## How are nonlocal games used in device-independent quantum cryptography?

3

1

As I understand it, device-independent quantum cryptography enables you to safely perform cryptographic operations without necessarily trusting the quantum device on which they are performed. Nonlocal games are said to have applications in this domain; see for example A Monogamy-of-Entanglement Game With Applications to Device-Independent Quantum Cryptography by Tomamichel et al. Is there a simple explanation of how nonlocal games can help in this domain? I understand the mechanics of the CHSH game quite well.

– user820789 – 2018-12-05T22:13:24.453

## Answers

3

Imagine you're playing a CHSH game with someone, although you don't know what quantum system it is that you're playing with, or even what measurements it is that you're doing on the system. You just know that you're getting the average value $$\langle A_1(B_1+B_2)+A_2(B_1-B_2)\rangle=2\sqrt{2}$$ (where measurement results of $$\pm 1$$ are recorded in $$A_1$$ and $$A_2$$ by the first player for their two separate measurements, and in $$B_1$$ and $$B_2$$ for the second player's two separate measurements). The simple fact that you got this value of $$2\sqrt2$$ tells you that, in effect, you have a maximally entangled qubit pair, and that your measurements are acting as qubit measurements with the correct relative angles to generate the CHSH result. That's the essence of how device-independent crypto works, as you could now use this "thing that's proven to be equivalent to a Bell pair+measurements" in a standard crypto scheme such as the key distribution protocol of E91.

If, instead, you get some expectation value $$2, then you know that at least some of your answers are being generated in a truly random way (and it gives you a quantitative statement about how much somebody else could know about those randomly generated answers) because if they're not, you'd have to be getting $$S\leq 2$$.

Couldn't you both be playing on a classically-simulated quantum computer which has access to all your amplitudes and therefore your secrets? – ahelwer – 2018-12-06T19:37:29.300

1Not if you’re being careful about light cones. You can only do a classical simulation if at least one party knows both measurement settings. So one of the conditions is that the answers come fast enough that it’s impossible that either party knows both settings. – DaftWullie – 2018-12-06T20:07:38.167