Quantum to Classical Randomness Extractors

  • Mario BertaEmail author
  • Omar Fawzi
  • Stephanie Wehner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7417)


The goal of randomness extraction is to distill (almost) perfect randomness from a weak source of randomness. When the source outputs a classical string X, many extractor constructions are known. Yet, when considering a physical randomness source, X is itself ultimately the result of a measurement on an underlying quantum system. When characterizing the power of a source to supply randomness it is hence a natural question to ask, how much classical randomness we can extract from a quantum system. To tackle this question we here take on the study of quantum-to-classical randomness extractors (QC-extractors).

We provide constructions of QC-extractors based on measurements in a full set of mutually unbiased bases (MUBs), and certain single qubit measurements. The latter are particularly appealing since they are not only easy to implement, but appear throughout quantum cryptography. We proceed to prove an upper bound on the maximum amount of randomness that we could hope to extract from any quantum state. Some of our QC-extractors almost match this bound. We show two applications of our results.

First, we show that any QC-extractor gives rise to entropic uncertainty relations with respect to quantum side information. Such relations were previously only known for two measurements. In particular, we obtain strong relations in terms of the von Neumann (Shannon) entropy as well as the min-entropy for measurements in (almost) unitary 2-designs, a full set of MUBs, and single qubit measurements in three MUBs each.

Second, we finally resolve the central open question in the noisy-storage model [Wehner et al., PRL 100, 220502 (2008)] by linking security to the quantum capacity of the adversary’s storage device. More precisely, we show that any two-party cryptographic primitive can be implemented securely as long as the adversary’s storage device has sufficiently low quantum capacity. Our protocol does not need any quantum storage to implement, and is technologically feasible using present-day technology.


randomness extractors randomness expansion entropic uncertainty relations mutually unbiased bases quantum side information two-party quantum cryptography noisy-storage model 


  1. 1.
    Ahlswede, R., Winter, A.: Strong converse for identification via quantum channels. IEEE Trans. Inform. Theory 48, 569–579 (2010); Addendum ibid 49, 346 (2003), arXiv:quant-ph/0012127v2
  2. 2.
    Ben-Aroya, A., Schwartz, O., Ta-Shma, A.: Quantum expanders: Motivation and construction. Theory of Computing 6, 47–79 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Berta, M., Brandao, F., Christandl, M., Wehner, S.: Entanglement cost of quantum channels (2011), arXiv:1108.5357
  4. 4.
    Berta, M., Christandl, M., Colbeck, R., Renes, J.M., Renner, R.: The uncertainty principle in the presence of quantum memory. Nat. Phys. 6, 659 (2010), arXiv:0909.0950v4
  5. 5.
    Buhrman, H., Christandl, M., Hayden, P., Lo, H.-K., Wehner, S.: Security of quantum bit string commitment depends on the information measure. Phys. Rev. Lett. 97, 250501 (2006), arXiv:quant-ph/0609237v2
  6. 6.
    Cachin, C., Maurer, U.M.: Unconditional Security against Memory-Bounded Adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Chau, H.F., Lo, H.-K.: Making an empty promise with a quantum computer. Fortschritte der Physik 46, 507–520 (1998); Republished in Braunstein, S. (ed.) Quantum Computing, where do we want to go tomorrow?, arXiv:quant-ph/9709053v2
  8. 8.
    Colbeck, R.: Quantum and relativistic protocols for secure multi-party computation. PhD thesis. University of Cambridge (2006), arXiv:0911.3814v2
  9. 9.
    Colbeck, R., Kent, A.: Private randomness expansion with untrusted devices. J. Phys. A - Math. Gen. 44, 095305 (2011), arXiv:1011.4474v3Google Scholar
  10. 10.
    Damgård, I.B., Fehr, S., Renner, R.S., Salvail, L., Schaffner, C.: A Tight High-Order Entropic Quantum Uncertainty Relation with Applications. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 360–378. Springer, Heidelberg (2007), arXiv:quant-ph/0612014v2CrossRefGoogle Scholar
  11. 11.
    Damgård, I.B., Fehr, S., Salvail, L., Schaffner, C.: Cryptography in the Bounded-Quantum-Storage Model. In: Proc. IEEE FOCS, pp. 449–458 (2005), arXiv:quant-ph/0508222v2
  12. 12.
    De, A., Portmann, C., Vidick, T., Renner, R.: Trevisan’s extractor in the presence of quantum side information (2009), arXiv:0912.5514
  13. 13.
    Dupuis, F.: The Decoupling Approach to Quantum Information Theory. PhD thesis, Université de Montréal (2009), arXiv:1004.1641v1
  14. 14.
    Dupuis, F., Berta, M., Wullschleger, J., Renner, R.: The decoupling theorem (2010), arXiv:1012.6044v1
  15. 15.
    Dziembowski, S., Maurer, U.: On Generating the Initial Key in the Bounded-Storage Model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Fawzi, O., Hayden, P., Sen, P.: From low-distortion norm embeddings to explicit uncertainty relations and efficient information locking. In: Proc. ACM STOC (2011), arXiv:1010.3007v3
  17. 17.
    Gavinsky, D., Kempe, J., Kerenidis, I., Raz, R., de Wolf, R.: Exponential separations for one-way quantum communication complexity, with applications to cryptography. In: Proc. ACM STOC, pp. 516–525. ACM (2007)Google Scholar
  18. 18.
    Hayden, P., Horodecki, M., Yard, J., Winter, A.: A decoupling approach to the quantum capacity. Open. Syst. Inf. Dyn. 15, 7–19 (2008), arXiv:quant-ph/0702005v1
  19. 19.
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proc. ACM STOC, pp. 12–24. ACM (1989)Google Scholar
  20. 20.
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proc. ACM STOC, pp. 20–31 (1988)Google Scholar
  21. 21.
    König, R., Maurer, U., Renner, R.: On the power of quantum memory. IEEE Trans. Inform. Theory 51, 2391–2401 (2005), arXiv:quant-ph/0305154v3
  22. 22.
    König, R., Renner, R., Schaffner, C.: The operational meaning of min- and max-entropy. IEEE Transactions on Information Theory 55, 4674–4681 (2009), arXiv:0807.1338v1
  23. 23.
    König, R., Terhal, B.M.: The bounded-storage model in the presence of a quantum adversary. IEEE Trans. Inform. Theory 54, 749–762 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    König, R., Wehner, S., Wullschleger, J.: Unconditional security from noisy quantum storage. IEEE Trans. Inform. Theory 58(3), 1962–1984 (2012), arXiv:0906.1030v3
  25. 25.
    Lo, H.-K.: Insecurity of quantum secure computations. Phys. Rev. A 56, 1154 (1997)CrossRefGoogle Scholar
  26. 26.
    Lo, H.-K., Chau, H.F.: Is quantum bit commitment really possible? Phys. Rev. Lett. 78, 3410 (1997)CrossRefGoogle Scholar
  27. 27.
    Maassen, H., Uffink, J.: Generalised entropic uncertainty relations. Phys. Rev. Lett. 60, 1103–1106 (1988)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Mandayam, P., Wehner, S.: Achieving the physical limits of the bounded-storage model. Phys. Rev. A 83, 022329 (2011), arXiv:1009.1596v2Google Scholar
  29. 29.
    Maurer, U.: Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptol. 5, 53–66 (1992)MathSciNetzbMATHGoogle Scholar
  30. 30.
    Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett. 78, 3414–3417 (1997)CrossRefGoogle Scholar
  31. 31.
    Pironio, S., Acin, A., Massar, S., de la Giroday, A.B., Matsukevich, D.N., Maunz, P., Olmschenk, S., Hayes, D., Luo, L.: Random numbers certified by Bell’s theorem. Nature 464, 1021–1024 (2010), arXiv:0911.3427v3
  32. 32.
    Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13, 2 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Renes, J.M., Boileau, J.-C.: Conjectured strong complementary information tradeoff. Phys. Rev. Lett. 103, 020402 (2009), arXiv:0806.3984v2Google Scholar
  34. 34.
    Renner, R.: Security of quantum key distribution. International Journal of Quantum Information 6, 1 (2008), arXiv:quant-ph/0512258v2
  35. 35.
    Renner, R.S., König, R.: Universally Composable Privacy Amplification Against Quantum Adversaries. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 407–425. Springer, Heidelberg (2005), arXiv:quant-ph/0403133v2CrossRefGoogle Scholar
  36. 36.
    Schaffner, C., Terhal, B., Wehner, S.: Robust cryptography in the noisy-quantum-storage model. Quantum Inf. Comput. 9, 11 (2008), arXiv:0807.1333v3
  37. 37.
    Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the EATCS 77, 67–95 (2002)MathSciNetzbMATHGoogle Scholar
  38. 38.
    Szehr, O., Dupuis, F., Tomamichel, M., Renner, R.: Decoupling with unitary almost two-designs (2011), arXiv:1109.4348
  39. 39.
    Ta-Shma, A.: Short seed extractors against quantum storage. In: Proc. ACM STOC, pp. 401–408. ACM (2009)Google Scholar
  40. 40.
    Tomamichel, M., Colbeck, R., Renner, R.: Duality between smooth min- and max-entropies. IEEE Trans. Inform. Theory 56, 4674 (2010), arXiv:0907.5238v2
  41. 41.
    Tomamichel, M., Renner, R.: The uncertainty relation for smooth entropies. Phys. Rev. Lett. 106, 110506 (2011), arXiv:1009.2015v2
  42. 42.
    Tomamichel, M., Schaffner, C., Smith, A., Renner, R.: Leftover hashing against quantum side information. IEEE Trans. Inform. Theory 57(8), 5524–5535 (2011), arXiv:1002.2436v1
  43. 43.
    Wehner, S., Curty, M., Schaffner, C., Lo, H.-K.: Implementation of two-party protocols in the noisy-storage model. Phys. Rev. A 81, 052336 (2010), arXiv:0911.2302v2Google Scholar
  44. 44.
    Wehner, S., Schaffner, C., Terhal, B.: Cryptography from noisy storage. Phys. Rev. Lett. 100, 220502 (2008), arXiv:0711.2895v3
  45. 45.
    Wehner, S., Winter, A.: Entropic uncertainty relations - a survey. New J. Phys. 12, 025009 (2010), arXiv:0907.3704v1Google Scholar
  46. 46.
    Winter, A.: Quantum information: Coping with uncertainty. Nat. Phys. 6, 640 (2010)CrossRefGoogle Scholar
  47. 47.
    Wootters, W.K., Fields, B.D.: Optimal state-determination by mutually unbiased measurements. Ann. Physics 191, 363–381 (1989)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  1. 1.Institute for Theoretical PhysicsETH ZurichZürichSwitzerland
  2. 2.School of Computer ScienceMcGill UniversityMontréalCanada
  3. 3.Centre for Quantum TechnologiesNational University of SingaporeSingaporeSingapore

Personalised recommendations