Optimal bounds for parityoblivious random access codes
Abstract
Random access coding is an information task that has been extensively studied and found many applications in quantum information. In this scenario, Alice receives an bit string , and wishes to encode into a quantum state , such that Bob, when receiving the state , can choose any bit and recover the input bit with high probability. Here we study two variants: parityoblivious random access codes, where we impose the cryptographic property that Bob cannot infer any information about the parity of any subset of bits of the input apart from the single bits ; and evenparityoblivious random access codes, where Bob cannot infer any information about the parity of any evensize subset of bits of the input.
In this paper, we provide the optimal bounds for parityoblivious quantum random access codes and show that they are asymptotically better than the optimal classical ones. Our results provide a large noncontextuality inequality violation and resolve the main open problem in a work of Spekkens, Buzacott, Keehn, Toner, and Pryde (2009). Second, we provide the optimal bounds for evenparityoblivious random access codes by proving their equivalence to a nonlocal game and by providing tight bounds for the success probability of the nonlocal game via semidefinite programming. In the case of evenparityoblivious random access codes, the cryptographic property holds also in the deviceindependent model.
1 Introduction
Quantum information theory studies how information is encoded in quantum mechanical systems and how it can be transmitted through quantum channels. A main question is whether quantum information is more powerful than classical information. A celebrated result by Holevo [Hol73] shows that quantum information cannot be used to compress classical information. In high level, in order to transmit uniformly random classical bits, one needs to transmit no less than quantum bits. This might imply that quantum information is no more powerful than classical information. This however is wrong in many situations. In the model of communication complexity, one can show that transmitting quantum information may result in exponential savings on the communication needed to solve specific problems ([Raz99, BCWdW01, BJK04, GKK08, RK11]).
One specific information task that has been extensively studied in quantum information is the notion of random access codes (RACs) [Nay99, ANTV99, ANTV02]. In this scenario, Alice receives an bit string , drawn from the uniform distribution, and wishes to encode into a quantum state , such that Bob, when receiving the state , can choose any bit and recover the input bit with high probability by performing some general quantum operation on .
RACs have been used in various situations in quantum information and computation, including in communication complexity, nonlocality, extractors and deviceindependent cryptography [BARdW08, INRY07, PZ10, DV10, LPY12]. Even though this task seems easier than transmitting the entire input string , it is known that the length of quantum RACs must be at least [Nay99]. In fact, the length of a classical RAC can be within a logarithmic additive factor of a quantum RAC [ANTV99].
On the other hand, a wellknown example shows the advantages of quantum RACs by using a single qubit to encode two uniformly random classical bits. In this case, the success of correctly decoding either bit is [BBBW83, ANTV99] while the optimal classical encoding can achieve an average success probability of . An advantage can also be proven for the case of encoding three classical bits into one qubit as shown by Chuang (see [ANTV02] for details), but not for [HIN06].
Nevertheless, a question remained of whether there are variants of RACs, for which we can have an asymptotically significant advantage in the quantum case. We show that this is indeed the case for the socalled parityoblivious RACs (denoted here as PORACs). These are the usual RACs with the extra cryptographic property that the receiver cannot infer any information about the parity of any subset of bits of the input, apart from the single bits.
This cryptographic property means, in particular, that once some information about a bit is learned, then no other information can be extracted about any of the other bits. Such a notion has applications in various areas of cryptography. For example, this is a requirement for a class of classical or quantum protocols known as symmetricprivate information retrieval schemes (PIR) [GIKM98, KdW04] where one or more servers have a database , a user chooses an index and at the end, the user learns but no other bit of , and remains hidden. A parityoblivious RAC satisfies the security conditions of a PIR scheme since the index remains hidden (the RAC is noninteractive) and the user cannot learn more than one bit of the database.
Random access codes that are parityoblivious have been considered before. For example, the previously mentioned RACs for encoding two or three classical bits in one qubit have this property. It is not hard to check that for any subset of the inputs of size or greater, Bob’s reduced density matrix is exactly the same for the cases where the parity is or . In other words, Bob has no information about the parity. These RACs violate a noncontextuality inequality developed by Spekkens, Buzacott, Keehn, Toner, and Pryde [SBK09]. This inequality is discussed further in Subsection 1.1.3.
We will also define a weaker variant called evenparityoblivious RACs (denoted as EPORACs), where the receiver can infer no information about the parity of any evensize subset of the input. These codes are interesting for two reasons: first, they will let us prove tight upper bounds for PORACs; and second, due to their equivalence with a nonlocal game, their cryptographic property holds in the device independent setting.
1.1 Our results
We split our results into four sections. We first present the optimal bounds for parityoblivious quantum RACs and evenparityoblivious RACs. We then contrast this to the classical case (Subsection 1.1.2), discuss a violation of a noncontextuality inequality (Subsection 1.1.3), then discuss the security of our optimal quantum RACs in the deviceindependent model (Subsection 1.1.4).
1.1.1 Quantum random access codes and cryptographic security definitions
Formally, a quantum RAC of classical bits is simply a set of quantum states . We suppose Alice chooses uniformly at random, prepares the state , and sends to Bob who has a POVM where the subscript of serves as his guess for the th bit of , denoted , for each index . Suppose that can be decoded with success probability . Then we say that the bias, or worstcase bias, of the RAC is
and the averagecase bias is
where is the uniform probability distribution.
We consider two cryptographic variants of quantum RACs in this paper. We are concerned with designing quantum RACs which hide some information about the encoded string from a potentially cheating Bob. By information being hidden, we mean that there exists no measurement which yields a correct guess with probability greater than that of randomly guessing. In particular, we consider the case where Bob cannot learn the value of
for certain choices of subset , of Alice’s encoded string . We call the value the parity of the string .
Definition 1 (Parityoblivious and evenparityoblivious quantum Racs).
We say that a quantum RAC is parityoblivious, denoted , if the receiver can infer no information about for any subset of size or greater, when is chosen uniformly at random. In other words, for all of size or greater, we have
We say that a quantum RAC is evenparityoblivious, denoted , if the receiver can infer no information about for any subset of even size, or greater.
Note that the usual treatment of RACs is to analyze the relationships between the number of encoded bits , the bias , and the encoding dimension of . Here, we are not concerned with the encoding dimension, but rather the ability to achieve cryptographic security in terms of parityobliviousness.
In this paper, we present the optimal bias for a quantum and show that they perform asymptotically better than the optimal classical version.
Theorem 1 (Optimal quantum parityoblivious random access codes).
For any integer , a quantum parityoblivious random access code of bits has worstcase bias at most . Moreover, this bound can be achieved using qubits.
This is in contrast to the classical setting where the optimal averagecase bias is provably [SBK09] (discussed further in Subsection 1.1.2).
The main idea of the proof of the upper bound is that quantum encodings can be studied through their close relationship to nonlocal games. Such connections were noted in [OW10] and in [CKS14] it was shown that certain nonlocal games are equivalent to quantum encodings in the sense that the optimal average decoding probability is equal to the success probability of the nonlocal game.
In a nonlocal game, two noncommunicating parties, Alice and Bob, receive some inputs and , respectively, according to some probability distribution known to Alice and Bob, and must output and , respectively, such that satisfy some specific condition. For example, in the CHSH game, the condition is . The goal is to find the optimal quantum (resp. classical) success probability of satisfying the condition when Alice and Bob are allowed to share some initial quantum state (resp. shared randomness).
We now define a very natural nonlocal game called the INDEX game which we use in the analysis in this paper.
Definition 2 (Index game).
The game, parameterized by , is the following nonlocal game:

Alice’s input: Alice receives a random from the set .

Bob’s input: Bob receives a random index from the set .

Winning condition: They win if Alice’s output bit and Bob’s output bit satisfy .
The choice of initial resource state and local measurement operators (that depend on the respective inputs) comprise a strategy. We say that a strategy for the game has bias if
We show that evenparityoblivious RACs with averagecase bias are equivalent to the INDEX game. In other words, any INDEX game strategy with bias yields an evenparityoblivious RAC with averagecase bias and vice versa.
Theorem 2 (Equivalence).
For any , there exists a quantum evenparityoblivious RAC of bits with averagecase bias if and only if there exists a quantum strategy with bias .
Noting that the INDEX game is an XOR game, i.e., the winning condition depends only on the XOR of Alice and Bob’s onebit answers, we use a tight semidefinite programming characterization [CSUU08] to provide the exact optimal quantum bias.
Theorem 3 (Optimal quantum Index game bias).
For any , the optimal quantum bias of an strategy is .
The above two theorems imply the optimal bounds for evenparityoblivious random access codes.
Corollary 1 (Optimal quantum evenparityoblivious random access codes).
For any integer , a quantum evenparityoblivious random access code of bits has averagecase bias at most . Moreover, this bound can be achieved using qubits.
Since the worstcase bias of a quantum PORAC is obviously upper bounded by the optimal averagecase bias of a quantum RAC hiding only the even parities, Theorems 2 and 1 show that every has bias at most .
To prove this upper bound is tight, we give an explicit construction of a quantum PORAC of bits with bias that uses qubits and classical bit. This RAC is based on the notion of hyperbits [PW12] and a proof of Tsirelson’s Theorem [Tsi87]. We then discuss how to remove the classical bit and make it deviceindependent (see Subsection 1.1.4 for more details about the deviceindependent model).
We remark that parityoblivious and evenparityoblivious quantum RACs both share the same worstcase and averagecase bias of . However, the same is not true if we consider oddparityoblivious RACs where the parities are hidden for only oddsize subsets (greater or equal to ). Consider encoding a sixbit string where the first three bits are encoded using Chuang’s PORAC and similarly for the last three bits. It is a straightforward exercise to verify that this is oddparityoblivious and that any bit can be decoded with bias . We leave finding the optimal bounds for oddparityoblivious RACs an open problem.
1.1.2 Parityoblivious classical Racs
We also study classical RACs, defined below, for which both variants of bias and both variants of parityobliviousness are defined analogously.
Definition 3 (Classical Racs with worstcase and averagecase biases).
A classical RAC is a set of strings where corresponds to private randomness. After choosing uniformly at random, Alice samples from the private randomness, sends to Bob the string , and Bob has a decoding procedure given as function , for each , for learning the ’th bit of .
We note that the equivalence stated in Theorem 2 holds in the classical case as well (remarked in Section 2). To find the optimal averagecase bias of evenparityoblivious classical RACs, we provide the following theorem.
Theorem 4 (Optimal classical Index game bias).
For any , the optimal classical bias of an strategy is .
This theorem, together with the classical version of the equivalence shows that classical RACs that are evenparityoblivious have an optimal averagecase bias of . Note that, asymptotically, this value is the same as the quantum value, that is, having a bias of . However, differences arise when one considers RACs that also hide the odd parities. Consider the following proposition of Spekkens, Buzacott, Keehn, Toner, and Pryde.
Proposition 1 (Optimal parityoblivious classical Racs [Sbk09]).
For any , a parityoblivious classical RAC of bits has averagecase bias at most . Moreover, this bound can be achieved using classical bit.
Thus, there is a difference between the optimal averagecase biases of parityoblivious and evenparityoblivious RACs in the classical setting, in contrast to the quantum setting.
1.1.3 Large noncontextuality inequality violations
The basic primitives in an operational theory are preparations and measurements which can be thought of as instructions for the laboratory apparatus. For example, the operational theory can be given in terms of hidden variables which are probability distributions characterizing the outcomes of the preparations and measurements. That is, a preparation creates a physical state (each occurring with some probability) and a measurement acts upon a physical state and outputs a prediction or simply an outcome (each occurring with some probability). Thus, the probability distributions characterizing these actions are how they are represented in this model.
A hidden variable model is preparation noncontextual if whenever two preparations yield the same statistics for all possible measurements then they are represented equivalently in the model and a hidden variable model is measurement noncontextual if whenever two measurements have the same statistics for all preparations then they are represented equivalently in the model (see [SBK09] and references therein for a more thorough discussion). Similar to nonlocality, a noncontextuality inequality is any inequality on probability distributions that follows from the assumption that there exists a hidden variable model that is preparation or measurement noncontextual.
Spekkens, Buzacott, Keehn, Toner, and Pryde [SBK09] proved the following noncontextuality inequality (or NC inequality, for short).
Proposition 2 (Noncontextuality inequality [Sbk09]).
In any operational theory that admits a preparation noncontextual hidden variable model, the averagecase bias for any parityoblivious RAC is at most .
Then, they discussed that quantum mechanics violates this NC inequality for , by noting the previously mentioned parityoblivious quantum RACs of two and three classical bits into one qubit with respective averagecase biases of and . It was left as an open question whether quantum mechanics violates this NC inequality for .
Through our analysis, we have shown that the optimal averagecase bias for quantum parityoblivious RACs is , thus resolving their main open question. This provides a family of NC inequality violations that grow with the input size .
Note, that if there exists a game for which the winning probability of any classical strategy cannot deviate from by more than and, moreover, there is a quantum strategy with winning probability at least , then we can obtain a violation of order (see [BRSdW12] for details). Hence, to quantify the violation of this NC inequality, we consider the ratio of the optimal averagecase bias of quantum parityoblivious RACs and that of any operational theory admitting a preparation noncontextual hidden variable model. More precisely, we show an explicit noncontextuality inequality violation of order .
Theorem 5.
For any integer , there exists an explicit noncontextuality inequality that provides a violation of order .
Note that other large noncontextuality inequality violations have been found, see for example the work of Vidick and Wehner [VW11].
1.1.4 Deviceindependent quantum Racs
Until this point, we have discussed the bias and the parityobliviousness of a quantum RAC which are functions of the encoding states only. However, much of the cryptographic analysis in this paper is concerned with how the states are prepared. In this subsection, we discuss how the security of the RAC is affected if one cannot trust the quantum apparatus used in the preparation of .
The deviceindependent model of cryptographic security deals with the setting when the devices used in the protocol are not trusted, or are even malicious, being created by the cheaters/eavesdroppers themselves. Many security proofs in this setting are based on quantum nonlocality or the nosignalling principle, each having their own limitations which ultimately limits the cheating capabilities for anyone controlling the preparation and/or execution of the quantum devices in the protocol. Recall that the nosignalling principle, which is satisfied by the laws of quantum mechanics, roughly states that it is impossible to send information arbitrarily fast, in particular faster than the speed of light. For example, in a quantum setting, Alice cannot convey information to a distant Bob by simply measuring her half of a shared quantum state.
Obviously, if the preparation of the encoding is as simple as Alice having a quantum device which outputs on input , then certainly deviceindependence is not feasible since Bob may control the quantum device and just have it prepare (or some other function of according to what he wishes to learn). However, the preparation need not be so simple. We now sketch the preparation of the quantum RACs presented in this work to give an idea of how they can be deviceindependent.
First, Alice creates a bipartite quantum state and sends a subsystem to Bob. Afterwards she chooses a string uniformly at random and measures her half of the state to get an outcome . She then defines , for all , and Bob’s postmeasured state is now his encoding of the string . Since there is no communication from Alice to Bob after Alice chooses , he must not be able to infer any information about from his encoding of . Thus, Bob has limited information of any function of which contains information about . For example, Bob cannot learn since
which is hidden by the nosignalling principle. Therefore, even if Bob created the entire state which Alice shares at the beginning, and Alice’s measurement, he cannot infer any information about , promised only by the nosignalling principle.
Theorem 6.
There exists a preparation of an optimal with bias which is evenparityoblivious in the deviceindependent model against a nosignalling Bob.
We prove the above theorem using a small modification of our optimal in Section 4. See Subsection 4.3 for more details. Note also that the above theorem implies that there exist optimal evenparityoblivious random access codes which retain their cryptographic property in the device independent model.
1.2 Organization of the paper
In Section 2, we prove the equivalence of evenparityoblivious RACs and strategies. In Section 3 we discuss the optimal quantum and classical bias of the game for any . We conclude in Section 4 by presenting an optimal parityoblivious quantum RAC and prove the security for the evenparityobliviousness in the deviceindependent model.
2 Equivalence of EpoRacs and strategies
In this section we prove the equivalence in Theorem 2, reproduced below.
Theorem 2 (Equivalence).
For any , there exists a quantum evenparityoblivious RAC of uniformly random classical bits with averagecase bias if and only if there exists a quantum strategy with bias .
For this reason, evenparityobliviousness of a RAC is a very natural property. In particular, in the simple reduction from INDEX strategies to RACs (Subsection 2.2), we see how evenparityobliviousness appears and how the RAC may not hide the odd parities.
2.1 From Racs to Index strategies
Let us fix an evenparityoblivious RAC with averagecase bias . Let be the Hilbert space used for the encoding. Our goal is to construct a strategy for with bias . For each , we fix a purification of in the space . For , let be the bit string and be the bitwise complement of a string . For , define the following state
where is a qubit register containing the value of . We would like to show that if Bob has the register of the above state, then he has no information about . Note that his reduced state is .
The first step is to see that Bob has no information about any parity of (not even of the values of the singleton bits). Fix an arbitrary, nonempty subset . For fixed , Bob’s reduced state, averaged over all such that , is given by
Note that when is even and when is odd. Thus, by defining in the similar way
we can easily verify that when is even and when is odd. Note that since is an evenparityoblivious RAC, we have by definition that for even (otherwise, Bob could measure to learn some information about the even parity). Thus, we have that for all nonempty subsets and therefore all the parities are hidden from Bob when given (when is chosen uniformly at random). This means that for any nonempty subset and measurement , Bob has a maximum probability of of successfully guessing from the RAC .
In the following lemma, we prove that if an encoding reveals no information about the parity of any subset, then the encoding reveals no information about the string. This is intuitively an obvious statement that we rigorously prove below.
Lemma 1.
If an encoding satisfies , for every subset , then for all .
Proof.
Suppose for a contradiction that there exists such that . Then there exists a subset of size such that is not equal to , where denotes the complement of the set . To see this, take any subset of size ; if , then we can find and such that , since all the are not equal. We consider the subset where we add and remove from to obtain .
This means that there exists a twooutcome measurement that outputs 1 if and otherwise, with positive bias. We now show for a contradiction that this measurement must also output a parity of some nonempty subset with positive bias. Define the function as the indicator function of and let be the expectation over the measurement outcomes when measuring with , so . Then
By taking the Fourier representation of the function, we have
Note that , because , implying that there exists a nonempty subset for which
which is a contradiction. ∎
The above statement means that for each , we have . In particular, for any there exists a unitary acting on such that . We use the state to define the strategy:

Alice and Bob share the state .

Upon receiving , Alice applies on such that Alice and Bob share . Alice measures register in the computational basis and outputs the measurement outcome .

For Alice’s input and output , Bob has an encoding where occurs uniformly at random. Upon receiving , Bob measures just as in the RAC to learn . He outputs equal to his guess.

Alice and Bob win the game if meaning that they win the game if and only if Bob correctly guesses .
Since the RAC has averagecase bias , we see that with this strategy, they succeed with probability
as desired.
2.2 From Index strategies to Rac
Suppose Alice and Bob have a strategy to win the game with bias with starting state . On input , Alice performs on her side the corresponding measurement which generates her outcome . We assume that is uniformly random and independent of (which can be guaranteed by taking the XOR with an independently and uniformly random bit that is shared with Bob). Let be the state that Bob has when Alice has input and outputs and define the RAC where for each . We now show that is an evenparityoblivious RAC with averagecase bias . Note that is independent of by the nosignalling principle. For convenience, define for any .

It hides the even parities: Let be a subset of even size and be an arbitrary bit. Then we have for any , since is even. Bob’s reduced state, averaged over all such that , is given by
which is independent of , thus proving the RAC is evenparityoblivious.

Since Alice and Bob win the game with averagecase bias , we know that
By defining , we can write the above as
as desired.
Note that in the proof above, we are treating , the string Alice wishes to encode, as . We now remark that some of the odd parities of may not be hidden from Bob. For example, if in the INDEX game Alice simply outputs , where is the uniformly random bit Alice and Bob share to make independent of , then we have and Bob would know this odd parity exactly. However, the even parities of are equal to those of which are hidden by the nosignalling principle.
Remark 1.
The above equivalence also holds in the classical setting.
3 On the structure of optimal Index game strategies
In this section, we prove Theorems 3 and 4, that the optimal quantum bias of an strategy is and the optimal classical bias of an strategy is .
3.1 The quantum bias
The quantum bias of any XOR game can be found efficiently by solving a semidefinite program (SDP) [CSUU08]. The optimization takes place over a matrix indexed by and with each entry corresponding to the expectation of the measurement outcome of a fixed game strategy. Such a matrix of inner products can be written as a positive semidefinite matrix and the expectation (or bias) of the game strategy is then an inner product of this matrix and one containing the information of the XOR game.
Specifically, the quantum bias of the game can be calculated as the optimal value of either SDP below
Primal problem (P)
supremum:  
subject to:  
Dual problem (D)
infimum:  
subject to: 
where

is the vector on the diagonal of the square matrix ,

is the vector of all ones,

is the diagonal matrix with the vector on the diagonal,

, where .
For (P), consider the positive semidefinite matrix , where
To show is feasible in (P), one can check that each diagonal entry of is equal to from the definition of above. Note that proving that the quantum bias is at least (since the quantum bias is the maximum of over all feasible ).
For (D), let where (determined later) and and are the vectors of all ones indexed by entries in and , respectively. Then
From above, if we set and , then is feasible in (D). Since
we know the quantum bias is at most (since the quantum bias is equal to the minimum of over all feasible ). Therefore, the quantum bias is exactly , as required.
The INDEX game turns out to be equivalent to the Retrieval game studied in [OW10] which is defined similarly except the first bit of Alice’s input is always and the other bits are chosen independently and uniformly at random. To see the equivalence, notice that in the INDEX game Alice can take her input , define , where fixes the specific bit to a specific value, play the Retrieval game strategy with input to generate , and then output (Bob plays the same strategy). Thus, any strategy for the Retrieval game with bias yields a strategy for the INDEX game with bias as well. We further remark that the quantum bias of the Retrieval game is shown to be in [OW10] through the use of uncertainty relations. Using this result, and the equivalence to the INDEX game, we have another proof that the quantum bias of the INDEX game is .
3.2 The classical bias
We can assume without loss of generality that Alice and Bob’s strategies are deterministic. Define as the string of potential answers Bob gives where is the bit that Bob outputs on input . Now let us examine Alice’s strategy. For a fixed input , if she outputs , they win the game with probability
where denotes the Hamming weight of a string . If she outputs , they win the game with probability
Since their strategies are deterministic, Alice should output the maximum of these two, so
Therefore, the classical bias is precisely . Note that this quantity is independent of , thus we could assume Bob always outputs for every input. The quantity
corresponds to the mean deviation of the uniform binomial distribution. This is a well studied quantity [Fra45] and we know that
Therefore, the classical bias is , as desired.
4 A construction of a quantum with optimal bias
In this section, we give an explicit construction of a quantum with optimal bias.
Lemma 2 (Optimal ).
For any integer , there exists a with bias that uses qubits.
Our construction builds upon the previously mentioned RACs for sending (resp. ) classical bits with bias (resp. ). These are the vertices from the corners of a square inscribed in an equatorial plane in the Bloch sphere, and the corners of a cube inscribed in the Bloch sphere, respectively. To generalize this idea to an cube inscribed in an dimensional sphere, we use the intuition of hyperbits, which are a way to visualize such unit vectors in a quantum mechanical setting. A full discussion of hyperbits and their equivalence to certain quantum protocols is beyond the scope of this paper, but we refer the interested reader to the work of Pawlowski and Winter [PW12].
We note that, after the publication of this paper, we became aware that a similar RAC had been previously discovered by Wehner [Weh08], but remained unpublished.
4.1 The construction
Our construction is very similar to a proof of Tsirelson’s Theorem [Tsi87]. We start by recursively defining the observables , for , which are used to define the actions of Alice and Bob in the . For and , we define
We use the observables as a base case for a recursive formula:
Note that these act on qubits,^{1}^{1}1We note here that the choice of these observables is not unique and there are applications in the literature that use slightly different observables. However, this particular choice reduces the RAC dimension by one qubit when is odd. For example, for our RAC uses qubit (as opposed to ) just as in the wellknown quantum RAC of three classical bits into one qubit. have eigenvalues , and satisfy the anticommutation relation
Define the following operators for and :
Note that , for all , and , for all , so each have eigenvalues.
The protocol is defined below.

Encoding states: Alice chooses a uniformly random , creates EPR pairs, and measures the first “halves” with the observable to get an outcome . The second “halves” now contain the postmeasurement state and since , each occurs with probability. She sends and to Bob who now has the mixed state
encoding the string .

Decoding procedure: If Bob wishes to learn , he measures his EPR halves with the observable to get an outcome and also measures to learn . He computes and outputs if , and otherwise.
In the next two lemmas, we show that the worstcase bias of this RAC is and that it is parityoblivious, thereby proving Lemma 2.
Lemma 3.
The quantum RAC has worstcase bias at least .
Proof.
We can assume at the beginning of the protocol, Alice and Bob share the maximally entangled state
The expectation value of the observable in this state is given by:
where the third equality is derived from the anticommutation relation. We can write
implying
This proves that
as desired. ∎
Lemma 4.
The quantum RAC is parityoblivious.
Proof.
Protocols involving shared entanglement and sending one classical bit have limited guessing probabilities for functions such as parity [PW12]. In particular, it can be shown that the biases of learning satisfy
In the RAC above, we have
implying for all of size or greater, implying it is parityoblivious. ∎
This concludes a construction of a quantum with optimal bias. However, we have not yet proved Theorem 1 since the encoding dimension is too high. We now discuss a small modification to simultaneously reduce the dimension of the RAC and to increase its deviceindependence.
4.2 Removing the classical message
Reducing the dimension of the is straightforward. First notice that Bob simply takes his measurement outcome and changes it if to obtain his guess for . We can remove the need for this message if Alice simply changes the value of for which Bob has the encoding. In other words, instead of sending to Bob, she just switches every bit of if . Then Bob’s guess is just as accurate in guessing where , if , and , if . (Note that this is similar to what was done in Subsection 2.2). Therefore, Bob now has an encoding of , which we denote by . Notice that is a state on only qubits which coincides with the optimal for and previously discussed.
It is easy to see that this new RAC has bias at least by construction. We now argue that this quantum RAC is still parityoblivious.
Lemma 5.
The quantum RAC is parityoblivious.
Proof.
We prove that any parity hidden from Bob in the quantum RAC is still hidden from Bob in the quantum RAC . Let be Bob’s postmeasured state immediately after Alice used measurement and received output . We can write
Fix a subset of size at least . Since is hidden from Bob in the RAC , we have . Thus,
implying that
(1) 
Now we can write