Entropy Accumulation under Post-Quantum Cryptographic Assumptions

TL;DR

The authors address DI randomness generation using a single computationally bounded quantum device under post-quantum assumptions, introducing a modular framework that marries entropic uncertainty relations with the entropy accumulation theorem. By formalizing single-round tests based on trapdoor claw-free function families and reducing to qubit subspaces, they derive explicit lower bounds on per-round and total entropy, enabling information-theoretic security for generated randomness. The framework provides concrete, finite-round entropy bounds and highlights practical limitations and avenues for improvement, with potential extensions to randomness expansion and DI key distribution. Overall, the work advances a principled, modular path for DI protocols under computational hardness, offering quantitative tools for future protocol design and benchmarking.

Abstract

In device-independent (DI) quantum protocols, the security statements are oblivious to the characterization of the quantum apparatus - they are based solely on the classical interaction with the quantum devices as well as some well-defined assumptions. The most commonly known setup is the so-called non-local one, in which two devices that cannot communicate between themselves present a violation of a Bell inequality. In recent years, a new variant of DI protocols, that requires only a single device, arose. In this novel research avenue, the no-communication assumption is replaced with a computational assumption, namely, that the device cannot solve certain post-quantum cryptographic tasks. The protocols for, e.g., randomness certification, in this setting that have been analyzed in the literature used ad hoc proof techniques and the strength of the achieved results is hard to judge and compare due to their complexity. Here, we build on ideas coming from the study of non-local DI protocols and develop a modular proof technique for the single-device computational setting. We present a flexible framework for proving the security of such protocols by utilizing a combination of tools from quantum information theory, such as the entropic uncertainty relation and the entropy accumulation theorem. This leads to an insightful and simple proof of security, as well as to explicit quantitative bounds. Our work acts as the basis for the analysis of future protocols for DI randomness generation, expansion, amplification and key distribution based on post-quantum cryptographic assumptions.

Figures (5)

• Figure 1: Two setups for device-independent protocols. On the left, a classical verifier is interacting classically with two non-communicating but otherwise all powerful quantum devices (also called provers) that can share entanglement. On the right, the verifier is interacting with a single polynomial-time quantum computer.
• Figure 2: The general structure of a protocol that we consider. The initial state of the entire system is $\rho^{in}_{PVE}$. The protocol proceeds in rounds: Each round includes interaction between the verifier and the prover, as shown by the gray boxes in the figure, and can be described by an efficient quantum channel $\mathcal{M}_i$ for every round $i\in[n]$. The channels output outcomes $O_i$ and side information $S_i$. The device may keep quantum memory from previous rounds using the registers $R_i$. The adversary’s system $E$ is untouched by the protocol. This structure fits the setup of the entropy accumulation theorem dupuis2020entropy and can easily be extended to that of the generalized entropy accumulation metger2022generalised.
• Figure 3: A Bloch sphere representation of the uncertainty relations. A small square overlap between $\Pi$ and $M$ corresponds to a larger angle between the two. Each point on the arrow $M$ corresponds to a probability $\Pr(M=0)$ of some unknown state $\rho$ that must lie on the corresponding magenta dashed line in (a). All the states described in (a) allow distributions of $\Pr(\Pi=0)$ that correspond to the points on the dashed magenta line described in (b). Small square overlap and high values of $\Pr(M=0)$ mean that the allowed distributions of $\Pr(\Pi=0)$ are close to uniform.
• Figure 4: The entropy as a function of the winning probabilities, as given by Equations \ref{['eq:two_variable_bound']} and \ref{['eq:single_variable_bound']}. In the left plot, the differential at $(\omega_p = 1, \omega_m = 1)$ diverges and therefore one does not see the entropy grows up to its optimal point (the dark green point); this is only a visual effect. This entropy and the divergence is seen more clearly on a slice of this graph, appearing in right plot.
• Figure 5: Plots of the entropy accumulation rates $\mu_{\text{opt}}(n, \omega, \gamma=1, \varepsilon_s = {10}^{-5}, p_\Omega = {10}^{-5})$ as a function of $\omega$ for various values of $n$. For reference, we include the accumulation rate of the IID case as a function of $\omega$ (Fig \ref{['sub_fig:von_neumann']}), to which all rates converge in the limit $n\rightarrow\infty$. We neglect the negligible element in Equation \ref{['eq:mu_opt_def']}.

Theorems & Definitions (42)

• Definition 1: Negligible function
• Lemma 2
• proof
• Corollary 3
• Definition 4: Hellinger distance
• Lemma 5: Jordan's lemma extension
• Lemma 6
• proof
• Lemma 7: Jensen's inequality extension
• Definition 8: von Neumann entropy