Formal verification using interactive theorem provers have been noticed as a method of verification of proofs that are too big for humans to check the validity of them. The purpose of this work is to verify the validity of Robertson-type uncertainty relation toward verifying unconditional security of quantum key distributions. We verify the validity of the relation by using proof assistant Coq and it is turned out that the theorem regarding the relation formally holds. The source code for Coq which represents the validity of the theorem is printed in Appendix .
Formal verification is a technique for verifying the validity of proofs in mathematics, algorithms, computer sys- tems, and so on. In the formal verification by using logical reasoning, interactive theorem provers (HOL [
Formal verification by using the interactive theorem provers has been noticed as a technique for verifying proofs of theorems which are too large for humans to check the validity. Such a theorem as the Feit-Thompson theorem (also known as the odd order theorem) [
The formal verification is considered valid at information theory which is a branch of mathematical science. Affeldt et al. [
In quantum information theory, the axioms of quantum physics are described mathematically [
This paper is organized as follows. In Section 2, we review the theorem regarding Robertson-type uncertainty relation and its mathematically proof. In Section 3, we formally verify the validity of the theorem with Coq. In Section 4, this paper is summarized. Coq source code is printed in Appendix.
Robertson-type uncertainty relation imposes a restriction on probability distributions of measurement outcomes with observables. In this type, uncertainty of the measurement is characterized by standard deviation of the dis- tribution.
In quantum information theory, a quantum system and a quantum pure state in the system are regarded in the same light as a Hilbert space and a unit vector in the space, respectively. In addition, an observable is regarded as an Hermitian operator on the Hilbert space. Let
holds. Standard deviation of the outcomes
Theorem 1 ( [
holds, where
Proof. We observe
Hermiticity of the observable.
where we thank to Hermiticity of
A relation between two observables represented by Equation (2) is called Robertson-type uncertainty relation. The right-hand side of the inequality always takes 0 if the observables are commutative. Therefore, both of standard deviations of the observables may take 0. On the other hand, for non-commutative observables, the right-hand side of the inequality dose not take 0. Then, both of standard deviations of the observables dose not take 0. This implies that Equation (2) is a tradeoff between uncertainties of the observables. In this case, the uncertainty is characterized by standard deviation.
The relation between the non-commutative observables often plays crucial role in discussion of unconditional security of quantum key distributions. In BB84 [
In this section, we verify the validity of Robertson-type uncertainty relation by using the proof assistant Coq. We define types as follows:
・ C: a type of a complex number
・ Vec C n: a type of an n-dimensional complex vector
・ UnitVec C n: a type of an n-dimensional complex unit vector
・ Mat C v: a type of a v =
・ HMat v: a type of a v =
We define functions as follows:
・ var: takes a pair of a variable of UnitVec C n and a variable of HMat v and returns variant with respect to the variables (see Equation (1))
・ cabs: takes a variable of C and returns absolute value of it
・ mMinus: takes a pair of variables of Mat C v and returns addition of them
・ mMinus: takes a pair of variables of Mat C v and returns subtraction of them
・ mMult: takes a pair of variables of Mat C v and returns product of them
・ innerProd: takes a pair of variables of Vec C n and returns inner product of them
・ mvMult: takes a pair of a variable of Mat C v and a variable of Vec C n and returns product of them
Theorem 2. We declare a formalized statement of Robertson-type uncertainty relation in Coq:
Theorem RobertsonUR:
forall (n : nat) (v : mlenghts n) (A B: HMat v) (psi : UnitVec C n),
(sqrt (var psi A)) * (sqrt (var psi B)) >=
(1/2) * (cabs ( innerProd psi (mvMult (mMinus (mMult A B) (mMult B A)) psi))).
Before giving the formally proof described by Coq, we show the broad outlines of it. Firstly, we define the types and the functions in linear algebra. The types and functions are already shown above. The next step is to obtain subgoals through applying small lemmas to some inequalities. The subgoals are formally verified through interactive proof sessions. Finally, we complete the verification of the the theorem regarding Robertson-type uncertainty relation when we have no new subgoals.
Proof. We execute the above statement and obtain a response from Coq:
1 subgoals
______________________________________(1/1)
forall (n : nat) (v : mlengths n) (A B : HMat v) (psi : UnitVec),
sqrt (var psi A) * sqrt (var psi B) >=
1/2* cabs (innerProd psi (mvMult (mMinus (mMult A B) (mMult B A)) psi))
For the above subgoal (statement), a command called tactic is inputted and executed, then, new subgoal which is rewritten according to the tactic is obtained as a response from Coq. We prove the statement through interactive proof sessions until there no exist new subgoals (for complete Coq source code, see Appendix).
We input the following tactic and execute it:
intros.
where intros is a tactic which adds a condition described by universal quantifier to preconditions. Then, we get the following response from Coq:
1 subgoals
n : nat
v : nlengths n
A : HMat v
B : HMat v
psi : UnitVec C n
______________________________________(1/1)
sqrt (var psi A) * sqrt (var psi B) >=
1/2* cabs (innerProd psi (mvMult (mMinus (mMult A B) (mMult B A)) psi))
For readability,
set ( a := sqrt (var psi A) ).
set ( b := sqrt (var psi B) ).
set ( c := (cabs (innerProd psi (mvMult (mMinus (mMult A B) (mMult B A)) psi)))).
Then, we get the following response from Coq:
1 subgoals
n: nat
v: mlengths n
A: HMat v
B: HMat v
psi: UnitVec C n
a:= sqrt (var psi A) : R
b:= sqrt (var psi B) : R
c:= cabs (innerProd psi (mvMult (mMinus (mMult A B) (mMult B A)) psi)):R
______________________________________(1/1)
a * b >= 1/2 * c
Hereafter, we show only subgoals which are responses from Coq.
replace ( a * b >= 1 / 2 * c ) with ( (a * a) * (b * b) >= (1/4) * (c * c) ).
Then, we get the following response from Coq:
______________________________________(1/2)
a * a * (b * b) >= 1 / 4 * (c * c)
______________________________________(2/2)
(a * a * (b * b) >= 1 / 4 * (c * c)) = (a * b >= 1 / 2 * c)
For proving the inequality
transitive relation
to the preconditions by using a tactic assert:
assert ( a * a * (b * b) >=
(cabs ( innerProd psi (mvMult (mMult A B ) psi))) *
(cabs ( innerProd psi (mvMult (mMult A B ) psi))) /\
(cabs ( innerProd psi (mvMult (mMult A B ) psi))) *
(cabs ( innerProd psi (mvMult (mMult A B ) psi)))
>= (1 / 4) * (c * c) -> a * a * (b * b) >= 1 / 4 * (c * c)).
For proving the transitive relation
lemma R_leq_eq2
apply R_leq_eq2.
Then, we get the following response from Coq:
H : a * a * (b * b) >=
cabs (innerProd psi (mvMult (mMult A B) psi)) *
cabs (innerProd psi (mvMult (mMult A B) psi)) /\
cabs (innerProd psi (mvMult (mMult A B) psi)) *
cabs (innerProd psi (mvMult (mMult A B) psi)) >= 1/4 * (c*c)
-> a * a * (b * b) >= 1/4 * (c*c)
______________________________________(1/2)
a * a * (b * b) >= 1 / 4 * (c * c)
______________________________________(2/2)
(a * a * (b * b) >= 1 / 4 * (c * c)) = (a * b >= 1 / 2 * c)
Accordingly, the inequality which was performed with assert is added to the precondition as an assumption H. The assumption H is applied to the subgoal for proving
apply H.
We input a tactic split to split
split.
For proving
apply RUR_Var_geq_InnerProd.
set ( d := cabs ( innerProd psi (mvMult (mMult A B ) psi)) ).
We get the following response from Coq:
______________________________________(1/2)
d * d >= 1 / 4 * (c * c)
______________________________________(2/2)
(a * a * (b * b) >= 1 / 4 * (c * c)) = (a * b >= 1 / 2 * c)
replace ( d * d ) with ((((1/2) * (cabs ((innerProd psi (mvMult (mPlus
(mMult A B) (mMult B A) ) psi))))) * ((1/2) * (cabs ( (innerProd psi (mvMult
(mPlus (mMult A B) (mMult B A) ) psi)))))) + (( (1/2) * (cabs ( (innerProd psi (mvMult
(mMinus (mMult A B) (mMult B A)) psi))))) * ((1/2) * (cabs ( (innerProd psi (mvMult
(mMinus (mMult A B) (mMult B A)) psi))))))).
replace ((1/4) * (c * c)) with (((1/2) * (cabs ((innerProd psi
(mvMult (mMinus (mMult A B) (mMult B A)) psi))))) * ((1/2) *
(cabs ((innerProd psi (mvMult (mMinus (mMult A B) (mMult B A)) psi)))))).
For proving
Plus_geq
apply Square_Plus_geq.
For proving
we apply RUR_eq_AB_0 and RUR_eq_AB_1 as follows:
apply RUR_eq_AB_0. apply RUR_eq_AB_1.
Then, we get the following response from Coq:
______________________________________(1/1)
(a * a * (b * b) >= 1 / 4 * (c * c)) = (a * b >= 1 / 2 * c)
For proving
apply R_leq_eq.
Then, we get the following response from Coq:
No more subgoals.
All of the subgoals are proven. Input Qed and end the proof:
Qed.
The validity of Robertson-type uncertainty relation is verified formally.
In this work, we verified formally the validity of Robertson-type uncertainty relation by using the proof assistant Coq. We expect that the formalized theorem utilizes for facilitating the formal verification of the other theorems in quantum information theory. In future work, we will verify entropic uncertainty relation and the information disturbance theorem toward verifying unconditional security of quantum key distributions formally.
This work was partly supported by JSPS KAKENHI (24300030) Grant-in-Aid for Scientific Research (B), and MEXT-Supported Program for the Strategic Research Foundation at Private Universities (2014-2018, S1411030).