Information cost of quantum communication protocols

Kerenidis, Iordanis; Laurière, Mathieu; Gall, François Le; Rennela, Mathys

doi:10.26421/qic16.3-4-1

Cited by 14 publications

(21 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We concretely construct the subgroup S(V) as follows. From (25), all elements of S(V) are commutative regardless of the choice of c v . Since I ∈ S(V), we set W(0) = I, i.e., c 0 = 1.…”

Section: Appendix B Proof Of Propositionmentioning

confidence: 99%

Capacity of Quantum Private Information Retrieval With Colluding Servers

Song

Hayashi

2021

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

Quantum private information retrieval (QPIR) is a protocol in which a user retrieves one of multiple files from n non-communicating servers by downloading quantum systems without revealing which file is retrieved. As variants of QPIR with stronger security requirements, symmetric QPIR is a protocol in which no other files than the target file are leaked to the user, and t-private QPIR is a protocol in which the identity of the target file is kept secret even if at most t servers may collude to reveal the identity. The QPIR capacity is the maximum ratio of the file size to the size of downloaded quantum systems, and we prove that the symmetric t-private QPIR capacity is min{1, 2(n − t)/n} for any 1 ≤ t < n. We construct a capacity-achieving QPIR protocol by the stabilizer formalism and prove the optimality of our protocol. The proposed capacity is greater than the classical counterpart.

show abstract

“…We concretely construct the subgroup S(V) as follows. From (25), all elements of S(V) are commutative regardless of the choice of c v . Since I ∈ S(V), we set W(0) = I, i.e., c 0 = 1.…”

Section: Appendix B Proof Of Propositionmentioning

confidence: 99%

Capacity of Quantum Private Information Retrieval With Colluding Servers

Song

Hayashi

2021

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

show abstract

“…Intuitively, it seems reasonable to conjecture this trivial solution is optimal for QPIR. However, since the C-QPIR for the honest server has more efficient solutions than the trivial solution [13], [14], we cannot exclude the possibility of efficient one-server QPIR protocols. Furthermore, whereas the optimality proof of classical PIR [1] uses the communication transcript between the server and the user, we cannot apply the same technique because quantum states cannot be copied because of the nocloning theorem.…”

Section: B Contribution: Quantum Pir For Quantum Messagesmentioning

confidence: 99%

“…The proposed QPIR protocol inherits the security of C-QPIR. With this property, on the honest server model with prior entanglement, there exists a QPIR protocol of communication complexity O(log m) since there exist C-QPIR protocols of communication complexity O(log m) by Kerenidis et al [14].…”

Section: B Contribution: Quantum Pir For Quantum Messagesmentioning

confidence: 99%

“…we denote quantum PIR for classical messages as C-QPIR. Interestingly, when the server is honest, i.e., the server does not deviate from the protocol, Le Gall [13] proposed a C-QPIR protocol with communication complexity O( √ m), and Kerenidis et al [14] improved this result by O(poly log m), where the communication in the quantum case is the total number of communicated qubits. However, when the server deviates from the protocol as far as its malicious operations are not revealed to the user, which is called specious adversary, Baumeler and Broadbent [12] proved that the communication complexity is at least O(m), i.e., the trivial solution of downloading all messages is optimal also for this case.…”

Section: Introductionmentioning

confidence: 99%

“…However, when the server deviates from the protocol as far as its malicious operations are not revealed to the user, which is called specious adversary, Baumeler and Broadbent [12] proved that the communication complexity is at least O(m), i.e., the trivial solution of downloading all messages is optimal also for this case. When prior entanglement is allowed between the user and the server, the communication complexity is improved by O(log m) for the honest server model [14], but the communication complexity is also lower bounded by O(m) for the specious attack [15].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Quantum Private Information Retrieval for Quantum Messages

Song¹,

Hayashi²

2021

Preprint

View full text Add to dashboard Cite

Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states. One trivial solution in both settings is downloading all states from the servers and the main goal of this paper is to find more efficient QPIR protocols. First, we prove that the trivial solution is optimal for one-server QPIR in the blind setting. In one-round protocols, the same optimality holds even in the visible setting. On the other hand, when the user and the server share entanglement, we prove that there exists an efficient one-server QPIR protocol in the blind setting. Furthermore, in the visible setting, we prove that it is possible to construct symmetric QPIR protocols in which the user obtains no information of the non-targeted messages. We construct three two-server symmetric QPIR protocols for pure states. Note that symmetric classical PIR is impossible without shared randomness unknown to the user.

show abstract

On Quantum Advantage in Information Theoretic Single-Server PIR

Aharonov

Brakerski

Chung

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In (single-server) Private Information Retrieval (PIR), a server holds a large database DB of size n, and a client holds an index i ∈ [n] and wishes to retrieve DB[i] without revealing i to the server. It is well known that information theoretic privacy even against an "honest but curious" server requires Ω(n) communication complexity. This is true even if quantum communication is allowed and is due to the ability of such an adversarial server to execute the protocol on a superposition of databases instead of on a specific database ("input purification attack"). Nevertheless, there have been some proposals of protocols that achieve sub-linear communication and appear to provide some notion of privacy. Most notably, a protocol due to Le Gall (ToC 2012) with communication complexity O( √ n), and a protocol by Kerenidis et al. (QIC 2016) with communication complexity O(log(n)), and O(n) shared entanglement.We show that, in a sense, input purification is the only potent adversarial strategy, and protocols such as the two protocols above are secure in a restricted variant of the quantum honest but curious (a.k.a specious) model. More explicitly, we propose a restricted privacy notion called anchored privacy, where the adversary is forced to execute on a classical database (i.e. the execution is anchored to a classical database). We show that for measurement-free protocols, anchored security against honest adversarial servers implies anchored privacy even against specious adversaries.Finally, we prove that even with (unlimited) pre-shared entanglement it is impossible to achieve security in the standard specious model with sub-linear communication, thus further substantiating the necessity of our relaxation. This lower bound may be of independent interest (in particular recalling that PIR is a special case of Fully Homomorphic Encryption).containing n binary entries 1 , and a client who wishes to retrieve the ith element of the database but without revealing the index i. Privacy can be defined using standard cryptographic notions such as indistinguishability or simulation (see [Gol04]). The simplicity of this primitive is since there is no privacy requirement for the database (i.e. we allow sending more information than necessary) and that the server is not required to produce any output in the end of the interaction, so functionality and privacy are one sided.Clearly PIR is achievable by sending all of DB to the client. This will have communication complexity n and will be perfectly private under any plausible definition since the client sends no information. The absolute optimal result one could hope for is a protocol with logarithmic communication, matching the most communication efficient protocol without privacy constraints, in which the client sends the index i to the server and receives DB[i] in response.Alas, [CGKS95] proved that linear (in n) communication complexity is necessary for PIR, and that this is the case even in the presence of arbitrary setup information. 2 Despite its pessimistic outlook, this low...

show abstract

Information cost of quantum communication protocols

Cited by 14 publications

References 14 publications

Capacity of Quantum Private Information Retrieval With Colluding Servers

Capacity of Quantum Private Information Retrieval With Colluding Servers

Quantum Private Information Retrieval for Quantum Messages

On Quantum Advantage in Information Theoretic Single-Server PIR

Contact Info

Product

Resources

About