H H. In the binary case ( A and B both have dimension two), the above two conditions are equivalent and sufficient for the possibility of quantum key agree- ment: all entangled binary states can be purified. The same even holds if one Xxxxxxx space is of dimension 2 and the other one of dimension 3. However, for larger dimensions there are examples showing that these conditions are not equivalent: There are entangled states whose partial transpose has no negative eigenvalue, hence cannot be purified [17]. Such states are called bound entangled, in contrast to free entangled states, which can be purified. Moreover, it is be- lieved that there even exist entangled states which cannot be purified although they have negative partial transposition [9].
H H. – Commitment. From Lemma 2, all honest parties that complete AVSS-Sh would agree on the same h and c. According to the collision-resistance of hash function, the adversary cannot find a Cj = C such that h = (Cj) = (C ) with all but negligible probability, so there is a fixed C except with negligible probability. Moreover, C is computationally binding conditioned on DLog assumption, so all honest parties agree on the same polynomial A∗(x) committed to C , which fixes a unique key∗, and they also receive the same cipher c. So there exists a unique m∗ = c key∗, which can be fixed once some honest party outputs in AVSS-Sh. Now we prove that m∗ can be reconstructed when all honest parties activate AVSS-Rec. Any honest party outputs in the AVSS-Sh subprotocol must receive 2f + 1 Ready messages from distinct parties, at least f + 1 of which are from honest parties. Thus, at least one honest party has received 2f + 1 Echo messages from distinct parties. This ensures that at least f + 1 honest parties get the same commitment C and a valid quorum proof Π. Due the unforgeability of signatures in Π, that means at least f +1 honest parties did store valid shares of A∗(x) and B∗(x) along with the corresponding commitment C except with negligible probability. So after all honest parties start AVSS-Rec, there are at least f + 1 honest parties would broadcast KeyRec messages with valid shares of A∗(x) and B∗(x). These messages can be received by all parties and can be verified by at least f + 1 honest parties who record C . With overwhelming probability, at least f + 1 parties can ⊕ interpolate A∗(x) to compute A∗(0) as key and broadcast it, and all parties can receive at least f + 1 same key∗ and then output the same m∗ = c key∗ as they obtain the same ciphertext c from AVSS-Sh. − H
H H. If the set of bases is large enough, then for all z there is a basis with posi- tive intrinsic information, hence the mean is also positive. Clearly, this result is stronger if the set of bases is small. Nothing is proven about the achievable size of such sets of bases, but it is conceivable that max dim A, dim B bases are always sufficient.
H H. So we have shown on the one hand that the agents not in ε1 at tj are in ε2 at t1. On the other hand, the agents in ε1 at tj remain in δ1 at t1 from (5.5), and therefore remain in ε2 at t1 because δ1 ε2 . Hence, at time t1, ε2 (x(tj)) has at least two agents. Let V2 and V2∗ be a partition of the node set V such that i ∈ V2 if xi(t1) ∈ Hε2 and i ∈ V2∗ otherwise. Note that by (5.5) (5.5) k ∈ V1 =⇒ xk(tj) ∈ Hε1 =⇒ xk(t1) ∈ Hδ1 ⊂ Hε2 =⇒ k ∈ V2, so V1 ⊂ V2. In particular ck2 , the center node of G([τk2 , τk2 + Tj]), is in V2 because it is in V1. Then we can apply the same argument to conclude that there are a t2 ∈ [t1, tj + k2T ] and an i in V2∗ such that xi(t2) ∈ Hε3 and therefore, Hε3 has at least three agents at t2. Repeating this argument n − 1 times leads to the result that there is a tn−1 ∈ [tj, tj + kn−1T ] ⊂ [tj, tj + T¯] such that Hεn has n agents at tn−1. Hence, V1(x(tn−1)) ≤ V1(x(tj)) − εn = V1(x(tj)) − η(V1(x(tj))), and (5.4) follows.
H H. I 2. The Plaintiff’s case is that the Agreement was varied by a I verbal agreement between the parties. The Defendant argued that verbal J J evidence is inadmissible to alter the terms of the Agreement. The key issue K in this case is whether there is a verbal agreement which varied the terms of K the Agreement. L L M 3. Under the Agreement, the terms of payment were stipulated as M follows:- N N O 30% deposit be paid after signing of the Agreement; O 65% be paid within 30 days after completion of the works; P P 5% being retention money. Q Q
H H. Finally, uncertainty is introduced by assuming a Gaussian distribution f (μc, 4, 3) for the mean critical wind speed μc, with mean 4 and standard deviation 3. Putting all components together, we obtain an expression for the expected value of the loss ratio LH Lf E[ ] = ∫ 1 ( ( ) H dμ(L) ) d 4, 3 dL H
H H. This Agreement is the GNI Tripartite Agreement referred to in the Interconnection Agreement. It is agreed:
H H the global state Ψ factorizes, i.e., Ψ = ψAB ψE, where ψAB A B and ψE E. In this case Xxxxx and Xxx are independent of Eve: Xxx cannot obtain any information on Xxxxx’s and Xxx’s states by measuring her system. After a measurement, Xxxxx and Xxx obtain a classical distribution PXY . In accordance with Xxxxxxxx’x principle that all information is ultimately physical, the classical scenario arises from a physical process, namely the measurements performed. Thus the quantum state Ψ , and not the distribution PXY Z, is the true primitive. Note that only if also Xxx performs a measurement, PXY Z is at all defined. It is clear however that it might be advantageous (if technologically possible)for the adversary not to do any measurements before the public discus- sion. Because of this, staying in the quantum regime can simplify the analysis. When Xxxxx and Xxx share many independent systems2 ρAB, there are basi- cally two possibilities for generating a secret key. Either they first measure their systems and then run a classical protocol (process classical information) secure against all measurements Eve could possibly perform (i.e., against all possible distributions PXY Z that can result after Eve’s measurement). Or they first run a quantum protocol (i.e., process the information in the quantum domain) and then perform their measurements. The idea of quantum protocols is to process the systems in state ρAB and to produce fewer systems in a pure state (i.e., to 1 We consider pure states, since it is natural to assume that Xxx controls all the environment outside Xxxxx and Xxx’s systems.
H H the global state Ψ factorizes, i.e., Ψ = ψAB ψE, where ψAB A B and ψE E. In this case Xxxxx and Xxx are independent of Eve: Eve cannot obtain any information on Alice’s and Bob’s states by measuring her system. After a measurement, Xxxxx and Xxx obtain a classical distribution PXY . However, in order to obtain a well-defined classical scenario one has to as- sume that also Eve performs a measurement, i.e., that Eve treats her in- formation on the classical level. Indeed, only then a classical distribution PXY Z is defined. But considering that in practice all PXY Z result from some physical process, the assumption that Eve performs the measurement one would like her to perform is not founded on basic principles3. For example, Eve’s measurement could be done later and depend on the public discussion between Xxxxx and Xxx. Consequently, the common approach which starts from PXY Z to prove the security of a key agreement protocol hides an as- sumption about Eve’s measurement. As we shall see, avoiding this hidden 2We assume all bases to be orthonormal. 3One could argue that if the system in Eve’s hand is classical, then she has no choice for her measurement. But ultimately all systems are quantum mechanical and the apparent lack of choice might purely be a matter of technology. assumption and staying in the quantum regime can actually simplify the analysis of the scenario. When Xxxxx and Xxx share many independent systems4 ρAB, there are basically two possibilities for generating a secret key. Either they first mea- sure their systems and then run a classical protocol (process classical infor- mation) secure against all measurements Eve could possibly perform (i.e., against all possible distributions PXY Z that can result after Eve’s measure- ment). Or they first run a quantum protocol (i.e., process the information in the quantum domain) and then perform their measurements. The idea of quantum protocols is to process the systems in state ρAB and to produce fewer systems in a pure state (i.e., to purify ρAB), thus to eliminate Eve from the scenario. Moreover, the pure state Xxxxx and Xxx end up with should be maximally entangled (i.e., even for some different and incompatible mea- surements, Alice’s and Bob’s results are perfectly correlated). Finally, Xxxxx and Xxx measure their maximally entangled systems and establish a secret key. This way of obtaining a key directly from a quantum state Ψ, without any error correction nor classical privacy amplification,...
H H. Corollary 3 Let Ψ A B E and ρAB = TrHE (PΨ). Then the following statements are equivalent:
