Fast Quantum Byzantine Agreement: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
No edit summary
Line 11: Line 11:


==Outline==
==Outline==
In this protocol, there are three main stages. The first stage is a preparation stage. we prepare two ancillary states with special coefficients which will lead to the desired flow of the information between copied states. The original state will not be engaged at this stage. At the second stage the cloner circuit will act on all the three states (the original and two other states) and at the second stage the two copied state will appear at two of the outputs and one of the outputs should be discarded. The Procedure will be as following:  
Here we will sketch the outline of the protocol by Ben-Or [Quantum Byzantine Agreement#References|(3)] that solve Byzantine Agreement using quantum resources. A very nice summary of this protocol is also presented in [Quantum Byzantine Agreement#References|(1)]. The main idea of this protocol is for each player to classically send its proposed value/decision (a valid message) to every other player and then collaborate to determine what a majority of honest players proposed. In the case where adversaries make this difficult, a `good-enough' random coin is globally flipped (protocol for random coin flip using quantum resources explained below), which is then classically post-processed to reach agreement among the honest parties. More precisely, the protocol is outlined as follows. Each round consists of the following steps:
* Prepare two blank states and then perform a transformation taking these two states to a new state with pre-selected coefficients in such a way that the information distribution between two final states will be the desired.[[File:Asymmetriccloner.jpg|right|thumb|1000px| Graphical representation of the network for the asymmetric cloner. The CNOT gates are shown in the cloner section with control qubit (denoted as <math>\bullet</math> ) and a target qubit (denoted as <math>\circ</math> ). We separate the preparation of the quantum copier from the cloning process itself.]]  
 
*Perform the cloner circuit. the cloner circuit consists of four CNOT gate acting in all the three input qubits.  For every CNOT gate, we have a control qubit (which indicates whether or not the CNOT should act) and a target qubit (which is the qubit that CNOT gate acts on it and flips it).  
* Each player transmits its input to every other player. If one player receives more than 2/3 of the same values from the other players (including his own), then he changes his input also to this value (if that player already did not have the same choice). Otherwise, the same player executes a Quantum Oblivious Common Coin subroutine and sets his input to the outcome of this routine.
* The two asymmetric clones will appear at two of the outputs (depending on the preparation stage) and the other output should be discarded.
* Then each player sequentially executes two classical subroutines to bias the agreement value towards <math>0</math> or <math>1</math> (outcomes of a coin flip). This guarantees that if the non-faulty players are in agreement, then they will terminate and successfully output the correct agreement value <math>d</math> (not an outcome of coin flip).
</br>
'''Quantum Oblivious Common Coin subroutine:''' The heart of this protocol comes from the quantum enhanced [[Oblivious Common Coin]]. At the end of this subroutine, each player outputs a random bit, such that with at least probability $p$  (called the fairness) $v_i = x$ for all players $i$ and all $x \in \{0,1\}$. Intuitively, this subroutines tosses a common coin, where all players get either heads or tails with probability at least $p$ each, but there may be executions (which occur with at most probability $1-2p$) where all players do not get the same output and no common coin is actually tossed. Since the players do not know whether the outcomes are all equal or not, this type of coin tossing is referred to as oblivious common coin tossing. In particular, using quantum resources, this task can be achieved in constant rounds (in the defined model). The implementation of this subroutine makes use of a weakened version of Verifiable Quantum Secret Sharing.
 
==Notations Used==
==Notations Used==
**<math>|\psi\rangle_{in}:</math>The original input state
**<math>|\psi\rangle_{in}:</math>The original input state

Revision as of 05:09, 18 April 2019

The classical problem of Byzantine agreement (8) is about reaching agreement in a network of players out of which players may be faulty. Each player starts with an input bit and the goal is for all correct players to output the same bit agreement, under the constraint that at least for some node validity. The hardness of this task depends on the failure model of the faulty (sometimes called adversary) players. In Byzantine agreement, the faulty players are assumed to show the most severe form of failure known as Byzantine failures. In this model, faulty players behave arbitrarily, can collude and even act maliciously trying to prevent correct players from reaching agreement. Byzantine agreement is an important problem in classical distributed systems, used to guarantee consistency amongst distributed data structures.

Tags: Quantum Enhanced Classical Functionality, Multi Party Protocols, Specific Task, consensus task, failure resistant distributed computing

Assumptions

  • Network: The network consists of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} players that are fully identified and completely connected with pairwise authenticated classical and quantum channels.
  • Timing: Synchronous and asynchronous setting are both considered.
  • Message size: The size of messages (quantum and classical) are unbounded.
  • Shared resources: The nodes do not share any prior entanglement or classical correlations.
  • Failure: At most (synchronous) or (asynchronous) Byzantine node failures are assumed. Byzantine failures are allowed to behave arbitrarily and collude to try and prevent the honest players from reaching agreement. The most severe model is used: Byzantine failures are adaptive, computationally unbounded and have full-information (full information of quantum states is modeled by giving a classical description of the state to the adversaries). Link failures are not considered.

Outline

Here we will sketch the outline of the protocol by Ben-Or [Quantum Byzantine Agreement#References|(3)] that solve Byzantine Agreement using quantum resources. A very nice summary of this protocol is also presented in [Quantum Byzantine Agreement#References|(1)]. The main idea of this protocol is for each player to classically send its proposed value/decision (a valid message) to every other player and then collaborate to determine what a majority of honest players proposed. In the case where adversaries make this difficult, a `good-enough' random coin is globally flipped (protocol for random coin flip using quantum resources explained below), which is then classically post-processed to reach agreement among the honest parties. More precisely, the protocol is outlined as follows. Each round consists of the following steps:

  • Each player transmits its input to every other player. If one player receives more than 2/3 of the same values from the other players (including his own), then he changes his input also to this value (if that player already did not have the same choice). Otherwise, the same player executes a Quantum Oblivious Common Coin subroutine and sets his input to the outcome of this routine.
  • Then each player sequentially executes two classical subroutines to bias the agreement value towards or Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle 1} (outcomes of a coin flip). This guarantees that if the non-faulty players are in agreement, then they will terminate and successfully output the correct agreement value (not an outcome of coin flip).


Quantum Oblivious Common Coin subroutine: The heart of this protocol comes from the quantum enhanced Oblivious Common Coin. At the end of this subroutine, each player outputs a random bit, such that with at least probability $p$ (called the fairness) $v_i = x$ for all players $i$ and all $x \in \{0,1\}$. Intuitively, this subroutines tosses a common coin, where all players get either heads or tails with probability at least $p$ each, but there may be executions (which occur with at most probability $1-2p$) where all players do not get the same output and no common coin is actually tossed. Since the players do not know whether the outcomes are all equal or not, this type of coin tossing is referred to as oblivious common coin tossing. In particular, using quantum resources, this task can be achieved in constant rounds (in the defined model). The implementation of this subroutine makes use of a weakened version of Verifiable Quantum Secret Sharing.

Notations Used

    • The original input state
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \rho_{\psi_{in}}:} The density matrix of the input pure state equal to
    • The scaling parameter of the first clone
    • The scaling parameter of the second clone
    • The output density matrix of the first clone (equal to if the output state is pure)
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \rho_{b}^{out}:} The output density matrix of the second clone (equal to if the output state is pure)
    • The ``Identity" or completely mixed density matrix
    • state of the ancillary qubits before preparation phase
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |\psi\rangle_{m_1,n_1}:} state of the ancillary qubits after the preparation
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle c_j:} amplitudes (or coefficients) of the prepared state $|\psi\rangle_{m_1,n_1}$. These coefficients are being used to control the flow of the information between the copies before starting the cloning process.
    • The CNOT gate where the control qubit is Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k} and the target qubit is Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle l}
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |\psi\rangle_{out}:} The total output of the asymmetric cloning circuit
    • Bell state
    • Plus state. The eigenvector of Pauli X

Properties

  • The protocol assumes that the original input qubit is unknown and the protocol is independent of the original input state (universality).
  • The output copies are not identical and we are able to control the likelihood (fidelity) of the output copies to the original state by pre-preparing the ancillary states with special coefficients.
  • Claims for General case:
    • Following inequality holds between the scaling factors and

    • This elliptic inequality shows the possible value of the scaling parameters.
    • Trade-off inequality between the fidelities of the clones:

    • Optimality is provided when the fidelities of two clones, Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F_a} and , saturate the above inequality
  • Claims for Special case with bell state:
    • Following ellipse equation holds between the scaling factors and

    • Following equations holds for fidelities of the clones:

Pseudo Code

General Case

For more generality, we use the density matrix representation of the states which includes mixed states as well as pure states. For a simple pure state the density matrix representation will be . Let us assume the initial qubit to be in an unknown state Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \rho_{\psi}} . Our task is to clone this qubit universally, i.e. input-state independently, in such a way, that we can control the scaling of the original and the clone at the output. In other words, we look for output which can be represented as below:

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \rho_{b}^{out} = s_1 \rho_{\psi} + \frac{1 - s_1}{2} \hat{I}}
Here we assume that the original qubit after the cloning is “scaled” by the factor , while the copy is scaled by the factor . These two scaling parameters are not independent and they are related by a specific inequality.

Stage 1 Cloner State Preparation

  1. Prepare the original qubit and two additional blank qubits Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle m} and in pure states:
  2. Prepare , where the complex coefficients will be specified so that the flow of information between the clones will be as desired.
    At this stage the original qubit is not involved, but this preparation stage will affect the fidelity of the clones at the end of the process.
  3. To prepare the state, a Unitary gate must be performed so that:

  • Use following relations to specify in terms of and :

, , ,
these satisfy the scaling equations and also the normalization condition of the state . They are being used to control the flow of information between the clones

Stage 2 Cloning Circuit

  • The cloning circuit consists of four CNOT gates acting on original and pre-prepared qubits from stage 2. We call the original qubit , ``first qubit", the first ancillary qubit of , ``second qubit" and the second one, ``third qubit". The CNOT gates will act as follows:
  1. First CNOT acts on first and second qubit while the first qubit is control and the second qubit is the target.
  2. Second CNOT acts on first and third qubit while the first qubit is control and the third qubit is the target.
  3. Third CNOT acts on first and second qubit while the second qubit is control and the first qubit is the target.
  4. Forth CNOT acts on first and third qubit while the third qubit is control and the first qubit is the target.
  • Mathematically the cloning part of the protocol can be shown as:



Stage 3 Discarding ancillary state

  • Discard one of the extra states. The output states will be the first and second (or third) output.

Special case with bell state:

Stage 1 Cloner state preparation

  1. Prepare the original qubit and two additional blank qubits and in pure states:
  2. Prepare , where is a Bell state and . In this case, the density matrix representation of the output states will be:



Stage 2 Cloning Circuit

  • The cloning circuit is exactly the same as the general case. after the cloning circuit, the output state will be:

The reduced density matrix of two clones A and B can be written in terms of their fidelities:


Stage 3 Discarding ancillary state

  • The same as the general case.

Further Information

  • The protocol (3) is based on the classical protocol of (7), where the classical Oblivious Common Coin is replaced by a Quantum version, which is based on the Verifiable Quantum Secret Sharing Scheme presented in (4). The protocol of (7) also runs in constant expected time, but can only deal with limited-information adversaries. This means that the adversaries can not read communication between honest parties and read their internal state. The classical lower bound in the same model of is proven in (6).
  • The work (3) also provides a protocol in a weaker failure model known as fail-stop failures. Here the nodes will crash and stop working indefinitely (stop responding). Another protocol in the same model is presented in (2).
  • Another weakened version of the problem, known as detectable byzantine agreement, is solved with quantum resources in (5) (and following works). In detectable byzantine agreement, the protocol is also allowed to abort (upon detecting failures) instead of reaching agreement.

References

  1. TNM (2017)
  2. LS (2010)
  3. BH (2005)
  4. CGS (2002)
  5. FGM (2001)
  6. JB (1998)
  7. FM (1997)
  8. LSP (1982)

Further Information

*contributed by Bas Dirke