Quantum Logic and its Application to Protocols

Ron van der Meyden and Manas Patra have proposed a modal logic for knowledge and time in quantum protocols14. They recognise the fact that, in the literature on quantum computation and information, epistemic locutions of the form

“ Alice knowsx. ”

are frequently encountered; the logical framework which they propose is essentially an attempt to make such informal language precise. Their ultimate objective is to lay the foundations for “epis- temic analysis” of quantum cryptographic protocols, and related schemes, using logical methods.

5.3. Quantum Logic and its Application to Protocols ❦ 81 Here, we will state the syntax of the quantum logic and show how it has been used to specify certain properties of the B92 protocol for quantum key distribution.

The quantum logic involves formulas over a set of uninterpreted propositions,Prop. A for- mula in the logic may be a proposition, a conjunction or negation of formulae, or one of the following:

❧

the form φ₁, which retains the usual temporal meaning (“always, formulaφ₁holds”);

❧

the forminit(φ₁), which is true ifφ₁holds in the initial state of a protocol;

❧

the formKc_i(φ₁), which means “agenti knows, given her classical bits and observations,

thatφ₁holds in the current state;

❧

the formK_iq(φ₁), which means “agentiknows, given a set of qubits in her possession, that φ₁holds in the current state.

So, the syntax of formulae,Φ, in the quantum logic is given by the following grammar: Φ::= pjφ₁jφ₂jφ₁^φ₂j :φ₁j φ₁jinit(φ₁)jKc_i(φ₁)jKq_i(φ₁)

wherep 2Prop. The concept of “knowledge” has two variations in the logic, since it depends on what information is used by a particular agent to decide her actions.

In order to define a property using this logic, a model of the protocol under consideration must be built. The logic assumes that protocols are described asqubit message passing environments, which are defined as follows (we have modified the original definition slightly):

Definition 5.1 Aqubit message passing environmentis an abstract model of the computational set- ting in a quantum protocol, involving agents and channels for synchronous communication. It is defined as a tuple

hn,S,I,Acti

where n is the number of agents involved in the system, S = Sq _Sc_{is the set of all states that occur in} the system, I is the initial state and Act is the set of actions performed by the various agents.

The global stateSis partitioned into a set of classical states,Sc, and a set of quantum states,Sq. ClearlySqis a subset of the Hilbert spaceH of dimension 2N, the vector space inhabited byN qubits. The set of classical states consists of elements of the formsq =_hvar,loc,chan,resi, which include

❧

classical bit assignments, var(i) :Vari 7 ! f0, 1g(here, Vari is the set of variable names belonging to agent i).

❧

qubit location assignments,loc:[0,N]_7![0,n]. The value ofloc(x)is the name of the agent to whichxis attached.

❧

channel value assignments,chan:[1..n]2_{7!Msg, whereMsgis a set of classical messages. If}

chan(i,j) =min a particular state, this means that messagem2Msghas just been transmit- ted from agentito agentj.

82 ❦ Chapter 5. Specification Formalisms and Related Work

❧

measurement result assignments. Ifres(i) = (Mi,mi) in a particular state, it means that the measurement operatorMi_{has been applied to the quantum states inS}q_{, producing as a} classical outcome, the valuemi.

Of interest to us is the fact that, if a quantum protocol is expressed in terms of qubit mes- sage passing environments, then the quantum logic can be used to define its properties. We will not delve further in the details of such environments, but it is significant to note that they do ultimately provide a sufficient operational model for quantum protocols. It suffices to say that, if we were to define a programming language whose operational semantics were based on transitions be- tween qubit message passing environments, a protocol specification in this language could be conveniently matched with a set of properties expressed in the quantum logic.

It is instructive to show how the logic can be used to describe certain properties of B92 for- mally. Van der Meyden and Patra treat protocols as functionsPpertaining to a particular envi- ronment.

Definition 5.2 Arunr:N7! S describes a potential evolution of the system, with r(m)representing the global state of the system at time m.

Definition 5.3 Aprotocolis a system comprised of specific sets of runs, which are generated by various agents engaging in a particular pattern of behaviour. For agent i, a protocol is defined as a function P : O_i+ 7! Acti, where Oi+ is the set of all observations the agent has made, and Acti is the set of actions performed by the agent.

For the purpose of providing an informal example of the logic’s use, its creators describe B92 as shown in Figure 5.3. They claim thatP, the protocol representing the eavesdropping version of B92, satisfies the following properties:

(b=1)kcA(a)^kcB(a))

(“in successful runs, Alice and Bob come to classically know bita”)

(b=1) :kcE(a))

(“Eve never comes to know bit a based on classical observations alone”)

(b=1)kq_E(a))

(“If Eve could perform repeatable measurements on the qubit intercepted, she could come to learn the value of a”)

In document Techniques for design and validation of quantum protocols (Page 99-101)