abstract:
We consider quantum key distribution in the device-independent scenario, i.e., where the legitimate parties do not know (or trust) the exact specification of their apparatus. We show how secure key distribution can be realized against the most general attacks by a quantum adversary under the condition that measurements on different subsystems by the honest parties commute.
We consider quantum key distribution in the device-independent scenario, i.e., where the legitimate parties do not know (or trust) the exact specification of their apparatus. We show how secure key distribution can be realized against the most general attacks by a quantum adversary under the condition that measurements on different subsystems by the honest parties commute.
△ Less
Submitted 18 November, 2010; v1 submitted 9 September, 2010;
originally announced September 2010.
-
Composability in quantum cryptography
Authors:
Joern Mueller-Quade,
Renato Renner
Abstract:
In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to g…
▽ More
In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applications
△ Less
Submitted 11 June, 2010;
originally announced June 2010.
-
Trevisan's extractor in the presence of quantum side information
Authors:
Anindya De,
Christopher Portmann,
Thomas Vidick,
Renato Renner
Abstract:
Randomness extraction involves the processing of purely classical information and is therefore usually studied in the framework of classical probability theory. However, such a classical treatment is generally too restrictive for applications, where side information about the values taken by classical random variables may be represented by the state of a quantum system. This is particularly releva…
▽ More
Randomness extraction involves the processing of purely classical information and is therefore usually studied in the framework of classical probability theory. However, such a classical treatment is generally too restrictive for applications, where side information about the values taken by classical random variables may be represented by the state of a quantum system. This is particularly relevant in the context of cryptography, where an adversary may make use of quantum devices. Here, we show that the well known construction paradigm for extractors proposed by Trevisan is sound in the presence of quantum side information.
We exploit the modularity of this paradigm to give several concrete extractor constructions, which, e.g, extract all the conditional (smooth) min-entropy of the source using a seed of length poly-logarithmic in the input, or only require the seed to be weakly random.
△ Less
Submitted 18 June, 2012; v1 submitted 30 December, 2009;
originally announced December 2009.
-
Simple Channel Coding Bounds
Authors:
Ligong Wang,
Roger Colbeck,
Renato Renner
Abstract:
New channel coding converse and achievability bounds are derived for a single use of an arbitrary channel. Both bounds are expressed using a quantity called the "smooth 0-divergence", which is a generalization of Renyi's divergence of order 0. The bounds are also studied in the limit of large block-lengths. In particular, they combine to give a general capacity formula which is equivalent to the o…
▽ More
New channel coding converse and achievability bounds are derived for a single use of an arbitrary channel. Both bounds are expressed using a quantity called the "smooth 0-divergence", which is a generalization of Renyi's divergence of order 0. The bounds are also studied in the limit of large block-lengths. In particular, they combine to give a general capacity formula which is equivalent to the one derived by Verdu and Han.
△ Less
Submitted 28 July, 2010; v1 submitted 7 January, 2009;
originally announced January 2009.
-
Using quantum key distribution for cryptographic purposes: a survey
Authors:
Romain Alléaume,
Cyril Branciard,
Jan Bouda,
Thierry Debuisschert,
Mehrdad Dianati,
Nicolas Gisin,
Mark Godfrey,
Philippe Grangier,
Thomas Langer,
Norbert Lutkenhaus,
Christian Monyk,
Philippe Painchault,
Momtchil Peev,
Andreas Poppe,
Thomas Pornin,
John Rarity,
Renato Renner,
Gregoire Ribordy,
Michel Riguidel,
Louis Salvail,
Andrew Shields,
Harald Weinfurter,
Anton Zeilinger
Abstract:
The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the…
▽ More
The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.
△ Less
Submitted 4 December, 2014; v1 submitted 23 January, 2007;
originally announced January 2007.
-
A Tight High-Order Entropic Quantum Uncertainty Relation With Applications
Authors:
Ivan B. Damgaard,
Serge Fehr,
Renato Renner,
Louis Salvail,
Christian Schaffner
Abstract:
We derive a new entropic quantum uncertainty relation involving min-entropy. The relation is tight and can be applied in various quantum-cryptographic settings.
Protocols for quantum 1-out-of-2 Oblivious Transfer and quantum Bit Commitment are presented and the uncertainty relation is used to prove the security of these protocols in the bounded quantum-storage model according to new strong sec…
▽ More
We derive a new entropic quantum uncertainty relation involving min-entropy. The relation is tight and can be applied in various quantum-cryptographic settings.
Protocols for quantum 1-out-of-2 Oblivious Transfer and quantum Bit Commitment are presented and the uncertainty relation is used to prove the security of these protocols in the bounded quantum-storage model according to new strong security definitions.
As another application, we consider the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers. The uncertainty relation allows to prove the security of QKD protocols in this setting while tolerating considerably higher error rates compared to the standard model with unbounded adversaries. For instance, for the six-state protocol with one-way communication, a bit-flip error rate of up to 17% can be tolerated (compared to 13% in the standard model).
Our uncertainty relation also yields a lower bound on the min-entropy key uncertainty against known-plaintext attacks when quantum ciphers are composed. Previously, the key uncertainty of these ciphers was only known with respect to Shannon entropy.
△ Less
Submitted 19 August, 2007; v1 submitted 2 December, 2006;
originally announced December 2006.
-
The single-serving channel capacity
Authors:
Renato Renner,
Stefan Wolf,
Juerg Wullschleger
Abstract:
In this paper we provide the answer to the following question: Given a noisy channel and epsilon>0, how many bits can be transmitted with an error of at most epsilon by a single use of the channel?
In this paper we provide the answer to the following question: Given a noisy channel and epsilon>0, how many bits can be transmitted with an error of at most epsilon by a single use of the channel?
△ Less
Submitted 2 August, 2006;
originally announced August 2006.
-
On the randomness of independent experiments
Authors:
Thomas Holenstein,
Renato Renner
Abstract:
Given a probability distribution P, what is the minimum amount of bits needed to store a value x sampled according to P, such that x can later be recovered (except with some small probability)? Or, what is the maximum amount of uniform randomness that can be extracted from x? Answering these and similar information-theoretic questions typically boils down to computing so-called smooth entropies.…
▽ More
Given a probability distribution P, what is the minimum amount of bits needed to store a value x sampled according to P, such that x can later be recovered (except with some small probability)? Or, what is the maximum amount of uniform randomness that can be extracted from x? Answering these and similar information-theoretic questions typically boils down to computing so-called smooth entropies. In this paper, we derive explicit and almost tight bounds on the smooth entropies of n-fold product distributions.
△ Less
Submitted 1 August, 2006;
originally announced August 2006.
-
Full security of quantum key distribution from no-signaling constraints
Authors:
Ll. Masanes,
R. Renner,
M. Christandl,
A. Winter,
J. Barrett
Abstract:
We analyze a cryptographic protocol for generating a distributed secret key from correlations that violate a Bell inequality by a sufficient amount, and prove its security against eavesdroppers, constrained only by the assumption that any information accessible to them must be compatible with the non-signaling principle. The claim holds with respect to the state-of-the-art security definition used…
▽ More
We analyze a cryptographic protocol for generating a distributed secret key from correlations that violate a Bell inequality by a sufficient amount, and prove its security against eavesdroppers, constrained only by the assumption that any information accessible to them must be compatible with the non-signaling principle. The claim holds with respect to the state-of-the-art security definition used in cryptography, known as universally-composable security. The non-signaling assumption only refers to the statistics of measurement outcomes depending on the choices of measurements; hence security is independent of the internal workings of the devices --- they do not even need to follow the laws of quantum theory. This is relevant for practice as a correct and complete modeling of realistic devices is generally impossible. The techniques developed are general and can be applied to other Bell inequality-based protocols. In particular, we provide a scheme for estimating Bell-inequality violations when the samples are not independent and identically distributed.
△ Less
Submitted 24 September, 2014; v1 submitted 6 June, 2006;
originally announced June 2006.
-
On the variational distance of independently repeated experiments
Authors:
Renato Renner
Abstract:
Let P and Q be two probability distributions which differ only for values with non-zero probability. We show that the variational distance between the n-fold product distributions P^n and Q^n cannot grow faster than the square root of n.
Let P and Q be two probability distributions which differ only for values with non-zero probability. We show that the variational distance between the n-fold product distributions P^n and Q^n cannot grow faster than the square root of n.
△ Less
Submitted 5 September, 2005;
originally announced September 2005.
