Optimal bounds for parity-oblivious random access codes

# Optimal bounds for parity-oblivious random access codes

André Chailloux INRIA, Paris Rocquencourt, SECRET Project Team. Email: andre.chailloux@inria.fr.    Iordanis Kerenidis IRIF, Université Paris Diderot, Paris, France and Centre for Quantum Technologies, National University of Singapore, Singapore. Email: jkeren@liafa.univ-paris-diderot.fr.    Srijita Kundu Chennai Mathematical Institute, Chennai, India. Email: srijita@cmi.ac.in.    Jamie Sikora Centre for Quantum Technologies, National University of Singapore, and MajuLab, CNRS-UNS-NUS-NTU International Joint Research Unit, UMI 3654, Singapore. Email: cqtjwjs@nus.edu.sg.
March 23, 2016
###### Abstract

Random access coding is an information task that has been extensively studied and found many applications in quantum information. In this scenario, Alice receives an -bit string , and wishes to encode into a quantum state , such that Bob, when receiving the state , can choose any bit and recover the input bit with high probability. Here we study two variants: parity-oblivious random access codes, where we impose the cryptographic property that Bob cannot infer any information about the parity of any subset of bits of the input apart from the single bits ; and even-parity-oblivious random access codes, where Bob cannot infer any information about the parity of any even-size subset of bits of the input.

In this paper, we provide the optimal bounds for parity-oblivious quantum random access codes and show that they are asymptotically better than the optimal classical ones. Our results provide a large non-contextuality inequality violation and resolve the main open problem in a work of Spekkens, Buzacott, Keehn, Toner, and Pryde (2009). Second, we provide the optimal bounds for even-parity-oblivious random access codes by proving their equivalence to a non-local game and by providing tight bounds for the success probability of the non-local game via semidefinite programming. In the case of even-parity-oblivious random access codes, the cryptographic property holds also in the device-independent model.

## 1 Introduction

Quantum information theory studies how information is encoded in quantum mechanical systems and how it can be transmitted through quantum channels. A main question is whether quantum information is more powerful than classical information. A celebrated result by Holevo [Hol73] shows that quantum information cannot be used to compress classical information. In high level, in order to transmit uniformly random classical bits, one needs to transmit no less than quantum bits. This might imply that quantum information is no more powerful than classical information. This however is wrong in many situations. In the model of communication complexity, one can show that transmitting quantum information may result in exponential savings on the communication needed to solve specific problems ([Raz99, BCWdW01, BJK04, GKK08, RK11]).

One specific information task that has been extensively studied in quantum information is the notion of random access codes (RACs) [Nay99, ANTV99, ANTV02]. In this scenario, Alice receives an -bit string , drawn from the uniform distribution, and wishes to encode into a quantum state , such that Bob, when receiving the state , can choose any bit and recover the input bit with high probability by performing some general quantum operation on .

RACs have been used in various situations in quantum information and computation, including in communication complexity, non-locality, extractors and device-independent cryptography [BARdW08, INRY07, PZ10, DV10, LPY12]. Even though this task seems easier than transmitting the entire input string , it is known that the length of quantum RACs must be at least  [Nay99]. In fact, the length of a classical RAC can be within a logarithmic additive factor of a quantum RAC [ANTV99].

On the other hand, a well-known example shows the advantages of quantum RACs by using a single qubit to encode two uniformly random classical bits. In this case, the success of correctly decoding either bit is [BBBW83, ANTV99] while the optimal classical encoding can achieve an average success probability of . An advantage can also be proven for the case of encoding three classical bits into one qubit as shown by Chuang (see [ANTV02] for details), but not for  [HIN06].

Nevertheless, a question remained of whether there are variants of RACs, for which we can have an asymptotically significant advantage in the quantum case. We show that this is indeed the case for the so-called parity-oblivious RACs (denoted here as PO-RACs). These are the usual RACs with the extra cryptographic property that the receiver cannot infer any information about the parity of any subset of bits of the input, apart from the single bits.

This cryptographic property means, in particular, that once some information about a bit is learned, then no other information can be extracted about any of the other bits. Such a notion has applications in various areas of cryptography. For example, this is a requirement for a class of classical or quantum protocols known as symmetric-private information retrieval schemes (PIR) [GIKM98, KdW04] where one or more servers have a database , a user chooses an index and at the end, the user learns but no other bit of , and remains hidden. A parity-oblivious RAC satisfies the security conditions of a PIR scheme since the index remains hidden (the RAC is non-interactive) and the user cannot learn more than one bit of the database.

Random access codes that are parity-oblivious have been considered before. For example, the previously mentioned RACs for encoding two or three classical bits in one qubit have this property. It is not hard to check that for any subset of the inputs of size or greater, Bob’s reduced density matrix is exactly the same for the cases where the parity is or . In other words, Bob has no information about the parity. These RACs violate a non-contextuality inequality developed by Spekkens, Buzacott, Keehn, Toner, and Pryde [SBK09]. This inequality is discussed further in Subsection 1.1.3.

We will also define a weaker variant called even-parity-oblivious RACs (denoted as EPO-RACs), where the receiver can infer no information about the parity of any even-size subset of the input. These codes are interesting for two reasons: first, they will let us prove tight upper bounds for PO-RACs; and second, due to their equivalence with a non-local game, their cryptographic property holds in the device independent setting.

### 1.1 Our results

We split our results into four sections. We first present the optimal bounds for parity-oblivious quantum RACs and even-parity-oblivious RACs. We then contrast this to the classical case (Subsection 1.1.2), discuss a violation of a non-contextuality inequality (Subsection 1.1.3), then discuss the security of our optimal quantum RACs in the device-independent model (Subsection 1.1.4).

#### 1.1.1 Quantum random access codes and cryptographic security definitions

Formally, a quantum RAC of classical bits is simply a set of quantum states . We suppose Alice chooses uniformly at random, prepares the state , and sends to Bob who has a POVM where the subscript of serves as his guess for the -th bit of , denoted , for each index . Suppose that can be decoded with success probability . Then we say that the bias, or worst-case bias, of the RAC is

 mint∈[n]αt

and the average-case bias is

 Et∼μ([n])αt,

where is the uniform probability distribution.

We consider two cryptographic variants of quantum RACs in this paper. We are concerned with designing quantum RACs which hide some information about the encoded string from a potentially cheating Bob. By information being hidden, we mean that there exists no measurement which yields a correct guess with probability greater than that of randomly guessing. In particular, we consider the case where Bob cannot learn the value of

 xS:=⨁i∈Sxi,

for certain choices of subset , of Alice’s encoded string . We call the value the -parity of the string .

###### Definition 1 (Parity-oblivious and even-parity-oblivious quantum Racs).

We say that a quantum RAC is parity-oblivious, denoted , if the receiver can infer no information about for any subset of size or greater, when is chosen uniformly at random. In other words, for all of size or greater, we have

 12n−1∑x:xS=0ρx=12n−1∑x:xS=1ρx.

We say that a quantum RAC is even-parity-oblivious, denoted , if the receiver can infer no information about for any subset of even size, or greater.

Note that the usual treatment of RACs is to analyze the relationships between the number of encoded bits , the bias , and the encoding dimension of . Here, we are not concerned with the encoding dimension, but rather the ability to achieve cryptographic security in terms of parity-obliviousness.

In this paper, we present the optimal bias for a quantum and show that they perform asymptotically better than the optimal classical version.

###### Theorem 1 (Optimal quantum parity-oblivious random access codes).

For any integer , a quantum parity-oblivious random access code of bits has worst-case bias at most . Moreover, this bound can be achieved using qubits.

This is in contrast to the classical setting where the optimal average-case bias is provably  [SBK09] (discussed further in Subsection 1.1.2).

The main idea of the proof of the upper bound is that quantum encodings can be studied through their close relationship to non-local games. Such connections were noted in [OW10] and in [CKS14] it was shown that certain non-local games are equivalent to quantum encodings in the sense that the optimal average decoding probability is equal to the success probability of the non-local game.

In a non-local game, two non-communicating parties, Alice and Bob, receive some inputs and , respectively, according to some probability distribution known to Alice and Bob, and must output and , respectively, such that satisfy some specific condition. For example, in the CHSH game, the condition is . The goal is to find the optimal quantum (resp. classical) success probability of satisfying the condition when Alice and Bob are allowed to share some initial quantum state (resp. shared randomness).

We now define a very natural non-local game called the INDEX game which we use in the analysis in this paper.

###### Definition 2 (Index game).

The game, parameterized by , is the following non-local game:

• Alice’s input: Alice receives a random from the set .

• Bob’s input: Bob receives a random index from the set .

• Winning condition: They win if Alice’s output bit and Bob’s output bit satisfy .

The choice of initial resource state and local measurement operators (that depend on the respective inputs) comprise a strategy. We say that a strategy for the game has bias if

 Es∼μ({0,1}n)Et∼μ([n])Pr[\textupAlice′soutputa\textupandBob′soutputb\textupsatisfya⊕b=st]=12(1+α).

We show that even-parity-oblivious RACs with average-case bias are equivalent to the INDEX game. In other words, any INDEX game strategy with bias yields an even-parity-oblivious RAC with average-case bias and vice versa.

###### Theorem 2 (Equivalence).

For any , there exists a quantum even-parity-oblivious RAC of bits with average-case bias if and only if there exists a quantum strategy with bias .

Noting that the INDEX game is an XOR game, i.e., the winning condition depends only on the XOR of Alice and Bob’s one-bit answers, we use a tight semidefinite programming characterization [CSUU08] to provide the exact optimal quantum bias.

###### Theorem 3 (Optimal quantum Index game bias).

For any , the optimal quantum bias of an strategy is .

The above two theorems imply the optimal bounds for even-parity-oblivious random access codes.

###### Corollary 1 (Optimal quantum even-parity-oblivious random access codes).

For any integer , a quantum even-parity-oblivious random access code of bits has average-case bias at most . Moreover, this bound can be achieved using qubits.

Since the worst-case bias of a quantum PO-RAC is obviously upper bounded by the optimal average-case bias of a quantum RAC hiding only the even parities, Theorems 2 and 1 show that every has bias at most .

To prove this upper bound is tight, we give an explicit construction of a quantum PO-RAC of bits with bias that uses qubits and classical bit. This RAC is based on the notion of hyperbits [PW12] and a proof of Tsirelson’s Theorem [Tsi87]. We then discuss how to remove the classical bit and make it device-independent (see Subsection 1.1.4 for more details about the device-independent model).

We remark that parity-oblivious and even-parity-oblivious quantum RACs both share the same worst-case and average-case bias of . However, the same is not true if we consider odd-parity-oblivious RACs where the parities are hidden for only odd-size subsets (greater or equal to ). Consider encoding a six-bit string where the first three bits are encoded using Chuang’s PO-RAC and similarly for the last three bits. It is a straightforward exercise to verify that this is odd-parity-oblivious and that any bit can be decoded with bias . We leave finding the optimal bounds for odd-parity-oblivious RACs an open problem.

#### 1.1.2 Parity-oblivious classical Racs

We also study classical RACs, defined below, for which both variants of bias and both variants of parity-obliviousness are defined analogously.

###### Definition 3 (Classical Racs with worst-case and average-case biases).

A classical RAC is a set of strings where corresponds to private randomness. After choosing uniformly at random, Alice samples from the private randomness, sends to Bob the string , and Bob has a decoding procedure given as function , for each , for learning the ’th bit of .

We note that the equivalence stated in Theorem 2 holds in the classical case as well (remarked in Section 2). To find the optimal average-case bias of even-parity-oblivious classical RACs, we provide the following theorem.

###### Theorem 4 (Optimal classical Index game bias).

For any , the optimal classical bias of an strategy is .

This theorem, together with the classical version of the equivalence shows that classical RACs that are even-parity-oblivious have an optimal average-case bias of . Note that, asymptotically, this value is the same as the quantum value, that is, having a bias of . However, differences arise when one considers RACs that also hide the odd parities. Consider the following proposition of Spekkens, Buzacott, Keehn, Toner, and Pryde.

###### Proposition 1 (Optimal parity-oblivious classical Racs [Sbk+09]).

For any , a parity-oblivious classical RAC of bits has average-case bias at most . Moreover, this bound can be achieved using classical bit.

Thus, there is a difference between the optimal average-case biases of parity-oblivious and even-parity-oblivious RACs in the classical setting, in contrast to the quantum setting.

#### 1.1.3 Large non-contextuality inequality violations

The basic primitives in an operational theory are preparations and measurements which can be thought of as instructions for the laboratory apparatus. For example, the operational theory can be given in terms of hidden variables which are probability distributions characterizing the outcomes of the preparations and measurements. That is, a preparation creates a physical state (each occurring with some probability) and a measurement acts upon a physical state and outputs a prediction or simply an outcome (each occurring with some probability). Thus, the probability distributions characterizing these actions are how they are represented in this model.

A hidden variable model is preparation non-contextual if whenever two preparations yield the same statistics for all possible measurements then they are represented equivalently in the model and a hidden variable model is measurement non-contextual if whenever two measurements have the same statistics for all preparations then they are represented equivalently in the model (see [SBK09] and references therein for a more thorough discussion). Similar to non-locality, a non-contextuality inequality is any inequality on probability distributions that follows from the assumption that there exists a hidden variable model that is preparation or measurement non-contextual.

Spekkens, Buzacott, Keehn, Toner, and Pryde [SBK09] proved the following non-contextuality inequality (or NC inequality, for short).

###### Proposition 2 (Non-contextuality inequality [Sbk+09]).

In any operational theory that admits a preparation non-contextual hidden variable model, the average-case bias for any parity-oblivious RAC is at most .

Then, they discussed that quantum mechanics violates this NC inequality for , by noting the previously mentioned parity-oblivious quantum RACs of two and three classical bits into one qubit with respective average-case biases of and . It was left as an open question whether quantum mechanics violates this NC inequality for .

Through our analysis, we have shown that the optimal average-case bias for quantum parity-oblivious RACs is , thus resolving their main open question. This provides a family of NC inequality violations that grow with the input size .

Note, that if there exists a game for which the winning probability of any classical strategy cannot deviate from by more than and, moreover, there is a quantum strategy with winning probability at least , then we can obtain a violation of order (see [BRSdW12] for details). Hence, to quantify the violation of this NC inequality, we consider the ratio of the optimal average-case bias of quantum parity-oblivious RACs and that of any operational theory admitting a preparation non-contextual hidden variable model. More precisely, we show an explicit non-contextuality inequality violation of order .

###### Theorem 5.

For any integer , there exists an explicit non-contextuality inequality that provides a violation of order .

Note that other large non-contextuality inequality violations have been found, see for example the work of Vidick and Wehner [VW11].

#### 1.1.4 Device-independent quantum Racs

Until this point, we have discussed the bias and the parity-obliviousness of a quantum RAC which are functions of the encoding states only. However, much of the cryptographic analysis in this paper is concerned with how the states are prepared. In this subsection, we discuss how the security of the RAC is affected if one cannot trust the quantum apparatus used in the preparation of .

The device-independent model of cryptographic security deals with the setting when the devices used in the protocol are not trusted, or are even malicious, being created by the cheaters/eavesdroppers themselves. Many security proofs in this setting are based on quantum non-locality or the no-signalling principle, each having their own limitations which ultimately limits the cheating capabilities for anyone controlling the preparation and/or execution of the quantum devices in the protocol. Recall that the no-signalling principle, which is satisfied by the laws of quantum mechanics, roughly states that it is impossible to send information arbitrarily fast, in particular faster than the speed of light. For example, in a quantum setting, Alice cannot convey information to a distant Bob by simply measuring her half of a shared quantum state.

Obviously, if the preparation of the encoding is as simple as Alice having a quantum device which outputs on input , then certainly device-independence is not feasible since Bob may control the quantum device and just have it prepare (or some other function of according to what he wishes to learn). However, the preparation need not be so simple. We now sketch the preparation of the quantum RACs presented in this work to give an idea of how they can be device-independent.

First, Alice creates a bipartite quantum state and sends a subsystem to Bob. Afterwards she chooses a string uniformly at random and measures her half of the state to get an outcome . She then defines , for all , and Bob’s post-measured state is now his encoding of the string . Since there is no communication from Alice to Bob after Alice chooses , he must not be able to infer any information about from his encoding of . Thus, Bob has limited information of any function of which contains information about . For example, Bob cannot learn since

 x1⊕x2=(s1⊕a)⊕(s2⊕a)=s1⊕s2

which is hidden by the no-signalling principle. Therefore, even if Bob created the entire state which Alice shares at the beginning, and Alice’s measurement, he cannot infer any information about , promised only by the no-signalling principle.

###### Theorem 6.

There exists a preparation of an optimal with bias which is even-parity-oblivious in the device-independent model against a no-signalling Bob.

We prove the above theorem using a small modification of our optimal in Section 4. See Subsection 4.3 for more details. Note also that the above theorem implies that there exist optimal even-parity-oblivious random access codes which retain their cryptographic property in the device independent model.

### 1.2 Organization of the paper

In Section 2, we prove the equivalence of even-parity-oblivious RACs and strategies. In Section 3 we discuss the optimal quantum and classical bias of the game for any . We conclude in Section 4 by presenting an optimal parity-oblivious quantum RAC and prove the security for the even-parity-obliviousness in the device-independent model.

## 2 Equivalence of Epo-Racs and \textupINDEXn strategies

In this section we prove the equivalence in Theorem 2, reproduced below.

###### Theorem 2 (Equivalence).

For any , there exists a quantum even-parity-oblivious RAC of uniformly random classical bits with average-case bias if and only if there exists a quantum strategy with bias .

For this reason, even-parity-obliviousness of a RAC is a very natural property. In particular, in the simple reduction from INDEX strategies to RACs (Subsection 2.2), we see how even-parity-obliviousness appears and how the RAC may not hide the odd parities.

### 2.1 From Racs to Index strategies

Let us fix an even-parity-oblivious RAC with average-case bias . Let be the Hilbert space used for the encoding. Our goal is to construct a strategy for with bias . For each , we fix a purification of in the space . For , let be the -bit string and be the bit-wise complement of a string . For , define the following state

 |Ωs⟩:=1√2∑a∈{0,1}|a⟩O|ψs⊕a⟩AB=1√2|0⟩|ψs⟩+1√2|1⟩|ψ¯s⟩,

where is a qubit register containing the value of . We would like to show that if Bob has the register of the above state, then he has no information about . Note that his reduced state is .

The first step is to see that Bob has no information about any parity of (not even of the values of the singleton bits). Fix an arbitrary, non-empty subset . For fixed , Bob’s reduced state, averaged over all such that , is given by

 σbS:=12n−1∑s:sS=bσs=12n⎛⎝∑s:sS=bρs+∑s:sS=bρ¯s⎞⎠.

Note that when is even and when is odd. Thus, by defining in the similar way

 ρbS:=12n−1∑s:sS=bρs

we can easily verify that when is even and when is odd. Note that since is an even-parity-oblivious RAC, we have by definition that for even (otherwise, Bob could measure to learn some information about the even parity). Thus, we have that for all nonempty subsets and therefore all the parities are hidden from Bob when given (when is chosen uniformly at random). This means that for any nonempty subset and measurement , Bob has a maximum probability of of successfully guessing from the RAC .

In the following lemma, we prove that if an encoding reveals no information about the parity of any subset, then the encoding reveals no information about the string. This is intuitively an obvious statement that we rigorously prove below.

###### Lemma 1.

If an encoding satisfies , for every subset , then for all .

###### Proof.

Suppose for a contradiction that there exists such that . Then there exists a subset of size such that is not equal to , where denotes the complement of the set . To see this, take any subset of size ; if , then we can find and such that , since all the are not equal. We consider the subset where we add and remove from to obtain .

This means that there exists a two-outcome measurement that outputs 1 if and otherwise, with positive bias. We now show for a contradiction that this measurement must also output a parity of some nonempty subset with positive bias. Define the function as the indicator function of and let be the expectation over the measurement outcomes when measuring with , so . Then

 Es∼μ({0,1}n)[b(s)⋅f(s)]>0.

By taking the Fourier representation of the function, we have

 Es∼μ({0,1}n)[b(s)⋅f(s)]=Es∼μ({0,1}n)⎡⎣b(s)⋅∑S⊆[n]^f(S)(−1)sS⎤⎦=∑S⊆[n]^f(S)Es∼μ({0,1}n)[b(s)⋅(−1)sS]>0.

Note that , because , implying that there exists a non-empty subset for which

 Es∼μ({0,1}n)[b(s)⋅(−1)sS]≠0,

The above statement means that for each , we have . In particular, for any there exists a unitary acting on such that . We use the state to define the strategy:

• Alice and Bob share the state .

• Upon receiving , Alice applies on such that Alice and Bob share . Alice measures register in the computational basis and outputs the measurement outcome .

• For Alice’s input and output , Bob has an encoding where occurs uniformly at random. Upon receiving , Bob measures just as in the RAC to learn . He outputs equal to his guess.

• Alice and Bob win the game if meaning that they win the game if and only if Bob correctly guesses .

Since the RAC has average-case bias , we see that with this strategy, they succeed with probability

 Es∼μ({0,1}n)Et∼μ([n])Pr[\textupAlice′soutputa\textupandBob′soutputb\textupsatisfya⊕b=st] = = 12(1+α),

as desired.

### 2.2 From Index strategies to Rac

Suppose Alice and Bob have a strategy to win the game with bias with starting state . On input , Alice performs on her side the corresponding measurement which generates her outcome . We assume that is uniformly random and independent of (which can be guaranteed by taking the XOR with an independently and uniformly random bit that is shared with Bob). Let be the state that Bob has when Alice has input and outputs and define the RAC where for each . We now show that is an even-parity-oblivious RAC with average-case bias . Note that is independent of by the no-signalling principle. For convenience, define for any .

1. It hides the even parities: Let be a subset of even size and be an arbitrary bit. Then we have for any , since is even. Bob’s reduced state, averaged over all such that , is given by

 12n−1∑x:xS=bσx=12n∑x:xS=bρx,0+12n∑x:xS=bρ¯x,1=12n∑x:xS=bρx,0+12n∑x:xS=bρx,1=ρ,

which is independent of , thus proving the RAC is even-parity-oblivious.

2. Since Alice and Bob win the game with average-case bias , we know that

 12(1+α)=Ea∼μ({0,1})Es∼μ({0,1}n)Et∼μ([n])Pr[Bob % learns st⊕a from ρs,a].

By defining , we can write the above as

 12(1+α) = Ea∼μ({0,1})Ex∼μ({0,1}n)Et∼μ([n])Pr[Bob learns xt from ρx⊕a,a] = Ex∼μ({0,1}n)Et∼μ([n])Pr[Bob learns xt from σx]

as desired.

Note that in the proof above, we are treating , the string Alice wishes to encode, as . We now remark that some of the odd parities of may not be hidden from Bob. For example, if in the INDEX game Alice simply outputs , where is the uniformly random bit Alice and Bob share to make independent of , then we have and Bob would know this odd parity exactly. However, the even parities of are equal to those of which are hidden by the no-signalling principle.

###### Remark 1.

The above equivalence also holds in the classical setting.

## 3 On the structure of optimal Index game strategies

In this section, we prove Theorems 3 and 4, that the optimal quantum bias of an strategy is and the optimal classical bias of an strategy is .

### 3.1 The quantum bias

The quantum bias of any XOR game can be found efficiently by solving a semidefinite program (SDP) [CSUU08]. The optimization takes place over a matrix indexed by and with each entry corresponding to the expectation of the measurement outcome of a fixed game strategy. Such a matrix of inner products can be written as a positive semidefinite matrix and the expectation (or bias) of the game strategy is then an inner product of this matrix and one containing the information of the XOR game.

Specifically, the quantum bias of the game can be calculated as the optimal value of either SDP below

Primal problem (P)

 supremum: ⟨B,X⟩ subject to: diag(X)=e X⪰0

Dual problem (D)

 infimum: ⟨e,y⟩ subject to: Diag(y)⪰B

where

• is the vector on the diagonal of the square matrix ,

• is the vector of all ones,

• is the diagonal matrix with the vector on the diagonal,

• ,   where .

For (P), consider the positive semidefinite matrix , where

 Y:=[√n2nAIT].

To show is feasible in (P), one can check that each diagonal entry of is equal to from the definition of above. Note that proving that the quantum bias is at least (since the quantum bias is the maximum of over all feasible ).

For (D), let where (determined later) and and are the vectors of all ones indexed by entries in and , respectively. Then

 Diag(y)⪰B⟺[uIS−12A−12A⊤vIT]⪰0⟺uvIT⪰14A⊤A=14n22nIT⟺uv≥14n22n.

From above, if we set and , then is feasible in (D). Since

 ⟨e,y⟩=2nu+nv=1√n,

we know the quantum bias is at most (since the quantum bias is equal to the minimum of over all feasible ). Therefore, the quantum bias is exactly , as required.

The INDEX game turns out to be equivalent to the Retrieval game studied in [OW10] which is defined similarly except the first bit of Alice’s input is always and the other bits are chosen independently and uniformly at random. To see the equivalence, notice that in the INDEX game Alice can take her input , define , where fixes the specific bit to a specific value, play the Retrieval game strategy with input to generate , and then output (Bob plays the same strategy). Thus, any strategy for the Retrieval game with bias yields a strategy for the INDEX game with bias as well. We further remark that the quantum bias of the Retrieval game is shown to be in [OW10] through the use of uncertainty relations. Using this result, and the equivalence to the INDEX game, we have another proof that the quantum bias of the INDEX game is .

### 3.2 The classical bias

We can assume without loss of generality that Alice and Bob’s strategies are deterministic. Define as the string of potential answers Bob gives where is the bit that Bob outputs on input . Now let us examine Alice’s strategy. For a fixed input , if she outputs , they win the game with probability

 Et∼μ([n])Pr[bt≠st]=1n|b⊕s|H,

where denotes the Hamming weight of a string . If she outputs , they win the game with probability

 Et∼μ([n])Pr[bt=st]=1−1n|b⊕s|H.

Since their strategies are deterministic, Alice should output the maximum of these two, so

 max{1n|b⊕s|H,1−1n|b⊕s|H}=12+∣∣∣12−1n|b⊕s|H∣∣∣=12+12⋅2n∣∣∣n2−|b⊕s|H∣∣∣.

Therefore, the classical bias is precisely . Note that this quantity is independent of , thus we could assume Bob always outputs for every input. The quantity

 Es∼μ({0,1}n)∣∣∣n2−|b⊕s|H∣∣∣

corresponds to the mean deviation of the uniform binomial distribution. This is a well studied quantity [Fra45] and we know that

 Es∼μ({0,1}n)[∣∣∣n2−|b⊕s|H∣∣∣]=√n2π(1+O(1n)).

Therefore, the classical bias is , as desired.

## 4 A construction of a quantum \textupPO-\textupRACn with optimal bias

In this section, we give an explicit construction of a quantum with optimal bias.

###### Lemma 2 (Optimal \textupPO-\textupRACn).

For any integer , there exists a with bias that uses qubits.

Our construction builds upon the previously mentioned RACs for sending (resp. ) classical bits with bias (resp. ). These are the vertices from the corners of a square inscribed in an equatorial plane in the Bloch sphere, and the corners of a cube inscribed in the Bloch sphere, respectively. To generalize this idea to an -cube inscribed in an -dimensional sphere, we use the intuition of hyperbits, which are a way to visualize such unit vectors in a quantum mechanical setting. A full discussion of hyperbits and their equivalence to certain quantum protocols is beyond the scope of this paper, but we refer the interested reader to the work of Pawlowski and Winter [PW12].

We note that, after the publication of this paper, we became aware that a similar RAC had been previously discovered by Wehner [Weh08], but remained unpublished.

### 4.1 The construction

Our construction is very similar to a proof of Tsirelson’s Theorem [Tsi87]. We start by recursively defining the observables , for , which are used to define the actions of Alice and Bob in the . For and , we define

 G2,1:=X,G2,2:=Y\textupandG3,1:=X,G3,2:=Y,G3,3:=Z.

We use the observables as a base case for a recursive formula:

 n\textupeven: Gn,i:=Gn−1,i⊗X, for i∈{1,…,n−1}, Gn,n=I⊗Y, n\textupodd: Gn,i:=Gn−2,i⊗X, for i∈{1,…,n−2}, Gn,n−1=I⊗Y, Gn,n=I⊗Z.

Note that these act on qubits,111We note here that the choice of these observables is not unique and there are applications in the literature that use slightly different observables. However, this particular choice reduces the RAC dimension by one qubit when is odd. For example, for our RAC uses qubit (as opposed to ) just as in the well-known quantum RAC of three classical bits into one qubit. have eigenvalues , and satisfy the anti-commutation relation

 {Gn,i,Gn,j}=2δi,jI.

Define the following operators for and :

 Ax:=1√nn∑i=1(−1)xiGn,i\textupandBt:=G⊤n,t.

Note that , for all , and , for all , so each have eigenvalues.

The protocol is defined below.

• Encoding states: Alice chooses a uniformly random , creates EPR pairs, and measures the first “halves” with the observable to get an outcome . The second “halves” now contain the post-measurement state and since , each occurs with probability. She sends and to Bob who now has the mixed state

 ρx:=12∑aτx,a⊗|a⟩⟨a|

encoding the string .

• Decoding procedure: If Bob wishes to learn , he measures his EPR halves with the observable to get an outcome and also measures to learn . He computes and outputs if , and otherwise.

In the next two lemmas, we show that the worst-case bias of this RAC is and that it is parity-oblivious, thereby proving Lemma 2.

###### Lemma 3.

The quantum RAC has worst-case bias at least .

###### Proof.

We can assume at the beginning of the protocol, Alice and Bob share the maximally entangled state

 |ψ⟩:=1√2⌊n2⌋2⌊n2⌋∑j=1|j⟩A|j⟩B.

The expectation value of the observable in this state is given by:

 ⟨C⟩=⟨ψ|Ax⊗Bt|ψ⟩=1√n12⌊n2⌋n∑i=1(−1)xi2⌊n2⌋∑j,k=1⟨j|A⟨j|BGn,i⊗G⊤n,t|k⟩A|k⟩B=2⌊n2⌋δi,t=(−1)xt√n

where the third equality is derived from the anti-commutation relation. We can write

 ⟨C⟩=Pr[c=+1]−Pr[c=−1]=⟨ψ|Ax⊗Bt|ψ⟩

implying

 Pr[Bob outputs 0]=Pr[c=+1]=12[1+(−1)xt√n]
 Pr[Bob outputs 1]=Pr[c=−1]=12[1−(−1)xt√n].

This proves that

 Pr[Bob outputs xt]=12(1+1√n),

as desired. ∎

###### Lemma 4.

The quantum RAC is parity-oblivious.

###### Proof.

Protocols involving shared entanglement and sending one classical bit have limited guessing probabilities for functions such as parity [PW12]. In particular, it can be shown that the biases of learning satisfy

 ∑S⊆{0,1}n∖∅α2S≤1.

In the RAC above, we have

 ∑S:|S|=1α2S≥n⋅(1√n)2=1

implying for all of size or greater, implying it is parity-oblivious. ∎

This concludes a construction of a quantum with optimal bias. However, we have not yet proved Theorem 1 since the encoding dimension is too high. We now discuss a small modification to simultaneously reduce the dimension of the RAC and to increase its device-independence.

### 4.2 Removing the classical message

Reducing the dimension of the is straightforward. First notice that Bob simply takes his measurement outcome and changes it if to obtain his guess for . We can remove the need for this message if Alice simply changes the value of for which Bob has the encoding. In other words, instead of sending to Bob, she just switches every bit of if . Then Bob’s guess is just as accurate in guessing where , if , and , if . (Note that this is similar to what was done in Subsection 2.2). Therefore, Bob now has an encoding of , which we denote by . Notice that is a state on only qubits which coincides with the optimal for and previously discussed.

It is easy to see that this new RAC has bias at least by construction. We now argue that this quantum RAC is still parity-oblivious.

###### Lemma 5.

The quantum RAC is parity-oblivious.

###### Proof.

We prove that any -parity hidden from Bob in the quantum RAC is still hidden from Bob in the quantum RAC . Let be Bob’s post-measured state immediately after Alice used measurement and received output . We can write

 ρx:=τx,0⊗|0⟩⟨0|2+τx,1⊗|1⟩⟨1|2 and σx:=τx,0+τ¯x,12.

Fix a subset of size at least . Since is hidden from Bob in the RAC , we have . Thus,

 ⎛⎝∑x:xS=0τx,0⎞⎠⊗|0⟩⟨0|2+⎛⎝∑x:xS=0τx,1⎞⎠⊗|1⟩⟨1|2=⎛⎝∑x:xS=1τx,0⎞⎠⊗|0⟩⟨0|2+⎛⎝∑x:xS=1τx,1⎞⎠⊗|1⟩⟨1|2

implying that

 ∑x:xS=0τx,0=∑x:xS=1τx,0 and ∑x:xS=0τx,1=∑x:xS=1τx,1. (1)

Now we can write

 ∑x:xS=0σx = ∑x:x