Role of Hypothesis Testing in Quantum Information Masahito Hayashi Graduate School of Mathematics, Nagoya University Centre for Quantum Technologies, National University of Singapore (Many collaborators)
Role of Hypothesis Testing in
Quantum Information
Masahito Hayashi
Graduate School of Mathematics, Nagoya University
Centre for Quantum Technologies, National University of
Singapore
(Many collaborators)
Contents
• Application to Quantum Coding Theory
• Application to Quantum Key Distribution– Classical Operations
– Finite-length Analysis with single photon source
– Finite-length Analysis with decoy method
• Application to Testing of Quantum Computation
Application to Quantum
Coding Theory
Part I
Quantum hypothesis testingQuantum unknown state
on or
n n nH
,n n
T I TnTQuantum measurement
Decision
• First error probability:
• Second error probability:
1Tr
n
n nI T T
2Tr
n
n nT T
Non-asymptotic formulas
2
1
s.t. Tr 0 ,
Tr 0
a
a
a e
e
T T
T
1 2 Tr 0a a
a
e e
T
T T
Direct part:
Converse part: Neymann Person lemma
where 0
0i
i i i i iix
x u u u u
Asymptotic Evaluation
2 1 sup log : limn n n n
B - T T T
Hiai-Petz 1991, Ogawa-Nagaoka 1998
Tomamichel-Hayashi 2013, Li 2014
1 ( ) ( ) ( ) ( )n
B nD nV o n
1 0
Tr log logD
2Tr [ log log ]V D
2
2
( ) :2
t
x ex dt
Large Deviation
Hayashi 2007,
Nagaoka 2007
Hayashi 2004,
Mosyoi-Ogawa
2015
1
0 1
( ) sup (1)
1
snr
ns
sr sDB e n o
s
1 0
2 1 inf log(1 ) : limc
n n n nB - T T T
1
0
( ) sup (1)
1
sc nr
ns
sr sDB e n o
s
1
1[logTr ]/s s
sD s
1 1
112 21
1
[log Tr( ) ] /
lim[ ( ) ] /n
s
sss
n n
sn
D s
D n
E
( ) ,X i i i i
i i
Y PYP X x P E
Quantum channel coding
(classical message)
Classical message
Encode
1, ,n
i M
n
Channel
1
Mn n
jj
Y Y
Decode (Measurement)
1 2( ) ( ) ( ) ( )
n n
ni i i i
1 2( ), ( ), , ( )
n
ni i i i
1, ,n
j M
( )x x
Mathematical formulation
• Channel:
• Code:
• Size:
• Average error:
• Trade off:
, ,n n
nM YnE
1
11 Tr
nM
n n n
n i
in
i YM
E
nM MnE
( )x x
,n n
M E E
Non-asymptotic formula
2Tr 0
4 Tr 0 ,
n n na n
Q Q Q
na n n na n
Q Q Q
na
e
e e
M e
n
n
E
E
Direct part (Possibility part):Hayashi-Nagaoka 2002
s.t. a Q nE
( ) ,
( ) ( ) .
n n
Q x
x
n n
Q x
x x
Q x x x W
Q x x x Q x W
X
X
where
1
Tr 0n n na n na
Q Qe e M
n nE E
Converse part (Impossibility part): s.t. na nE Q
Asymptotic formulas
,
logsup lim
sup min Tr 0
sup min Tr 0
max max ( )
=
=
.
n n n
n n nn
n n na n
Q Q QQa
n n na n
Q QQa
Q Q x QQ Q
x
MC
n
a e
a e
D Q x D W W
n
n
nE
EE
X
Holevo 1996, Schumacher-Westmoreland 1997
Hayashi-Nagaoka 2002
General case
DMS (i.i.d.) case
1 0 For
Exponents• Error probability
• Correct probability
:log
sup lim loglim
e
n
n
n
B r
M
rn
EE
En
*
:log
sup lim log 1lim
e
n
n
n
B r
M
rn
EE
En
0 1
1
maxmax ,1
log ( )Tr
( )
Q
eQ s
s s
Q x Q
x
Q x
x
r sB r
s
s Q x W W
W Q x W
X
X
Relations
Hayashi 2007
*
0 1
1/
maxmin ,1
log Tr ( )
Q
esQ
ss
Q x
x
r sB r
s
s Q x W
X
Nagaoka 2001
Ogawa-Nagaoka 1998
Application of
Quantum hypothesis testing
C-Q Channel Resolvability
C-Q wire-tap channel
Quantum
Key DistributionQuantum state
transmission
Quantum hypothesis testing
C-Q Channel Coding
C-Q Secure random number generation
Application to Quantum
Key Distribution
Part II
II-I. Classical Operations
for the QKD protocol
1st step for key distillation: error
correction:
2nd step for key distillation: privacy
amplification: (Sacrificing keys)
ksift krecError correction
krecUniversal
hash function
(random matrix)
kfin
Raw keys Corrected keys
Secret keys
Hardware
(optical system)
Application
mobile phone etc
Flow of quantum key distribution
Example:Toeplitz Matrix
0 0 0 0
0 0 0 0
0 0 0 0
0 0 0 0
1 2 1
1 3 2
2 3 ( ) ( ) 1
1 2 ( ) 1 ( )
:
1
1 0
0 1
1
X
n m n m n n
n m n m n n
n n m n n m
n n m n n m
A
a a a a
a a a a
a a a a
a a a a
: n0-m×n0 Matrix with n0-1 elementsXA
is universal2 hash functions{ }X
A
This method requires small amount of calculation.
01 1( , , ) F
n
n qX a a
Privacy amplification (PV)
Universal hash function
Brightness represents
visibility from eavesdropper.Imperfectly
secure keys(corrected keys)
Perfectly
secure keys(secret keys)
Ex. Applying
random matrix
(Toeplitz matrix)
• The trace norm distance to be bounded is that between
the true state and the ideal state :
• Phase error correction can be virtually done by
performing privacy amplification.
How can we decide the sacrifice bit-length?
, ideal ph12 2 ,
A EP
ideal , | |: ( )
A U m E m
m
P m m m
EA,
Relation between
the trace norm distance and PV
phP : phase error probability
II-II. Finite-length Analysis
with single photon source
we estimate an upper bound of psft=(k-c)/n →
Relation among important parameters
n l
ck
Total
Number
of bits
Number
of errors
in phase
basis
sample bits
with phase basisraw keys
unknown
In order to decide the sacrificed bit length in PV, we need
the phase error rate psft(k,c)=(k-c)/n in the raw keys.
known
n lknown known
known
k c
unknown
solution
sftp̂
s tf bit1 ˆG n h f h p Dp
Generated key length:
f : efficiency of bit error correction
Hypothesis testing
(Interval estimation)
Number c obeys the hyper-geometric distribution Phg(c|k):
How to estimate
k
ln
c
l
ck
nkcP |hg
sft,p k c
sft,p k c
Interval estimation
sftp
calculation
1.Decoding error probability Spa(k,c) for phase error
correction with given k and c:
ckSkcPkS
kSkSkQ
ckSkcPkQPkQP
c
c
kk
k c
c
c
k
,|:
,max
,|
pa
0
hgav
avavEve
pahgEve
0
|phEveph
max
max
How to evaluate Pph
sft sft
ˆmin , [ ], 0
pa, 2
nh p k c nh p DS k c
Since this value does not depend on k,
the final goal is bounding it.
2.Decoding error probability Pph in phase error correction is
universally bounded:
Rigorous evaluation of key generation rate
without Gaussian approximation
Thick line:Straightforward bounds
Thin line: Gaussian integral bounds
Points: result by Tomamichel et al.
2011
key generation rate R
= final secure key length/raw key length n
n (raw key length) + l (number of sample bits with phase basis)
II-III. Finite-length Analysis
with decoy method
27
Single-photon and weak
coherentIt is difficult to equip single-photon
source for QKD.
time
Single photon
Ideal
Weak coherent pulse
time
Laser (real)
Single
photon
Two
photon vacuum
Stochastic
Optical fiber
I get 1 photon
with 1 qubit info.
Eve can get information
without any disturbance!
If two-photon is generated, ….
BobAlice
Eve
28
AliceBob
0
1
2 ,
No count
Normal count
No count
Normal count
No count
Normal count
0 0 0J q N
Quantum Channel
(channel parameters)
Eve
1 1 1J q N
2 2 2J q N
Eve
Eve
Eve
Eve
1r
Security analysis with known channel
( ratio of phase error)
0N
Num. of Pulse
1N
2N
0q
1q
2q
1r
Counting rates, Phase error ratio
(Type of pulse)
29
Eve’s information among
pulses detected by Bob.
Partition of raw keys
2JNumber of bits completely eavesdropped by Eve0J
1J1
( )h r
Eve knows bits information
concerning Alice’s bit.
1 1 2( )h r J J
Number of bits non-eavesdropped by Eve
Number of bits partially ( ) eavesdropped by Eve
Amount of leaked information
30
Eve’s information after key distillation
Eve’s Holevo information
for final key
1 1 2
1 1 2
( ( ) )
, , ,E 2
S h r J J
av r J JP
Number of sacrifice bits
1 1 2( )S h r J J
:S
Exponential
evaluation!
,:
avP
Average of virtual
phase error ratio
MH PRA, 76, 012329 (2007)
3/2
ideal ,1E 2 E
AE avP
leaked information
Sacrifice bit-length
Finite-length security analysis of decoy method
datadetection rates
error rate (intensity)
channel parameters
partition of raw keys
leaked information
sacrifice bit-length
Hypothesis testing(Interval estimation)
solving equations
percent point
phase error formula+ margin
Flow of calculation of sacrificed bit-length from measured data
Numerical result
Block-length of raw keys
•Blue: Asymptotic case.
•Yellow: 108.
•Purple: 107.
•Green: 5 × 106.
•Red: 3 × 106.
•Orange: 2×106.
•Pink: 106.
•
Graph of key generation rate as function of signal intensity μ2
decoy intensity μ1 = 0.1
No. of decoy pulses, No. of vacuum pulses, and No. of signal pulse with ×basis
are 10% of No. of signal pulses.
Dark count rate p0=4×10-7. Channel error rate s=0.03. α=10-3.
Measured detection rate: p=1-e-αμ+p0, Measured error rate: (s(1-e-αμ)+p0/2)/(1-e-αμ+p0)
R: key generation rate=No. generated keys/No. of transmitted signal pulses with matched basis
signal intensity
Improvement of Asymptotic key rate
decoy intensity μ1 = 0.1
Dark count rate p0=4×10-7.
Channel error rate s=0.03. α=10-3.
Measured detection rate: p=1-e-αμ+p0,
Measured error rate:
(s(1-e-αμ)+p0/2)/(1-e-αμ+p0)
We improve the asymptotic key generation rate by estimating
the counting rate with error in the phase basis, and
the counting rate with no error in the phase basis.
Existing studies estimate the counting rate with error in the phase basis and the counting rate.
This change of the parameter to be estimated improves the estimation of the yield.
R: key generation rate=No. generated keys/No. of transmitted signal pulses with matched basis
signal intensity
Red: Our formula
Blue: Existing formula
Verification (Testing)
of Measurement-Based
Quantum Computation
Part III
How can we guarantee
computation result?If a problem is in NP, we can verify the correctness of
a solution. But a problem to be solved with a quantum
computer is not necessarily in NP.
We need to verify quantum computer.
Usually a quantum computer is composed of a
combination of so many quantum circuits.
It is not easy to predict the outcome of the
combination of so many quantum circuits.
So, its verification is not so easy.
How to resolve the difficulty of
verification of computationSince we do not know the computation outcome,
we cannot verify the computation outcome by itself.
How can we resolve this dilemma?We employ measurement-based quantum
computation (MBQC).
MBQC is composed of graph state and local
measurements. These components are known
to us. In particular, quantum correlation is given
as graph state, which is known to us.
We can verify them!
AssumptionーWhat we should trust?ー
(1) We perfectly trust measurement. So, we need
to verify only the graph state.
(3) has weakest assumption, but it works with ideal
case. (2) has stronger assumption, but it works with
realistic case.
(2) We trust measurement, but it is noisy. The noise
can be converted to noise of graph state. So, we need
to verify only the noisy graph state. This protocol
works with noisy graph state.
(3) We do not trust measurement as well as graph
state. However, it accepts only the case when the
measurement and the graph state are noiseless.
Advantage of verification of MBQCVerification process is similar to the quality guarantee
of industrial products via statistical hypothesis testing.
It is done by random sampling.
In the case of industrial mass production,
we can use the “same” random sampling.
m samples can be used commonly for k products.
This “same” sampling makes the verification of MBQC
more economical, which is suitable for industrial
products.
Even when k increase, m does not increase.
samples prodcutsm k
Components of MBQCThe following pairs realize universal
quantum computation.
(1) 2-D (or 3-D) cluster state (two-colorable)
& measurements of X,Y,X+Y
(2) Triangular lattice state (three-colorable)
& measurements of X,Z,X+Z,X-Z
Concepts of Verification (same as QKD)
Detectability: State and measurement should be
rejected when they are not properly prepared.
Acceptability: State and measurement should be
accepted when they are properly prepared.
This condition is needed for guaranteeing the precision
of computation outcome when the test is passed.
Significance level is the maximum passing
probability with incorrect state or measurements
(e.g. 5%)
Error probability is the maximum probability that the
computation outcome is incorrect with significance level
This condition is needed to accept the proper computation
outcome.
Acceptance probability is the passing probability with
correct state and measurements
Verification of MBQC with
trusted noiseless measurementSince we perfectly trust measurement, it is sufficient
to verify only the two-colorable (Black and White)
graph state by local measurements.
In two-colorable state, the Z values on one color sites
decide the X values on the other color sites.
Z measurement on Black
Z measurement on White
predicts
X measurement on Black
X measurement on White
Our verification:
We check whether X outcomes equal the prediction.
G
MH, Morimae 2015
Verification of MBQC with
trusted noiseless measurement
Z on Black X on White
Computation
2 1mG
Z on White X on Black
copiesm
copiesm
1 copy
Random choice
or
incorrect state
Stabilizer test
With significance level α, the probability being
incorrect computation outcome is
less than .
Verification of MBQC with
trusted noiseless measurementAcceptability is satisfied with .
As detectability,
holds with significance level α.
11
(2 1)G G
m
1 / (2 1)m
1
Here, we used hyper-geometric distribution.
Verification of MBQC with
trusted noisy measurementIn the realistic case, the measurement and the
state have noise.
Combine verification and fault tolerant MBQC.
Verifiable fault-tolerant
topologically protected
MBQC
We check whether the error
belongs to the correctable
error set .S
Fujii’s talk (Today)
Verification of MBQC with
untrusted measurementWe need self testing for graph state.
It is not so easy to guarantee the complex coefficient by self
test.
We employ three-colorable graph state, which needs only
measurements of X, Z and X±Z.
We verify measurements of X, Z and X±Z and graph state
by self testing.
We reduce the required number of copies.
(RUV scheme m=n^k, k>8000)
The same scaling Hajdusek et al with different method.
MH, Hajdusek (Poster Monday)
Self testing of bell state and
measurements of X, Z and X±Z Existing method employs only CHSH test.
However, it requires so many copies.
To reduce the number of copies, we propose
Hybrid method of CHSH test and stabilizer test.
Acceptance probability is 1-δ.
As detectability,
with significance level α. m:number of copies.
McKague et al
† 1/4' ( ), , ,T UT U O m T X Z X Z
† 1/8' ( )T UT U O m
Verification of MBQC with
untrusted measurementFor test of measurements of X, Z and X±Z in each site,
Testing of a big three-colorable graph state
Combination of testing of Bell state.Testing measurement on black sites.
Black sites are divided into 3 groups.
Sites of each group have no common
neighborhood.
One group is fixed.(blue circle)
One neighborhood is fixed (red circle)
Other sites are measured in Z basis.
3 pair of Bell states in this example.
Verification of MBQC with
untrusted measurementFor test of measurements of X, Z and X±Z in each site,
Testing of a big three-colorable graph state
Combination of testing of Bell state.Testing measurement on black sites.
Black sites are divided into 3 groups.
Sites of each group have no common
neighborhood.
One group is fixed.(blue circle)
One neighborhood is fixed (red circle)
Other sites are measured in Z basis.
3 pair of Bell states in this example.
Verification of MBQC with
untrusted measurementFor test of measurements of X, Z and X±Z in each site,
Testing of a big three-colorable graph state
Combination of testing of Bell state.Testing measurement on black sites.
Black sites are divided into 3 groups.
Sites of each group have no common
neighborhood.
One group is fixed.(blue circle)
One neighborhood is fixed (red circle)
Other sites are measured in Z basis.
3 pair of Bell states in this example.
Verification of MBQC with
untrusted measurement
Acceptance probability is 1-δ.
With significance level α, the probability of
incorrect computation outcome is a constant.
(RUV scheme
McKague )
The same scaling Hajdusek et al with different method.
4( log )m O n n : number of copies
n : size of graph state
, 8000km n k 22m n
Verification of MBQC with
hypergraph state
Merit of MBQC with hypergraph:
Required measurements are X,Y, and Z.
With significance level 1/n, the probability of
incorrect computation outcome is less than 1/n.
1 nne
n: size of hypergraph state.
We prepare nk+1+m copies.
Acceptance probability is greater than .
Verification method:
We apply generalized stabilizer test.
Morimae et al. 2017
Blind Quantum Computation (BQC)Verified MBQC with trusted measurement
→BQC, Alice with X,Y,Z,X+Y (X,Z,X±Z)
Bob 2(3)-colorable generates graph state
Verified MBQC with noisy trusted measurement
→BQC, Alice with noisy X,Y,Z,X+Y
Bob generates graph state
Verified MBQC with trusted measurement and
hypergraph state
→BQC, Alice with X,Y,Z
Bob generates hypergraph state
Verified MBQC with untrusted measurement
→BQC, classical Alice+4 quantum Bobs
one Bob generates graph state,
3 Bob performs measurement on each color site.
Conclusion• We have overseen how hypothesis testing is
useful in the following topics in quantum
information.
– Quantum Channel Coding
– Quantum Key Distribution
– Testing of Measurement-based Quantum
Computation
• This is because the latter two tasks require
verification process.
• F. Hiai, D. Petz, The proper formula for relative entropy and its
asymptotics in quantum probability. Comm. Math. Phys. 143,
99–114 (1991)
• T. Ogawa, H. Nagaoka, Strong converse and Stein’s lemma in
quantum hypothesis testing. IEEE Trans. Inf. Theory 46, 2428–
2433 (2000)
• M. Mosonyi, T. Ogawa, Quantum hypothesis testing and the
operational interpretation of the quantum Renyi relative
entropies. Comm. Math. Phys. 334(3), 1617–1648 (2015)
• M. Tomamochel and MH, “A Hierarchy of Information
Quantities for Finite Block Length Analysis of Quantum Tasks,”
IEEE Transactions on Information Theory, Vol. 59, No. 11,
7693–7710 (2013).
• K. Li. Second-Order Asymptotics for Quantum Hypothesis
Testing. Annals of Statistics, 42(1):171–189, (2014).
References (Simple hypothesis testing)
• MH, "Optimal sequence of quantum measurements in the
sense of Stein's lemma in quantum hypothesis testing" Journal
of Physics A: Mathematical and General, Vol.35, No.50,
pp.10759-10773 (2002).
• H. Nagaoka, and MH, "An Information-Spectrum Approach to
Classical and Quantum Hypothesis Testing for Simple
Hypotheses," IEEE Transactions on Information Theory, Vol.53,
534-549 (2007)
• T. Ogawa and MH, "On error exponents in quantum hypothesis
testing," IEEE Transactions on Information Theory, Vol.50,
No.6, pp.1368-1372 (2004)
• MH, "Error exponent in asymmetric quantum hypothesis
testing and its application to classical-quantum channel
coding,"Physical Review A, Vol.76, 062301 (2007)
References (Simple hypothesis testing)
• MH and H. Nagaoka, "General formulas for capacity of
classical-quantum channels," IEEE Transactions on
Information Theory, Vol.49, No.7, pp.1753-1768 (2003)
• MH,“Quantum wiretap channel with non-uniform random
number and its exponent of leaked information,” Proc. of ISIT
2012, pp. 895 - 899 (2012)
• MH, “General non-asymptotic and asymptotic formulas in
channel resolvability and identification capacity and its
application to wire-tap channel,” IEEE Trans. IT 52 1562-1575
(2006).
• MH, “Large deviation analysis for quantum security via
smoothing of Renyi entropy of order 2,” IEEE Trans. IT 60
6702-6732 (2014).
• MH, “Precise evaluation of leaked information with secure
randomness extraction in the presence of quantum attacker,”
Comm. Math. Phys. (2015)
References (Channel coding etc)
• MH, R.Nakayama, “Security analysis of the decoy method
with the Bennett-Brassard 1984 protocol for finite key
lengths,”New J. Phys. 16 063009 (2014).
• MH, "Practical Evaluation of Security for Quantum Key
Distribution," Physical Review A, Vol.74, 022307 (2006).
• MH,T. Tsurumaru, “Concise and Tight Security Analysis of
the Bennett-Brassard 1984 Protocol with Finite Key
Lengths,” New J. Phys. 14 093014, (2012).
References (QKD)
References (Testing of MBQC)• MH Morimae, PRL (2015)
• Fujii, MH, arXiv:1610.05216 (PRA Rapid)
• MH, Hajdusek, arXiv:1603.02195
• Morimae, Takeuchi, MH, arXiv:1701.05688
• Hajdusek, Perez-Delgado, Fitzsimons,
arXiv:1502.02563
• Reichardt, Unger, & Vazirani, Nature (2013).
• McKague, Theory of Computing 12, (2016).
• Raussendorf & Briegel, PRL (2001).
• Aharonov, Ben-Or, Eban, & Mahadev,
arXiv:1704.04487.