Information theoretic security by the laws of classical physics
|
|
- Abigail Mills
- 5 years ago
- Views:
Transcription
1 The important thing is not to stop questioning! Curiosity has its own reason for existing. (Albert Einstein) Information theoretic security by the laws of classical physics R. Mingesz 1), L.B. Kish 2), Z. Gingl 1), C.G. Granqvist 3), H. Wen 2,4), F. Peper 5), T. Eubanks 6), G. Schmera 7) 1) Department of Technical Informatics, University of Szeged, Hungary 2), College Station, TX, USA 3) Department of Engineering Sciences, The Ångström Laboratory, Uppsala University Sweden 4) Hunan University, College of Electrical and Information Engineering, Changsha, China 5) National Institute of Information and Communication Technology, Kobe Japan 6) Sandia National Laboratories, Albuquerque, NM, USA 7) Space and Naval Warfare Systems Center, San Diego, CA, USA Quantum computing seminar, CS, TAMU, September 18, Keynote-Invited Talk at the IEEE's International Workshop on Soft Computing Applications ( SOFA) August 23, 2012, Szeged, Hungary
2 Content 1. Information theoretic security (unconditional security) 2. Security provided by the laws of physics 3. Few words about quantum key exchange 4. On cracking practical (non-ideal) quantum key exchange systems 5. The Kirchhoff-Law-Johnson-(like)-Noise (KLJN) secure key exchange 6. Attacks against practical (non-ideal) KLJN systems and defense against them 7. Potential applications and perspectives 8. Live demonstration
3 Introduction: Secure network communication by encryption Secure key (shared by A & B) A (Alice) Communicator, Cipher Eavesdropper (Eve) Secure key (shared by A & B) B (Bob) Communicator, Cipher Encrypted information The eavesdropper (Eve) does not have the secure key thus she is unable to decrypt the information. But how to share the secret key securely through the line when Eve is watching? The generating/sharing of the secret key should itself be a secure communication. Today's commonly used internet keys are not unconditionally secure, they are only conditionally (computationally) secure. The condition is that Eve's computing hardware or algorithm are not advanced enough and/or only short-term security is enough. It is not Future-Proof security. Example: if Eve could use and efficient prime number factoring algorithm or computer, such as a quantum computer, these methods would offer no security at alland, in even with a regular computer and algorithm, it is only a question of time to break the whole message, 100% of encrypted bits.
4 Security by the laws of physics (classical or quantum) Physical secure key exchange Alice Channel Bob An enlightening discussion with Prof. Vincent Poor about imperfect unconditional security is appreciated. Eve Eve's information: Originates from Measurement Data Eve will use the measurement data to guess the key bits. This serves Eve's information depending on how successful Eve is with the guessing. If Eve's bit-error-probability of guessing is E then her fidelity is p = 1 - E Note: p = 1 (E = 0) means total success by Eve which means Zero Security p = E = 0.5 corresponds to a random coin, which means Perfect Security 0.5 < p < 1 is Imperfect Security (common for all practical physical system)
5 Specifically about Eve's information. The fidelity p is the probability of successful guessing of bits. Shannon's binary channel capacity: C e = f s [ 1+ plog 2 p + (1 p)log 2 (1 p) ] bit/s p = C e /f s = 10-8 bit Eve's information that she extracts from a single bit: C e / f c 0.4 Perfect security 0.2 Perfect security p (probability of correct guess by Eve)
6 Conditional versus Unconditional security. Information-leak: K = C AE /C AB = C BE /C AB K 1 Perfect, Conditional Laws of physics RSA, etc network keys K 1 Imperfect, Conditional Laws of physics some earlier hardware-based techniques 0 Eve's resources 0 Eve's resources 1 Laws of physics 1 Laws of physics K Perfect, Unconditional ideal QKD and KLJN K Imperfect, Unconditional Realistic QKD and KLJN 0 0 Eve's resources Eve's resources Note: "Reaslistic" implies finite key length and process duration. Infinite key length would be perfect security via privacy amplification.
7 Privacy amplifier: from a long weakly leaking key it makes a short key with improved security. Originally developed for quantum encryption: [C.H. Bennett, G. Brassard, J.-M. Robert, "Privacy amplification by discussion", SIAM J. Computing 17 (1988) ] In the case of imperfect security, privacy amplification will help to approach perfect security (but never reach it.) It is basically a bit-error enhancer. Eve's fidelity will approach 0.5. Serious precondition: The fidelity between Alice-Bob must be large because their bit errors are also enhanced. Thus quantum communicators use first error correction because of their limited fidelity. K 1 0 Imperfect, Unconditional Laws of physics Eve's resources Realistic QKD and KLJN Eve's information that she extracts from a single bit: Perfect security C e / f c C e = f s [ 1 + p log 2 p + (1 p) log 2 (1 p) ] Perfect security p (probability of correct guess by Eve) Privacy amplifier
8 Privacy amplifier: from a long weakly leaking key it makes a short key with improved security. A simple privacy amplifier by XOR-ing the pairs of key bits is studied in: T. Horvath, L.B. Kish, J. Scheuer, "Effective Privacy Amplification for Secure Classical Communications", EPL 94 (2011) 28002; p = K = 10-8 Practically Perfect Security k = number of steps for K = 10-8
9 Introduction: Generic quantum communicator scheme (for quantum key distribution) A (Alice) Quantum communicator "Dark" optical fiber B (Bob) Quantum communicator Single photons carry single bits Actually, one photon effectively has less than a bit information due to noise in the detection, channel and detector.
10 Introduction: Generic quantum communicator scheme (for quantum key distribution) Base of security: quantum no-cloning theorem: copies of single photons will be noisy. After making a sufficient error statistics, the eavesdropping can be discovered. A (Alice) Quantum communicator Single photons carry single bits B (Bob) Quantum communicator Extra noise is introduced when the cloned photon is fed back. Eavesdropper (Eve)
11 Introduction: Generic quantum communicator scheme (for quantum key distribution) Base of security: quantum no-cloning theorem: copies of single photons will be noisy. After making a sufficient error statistics, the eavesdropping can be discovered. Classical, authenticated, public channel A (Alice) Quantum communicator Single photons carry single bits B (Bob) Quantum communicator Extra noise is introduced when the cloned photon is fed back. Eavesdropper (Eve)
12 Introduction: Some practical problems at the conceptual level Conceptual weakness of quantum communication is the need of making a statistics to discover the eavesdropping. One-time eavesdropping on a single photon cannot be detected. This is also information leak. A (Alice) Quantum communicator Single photons carry single bits B (Bob) Quantum communicator Eavesdropper (Eve) Not only single photons Channel noise Detector noise Quantum efficiency <1 Solution (by Ch. Bennett): Privacy Amplifier (classical information software-tool) to make a short, highly secure key from a long poorly secure key. This can reduce the information leak arbitrarily, by orders of magnitude, provided the fidelity of the communication is high-enough.
13 Quantum hackers. only imperfect conditional security: hackers utilized naive (curable) weaknesses, such as blinding detectors. Condition of security before fix: their attack methods are not used by Eve.
14 These papers indicate that practical quantum crypto offered only imperfect conditional security: hackers utilized naive weaknesses, such as blinding detectors. After building defense against these naive errors, practical quantum crypto could potentially become imperfect unconditional as before. [1] Merali Z (29 August 2009) Hackers blind quantum cryptographers. Nature News, DOI: /news [2] Gerhardt I, Liu Q, Lamas-Linares A, Skaar J, Kurtsiefer C, Makarov V (2011) Full-field implementation of a perfect eavesdropper on a q uantum cryptography system. Nature Communications 2; article number 349. DOI: /ncomms1348. [3] Lydersen L, Wiechers C, Wittmann C, Elser D, Skaar J, Makarov V (2010) Hacking commercial quantum cryptography systems by tailored bright illumination. Nature Photonics 4: DOI: /NPHOTON [4] Gerhardt I, Liu Q, Lamas-Linares A, Skaar J, Scarani V, Makarov V, Kurtsiefer C ( 2011) Experimentally faking the violation of Bell's inequalities. Phys. Rev. Lett. 107: DOI: /PhysRevLett [5] Makarov V, Skaar J (2008) Faked states attack using detector efficiency mismatch on SARG04, phase-time, DPSK, and Ekert protocols. Quantum Information and Computation 8: [6] Wiechers C, Lydersen L, Wittmann C, Elser D, Skaar J, Marquardt C, Makarov V, Leuchs G (2011) After-gate attack on a quantum cryptosystem. New J. Phys. 13: DOI: / /13/1/ [7] Lydersen L, Wiechers C, Wittmann C, Elser D, Skaar J, Makarov V (2010) Thermal blinding of gated detectors in quantum cryptography. Optics Express 18: DOI: /OE [8] Jain N, Wittmann C, Lydersen L, Wiechers C, Elser D, Marquardt C, Makarov V, Leuchs G (2011) Device calibration impacts security of quantum key distribution. Phys. Rev. Lett. 107: DOI: /PhysRevLett [9] Lydersen L, Skaar J, Makarov V (2011) Tailored bright illumination attack on distributed-phase-reference protocols. J. Mod. Opt. 58: DOI: / [10] Lydersen L, Akhlaghi MK, Majedi AH, Skaar J, Makarov V (2011) Controlling a superconducting nanowire singlephoton detector using tailored bright illumination. New J. Phys. 13: DOI: / /13/11/ [11] Lydersen L, Makarov V, Skaar J (2011) Comment on Resilience of gated avalanche photodiodes against bright illumination attacks in quantum cryptography. Appl. Phys. Lett. 99: DOI: / [12] Sauge S, Lydersen L, Anisimov A, Skaar J, Makarov V (2011) Controlling an actively-quenched single photon detector with bright light. Opt. Express 19: [13] Lydersen L, Jain N, Wittmann C, Maroy O, Skaar J, Marquardt C, Makarov V, Leuchs G (2011) Superlinear threshold detectors in quantum cryptography. Phys. Rev. Lett. 84: DOI: /PhysRevA [14] Lydersen L, Wiechers C, Wittmann C, Elser D, Skaar J, Makarov V (2010) Avoiding the blinding attack in QKD; REPLY (COMMENT). Nature Photonics 4: DOI: /nphoton [15] Makarov V (2009) Controlling passively quenched single photon detectors by bright light. New J. Phys. 11: DOI: / /11/6/
15 Something much more fundamental is coming up by a leading quantum crypto expert at Northwestern University:
16 Something much more fundamental is coming up by a leading quantum crypto expert at Northwestern University: Its Conclusions: A disconcertingly large number of papers, both on theory and on experiment, have made claims that the QKD system they discuss is unconditionally secure. In the case of theory, the claim sometimes is based on nothing more than a simple declaration, with perhaps a flimsy qualitative reason that is far from a proof. That is the case, for, example, on why a lossy channel merely changes the throughput but not the security of singlephoton BB84, as discussed in [15]. Much effort has been spent on the decoy states approach with claimed unconditional security, but it simply does not give such guarantee as we show in this paper. The important point in this connection is not who have made errors, we all do. It is that, as discussed above, there simply has never been a proof offered. At best, only a specific kind of PNS attack is thwarted. Why can one then claim unconditional security? This is a major problem in almost every aspect of QKD security [12 16]. Since general security cannot be established by experiment, we have to deal with it much more seriously and critically.
17 Conditional versus Unconditional security. Information-leak: K = C AE /C AB = C BE /C AB K 1 Perfect, Conditional Laws of physics RSA, etc network keys K 1 Imperfect, Conditional Laws of physics Recent full cracking of QKD 0 Eve's resources 0 Eve's resources 1 Laws of physics 1 Laws of physics K Perfect, Unconditional ideal QKD and KLJN K Imperfect, Unconditional Realistic QKD and KLJN 0 0 Eve's resources Eve's resources Note: "Reaslistic" implies finite key length and process duration. Infinite key length would be perfect security via privacy amplification.
18 Kirchhoff-Law-Johnson-Noise (KLJN) Science Magazine, 2005 secure key exchange (first scheme: 2005) Ny Teknik, 2005 New Scientist, 2007
19 They are as bad as "Kish cypher" on Wikipedia
20 History of new results Unpublished manuscript featured in the Science magazine, by Adrian Cho, "Simple noise may stymie spies without quantum weirdness" Science 309, p (September 30, 2005). L.B. Kish, "Totally Secure Classical Communication Utilizing Johnson (-like) Noise and Kirchoff's Law"; Physics Letters A 352 (March, 2006) L.B. Kish, "Protection against the man-in-the-middle-attack for the Kirchhoff-loop-Johnson(-like)-noise cipher and expansion by voltage-based security", Fluctuation and Noise Letters 6 (2006) L57-L63. L.B. Kish, R. Mingesz, "Totally secure classical networks with multipoint telecloning (teleportation) of classical bits through loops with Johnson-like noise", (March 5, 2006). L.B. Kish, "Methods for using existing and currently used wire lines (power lines, phone lines, internet lines) for totally secure classical communication utilizing Kirchhoff's loop and Johnson-like noise", (October 2, 2006) Unpublished manuscript featured in the New Scientist magazine, by D. Jason Palmer, "Noise keeps spooks out of the loop" New Scientist, issue 2605, p. 32, (23 May 2007) R. Mingesz, Zoltan Gingl, Laszlo Kish, "Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)-Noise Communicator for up to 2000 km range", Physics Letters A 372 (2008) pp. 978 to 984. L.B. Kish, O. Saidi, Unconditionally secure computers, algorithms and hardware. Fluct. Noise Lett. 8 (2008) L95-L98. L.B. Kish, T. Horvath, "Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange", Phys. Lett. A 373 (2009) L.B. Kish, J. Scheuer, "Noise in the wire: The real impact of wire resistance for the Johnson(-like) noise based secure communicator", Phys. Lett. A 374 (2010) T. Horvath, L.B. Kish, J. Scheuer, "Effective privacy amplification for secure classical communications", Europhys. Lett. 94 (2011) L.B. Kish, F. Peper, "Information networks secured by the laws of physics", IEICE Trans. Commun. E95-B (2012) Unpublished SOFA manuscript featured in MIT Technology Review, Quantum Cryptography Outperformed By Classical Technique", June 14, 2012, Unpublished SOFAmanuscript featured in Extreme Tech, "Move over, quantum cryptography: Classical physics can be unbreakable too", June 15, 2012, The present SOFA manuscript
21 SOFA manuscript featured: June 15, 2012
22 SOFA manuscript featured; June 14, 2012
23 Controversial? For whom?
24 Controversial? For whom? For those: - Who don't understand unconditional (information theoretic) security (especially in physical systems); - Who don't understand this particular system.
25 Secure Key Generation and Exchange. Basic idea: resistor loop (Kirchhoff loop) At the beginning of each clock period, one of the resistors gets contacted to the line. Possible loop resistance R loop values: R loop = 2*R S, 2*R L, R S + R L R A Communicator A Information channel (wire) R B Communicator B R S R L R S R L
26 Basic idea: resistor loop (Kirchhoff loop): secure key generation and sharing Possible loop resistance R loop values: R loop = 2*R S, 2*R L, R S + R L If Alice and Bob could measure the loop resistance R loop in a way that does not uncover their own resistance then secure key exchange can be established. Note, the loop resistance will be a public information. R A Communicator A R B = R loop - R A ; R A = R loop - R B Information channel (wire) Eavesdropper R B Communicator B R S R L R S R L
27 Similar situation as in the "Who feeds the cat" problem. If both neighbors feed it or neither of them, the situation is obvious. But if only one of them is feeding the cat, it is not obvious which one does that.
28 Note: many believes that the role of noise here is to scramble the information. Wrong. The role of noise here is the measure the public information of bit states, LL, HH, or LH/HL Such "secure" measurement of the loop resistance can be done by utilizing the thermal noise (Johnson noise) of the resistors. The loop resistance can be evaluated in two different ways: Johnson-Nyquist formulas for this Kirchhoff loop: S u,r ( f ) = 4kT (a) R A R B R A + R B S i,r ( f ) = (b) 4kT R A + R B R A R B R A + R B U Ch S Ch (f) R A + R B U A +U B S usa (f)+s urb (f) I Ch S ich (f)
29 SECURE KEY GENERATION AND EXCHANGE BY VOLTAGE MEASUREMENTS S u,ch HH HL/LH LL time SECURE KEY BIT IS GENERATED/SHARED A B U Ch, I Ch S u,ch S i,ch R 1 R 0 R 0 R 1 U 1A S u1a (f) U 0SA S u0a (f) U 0B S u1b (f) U 1B S u1b (f)
30 Eavesdropper's Passively Observed/Extracted Information: Resistances but not their locations R 1,2 = 4kTS u,ch ± ( 4kTS ) 2 3 u,ch - 4S u,ch S i,ch 2S u,ch S i,ch A B U Ch, I Ch S u,ch S i,ch R 1 R 0 R 0 R 1 U 1A S u1a (f) U 0A S u0a (f) U 0B S u1b (f) U 1B S u1b (f)
31 Eavesdropper's Passively Observed/Extracted Information: Resistance values but not their locations. Perfect security, independently of Eve's measurement resources: she can have infinite accuracy and speed. Perfect Unconditional Security in the ideal system. The information is simply not present in the voltage and current: Information Theoretic Security Also essential that Gaussian processes allow distribution functions up to the second order only. For example, the power density spectrum or two-point autocorrelation provides a full characterization of the process. The most efficient tool to analyze the transport are the voltage-current crosscorrelation and crosspectrum. No higher order correlations or spectra provide more information. However, these are zero because the net power flow is zero. The Johnson-Nyquist formula of thermal noise is based on the Fluctuation-Dissipation Theorem which originates from the Second Law of Thermodynamics that prohibits net power flow between systems of identical temperature and the construct a perpetual motion machine of the second kind. Therefore it is as impossible to crack this ideal system as to construct perpetual motion machine (of the second kind). A Directional information: U ch I ch U ch I ch = 0 U Ch, I Ch S u,ch S i,ch (similar to Poynting vector) B R 1 R 0 R 0 R 1 U 1A S u1a (f) U 0A S u0a (f) U 0B S u1b (f) U 1B S u1b (f)
32 Hacking into the key exchange: Active (invasive) Eavesdropping Only the exact situation defined by the above circuitry has perfect security. Any deviation from that situation causes information leak: typically imperfect but unconditional security. Note: all the non-ideal features of elements (see later) show up as a hacking attacks and the defense features against invasive attacks work against them, too. For example, the circuitry can be modified by installing extra elements to the wire; or a small stochastic current or a short large current pulse (etc) can be injected there. A I B U Ch, I Ch S u,ch S i,ch R 1 R 0 R 0 R 1 U 1A S u1a (f) U 0A S u0a (f) U 0B S u1b (f) U 1B S u1b (f)
33 Defense against hacking by comparing instantaneous voltage and current data at the ends Foundation: in the ideal circuit, instantaneous current and voltage amplitudes are uniform all along the line. That is the requirement for perfect security. Only classical physics can do this. THE EAVESDROPPER IS DISCOVERED LATEST AFTER EXTRACTING A SINGLE BIT OF INFORMATION. The stochastic current method can extract zero bit, a large current pulse method can extract one bit. ADVANTAGE TO KNOWN QUANTUM COMMUNICATION SCHEMES THAT NO KEY-STATISTICS IS REQUIRED. Public channel, broadcasting for comparing instantaneous local current (A) and voltage (V) data SENDER Alice A DI ES DI ER A RECEIVER Bob V DU E,Ch V DI E R 1 R 0 R 0 R 1 U 1S S u1s (f) U 0S S u0s (f) Eve U 0R S u1r (f) U 1R S u1r (f)
34 Defense against invasive attacks or hacking (non-ideality) attacks: publishing and comparing current and voltage data at the two ends Multiple public broadcast channels or a single authenticated channel Public broadcast channels Alice Channel Bob Perfect authentication needs only the order of log(m) secret bits to authenticate an m-bit long message. (D.R. Hjelme, L. Lydersen, V. Makarov, "Quantum Cryptograhy", in "A Multidisciplinary Introduction to Information Security" CRC Press (2011/2012), )
35 Example the attack "below the belt": Man-In-The-Middle (MITM) attack The original current/voltage-comparison naturally defends against it SENDER Alice I S,Ch I R,Ch RECEIVER Bob R 0 R 1 R 0 R 1 R 1 R 0 R 0 R 1 U 1,S S u1,s (f) U 0,S S u0,s (f) U 0,E S u0,e (f) U 1,E S u1,e (f) U 0,E S u0,e (f) U 1,E S u1,e (f) U 0,R S u1,r (f) U 1,R S u1,r (f)
36 Let us suppose 7 bits resolution of the measurement (a pessimistic value), then P 0 = 1/ 128, which is less than 1% chance of staying hidden. On the other hand, P 0 is the probability that the eavesdropper can stay hidden during the correlation time t of the noise, where t is roughly the inverse of the noise bandwidth. Because the KLJN cipher works with statistics made on noise, the actual clock period T is N >>1 times longer than the correlation time of the noise used [1]. Thus, during the clock period, the probability of staying hidden is: P clock = P 0 N Supposing a practical T =10t (see [1]) the probability at the other example P < This is the estimated probability that, in the given system the eavesdropper can extract a single bit without getting discovered. The probability that she can stay hidden while extracting 2 bits is P < 10-40, for 3 bits it is P < 10-60, etc. In conclusion, we can safely say that the eavesdropper is discovered immediately before she can extract a single bit of information. At 7 bit current comparison, the probability of staying hidden for a single clock period is less than 10-20
37 Suppose the eavesdropper synchronizes the current values with twin current generators during the MITM attack. She can extract at most one bit while she is discovered. She will be discovered because the high-resistance end will see a large voltage and interpret the situation as it is a non-secure-bit communication case. The other end will interpret it as a secure bit communication. This contradiction uncovers the eavesdropper. However: she can extract zero bit if the voltage values are also compared at the two ends. Alice SENDER Bob RECEIVER V V R 1 R 0 R 0 R 1 U 1,S S u1,s (f) U 0,S S u0,s (f) U 0,R S u1,r (f) U 1,R S u1,r (f)
38 Suppose, the eavesdropper synchronize the voltage values with two twin voltage generators during the MITM attack? Then she can extract zero bits because the current values are compared at the two ends, already in the original scheme. SENDER Alice RECEIVER Bob R 1 R 0 R 0 R 1 U 1,S S u1,s (f) U 0,S S u0,s (f) U 0,R S u1,r (f) U 1,R S u1,r (f)
39 Uncovering the eavesdropper by Comparing the instantaneous current data (authenticated channel and/or broadcasting) THE EAVESDROPPER IS DISCOVERED DURING EXTRACTING A SINGLE BIT OF INFORMATION. The stochastic current method can extract zero bit, a large current pulse method can extract one bit. ADVANTAGE TO KNOWN QUANTUM COMMUNICATION SCHEMES THAT NO KEY-STATISTICS IS REQUIRED. Public channel, broadcasting for comparing instantaneous local current (A) and voltage (V) data SENDER Alice A DI ES DI ER A RECEIVER Bob V DU E,Ch V DI E R 1 R 0 R 0 R 1 U 1S S u1s (f) U 0S S u0s (f) Eve U 0R S u1r (f) U 1R S u1r (f)
40 Passive listening at practical, non-ideal situation - Only the ideal circuit has perfect unconditional security. Real ones are imperfect unconditional. - Real circuitry is never ideal thus its security can only be imperfect unconditional: there will be a small information leak that stays small even for the maximum resources of Eve that are allowed by the laws of physics. Laws of physics K 1 0 Imperfect, Unconditional Eve's resources Realistic QKD and KLJN - Depending on resources and conditions, the circuit can approach the ideal limit and perfect security but it can never reach it. For example the information leak due to non-zero wire resistance is inversely proportional to the 4-th power of wire diameter. Thus thicker wires provide progressively higher security. - However, it can be much more economical to use a thin wire with a few privacy amplification steps, lose some speed and still get the same security. -Note: all the non-ideal features of elements shows up as a hacking attack and the defense features against invasive attacks work against them, too.
41 Practical limits (slide from the very first seminar, CS, TAMU, October 18, 2005) For perfect security, the loop must be exactly the same as defined by its circuit diagram. Any deviation may give information to the eavesdropper. The situation is similar to the case of quantum communication: The more we approach the ideal conditions, the more secure the system is. Therefore the security of the system can be designed to the required level depending on resources. f max L <<c 1. Wave situation should be avoided. Moreover, the clock frequency should be low-enough to make a sufficient statistics: For a practical estimation, let us suppose that c = 2*10 8 meter/s, f maxl = 0.1* c, and f c = 0.1* f max. Then the effective bandwidth-distance product f L = c 2*106 meterhz. This is slightly (factor of 2-3) better than present quantum communicator arrangements [8] I. Marcikic, H. de Riedmatten, W. Tittel, H. Zbinden, and N. Gisin, Long distance teleportation of qubits at telecom wavelength, Nature 421, 509 (2003). f c << f max MULTI WIRE+CHIP high speed! 2. Inaccuracies: Wire resistance should be much less than any of the bit resistances. The bit resistances and noise generators should be as identical at Alice and Bob as possible. 3. Wire capacitance and inductance should not effect the loop impedance. This is another constraint on the frequency bandwidth (but should be easy to handle it with artificial noise generators). 4. Transients. Caused much concern and generated fundamental questions among colleagues but easiest to deal with this problem in the practice (especially for non-stealth communications
42 Any deviation from the system defined by this circuitry or deviations from the thermal (-like) noise behavior compromises security! Assuming waves, serial resistance (Bergou-Scheuer-Yariv), different noise temperatures (Hao), etc, are deviations from basic assumptions and imply different circuitries which are not totally secure. Such assumptions are allowed at the practical considerations but they have nothing to do with the security at the conceptual level. A distributed RLC network U Ch, I Ch S u,ch S i,ch B The same defense mechanism as for hacking will reveal the information leak. Alice and Bob will know Eve's information, which is a new situation in cryptography. Public channel, broadcasting for comparing instantaneous local current (A) and voltage (V) data R 1 R 0 R 0 R 1 SENDER Alice A DI ES DI ER A RECEIVER Bob U 1A S u1a (f) U 0SA S u0a (f) U 0B S u1b (f) U 1B S u1b (f) V DU E,Ch DI E V R 1 R 0 R 0 R 1 U 1S S u1s (f) U 0S S u0s (f) U 0R S u1r (f) U 1R S u1r (f)
43 Example for generic practical line driving. Low-pass filters secure the sufficiently slow operation and defend against possible high-frequency probing signals by Eve that may be out of the range of the current/voltage measurement systems. Alice Bob
44 Major published attack attempts. (They were somewhat disappointing because the current/voltage defense system has automatically defended against all these from the very beginning by showing Eve's extracted information. (Funny that these and many similar ones have been known and shown in seminars, and some were even published at the very beginning.) Public channel, broadcasting for comparing instantaneous local current (A) and voltage (V) data SENDER Alice A DI ES DI ER A RECEIVER Bob V DU E,Ch V DI E R 1 R 0 R 0 R 1 U 1S S u1s(f) U 0S S u0s(f) U 0R S u1r(f) U 1R S u1r(f) Scheuer-Yariv (PLA, 2006): (Note, current/voltage defense works against both attacks). - Wave propagation effects in long cables. Valid. Also, this issue has been excluded already in the very first paper on KLJN by requiring slow operation (wave-free limit). - Wire resistance issue (already listed in first seminar and by Bergou in the 2005 Science report). Incorrect calculations resulting in wrong units of results and a 1000 times larger signal for Eve than in reality. The correct calculations with 1000 times smaller leak signal were published by Kish-Scheuer in 2010). The measurements of Mingesz, et al (PLA 2008), showed 0.19% information leak at 99.98% fidelity: a situation where 2 privacy amplification step suppresses the leak below Feng Hao (IEEIS, 2006): - Pointing out that different temperatures at Alice and Bob yield information leak. Valid observation (but funny that was already noted though not published at the first seminar as the need of accurate noise generators). Analysis, in the response by Kish (FNL 2006), shows that the inaccuracy of resistor values is a much bigger practical problem. The measurements of Mingesz, et al (PLA 2008), showed a nondetectable information leak at the 14 bit resolution of noise generators used.
45 Major published attack attempts, continued Pao-Lo Liu (2009): - Computer simulation of wave propagation effects in long cables (same issue as Scheuer-Yariv 2006). At certain conditions, which were indicated as practical, fidelity of Eve as large as 78% was shown by the simulations. Invalid simulations. These claims were refuted by Kish-Horvath (2009) by showing the the simulations parameters were violating physical rules such as, for a 2 km long wire line the implied cable diameter was 28,000 times greater than the diameter of the known universe. It was surprising that Eve's fidelity was not higher due to the unphysical situation. k = number of steps for C e = 10-8 Note: even at such huge information leak, four step of privacy amplification (resulting in a 16 times slowdown) would restore the "practically perfect" security of 10-8 relative information leak.
46 Inaccuracies. How large is the impact of 1% inaccuracy? Scheuer-Yariv's only meaningful point. They indicate 1% voltage drop on the wire at certain practical conditions. They say that is enough for the eavesdropper to decode the signal. Here is the proof that their claim is not true. Shannon's channel coding theorem: C = f c [ 1+ plog 2 p+(1- p) log 2 (1- p) ] results in relative standard deviation 0.2 of the voltage and current statistics [14]. The results are summarized in Figure 2. Note, only the relative positions and the shape of the curves have meaning, not the actual x and y values. During the clock period, due to Eq. (2), the time is enough only for a few statistically independent sampling of these distribution functions. This sampling is enough for the sender and the receiver, see Figure 2 (a), to decide between the two functions with 0.3% error rate [7]. However the eavesdropper, who measures the voltage drop, has to decide between the two situations by sampling the f(x) and g(x) density functions given in Fig. 2 (b) and that must be done with the same small number of independent samples. The characteristics width (standard deviation) of these curves (20% of the peak's x coordinate) is 20 times greater than the difference of the locations of the x coordinates of the peaks (1%). The eavesdropper's task seems to be hopeless by the naked eye however, by using proper statistical tools, she can still extract some information. A deeper analysis based on Shannon's channel coding theorem [7] concludes that in this case the upper limit of information leak is 0.7% of the transmitted bits. This is close to but less than the information leak of quantum communicators without privacy amplifier software (see above). Thus Sch-Y's 1% drop of the MS voltage yields a lower information leak than that of quantum communicators. Model study of distribution functions [7]. (a): Amplitude distribution functions sampled by the sender and receiver. (b): Amplitude distribution functions sampled by the eavesdropper at the two ends of the wire. Though we accept the 1% drop of the MS voltage as a realistic practical goal [7] we disagree with Sch-Y's claim that the eavesdropper can easily detect this 1% drop. With the very same voltage drop, we have carried out a model study [7] of the distribution functions of the voltages, currents and the drop of the MS voltage for R 1 / R 0 =10, with a linear full-wave detector [14] and clock period t c = 3/ f max S u,ch time
47 The realized communicator pair. Statistics at Alice's side during clock cycles. At a BSchY attack, the eavesdropper will have only a single clock cycle to distinguish between LH and HL. The wire resistance is about 2% of the loop resistance during the LH or HL states: R L =2 kohm, R H =11kOhm, R w =200 Ohm. (a) (b) (c)
48 Statistics at Alice's side during a BSchY attack, single clock cycle. (a) The wire resistance is about 2% of the loop resistance, 10% of the smallest resistance, during the LH or HL states: R L =2 kohm, R H =11kOhm, R w =200 Ohm. The poor statistics seen in figures (a) and (b) are enough for Alice and Bob to identify secure bit alignment with 0.02% error rate (99.88% 99.98% fidelity). However when Eve tries to identify the bits from the two histogram recorded at the two ends of the line (see figure (c)) she must work with these distributions which are very stochastic, almost identical and totally overlapping with a 1% or less shift of their centers [7] which results in less than 0.19% eavesdropped bit / transmitted secure bit. Three independent statistics of LH and HL at Alice's side Single clock stats of each states at Alice's side (c) (b)
49 R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)- Noise Communicator for up to 2000 km range;
50 R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)- Noise Communicator for up to 2000 km range; PLA, in press; DSP Unit Analog Unit KLJN Line Analog Unit DSP Unit Computer The computer control parts of the communicator pair have been realized by ADSP-2181 type Digital Signal Processors (DSP) (Analog Devices). Robert Mingesz Zoltan Gingl The communication line current and voltage data were measured by (Analog Devices) AD-7865 type AD converters with 14 bits resolution from which 12 bits were used. The DA converters were (Analog Devices) AD-7836 type with 14 bits resolution. The Johnson-like noise was digitally generated in the Gaussian Noise Generator unit where digital and an alog filters truncated the bandwidth in order to satisfy the KLJN preconditions of removing any s purious frequency components. The major bandwidth setting is provided by an 8 -th order Butterworth filter with sampling frequency of 50 khz. The remaining small digital quantization noise components are removed by analog filters. The experiments were carried out on a model-line, with assumed cable velocity of light of 2*10 8 m/s, with ranges up to 2000 km, which is far beyond the range of direct quantum channels, or of any other direct communication method via optical fibers. The device has bit rates of 0.1, 1, 10, and 100 bit/second for ranges 2000, 200, 20 and 2 km, respectively. The wire diameters of the line model are selected so that they resulted in about 200 Ohm internal resistance for all the different ranges. The corresponding copper wire diameters are reasonable practical values for the different ranges are 21 mm (2000 km), 7 mm (200 km), 2.3 mm (20 km) and 0.7 mm (2 km). Inductance effects are negligible with the selected resistance values, R 0 and R 1, at the given ranges and the corresponding bandwidths. If the wire is a free hanging one with a few meters separation from earth, such as power lines, parasitic capacitances are not a problem up to 10% of the nominal range. For longer ranges than that, either coaxial cables driven by the capacitor killer are needed or the speed/bandwidth must be decreased accordingly.
51 R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)- Noise Communicator for up to 2000 km range; The noise bandwidth is selected so that the highest possible Fourier component in the line is at frequency 10 times lower than the lowest frequency standing-wave mode in the line. That condition results in noise bandwidths 5, 50, 500 and 5000 Hz for ranges 2000, 200, 20 and 2 km, respectively. Transient wave effects at the end of clock period are avoided in the Gaussian Noise Generator unit by driving the envelope of the time functions of noise voltage and current to zero before the switching using a linear ramp amplitude modulation (via 8% of the clock duration); and the reverse process is done at the beginning of the next clock cycle after the switching of resistors. Moreover a short pause (8 % of the clock time) with no data collection, except for security check, after the initial linear ramp at the beginning of stationary noise, is applied in order to avoid possible other types of transient effects of stochastic nature (though we have not seen any transients). All these are done before the filtering process to avoid any spurious frequency components due to the linear ramp. Because the security protection based on current and voltage comparison was effective up to 50 khz bandwidth, 1 nf capacitors at the two ends of the line were satisfactory line filters. Furthermore, these capacitors would have removed possible switching spikes originating from capacitive coupling in the analog switches due to possibly unbalanced parasitic capacitors; therefore there were no detectable switching transients in the line. The 11 kohm resistor is composed by connecting a 9 kohm serial resistor to the 2 kohm resistor. The 2 kohm resistors are two serial 1kOhm resistors with a 1 nf capacitor shunting their joint point to the ground to remove possible digital quantization noise. The 1 kohm resistor at the generator dive end was also used as a probe to measure the current in the line. The value of K is selected so that the noise voltage of the greater resistor is 1 Volt for all noise bandwidths. This resulted in S u ( f ) values of the greater resistor 0.2, 0.02, 0.002, V 2 /Hz for ranges 2000, 200, 20 and 2 km, respectively. Note: cable capacitance provides a further filtering but we cannot rely on that alone because of eavesdropping possibility.
52 R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)- Noise Communicator for up to 2000 km range; Eavesdropping tests. Sample size: 74,497 clock cycle C eav C trans = 1+ p log 2 p + (1 - p) log 2 (1 - p) TYPE OF BREAKING MEASURED NUMBER, OR RATIO, OF EAVESDROPPABLE BITS WITHOUT SETTING ON THE CURRENT-VOLTAGE ALARM (TESTED THROUGH BITS) REMARKS BSchY (i) [2,6] attack in the present KLJN system 0.19% % at 1 0 times thicker wire (theoretical extrapolation). Arbitrarily can be enhanced by privacy amplification [12,13]; the price is slowing down. Hao (iii) [ 8] attack in the present KLJN system Zero bit Below the statistical inaccuracy. Considering the 12 bit effective resolution of noise generation accuracy, it is theoretically: < % Kish (iv) [ 9] attack utilizing resistor inaccuracies in the present KLJN system Zero bit Below statistical inaccuracy. Theoretically, when pessimistically supposing 1% resistance inaccuracy, it is: < 0.01% Current pulse injection (Kish) [1] in the present KLJN system Zero bit One bit can be extracted while the alarm goes on thus the bit cannot be used.
53 Presently (2012) i would not call practical quantum encryption unconditionally secure, however, this is only a temporary situation. After the proper defense methods will be developed against all these and similar other "naive"quantum-security-vulnerabilities, the following comparison should hold: Table 1. Comparison of relevant security levels for existing key exchange systems. Practical physically secure key distributions can never have perfect security, they can only approach it. Perfect Imperfect Information the o retic or unconditional Conditional QKD the o retical Yes for the whole key No for a single bit No for the whole key Yes for a single bit Yes No KLJN the o retical Yes for both the whole key and a single bit No Yes No QKD practical No Yes Yes No KLJN practical No Yes Yes No Software and prime number based Yes No No Yes
54 Quantum telecloning to 2 Units, Fidelity 60%, at Furusawa's Lab (Tokyo) Kirchhoff-Johnson network element 2006 Fidelity 99.98% Present Kirchhoff-Johnson network element
55 Prospective applications Unconditionally secure communication within computers, video games, iphones, and other instrumentations to secure algorithm and data. Using existing and currently used wires, such as power lines, phone lines, internet wire lines to build a unconditionally secure chain network of users.
56 The security of data and that of the algorithms in computers and hardware is vulnerable
57 Unconditional security of computers and hardware is possible. RESTRICTED
58 Unconditionally secure computers and hardware by thermal-like noise. Kish and Saidi, "Unconditionally secure computers and hardware, such as memories, processors, and hard drives", (FNL 2008) Example. Red arrows: Secure key generation and exchange by KLJN lines. The bus has a classical authenticated line for current/voltage comparison. Due to the short distances, the situation is very close to the ideal. No privacy amplification is required. PCU H Drive 1 RAM H Drive 2 BUS
59 Which one can be integrated on a silicon chip? Quantum telecloning to 2 network Units, Fidelity 60%, at Furusawa's Lab (Tokyo) Kirchhoff-Johnson network element tested (2006) Fidelity 99.98% Present Kirchhoff-Johnson network element
60 How to utilize existing wire lines currently in use for KLJN key exchange. Line Filter Box Line BE 1 BP 3 BE Line BP BE BE BP 2 R L R H R N R H R L External Line In External Line Out 1 3 Line Filter Box 2 Local line (e.g. to household line input) The line filter box (see Figure 1) should be installed at each intersection of the line to separate the non-kljn communicator loads from the KLJN frequency band. Communicator A Communicator B Example for how to use KLJN frequency Band Excluder (BE) and Band Pass (BP) filters to preserve a single Kirchhoff loop in the KLJN frequency band between two KLJN communicators with one intersection between them. Thick (blue) lines: original line current; thin (red) line: KLJN current; double (green) lines: both types of currents.
61 Power Station A Power Station B Communicator A (KLJN) Communicator B (KLJN) Communication via idealized 3-phase power lines with symmetric loads of the 3-phase transformers at Power Stations A and B, respectively.
62 Power Station A Power Station B BP BP Communicator A (KLJN) BE BE Communicator B (KLJN) Communication via practical 3-phase power lines. (asymmetric load)
63 Protocol example for "telecloning" ("teleportation") of bits to build a chain network (Kish-Mingesz, FNL, 2006) L 1 R 1 L 2 R 2 L 3 R 3 Coordinator-server (CS) and regular network Note: the Coordinator-server is also connected by a KLJN wire to one of the units, say to Unit 1. The Units run their KLJN ciphers until a secure bit exchange is reached. Then each Unit reports to the CS the logic relation, G [ = +1 (same bit) or -1 (opposite bit)], between their own left port and the bit at the left port of the right hand neighbor. If the Nth Unit wants to clone the bit at the left hand side of Unit 1, then he sends a request to the CS. F = Π N 1 G k The CS calculates 1 and send F to Unit N. Then Unit N multiplies his own left bit (+/-1) with F and gets the teleclone of the left bit of Unit 1. This cloned bit exists only at Unit 1 and Unit N. It does not exist at the other Units at the CS: teleportation type transfer.
64 The important thing is not to stop questioning! Curiosity has its own reason for existing. (Albert Einstein) Information theoretic security by the laws of classical physics R. Mingesz 1), L.B. Kish 2), Z. Gingl 1), C.G. Granqvist 3), H. Wen 2,4), F. Peper 5), T. Eubanks 6), G. Schmera 7) 1) Department of Technical Informatics, University of Szeged, Hungary 2), College Station, TX, USA 3) Department of Engineering Sciences, The Ångström Laboratory, Uppsala University Sweden 4) Hunan University, College of Electrical and Information Engineering, Changsha, China 5) National Institute of Information and Communication Technology, Kobe Japan 6) Sandia National Laboratories, Albuquerque, NM, USA 7) Space and Naval Warfare Systems Center, San Diego, CA, USA Quantum computing seminar, CS, TAMU, September 18, Keynote-Invited Talk at the IEEE's International Workshop on Soft Computing Applications ( SOFA) August 23, 2012, Szeged, Hungary
65 End of talk
ANALYSIS OF THE ATTENUATOR-ARTIFACT IN THE EXPERIMENTAL ATTACK OF GUNN-ALLISON-ABBOTT AGAINST THE KLJN SYSTEM
First draft. October 21, 2014. ANALYSIS OF THE ATTENUATOR-ARTIFACT IN THE EXPERIMENTAL ATTACK OF GUNN-ALLISON-ABBOTT AGAINST THE KLJN SYSTEM LASZLO B. KISH (1), ZOLTAN GINGL (2), ROBERT MINGESZ (2), GERGELY
More informationGeneralized Kirchhoff-Law-Johnson- Noise (KLJN) secure key exchange system using arbitrary resistors
Generalized Kirchhoff-Law-Johnson- Noise (KLJN secure key exchange system using arbitrary resistors Gergely adai*, obert Mingesz and Zoltan Gingl Department of Technical Informatics, University of Szeged,
More informationSubmitted for publication on October 23, Version 3, October 24,
Submitted for publication on October 23, 2014. Version 3, October 24, 2014. http://vixra.org/abs/1410.0122 ANALYSIS OF AN ATTENUATOR ARTIFACT IN AN EXPERIMENTAL ATTACK BY GUNN ALLISON ABBOTT AGAINST THE
More informationInformation Networks Secured by the Laws of Physics
IEICE TRANS. COMMUN., VOL.E95 B, NO.5 MAY 2012 1501 INVITED PAPER Special Section on Frontiers of Information Network Science Information Networks Secured by the Laws of Physics Laszlo B. KISH a) and Ferdinand
More informationTexas A&M University, Department of Electrical and Computer Engineering, College Station, TX , USA
September 7, 015. RANDOM-RESISTOR-RANDOM-TEMPERATURE KLJN KEY EXCHANGE Laszlo B. Kish 1), Claes G. Granqvist ) 1) Texas A&M University, Department of Electrical and Computer Engineering, College Station,
More informationversions 9/27/2015, 10/1/
versions 9/7/015, 10/1/015 http://vixra.org/abs/1509.059 http://arxiv.org/abs/1509.08150 RANDOM-RESISTOR RANDOM-TEMPERATURE KIRCHHOFF-LAW JOHNSON-NOISE (RRRT KLJN) KEY EXCHANGE Laszlo B. Kish 1), Claes
More information(Updated February 17, 2006) Laszlo B. Kish.
Response to Bollinger's "On the Impossibility of Keeping Out Eavesdroppers Using Only Classical Physics" and to Some Other Comments at Bruce Schneier's Blog Sites (Updated February 17, 2006) Laszlo B.
More informationCable Capacitance Attack against the KLJN Secure Key Exchange
Cable Capacitance Attack against the KJN Secure Key Exchange sien-pu Chen*, Elias Gonzalez, Yessica Saez, and aszlo B. Kish Department of Electrical and Computer Engineering, Texas A&M University, 3128
More informationMetrol. Meas. Syst., Vol. XX (2013), No. 1, pp METROLOGY A D MEASUREME T SYSTEMS. Index , ISS
Metrol. Meas. Syst., Vol. XX (2013), No. 1, pp. 3 16. METROLOGY A D MEASUREME T SYSTEMS Index 330930, ISS 0860-8229 www.metrology.pg.gda.pl U CO DITIO AL SECURITY BY THE LAWS OF CLASSICAL PHYSICS 1 Robert
More informationpublished in: Metrology and Measurement Systems. Volume XX, Issue 2, Pages
1 published in: Metrology and Measurement Systems. Volume XX, Issue, Pages 191 04 open access: http://www.degruyter.com/view/j/mms.013.0.issue-/mms-013-0017/mms-013-0017.xml ENHANCED SECURE KEY EXCHANGE
More informationPHYSICAL UNCLONEABLE FUNCTION HARDWARE KEYS UTILIZING KIRCHHOFF-LAW- JOHNSON-NOISE SECURE KEY EXCHANGE AND NOISE-BASED LOGIC
July 26, 2013; second version. PHYSICAL UNCLONEABLE FUNCTION HARDWARE KEYS UTILIZING KIRCHHOFF-LAW- JOHNSON-NOISE SECURE KEY EXCHANGE AND NOISE-BASED LOGIC LASZLO B. KISH (1), CHIMAN KWAN (2) (1) Texas
More informationCritical analysis of the Bennett Riedel attack on the secure cryptographic key distributions via the Kirchhoff-law Johnson-noise scheme
submitted for publication on June 20, 2013; version July 2, 2013. http://arxiv.org/abs/1306.6531 http://vixra.org/abs/1306.0058 Critical analysis of the Bennett Riedel attack on the secure cryptographic
More informationThermal noise driven computing
Published: Applied Physics Letters 89, 144104 (2006) (October 2) arxiv.org/abs/physics/0607007 Thermal noise driven computing Laszlo B. Kish a) Texas A&M University, Department of Electrical and Computer
More informationCritical analysis of the Bennett Riedel attack on the secure cryptographic key distributions via the Kirchhoff-law Johnson-noise scheme
Accepted for publication at PLOS ONE, on October 16, 2013. http://arxiv.org/abs/1306.6531 http://vixra.org/abs/1306.0058 Critical analysis of the Bennett Riedel attack on the secure cryptographic key distributions
More informationCritical analysis of the Bennett Riedel attack on secure cryptographic key distributions via the Kirchhoff-law Johnson-noise scheme
Critical analysis of the Bennett Riedel attack on secure cryptographic key distributions via the Kirchhoff-law Johnson-noise scheme Laszlo B. Kish 1,*, Derek Abbott 2, Claes G. Granqvist 3 1 Department
More informationQuantum Information Transfer and Processing Miloslav Dušek
Quantum Information Transfer and Processing Miloslav Dušek Department of Optics, Faculty of Science Palacký University, Olomouc Quantum theory Quantum theory At the beginning of 20 th century about the
More informationState Decoding in Multi-Stage Cryptography Protocols
State Decoding in Multi-Stage Cryptography Protocols Sindhu Chitikela Abstract. This paper presents a practical method of quantum tomography for decoding the state of photons in a multistage cryptography
More informationWHAT KIND OF NOISE GUARANTEES SECURITY
Submitted to Fluctuation and Noise etters WAT KIND OF NOISE GUARANTEES SECURITY FOR TE KIRCOFF-OOP-JONSON-NOISE KEY EXCANGE? ROBERT MINGESZ, GERGEY ADAI and ZOTAN GING Department of Technical Informatics,
More informationEntanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen
Entanglement arnoldzwicky.org Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen PHYS403, July 26, 2017 Entanglement A quantum object can
More informationChapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution
Chapter 13: Photons for quantum information Quantum only tasks Teleportation Superdense coding Quantum key distribution Quantum teleportation (Theory: Bennett et al. 1993; Experiments: many, by now) Teleportation
More informationQuantum cryptography and quantum hacking. Dr. Lars Lydersen
Quantum cryptography and quantum hacking Dr. Lars Lydersen GOVCERT.NL, Rotterdam 5. November 2 Quantum Hacking group NTNU, Trondheim & UNIK, Kjeller www.iet.ntnu.no/groups/optics/qcr/ Prof. Johannes Skaar
More informationPerfectly secure cipher system.
Perfectly secure cipher system Arindam Mitra Lakurdhi, Tikarhat Road, Burdwan 713102 India Abstract We present a perfectly secure cipher system based on the concept of fake bits which has never been used
More informationTrustworthiness of detectors in quantum key distribution with untrusted detectors
Trustworthiness of detectors in quantum key distribution with untrusted detectors Bing Qi Quantum Information Science Group, Computational Sciences and Engineering Division, Oak Ridge National Laboratory,
More informationLECTURE NOTES ON Quantum Cryptography
Department of Software The University of Babylon LECTURE NOTES ON Quantum Cryptography By Dr. Samaher Hussein Ali College of Information Technology, University of Babylon, Iraq Samaher@itnet.uobabylon.edu.iq
More informationAn Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009
An Dr Nick Papanikolaou Research Fellow, e-security Group International Digital Laboratory University of Warwick http://go.warwick.ac.uk/nikos Seminar on The Future of Cryptography The British Computer
More information+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1
Quantum Cryptography Quantum Cryptography Presented by: Shubhra Mittal Instructor: Dr. Stefan Robila Intranet & Internet Security (CMPT-585-) Fall 28 Montclair State University, New Jersey Introduction
More informationCryptography in a quantum world
T School of Informatics, University of Edinburgh 25th October 2016 E H U N I V E R S I T Y O H F R G E D I N B U Outline What is quantum computation Why should we care if quantum computers are constructed?
More informationPing Pong Protocol & Auto-compensation
Ping Pong Protocol & Auto-compensation Adam de la Zerda For QIP seminar Spring 2004 02.06.04 Outline Introduction to QKD protocols + motivation Ping-Pong protocol Security Analysis for Ping-Pong Protocol
More informationNational Institute of Standards and Technology Gaithersburg, MD, USA
National Institute of Standards and Technology Gaithersburg, MD, USA Physics y Laboratoryy & Information Technology Laboratory J. C. Bienfang, A. Restelli, D. Rogers, J. Galang C. W. Clark, Carl J. Williams
More informationQuantum Hacking. Feihu Xu Dept. of Electrical and Computer Engineering, University of Toronto
Quantum Hacking Feihu Xu Dept. of Electrical and Computer Engineering, University of Toronto 1 Outline Introduction Quantum Key Distribution (QKD) Practical QKD Quantum Hacking Fake-state & Time-shifted
More informationQuantum Cryptography. Marshall Roth March 9, 2007
Quantum Cryptography Marshall Roth March 9, 2007 Overview Current Cryptography Methods Quantum Solutions Quantum Cryptography Commercial Implementation Cryptography algorithms: Symmetric encrypting and
More informationTalk at 4th ETSI/IQC workshop on quantum-safe cryptography, September 19-21, 2016
Talk at 4th ETSI/IQC workshop on quantum-safe cryptography, September 19-21, 2016 Vadim Makarov www.vad1.com/lab Security model of QKD Security proof.laws of physics & Model of equipment Hack Integrate
More informationQuantum Cryptography
Quantum Cryptography Umesh V. Vazirani CS 161/194-1 November 28, 2005 Why Quantum Cryptography? Unconditional security - Quantum computers can solve certain tasks exponentially faster; including quantum
More informationQuantum Cryptography Bertrand Bonnefoy-Claudet Zachary Estrada
Quantum Cryptography Bertrand Bonnefoy-Claudet Zachary Estrada Crypto against modern computers No known attack against RSA, AES,... yet They are not proven (and they cannot be) Crypto against modern computers
More informationQuantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139
Quantum Error Correcting Codes and Quantum Cryptography Peter Shor M.I.T. Cambridge, MA 02139 1 We start out with two processes which are fundamentally quantum: superdense coding and teleportation. Superdense
More informationEntanglement and information
Ph95a lecture notes for 0/29/0 Entanglement and information Lately we ve spent a lot of time examining properties of entangled states such as ab è 2 0 a b è Ý a 0 b è. We have learned that they exhibit
More informationA New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)
A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC) Majid Alshammari and Khaled Elleithy Department of Computer Science and Engineering University of Bridgeport
More informationDoes a standalone, cold (low-thermal-noise), linear resistor exist without cooling?
Does a standalone, cold (low-thermal-noise), linear resistor exist without cooling? Jiaao Song and Laszlo B. Kish Department of Electrical and Computer Engineering, Texas A&M University, TAMUS 3128, College
More information5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes
5th March 2004 Unconditional Security of Quantum Key Distribution With Practical Devices Hermen Jan Hupkes The setting Alice wants to send a message to Bob. Channel is dangerous and vulnerable to attack.
More informationSecurity Implications of Quantum Technologies
Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu
More informationDetection of Eavesdropping in Quantum Key Distribution using Bell s Theorem and Error Rate Calculations
Detection of Eavesdropping in Quantum Key Distribution using Bell s Theorem and Error Rate Calculations David Gaharia Joel Wibron under the direction of Prof. Mohamed Bourennane Quantum Information & Quantum
More informationEnigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski
1 Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski What is the problem with classical cryptography? Secret key cryptography Requires secure channel for key distribution In principle every
More informationQuantum Cryptography and Security of Information Systems
Quantum Cryptography and Security of Information Systems Dalibor Hrg University of Zagreb, Faculty of Electrical Engineering and Computing, Zagreb dalix@fly.srk.fer.hr Leo Budin University of Zagreb, Faculty
More informationRealization of B92 QKD protocol using id3100 Clavis 2 system
Realization of B92 QKD protocol using id3100 Clavis 2 system Makhamisa Senekane 1, Abdul Mirza 1, Mhlambululi Mafu 1 and Francesco Petruccione 1,2 1 Centre for Quantum Technology, School of Chemistry and
More informationResearch, Development and Simulation of Quantum Cryptographic Protocols
http://dx.doi.org/1.5755/j1.eee.19.4.17 Research, Development and Simulation of Quantum Cryptographic Protocols C. Anghel 1 1 University Dunărea de Jos Galati, 2 Științei, 8146 Galati, Romania, phone:
More informationSecrecy and the Quantum
Secrecy and the Quantum Benjamin Schumacher Department of Physics Kenyon College Bright Horizons 35 (July, 2018) Keeping secrets Communication Alice sound waves, photons, electrical signals, paper and
More informationStop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)
Journal of Computer Science 3 (6): 44-49, 7 ISSN 549-3636 7 Science Publications Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography) Iyed Ben Slimen, Olfa Trabelsi, Houria
More informationFundamental Security Issues in Continuous Variable Quantum Key Distribution
Fundamental Security Issues in Continuous Variable Quantum Key Distribution arxiv:1208.5827v1 [quant-ph] 29 Aug 2012 Horace P. Yuen Department of Electrical Engineering and Computer Science Department
More informationDeterministic secure communications using two-mode squeezed states
Deterministic secure communications using twomode squeezed states Alberto M. Marino* and C. R. Stroud, Jr. The Institute of Optics, University of Rochester, Rochester, New York 467, USA Received 5 May
More information10 - February, 2010 Jordan Myronuk
10 - February, 2010 Jordan Myronuk Classical Cryptography EPR Paradox] The need for QKD Quantum Bits and Entanglement No Cloning Theorem Polarization of Photons BB84 Protocol Probability of Qubit States
More informationarxiv: v1 [quant-ph] 10 Mar 2018
Quantum man-in-the-middle attack on the calibration process of quantum key distribution Yang-Yang Fei 1, Xiang-Dong Meng 1, Ming Gao 1,*, Hong Wang 1, and Zhi Ma 1,2 arxiv:1803.04407v1 [quant-ph] 10 Mar
More informationQuantum Key Distribution. The Starting Point
Quantum Key Distribution Norbert Lütkenhaus The Starting Point Quantum Mechanics allows Quantum Key Distribution, which can create an unlimited amount of secret key using -a quantum channel -an authenticated
More informationQuantum Cryptography
Quantum Cryptography Christian Schaffner Research Center for Quantum Software Institute for Logic, Language and Computation (ILLC) University of Amsterdam Centrum Wiskunde & Informatica Winter 17 QuantumDay@Portland
More informationDevice-Independent Quantum Information Processing
Device-Independent Quantum Information Processing Antonio Acín ICREA Professor at ICFO-Institut de Ciencies Fotoniques, Barcelona Chist-Era kick-off seminar, March 2012, Warsaw, Poland Quantum Information
More informationPractical quantum-key. key- distribution post-processing
Practical quantum-key key- distribution post-processing processing Xiongfeng Ma 马雄峰 IQC, University of Waterloo Chi-Hang Fred Fung, Jean-Christian Boileau, Hoi Fung Chau arxiv:0904.1994 Hoi-Kwong Lo, Norbert
More informationQuantum Cryptography
http://tph.tuwien.ac.at/ svozil/publ/2005-qcrypt-pres.pdf Institut für Theoretische Physik, University of Technology Vienna, Wiedner Hauptstraße 8-10/136, A-1040 Vienna, Austria svozil@tuwien.ac.at 16.
More informationCyber Security in the Quantum Era
T Computer Security Guest Lecture University of Edinburgh 27th November 2017 E H U N I V E R S I T Y O H F R G E D I N B U Outline Quantum Computers: Is it a threat to Cyber Security? Why should we act
More informationPhysics is becoming too difficult for physicists. David Hilbert (mathematician)
Physics is becoming too difficult for physicists. David Hilbert (mathematician) Simple Harmonic Oscillator Credit: R. Nave (HyperPhysics) Particle 2 X 2-Particle wave functions 2 Particles, each moving
More informationDEMONS: MAXWELL S DEMON, SZILARD S ENGINE AND LANDAUER S ERASURE DISSIPATION
In: Proceedings of the first conference on Hot Topics in Physical Informatics (HoTPI, 2013 November). Paper is in press at International Journal of Modern Physics: Conference Series (2014). DEMONS: MAXWELL
More informationPractical aspects of QKD security
Practical aspects of QKD security Alexei Trifonov Audrius Berzanskis MagiQ Technologies, Inc. Secure quantum communication Protected environment Alice apparatus Optical channel (insecure) Protected environment
More informationSecurity of Quantum Key Distribution with Imperfect Devices
Security of Quantum Key Distribution with Imperfect Devices Hoi-Kwong Lo Dept. of Electrical & Comp. Engineering (ECE); & Dept. of Physics University of Toronto Email:hklo@comm.utoronto.ca URL: http://www.comm.utoronto.ca/~hklo
More informationAPPLICATIONS. Quantum Communications
SOFT PROCESSING TECHNIQUES FOR QUANTUM KEY DISTRIBUTION APPLICATIONS Marina Mondin January 27, 2012 Quantum Communications In the past decades, the key to improving computer performance has been the reduction
More informationFUNDAMENTAL AND PRACTICAL PROBLEMS. OF QKD SECURITY-THE ACTUAL AND THE arxiv: v4 [quant-ph] 4 Jun 2012 PERCEIVED SITUATION
FUNDAMENTAL AND PRACTICAL PROBLEMS OF QKD SECURITY-THE ACTUAL AND THE arxiv:1109.1066v4 [quant-ph] 4 Jun 2012 PERCEIVED SITUATION Horace P. Yuen Department of Electrical Engineering and Computer Science
More informationQuantum Teleportation
Fortschr. Phys. 50 (2002) 5 7, 608 613 Quantum Teleportation Samuel L. Braunstein Informatics, Bangor University, Bangor LL57 1UT, UK schmuel@sees.bangor.ac.uk Abstract Given a single copy of an unknown
More informationA Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols
A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols Walter O. Krawec walter.krawec@gmail.com Iona College Computer Science Department New Rochelle, NY USA IEEE WCCI July, 2016
More informationResearch Proposal for Secure Double slit experiment. Sandeep Cheema Security Analyst, Vichara Technologies. Abstract
Research Proposal for Secure Double slit experiment Sandeep Cheema Security Analyst, Vichara Technologies Abstract The key objective of this research proposal is to resolve or advance with the measurement
More informationQuantum Cryptography
Quantum Cryptography (Notes for Course on Quantum Computation and Information Theory. Sec. 13) Robert B. Griffiths Version of 26 March 2003 References: Gisin = N. Gisin et al., Rev. Mod. Phys. 74, 145
More informationCounterfactual Quantum Deterministic Key Distribution
Commun. Theor. Phys. 59 (013 7 31 Vol. 59, No. 1, January 15, 013 Counterfactual Quantum Deterministic Key Distribution ZHANG Sheng (Ǒ, WANG Jian (, and TANG Chao-Jing (» School of Electronic Science and
More informationFundamental rate-loss tradeoff for optical quantum key distribution
Fundamental rate-loss tradeoff for optical quantum key distribution Masahiro Takeoka (NICT) Saikat Guha (BBN) Mark M. Wilde (LSU) Quantum Krispy Kreme Seminar @LSU January 30, 2015 Outline Motivation Main
More informationResponse to Comment on Zero and negative energy dissipation at information-theoretic erasure
Response to Comment on Zero and negative energy dissipation at information-theoretic erasure Laszlo Bela Kish, Claes-Göran Granqvist, Sunil P. Khatri, Ferdinand Peper Abstract We prove that statistical
More informationCOMPLEX NOISE-BITS AND LARGE-SCALE INSTANTANEOUS PARALLEL OPERATIONS WITH LOW COMPLEXITY
COMPLEX NOISE-BITS AND LARGE-SCALE INSTANTANEOUS PARALLEL OPERATIONS WITH LOW COMPLEXITY HE WEN (a, b, LASZLO B. KISH (a, AND ANDREAS KLAPPENECKER (c (a Texas A&M University, Department of Electrical and
More informationSecurity of Quantum Cryptography using Photons for Quantum Key Distribution. Karisa Daniels & Chris Marcellino Physics C191C
Security of Quantum Cryptography using Photons for Quantum Key Distribution Karisa Daniels & Chris Marcellino Physics C191C Quantum Key Distribution QKD allows secure key distribution Keys are then used
More informationAn Introduction to Quantum Information. By Aditya Jain. Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata
An Introduction to Quantum Information By Aditya Jain Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata 1. Introduction Quantum information is physical information that is held in the state of
More informationExperimental realization of quantum cryptography communication in free space
Science in China Ser. G Physics, Mechanics & Astronomy 2005 Vol.48 No.2 237 246 237 Experimental realization of quantum cryptography communication in free space WANG Chuan 1, ZHANG Jingfu 1, WANG Pingxiao
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationQuantum Communication
Quantum Communication Nicolas Gisin, Hugo Zbinden, Mikael Afzelius Group of Applied Physics Geneva University, Switzerland Nonlocal Secret Randomness Quantum Key Distribution Quantum Memories and Repeaters
More informationTechnical Report Communicating Secret Information Without Secret Messages
Technical Report 013-605 Communicating Secret Information Without Secret Messages Naya Nagy 1, Marius Nagy 1, and Selim G. Akl 1 College of Computer Engineering and Science Prince Mohammad Bin Fahd University,
More informationDevice-Independent Quantum Information Processing (DIQIP)
Device-Independent Quantum Information Processing (DIQIP) Maciej Demianowicz ICFO-Institut de Ciencies Fotoniques, Barcelona (Spain) Coordinator of the project: Antonio Acín (ICFO, ICREA professor) meeting,
More informationQuantum Entanglement and Cryptography. Deepthi Gopal, Caltech
+ Quantum Entanglement and Cryptography Deepthi Gopal, Caltech + Cryptography Concisely: to make information unreadable by anyone other than the intended recipient. The sender of a message scrambles/encrypts
More informationMassachusetts Institute of Technology Department of Electrical Engineering and Computer Science Quantum Optical Communication
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.453 Quantum Optical Communication Date: Thursday, November 3, 016 Lecture Number 16 Fall 016 Jeffrey H.
More informationTWO-LAYER QUANTUM KEY DISTRIBUTION
TWO-LAYER QUANTUM KEY DISTRIBUTION PAULO VINÍCIUS PEREIRA PINHEIRO and RUBENS VIANA RAMOS paulovpp@gmail.com rubens.viana@pq.cnpq.br Laboratory of Quantum Information Technology, Department of Teleinformatic
More informationC. QUANTUM INFORMATION 111
C. QUANTUM INFORMATION 111 C Quantum information C.1 Qubits C.1.a Single qubits 1. Qubit: Just as the bits 0 and 1 are represented by distinct physical states, so the quantum bits (or qubits) 0i and 1i
More informationAdvanced Cryptography Quantum Algorithms Christophe Petit
The threat of quantum computers Advanced Cryptography Quantum Algorithms Christophe Petit University of Oxford Christophe Petit -Advanced Cryptography 1 Christophe Petit -Advanced Cryptography 2 The threat
More informationPractical Quantum Key Distribution
Leopold-Franzens-Universität Innsbruck Institut für Experimentalphysik Technikerstrasse 25 http://www.uibk.ac.at Practical Quantum Key Distribution Gregor Weihs Contents QKD Protocols Implementations of
More informationarxiv:quant-ph/ v2 2 Jan 2007
Revisiting controlled quantum secure direct communication using a non-symmetric quantum channel with quantum superdense coding arxiv:quant-ph/06106v Jan 007 Jun Liu 1, Yan Xia and Zhan-jun Zhang 1,, 1
More informationQuantum Technologies for Cryptography
University of Sydney 11 July 2018 Quantum Technologies for Cryptography Mario Berta (Department of Computing) marioberta.info Quantum Information Science Understanding quantum systems (e.g., single atoms
More informationEavesdropping or Disrupting a Communication On the Weakness of Quantum Communications
Eavesdropping or Disrupting a Communication On the Weakness of Quantum Communications Zhengjun Cao Abstract What is the behavior of an adversary to launch attacks against a communication? The good choice
More informationIntroduction to Quantum Key Distribution
Fakultät für Physik Ludwig-Maximilians-Universität München January 2010 Overview Introduction Security Proof Introduction What is information? A mathematical concept describing knowledge. Basic unit is
More informationarxiv: v1 [quant-ph] 18 May 2018
Measurement-Device-Independent Quantum Secure Direct Communication, arxiv:1805.078v1 [quant-ph] 18 May 018 Zeng-Rong Zhou, 1,, 3, 4, 5, 6, Yu-Bo Sheng, 7, 8, 9, Peng-Hao Niu, 1,, 3, 4, 5, 6 Liu-Guo Yin,
More informationChapter 5. Quantum Cryptography
Chapter 5. Quantum Cryptography arxiv:1108.1718v1 [quant-ph] 8 Aug 2011 Dag Roar Hjelme Department of Electronics and Telecommunications, Norwegian University of Science and Technology, NO-7491 Trondheim,
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationQuantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security
Areas for Discussion Joseph Spring Department of Computer Science MSc Distributed Systems and Security Introduction Photons Quantum Key Distribution Protocols BB84 A 4 state QKD Protocol B9 A state QKD
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationError Reconciliation in QKD. Distribution
Error Reconciliation in Quantum Key Distribution Richard P. Brent MSI, ANU 1 October 2009 Abstract The problem of "error reconciliation" arises in Quantum Cryptography, which is more accurately described
More informationCryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1
Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption
More informationC. QUANTUM INFORMATION 99
C. QUANTUM INFORMATION 99 C Quantum information C.1 Qubits C.1.a Single qubits Just as the bits 0 and 1 are represented by distinct physical states in a conventional computer, so the quantum bits (or qubits)
More informationarxiv:quant-ph/ v2 7 Nov 2001
Quantum key distribution using non-classical photon number correlations in macroscopic light pulses A.C. Funk and M.G. Raymer Oregon Center for Optics and Department of Physics, University of Oregon, Eugene,
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationSPECTRA FOR THE PRODUCT OF GAUSSIAN NOISES. Laszlo Bela Kish 1), Robert Mingesz 2), Zoltan Gingl 2), Claes-Goran Granqvist 3)
SPECTRA FOR THE PRODUCT OF GAUSSIA OISES Laszlo Bela Kish 1), Robert Mingesz 2), Zoltan Gingl 2), Claes-Goran Granqvist 3) 1)Texas A&M University, Department of Electrical and Computer Engineering, College
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More information