Masahito Hayashi

Naqueeb Ahmad Warsi, Ayanava Dasgupta, Masahito Hayashi

This work advances the theoretical understanding of quantum learning by establishing a new family of upper bounds on the expected generalization error of quantum learning algorithms, leveraging the framework introduced by Caro et al. (2024) and a new definition for the expected true loss. Our primary contribution is the derivation of these bounds in terms of quantum and classical Rényi divergences, utilizing a variational approach for evaluating quantum Rényi divergences, specifically the Petz and a newly introduced modified sandwich quantum Rényi divergence. Analytically and numerically, we demonstrate the superior performance of the bounds derived using the modified sandwich quantum Rényi divergence compared to those based on the Petz divergence. Furthermore, we provide probabilistic generalization error bounds using two distinct techniques: one based on the modified sandwich quantum Rényi divergence and classical Rényi divergence, and another employing smooth max Rényi divergence.

Ayanava Dasgupta, Naqueeb Ahmad Warsi, Masahito Hayashi

We study quantum differential privacy (QDP) by defining a notion of the order of informativeness between two pairs of quantum states. In particular, we show that if the hypothesis testing divergence of the one pair dominates over that of the other pair, then this dominance holds for every $f$-divergence. This approach completely characterizes $(\varepsilon,δ)$-QDP mechanisms by identifying the most informative $(\varepsilon,δ)$-DP quantum state pairs. We apply this to analyze the stability of quantum differentially private learning algorithms, generalizing classical results to the case $δ>0$. Additionally, we study precise limits for privatized hypothesis testing and privatized quantum parameter estimation, including tight upper-bounds on the quantum Fisher information under QDP. Finally, we establish near-optimal contraction bounds for differentially private quantum channels with respect to the hockey-stick divergence.

Ayanava Dasgupta, Naqueeb Ahmad Warsi, Masahito Hayashi

We present a unified information-theoretic framework to analyze the generalization performance of differentially private (DP) quantum learning algorithms. By leveraging the connection between privacy and algorithmic stability, we establish that $(\varepsilon, δ)$-Quantum Differential Privacy (QDP) imposes a strong constraint on the mutual information between the training data and the algorithm's output. We derive a rigorous, mechanism-agnostic upper bound on this mutual information for learning algorithms satisfying a 1-neighbor privacy constraint. Furthermore, we connect this stability guarantee to generalization, proving that the expected generalization error of any $(\varepsilon, δ)$-QDP learning algorithm is bounded by the square root of the privacy-induced stability term. Finally, we extend our framework to the setting of an untrusted Data Processor, introducing the concept of Information-Theoretic Admissibility (ITA) to characterize the fundamental limits of privacy in scenarios where the learning map itself must remain oblivious to the specific dataset instance.

Takeshi Kimura, Kohtaro Kato, Masahito Hayashi

We develop a quantum version of the em algorithm for training quantum Boltzmann machines. The em algorithm is an information-geometric extension of the well-known expectation-maximization (EM) algorithm, offering a structured alternative to gradient-based methods with potential advantages in stability and convergence. We implement the algorithm on a semi-quantum restricted Boltzmann machine, where quantum effects are confined to the hidden layer. This structure enables analytical update rules while preserving quantum expressivity. Numerical experiments on benchmark datasets show that the proposed method achieves stable learning and outperforms gradient-based training in several cases. These results demonstrate the potential of information-geometric optimization for quantum machine learning, particularly in settings where standard methods struggle due to non-commutativity or vanishing gradients.

Matteo Allaix, Seunghoan Song, Lukas Holzbaur et al.

In quantum private information retrieval (QPIR), a user retrieves a classical file from multiple servers by downloading quantum systems without revealing the identity of the file. The QPIR capacity is the maximal achievable ratio of the retrieved file size to the total download size. In this paper, the capacity of QPIR from MDS-coded and colluding servers is studied for the first time. Two general classes of QPIR, called stabilizer QPIR and dimension-squared QPIR induced from classical strongly linear PIR are defined, and the related QPIR capacities are derived. For the non-colluding case, the general QPIR capacity is derived when the number of files goes to infinity. A general statement on the converse bound for QPIR with coded and colluding servers is derived showing that the capacities of stabilizer QPIR and dimension-squared QPIR induced from any class of PIR are upper bounded by twice the classical capacity of the respective PIR class. The proposed capacity-achieving scheme combines the star-product scheme by Freij-Hollanti et al. and the stabilizer QPIR scheme by Song et al. by employing (weakly) self-dual Reed--Solomon codes.

Masahito Hayashi

We propose a new concept of secure list decoding, which is related to bit-string commitment. While the conventional list decoding requires that the list contains the transmitted message, secure list decoding requires the following additional security conditions to work as a modification of bit-string commitment. The first additional security condition is the receiver's uncertainty for the transmitted message, which is stronger than the impossibility of the correct decoding, even though the transmitted message is contained in the list. The other additional security condition is the impossibility for the sender to estimate another element of the decoded list except for the transmitted message. The first condition is evaluated by the equivocation rate. The asymptotic property is evaluated by three parameters, the rates of the message and list sizes, and the equivocation rate. We derive the capacity region of this problem. We show that the combination of hash function and secure list decoding yields the conventional bit-string commitment. Our results hold even when the input and output systems are general probability spaces including continuous systems. When the input system is a general probability space, we formulate the abilities of the honest sender and the dishonest sender in a different way.

Seunghoan Song, Masahito Hayashi

We study the equivalence between non-perfect secret sharing (NSS) and symmetric private information retrieval (SPIR) with arbitrary response and collusion patterns. NSS and SPIR are defined with an access structure, which corresponds to the authorized/forbidden sets for NSS and the response/collusion patterns for SPIR. We prove the equivalence between NSS and SPIR in the following two senses. 1) Given any SPIR protocol with an access structure, an NSS protocol is constructed with the same access structure and the same rate. 2) Given any linear NSS protocol with an access structure, a linear SPIR protocol is constructed with the same access structure and the same rate. We prove the first relation even if the SPIR protocol has imperfect correctness and secrecy. From the first relation, we derive an upper bound of the SPIR capacity for arbitrary response and collusion patterns. For the special case of $\mathsf{n}$-server SPIR with $\mathsf{r}$ responsive and $\mathsf{t}$ colluding servers, this upper bound proves that the SPIR capacity is $(\mathsf{r}-\mathsf{t})/\mathsf{n}$. From the second relation, we prove that a SPIR protocol exists for any response and collusion patterns.

Seunghoan Song, Masahito Hayashi

Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states. One trivial solution in both settings is downloading all states from the servers and the main goal of this paper is to find more efficient QPIR protocols. First, we prove that the trivial solution is optimal for one-server QPIR in the blind setting. In one-round protocols, the same optimality holds even in the visible setting. On the other hand, when the user and the server share entanglement, we prove that there exists an efficient one-server QPIR protocol in the blind setting. Furthermore, in the visible setting, we prove that it is possible to construct symmetric QPIR protocols in which the user obtains no information of the non-targeted messages. We construct three two-server symmetric QPIR protocols for pure states. Note that symmetric classical PIR is impossible without shared randomness unknown to the user.

Masahito Hayashi, Angeles Vazquez-Castro

In this work, we focus on the classical optical channel having Poissonian statistical behavior and propose a novel secrecy coding-based physical layer protocol. Our protocol is different but complementary to both (computationally secure) quantum immune cryptographic protocols and (information theoretically secure) quantum cryptographic protocols. Specifically, our (information theoretical) secrecy coding protocol secures classical digital information bits at photonic level exploiting the random nature of the Poisson channel. It is known that secrecy coding techniques for the Poisson channel based on the classical one-way wiretap channel (introduced by Wyner in 1975) ensure secret communication only if the mutual information to the eavesdropper is smaller than that to the legitimate receiver. In order to overcome such a strong limitation, we introduce a two-way protocol that always ensures secret communication independently of the conditions of legitimate and eavesdropper channels. We prove this claim showing rigorous comparative derivation and analysis of the information theoretical secrecy capacity of the classical one-way and of the proposed two-way protocols. We also show numerical calculations that prove drastic gains and strong practical potential of our proposed two-way protocol to secure information transmission over optical channels.

Masahito Hayashi, Takeshi Koshiba

We propose a new cryptographic task, which we call verifiable quantum secure modulo summation. Secure modulo summation is a calculation of modulo summation $Y_1+\ldots+ Y_m$ when $m$ players have their individual variables $Y_1,\ldots, Y_m$ with keeping the secrecy of the individual variables. However, the conventional method for secure modulo summation uses so many secret communication channels. We say that a quantum protocol for secure modulo summation is quantum verifiable secure modulo summation when it can verify the desired secrecy condition. If we combine device independent quantum key distribution, it is possible to verify such secret communication channels. However, it consumes so many steps. To resolve this problem, using quantum systems, we propose a more direct method to realize secure modulo summation with verification. To realize this protocol, we propose modulo zero-sum randomness as another new concept, and show that secure modulo summation can be realized by using modulo zero-sum randomness. Then, we construct a verifiable quantum protocol method to generate modulo zero-sum randomness. This protocol can be verified only with minimum requirements.

Seunghoan Song, Masahito Hayashi

We study the capacity of quantum private information retrieval (QPIR) with multiple servers. In the QPIR problem with multiple servers, a user retrieves a classical file by downloading quantum systems from multiple servers each of which contains the copy of a classical file set while the identity of the downloaded file is not leaked to each server. The QPIR capacity is defined as the maximum rate of the file size over the whole dimension of the downloaded quantum systems. When the servers are assumed to share prior entanglement, we prove that the QPIR capacity with multiple servers is 1 regardless of the number of servers and files. We construct a rate-one protocol only with two servers. This capacity-achieving protocol outperforms its classical counterpart in the sense of capacity, server secrecy, and upload cost. The strong converse bound is derived concisely without using any secrecy condition. We also prove that the capacity of multi-round QPIR is 1.

Masahito Hayashi

We propose a new concept of secure list decoding. While the conventional list decoding requires that the list contains the transmitted message, secure list decoding requires the following additional security conditions. The first additional security condition is the impossibility of the correct decoding, i.e., the receiver cannot uniquely identify the transmitted message even though the transmitted message is contained in the list. This condition can be trivially satisfied when the transmission rate is larger than the channel capacity. The other additional security condition is the impossibility for the sender to estimate another element of the decoded list except for the transmitted message. This protocol can be used for anonymous auction, which realizes the anonymity for bidding.

Masahito Hayashi

Secure network coding realizes the secrecy of the message when the message is transmitted via noiseless network and a part of edges or a part of intermediate nodes are eavesdropped. In this framework, if the channels of the network has noise, we apply the error correction to noisy channel before applying the secure network coding. In contrast, secure physical layer network coding is a method to securely transmit a message by a combination of coding operation on nodes when the network is given as a set of noisy channels. In this paper, we give several examples of network, in which, secure physical layer network coding has advantage over secure network coding.

Masahito Hayashi

We focus on the optimal value for various information-theoretical tasks. There are several studies for the asymptotic expansion for these optimal values up to the order $\sqrt{n}$ or $\log n$. However, these expansions have errors of the order $o(\sqrt{n})$ or $o(\log n)$, which does not goes to zero asymptotically. To resolve this problem, we derive the asymptotic expansion up to the constant order for upper and lower bounds of these optimal values. While the expansions of upper and lower bonds do not match, they clarify the ranges of these optimal values, whose errors go to zero asymptotically.

Masahito Hayashi, Huangjun Zhu

To guarantee the security of uniform random numbers generated by a quantum random number generator, we study secure extraction of uniform random numbers when the environment of a given quantum state is controlled by the third party, the eavesdropper. Here we restrict our operations to incoherent strategies that are composed of the measurement on the computational basis and incoherent operations (or incoherence-preserving operations). We show that the maximum secure extraction rate is equal to the relative entropy of coherence. By contrast, the coherence of formation gives the extraction rate when a certain constraint is imposed on eavesdropper's operations. The condition under which the two extraction rates coincide is then determined. Furthermore, we find that the exponential decreasing rate of the leaked information is characterized by Rényi relative entropies of coherence. These results clarify the power of incoherent strategies in random number generation, and can be applied to guarantee the quality of random numbers generated by a quantum random number generator.

Masahito Hayashi, Takeshi Koshiba

For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase then they cannot only disturb the protocol but also only they may reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we propose the concepts of "individual identification" and "agreed identification".

Angeles Vazquez-Castro, Masahito Hayashi

Shannon introduced the classic model of a cryptosystem in 1949, where Eve has access to an identical copy of the cyphertext that Alice sends to Bob. Shannon defined perfect secrecy to be the case when the mutual information between the plaintext and the cyphertext is zero. Perfect secrecy is motivated by error-free transmission and requires that Bob and Alice share a secret key. Wyner in 1975 and later I.~Csiszár and J.~Körner in 1978 modified the Shannon model assuming that the channels are noisy and proved that secrecy can be achieved without sharing a secret key. This model is called wiretap channel model and secrecy capacity is known when Eve's channel is noisier than Bob's channel. In this paper we review the concept of wiretap coding from the satellite channel viewpoint. We also review subsequently introduced stronger secrecy levels which can be numerically quantified and are keyless unconditionally secure under certain assumptions. We introduce the general construction of wiretap coding and analyse its applicability for a typical satellite channel. From our analysis we discuss the potential of keyless information theoretic physical layer security for satellite channels based on wiretap coding. We also identify system design implications for enabling simultaneous operation with additional information theoretic security protocols.

Vincent Y. F. Tan, Masahito Hayashi

In this paper, we analyze the asymptotics of the normalized remaining uncertainty of a source when a compressed or hashed version of it and correlated side-information is observed. For this system, commonly known as Slepian-Wolf source coding, we establish the optimal (minimum) rate of compression of the source to ensure that the remaining uncertainties vanish. We also study the exponential rate of decay of the remaining uncertainty to zero when the rate is above the optimal rate of compression. In our study, we consider various classes of random universal hash functions. Instead of measuring remaining uncertainties using traditional Shannon information measures, we do so using two forms of the conditional Rényi entropy. Among other techniques, we employ new one-shot bounds and the moments of type class enumerator method for these evaluations. We show that these asymptotic results are generalizations of the strong converse exponent and the error exponent of the Slepian-Wolf problem under maximum \emph{a posteriori} (MAP) decoding.

Masahito Hayashi

Coding technology is used in several information processing tasks. In particular, when noise during transmission disturbs communications, coding technology is employed to protect the information. However, there are two types of coding technology: coding in classical information theory and coding in quantum information theory. Although the physical media used to transmit information ultimately obey quantum mechanics, we need to choose the type of coding depending on the kind of information device, classical or quantum, that is being used. In both branches of information theory, there are many elegant theoretical results under the ideal assumption that an infinitely large system is available. In a realistic situation, we need to account for finite size effects. The present paper reviews finite size effects in classical and quantum information theory with respect to various topics, including applied aspects.

Masahito Hayashi, Vincent Y. F. Tan

We evaluate the asymptotics of equivocations, their exponents as well as their second-order coding rates under various Rényi information measures. Specifically, we consider the effect of applying a hash function on a source and we quantify the level of non-uniformity and dependence of the compressed source from another correlated source when the number of copies of the sources is large. Unlike previous works that use Shannon information measures to quantify randomness, information or uniformity, we define our security measures in terms of a more general class of information measures--the Rényi information measures and their Gallager-type counterparts. A special case of these Rényi information measure is the class of Shannon information measures. We prove tight asymptotic results for the security measures and their exponential rates of decay. We also prove bounds on the second-order asymptotics and show that these bounds match when the magnitudes of the second-order coding rates are large. We do so by establishing new classes non-asymptotic bounds on the equivocation and evaluating these bounds using various probabilistic limit theorems asymptotically.

Masahito Hayashi, Shun Watanabe

In this paper, we derive non-asymptotic achievability and converse bounds on the random number generation with/without side-information. Our bounds are efficiently computable in the sense that the computational complexity does not depend on the block length. We also characterize the asymptotic behaviors of the large deviation regime and the moderate deviation regime by using our bounds, which implies that our bounds are asymptotically tight in those regimes. We also show the second order rates of those problems, and derive single letter forms of the variances characterizing the second order rates. Further, we address the equivocation rates for these problems.

Masahito Hayashi, Himanshu Tyagi, Shun Watanabe

We revisit the problem of secret key agreement using interactive public communication for two parties and propose a new secret key agreement protocol. The protocol attains the secret key capacity for general observations and attains the second-order asymptotic term in the maximum length of a secret key for independent and identically distributed observations. In contrast to the previously suggested secret key agreement protocols, the proposed protocol uses interactive communication. In fact, the standard one-way communication protocol used prior to this work fails to attain the asymptotic results above. Our converse proofs rely on a recently established upper bound for secret key lengths. Both our lower and upper bounds are derived in a single-shot setup and the asymptotic results are obtained as corollaries.

Masahito Hayashi, Toyohiro Tsurumaru

We explicitly construct random hash functions for privacy amplification (extractors) that require smaller random seed lengths than the previous literature, and still allow efficient implementations with complexity $O(n\log n)$ for input length $n$. The key idea is the concept of dual universal$_2$ hash function introduced recently. We also use a new method for constructing extractors by concatenating $δ$-almost dual universal$_2$ hash functions with other extractors. Besides minimizing seed lengths, we also introduce methods that allow one to use non-uniform random seeds for extractors. These methods can be applied to a wide class of extractors, including dual universal$_2$ hash function, as well as to conventional universal$_2$ hash functions.

Masahito Hayashi

Recently, $\varepsilon$-almost dual universal$_2$ hash functions has been proposed as a new and wider class of hash functions. Using this class of hash functions, several efficient hash functions were proposed. This paper evaluates the security performance when we apply this kind of hash functions. We evaluate the security in several kinds of setting based on the $L_1$ distinguishability criterion and the modified mutual information criterion. The obtained evaluation is based on smoothing of Rényi entropy of order 2 and/or min entropy. We clarify the difference between these two methods.

Masahito Hayashi, Ryutaroh Matsumoto

The secure multiplex coding (SMC) is a technique to remove rate loss in the coding for wire-tap channels and broadcast channels with confidential messages caused by the inclusion of random bits into transmitted signals. SMC replaces the random bits by other meaningful secret messages, and a collection of secret messages serves as the random bits to hide the rest of messages. In the previous researches, multiple secret messages were assumed to have independent and uniform distributions, which is difficult to be ensured in practice. We remove this restrictive assumption by a generalization of the channel resolvability technique. We also give practical construction techniques for SMC by using an arbitrary given error-correcting code as an ingredient, and channel-universal coding of SMC. By using the same principle as the channel-universal SMC, we give coding for the broadcast channel with confidential messages universal to both channel and source distributions.

Masahito Hayashi

We treat secret key extraction when the eavesdropper has correlated quantum states. We propose quantum privacy amplification theorems different from Renner's, which are based on quantum conditional Rényi entropy of order 1+s. Using those theorems, we derive an exponential decreasing rate for leaked information and the asymptotic equivocation rate, which have not been derived hitherto in the quantum setting.

Masahito Hayashi

A usual code for quantum wiretap channel requires an auxiliary random variable subject to the perfect uniform distribution. However, it is difficult to prepare such an auxiliary random variable. We propose a code that requires only an auxiliary random variable subject to a non-uniform distribution instead of the perfect uniform distribution. Further, we evaluate the exponential decreasing rate of leaked information and derive its equivocation rate. For practical constructions, we also discuss the security when our code consists of a linear error correcting code.

Masahito Hayashi

It is known that the security evaluation can be done by smoothing of Rényi entropy of order 2 in the classical and quantum settings when we apply universal$_2$ hash functions. Using the smoothing of Renyi entropy of order 2, we derive security bounds for $L_1$ distinguishability and modified mutual information criterion under the classical and quantum setting, and have derived these exponential decreasing rates. These results are extended to the case when we apply $\varepsilon$-almost dual universal$_2$ hash functions. Further, we apply this analysis to the secret key generation with error correction.

Fuminori Sakaguchi, Masahito Hayashi

In our preceding paper, we have proposed an algorithm for obtaining finite-norm solutions of higher-order linear ordinary differential equations of the Fuchsian type [\sum_m p_m (x) (d/dx)^m] f(x) = 0 (where p_m is a polynomial with rational-number-valued coefficients), by using only the four arithmetical operations on integers, and we proved its validity. For any nonnegative integer k, it is guaranteed mathematically that this method can produce all the solutions satisfying \int |f(x)|^2 (x^2+1)^k dx < \infty, under some conditions. We materialize this algorithm in practical procedures. An interger-type quasi-orthogonalization used there can suppress the explosion of calculations. Moreover, we give an upper limit of the errors. We also give some results of numerical experiments and compare them with the corresponding exact analytical solutions, which show that the proposed algorithm is successful in yielding solutions with high accuracy (using only arithmetical operations on integers).

Fuminori Sakaguchi, Masahito Hayashi

Based on functional analysis, we propose an algorithm for finite-norm solutions of higher-order linear Fuchsian-type ordinary differential equations (ODEs) P(x,d/dx)f(x)=0 with P(x,d/dx):=[\sum_m p_m (x) (d/dx)^m] by using only the four arithmetical operations on integers. This algorithm is based on a band-diagonal matrix representation of the differential operator P(x,d/dx), though it is quite different from the usual Galerkin methods. This representation is made for the respective CONSs of the input Hilbert space H and the output Hilbert space H' of P(x,d/dx). This band-diagonal matrix enables the construction of a recursive algorithm for solving the ODE. However, a solution of the simultaneous linear equations represented by this matrix does not necessarily correspond to the true solution of ODE. We show that when this solution is an l^2 sequence, it corresponds to the true solution of ODE. We invent a method based on an integer-type algorithm for extracting only l^2 components. Further, the concrete choice of Hilbert spaces H and H' is also given for our algorithm when p_m is a polynomial or a rational function with rational coefficients. We check how our algorithm works based on several numerical demonstrations related to special functions, where the results show that the accuracy of our method is extremely high.