Three Party Quantum Authenticated Key Distribution Protocol Using Superposition States

Transcription

1 K Sathi Reddy et al Int J Comp Tech ppl Vol ( ISSN:9-693 Three Party Quantum uthenticated Key Distribution Protocol Using Superposition States K Sathi Reddy Raa Kumar Medapati MTechDept of CS ssoc Professor Dept of CS Pragati ngineering college Pragati ngineering college JNTUK Surampalem JNTUK Surampalem Gdt P India Gdt P India sathireddy1@gmailcom Rakumarmedapati@gmailcom STRCT This paper presents a Quantum authenticated key distribution protocol that can perform key distribution and also ensure that the participants of the communication are authentic both implicitly and explicitly This protocol provides new directions in Classical cryptography and Quantum cryptography The Participants of the protocol trust the third party regarding the authentication part only Thus the proposed protocol will be preferable for network systems which deal with highly sensitive information such as military hospitals research facilities Our protocol utilizes polarized photons in superposition states for authentication and key distribution which provides high security against many attacks Keywords Quantum Cryptography Superposition states uthentication Key distribution 1INTRODUCTION Cryptography is the art of secret writing The main goal of cryptography is to enable secure communication in a hostile environoment: two parties say lice and ob want to safely communicate over a network occupied by an adversary Usually lice and ob will want to ensure the privacy and authenticity of the data they send to each other; to this end they will encrypt and authenticate their transmissions ut before lice and ob can use these tools they will need to have keys Indeed without keys cryptography simply cannot get off the ground The purpose of key distribution is for two users lice and ob who share no secret information initially to agree on a random key which remains secret from an adversary ve who eavesdrops on their communications In classical cryptography it is taken for granted that communications can always be passively monitored so that the eavesdropper learns their entire contents without the sender or receiver being aware that any eavesdropping has taken place y contrast when information is encoded in elementary quantum systems such as single photons it becomes possible to produce a communications channel whose transmissions cannot in principle be reliably read or copied by an eavesdropper The eavesdropper cannot even gain partial information about such a transmission without disturbing it in a random and uncontrollable way likely to be detected by the channel s legitimate users [1] Now it has been established that Quantum Key Distribution has the potential of absolutely secure communication that cannot be compromised by any eavesdropping technique t the same time the interceptor ve can easily mount a man-in-the-middle attack wherein both the quantum & the public channels are cut and subsequently ve communicates to lice masquerading as ob & to ob pretending to be lice The interceptor would thus share two independent keys with the two legitimate parties and have complete control over any encrypted information that the sender and the receiver might want to send to each other The only way to offset this attack would be to somehow incorporate an uthentication mechanism into the whole system The combination of uthentication mechanism and Quantum key distribution is referred to as the Quantum authenticated key exchange protocol Many quantum cryptographic schemes have been proposed for the last two decades Particularly Quantum key distribution protocols [] [3] [4] [5] [6] have been intensly researched [7] and realized in commercial applications [8] [9] The Quantum key distribution provides unbreakable security and allows two parties to share random number secretly and use it as a secret key for a classical encryption scheme Many Quantum authentication protocols are also proposed [1] [11] [1] [13] Recently a three-party quantum authenticated key distribution protocol (QKD has been proposed [14] This three-party QKD is immune to the man-in-the-middle attack IJCT SPT-OCT 11 vailable online@wwwictacom 1589

2 K Sathi Reddy et al Int J Comp Tech ppl Vol ( ISSN:9-693 while it performs both authentication and key distribution with one step by utilizing a trusted third party The weakness of this scheme is that it relies 1% on the trusted third party The third party has the ability to read all communication packets In cryptography or network security an authentication between parties unknown to each other is not possible without a third party that guarantees the identities of the participating parties Thus a trusted third party which is a disinterested party trusted to complete a protocol [15] needs to be introduced However in a real world such an idealized assumption cannot be always made For example it may be too optimistic to make the assumption in key distribution schemes for medical applications Patient information should be shared only between the patient and the doctors so the third party for the key distribution system should not be able to read the encrypted confidential information There must be a safeguard to protect confidentiality even from the trusted third party in such applications XISTING QUNTUM UTHNTICTD KY DISTRIUTION PROTOCOL Recently in quantum cryptography a Three-Party uthenticated Quantum Key Distribution Protocol (3QKDP has been proposed [14] Similar to other quantum cryptography the 3QKDP utilizes the quantum measurement [7] and the no-cloning theorem [16] Two orthogonal base setsectilinear and diagonal bases are defined One bit information will be encoded into a qubit with one of two orthogonal directions in a base set participant and the trusted third party (TTP share an n-bit secret key (where n = 1 3 prior to an authenticated key distribution (KD process Thus the TTP keeps two different secret keys for both participants (lice and ob K T and K T When the ith-bit (where < i <= n in the n-bit secret key is one the rectilinear base set is used When the ith-bit is zero the diagonal base set is used Thus logic zero and one will be represented as: and 1 in the rectilinear base or 1/ ( + 1 and 1/ ( - 1 in diagonal base set respectively To start an KD session the TTP will generate two random numbers ( r T and r T for each participant and one session key SK to let the participants share at the end of the session The TTP will calculate a hash value from the random number and the pre-shared key for each participant (ie h( K T T for lice h( K T T for ob Next the TTP performs exclusive-or operation (XOR with SK where indicates the concatenation of the bit strings and U X indicates the identifier of the participant X Then the TTP encrypts the resulting state with the random number by using the pre-shared key ( K T and K T and sends them to participants ie K T [ r T {h( K T T (SK }] to lice and K T [ r T {h( K T T (SK }] to ob where represents an encryption of a message M with a key K Since lice has K T she can decrypt the received message and extract r T Then she calculates the hash value and extracts SK Similarly ob can extract r T and SK The weakness of this scheme is that the TTP also knows the session key In other words the TTP can eavesdrop on the communication channel without being detected nother weakness of the 3QKDP is that a two-base system is vulnerable to a beam splitting attack [1] In general quantum cryptography systems have been implemented with a single photon source and detectors Due to the limitation of our current technologies the single photon source cannot always generate a photon at a time (Instead it may generate zero or more than one photons Therefore an eavesdropper may be able to collect transmitted photons by using a beam splitter without being detected If an eavesdropper ve can collect some of the same state of a data qubit and measure those collected photons with both linearly and diagonally oriented polarizers (called analyzer she can easily guess the base (ie encryption key bit used for the data qubit since measurements with one of the two analyzers always produce the same result 3QUNTUM SUPRPOSITION STTS In the proposed protocol Quantum superposition states [17 ] [18] are used We use only a horizontal-vertical polarization base for encoding and measuring a sequence of polarized photons (Figure 1 horizontally polarized photon represents logic zero = ( 1 T and a vertically polarized photon represents logic one 1 = ( 1 T When a sender s message M has n classical bits the encoded qubit states can be represented as M= i 1 i i where { i i = or 1 =1 n} represents a tensor product In order to prevent malicious IJCT SPT-OCT 11 vailable online@wwwictacom 159

3 K Sathi Reddy et al Int J Comp Tech ppl Vol ( ISSN:9-693 parties from reading and copying the transmitted photon the sender makes each polarized photon a superposition of a horizontally polarized state and a vertically polarized state by rotating its polarization by a certain angle (Figure R(-θ ψ cos( θ sin( θ = sin( θ cos( θ cos θ + sin θ = cosθ cosθ 1 = = Thus after an n-bit message is encoded into n photons the polarization of each photon is rotated by an angle θ which is chosen randomly for each qubit In the following discussion without losing generality we can assume that a message M is a single photon encoded as M : ψ = for simplicity y using the Jones matrix representation the rotation operation can be represented by the following matrix: R( θ = cosθ sender encrypts the data qubit ψ with θ ( θ is randomly chosen and is shared between the sender and the receiverthe encryption of data M with a secret key K is given by: K [M]= R( θ = 1 cosθ = =cosθ - 1 = ψ The sender sends the superposition states ψ to a receiver efore the receiver measures the received photon he needs to rotate the received photon by θ in the opposite direction of the sender s rotation This decryption can be represented as follows: The above process is applied to each polarized photon Thus the set of rotation angles form a secret key K= { θ i : θ i <π i=13 n}for an n-bit message where the subscript indicates the position in the message where the encryption with the angle θ i is applied The main advantage of this encryption/decryption scheme is that a receiver does not have to decrypt a cipher text in the exact reverse order as encrypted with different secret keys For instance even if lice encrypts a message with K1 and then encrypts it with K ob can decrypt the cipher text with K1 and then decrypt it with K 4PROPOSD PROTOCOL This section describes the details of the Three- party Quantum uthenticated Key Distribution Protocol using Superposition states Let lice and ob intended to share an authenticated session key K which is an n- bit random number Here we assume that every participant shares a secret key with the trusted centre in advance Let K is the key shared between lice and TC and K T is the key shared between ob and TC Let h( KM is a hash value of a message M with key k generated using a hash function(eg SH-1 or MD5 Implicit uthentication phase The implicit authentication is performed with the help of the trusted third party called the Trusted Centre(TC ssume that the TC has been notified to start the implicit authentication session (i The TC generates two random numbers r and r and then computes: X= h( K T ( U Y= h( K T ( U Now r X is polarized and encrypted using the pre- shared key K T and the result is transmitted to lice over a Quantum channel lso r Y is polarized and encrypted T IJCT SPT-OCT 11 vailable online@wwwictacom 1591

4 K Sathi Reddy et al Int J Comp Tech ppl Vol ( ISSN:9-693 (ii Using the pre- shared key K T and the result is transmitted to ob over another Quantum channel lice decrypts and measures the received qubits She computes a hash value using K and r and obtain the values of U Then she verifies the values of U and U (iii ob decrypts and measures the received qubits She computes a hash value using K T and r and obtain the values of U Then she verifies the values of U and U Thus after the successful completion of the session both lice and ob are implicitly authenticated using the TC Observe that in step (i TC sends the two random numbers to both lice and ob lice and ob uses only one different random value for their computations and the other value will be used in explicit authentication phase Key Distribution Phase In this phase a secret key K is going to be established between lice and ob The secret key will not revealed to others even to Trusted centre Key establishment is based on Shamir s three- pass protocol and Quantum superposition states Here classical Shamir s three- pass protocol is combined with superposition states because classical shamir s protocol is vulnerable to attacks[ 19] In the following discussion without losing generality we can assume that message M is single photon encoded as M= > (ie n=1 and i 1 = and lice initiates a key distribution (i First lice and ob generate their session keys K = θ and K = θ (ii lice encrypts M with her encryption key K The resulting state can be described as K [M] : R( θ >= 1 cosθ = cos θ > - sin θ 1>= ψ Where K indicates an encryption with K Such a resulting state is called as a superposition state lice sends the resulting state ψ to ob (iii ob receives the photon in ψ and encrypts it with his key K K K [M]]: R( θ ψ = cos( θ + θ > - sin ( θ + θ 1> = ψ T The resulting state ψ is still a superposition state ob send it back to lice (iv (v lice receives and decrypts it by rotating it back with the angle θ (ieotation of -θ and sends the resulting superposition state ψ 3 to ob D K K K [M]]]= K [M]: R(-θ ψ = cos θ > - sin θ 1> = ψ 3 Where D K indicates a decryption with K ob receives and decrypts it by rotating it back with the angle θ (ieotation of -θ D K K [M]]: R(-θ ψ 3 cos( θ sin( θ = sin( θ cos( θ 1 = = Now ob has the original message M= Figure 3 shows both the authentication and key distribution phases riefly the steps are:- (1 TC-> lice: Figure 3: Proposed protocol K [ r T X] IJCT SPT-OCT 11 vailable online@wwwictacom 159

5 K Sathi Reddy et al Int J Comp Tech ppl Vol ( ISSN:9-693 where X= h( K T ( U ( TC-> ob: K [ r T Y] where Y= h( K T ( U (3 lice: D [ r X]] and verify K T K T U (4 ob: D [ r Y]] and verify K T U K T θ (5 lice: R( (6 lice-> ob: (7 ob: ψ = R( ψ =R( θ = ψ ψ = cos θ - sin θ ψ (8 ob-> lice: ψ = cos( θ + θ - sin ( θ + θ (9 lice: ψ 3 = R(-θ ψ (1 lice->ob: ψ 3 = cos θ - sin (11 ob: R(-θ ψ 3 = = ψ 1 θ θ fter the key distribution phase both the participants have the key K C xplicit uthentication phase xplicit authentication phase is necessary for mutual authentication between lice and ob (i lice encrypts the random number r with shared key K and transmit it to ob ob decrypts it and obtain the 1 1 value r If r = r then lice is authenticated to ob (ii ob encrypts the random number r with shared key K and transmit it to lice lice decrypts it and obtain the 1 1 value r If r = r then ob is authenticated to lice Figure 4 shows the explicit authentication phase 5SCURITY OF TH PROPOSD PROTOCOL The protocol is immune to man- in- the- middle attack[] because the participants are authenticated both implicitly and explicitly ven TC cannot intercept the data transmitted between the participants because the session key is only known to lice and ob n eavesdropper ve cannot copy the transmitted data in our protocol ecause in order to prevent ve from copying the data our protocol uses polarized photons in Quantum superposition stateshence by transmitting data as a superposition of state no one can make a copy of the transmitted data without errors ve may try to apply intercept- resend attack [1] instead of copying the data However our protocol is also secure against the interceptresend attack For example assume that an eavesdropper (ve intercepts the transmitted photon from lice fter a measurement of the photon ve resends it to ob This attack cannot break our protocol because she cannot obtain the original state without knowing the rotation angle For example let us assume that lice transmits a quantum state ψ that is with rotation by θ = 45 degrees If ve intercepted the state ψ which was unknown to ve and measured it in a horizontal- vertical polarization base ve will get zero or one with a probability of 5% In our protocol the angles θ i for each bit are chosen randomly Therefore ve will get zero or one randomly on the average when she measures the sequence of polarized photons If ve resends the measured results to ob the transmission error rate will rise to 5% Thus we can easily detect the existence of an eavesdropper Our protocol is also immune to beam- splitting attack The following shows how our protocol counters this attack: It is not easy to build a single photon source with current technologies s a matter of fact in general the light pulse called a single photon in the laboratory is not a pure singlephoton state ie zero one or multiple photons in the same state Therefore beam- splitting attack might be possible: ve might collect a fraction of the multiple photons by putting a beam- splitter in the path between lice and ob Then ve measures the collected photons without being detected by ob She can read the transmitted data from lice with an error rate of 5% This attack is not possible against our protocol lthough ve can collect a fraction of the transmitted photons without being detected by ob it is still very difficult to find the secret angle from a couple of transmitted photons because the rotation angles are chosen randomly and will never be disclosed in public Figure 4 : xplicit uthentication Phase 6CONCLUSION This paper proposed a Quantum authenticated key distribution protocol The obectives of this protocol is to let participants share a different session key after each session while providing authentication both implicitly and explicitly To hide transmitted data from unauthorized users this IJCT SPT-OCT 11 vailable online@wwwictacom 1593

6 K Sathi Reddy et al Int J Comp Tech ppl Vol ( ISSN:9-693 protocol uses quantum superposition states instead entangled states This protocol consisted of three phases In the first phase the participants are implicitly authenticated using the trusted centre In the second phase a session key is established between the two participants ven the trusted centre cannot listen to the secure communication between the participants because the session key shared between the participants is hidden from the trusted centre In the third phase the participants of the communication are mutually authenticated to each other 7 CKNOWLDGMNT It is a pleasure to thank Raa Kumar Medapati and proect committee of Pragati ngineering college for the valuable assistance in completing this proect work ITransacctions on Dependable and Secure Computing vol 4 No 1 pp [15] Schneier pplied Cryptography John Wiley New York 1996 [16] WK Wootters and WH Zurek Single Quantum Cannot e Cloned Nature vol 99 pp [17] Y Kanamori SM Yoo and F Sheldon "ank Transfer over Quantum Channel with Digital Checks" I GlobeCom 6 San Francisco C Nov 6 [18] Y Kanamori SM Yoo D Gregory and F Sheldon "uthentication Protocols using Quantum Superposition States" to appear in International Journal of Network Security [19] Rolf Oppliger Contemporary Cryptography tech House Computer security series 5 pp [] wikipedia: middle_attack [1] D ouwmeester kert and Zeilinger The physics of quantum information Springer New York 8RFRNCS [1] C ennett F essette G rassard L Salvail and J Smolin xperimental Quantum Cryptography J Cryptology vol 5 pp [] CH ennett G rassard Quantum cryptography: public key distribution and coin tossing in: Proc I Int Conf on Computers Systems and Signal Processing angalore India pp [3] WY Hwang IG Koh and YD Han Quantum ryptography without Public nnouncement of ases Physics Letters vol 44 pp [4] M ellare and P Rogaway Provably Secure Session Key Distribution: The Three Party Case Proc 7th CM Symp Theory of Computing pp [5] PD Townsend Secure Key Distribution System ased on Quantum Cryptography lectronics Letters vol 3 pp [6] Sheila Cobourne Quantum Key Distribution Protocols and pplications Technical report University of London eagham 11 [7] N Gisin G Ribordy W Tittel and H Zbinden Quantum Cryptography Rev of Modern Physics vol 74 pp [8] MagiQ Technologies Inc [9] Id Quantique S [1] H arnum C Crepeau D Gottesman Smith and Tapp uthentication of Quantum Messages Proceeding 43rd nnual I Symposium on the Foundations of Computer Science(FOCS pp I Press [11] D R Kuhn hybrid authentication protocol using quantum entanglement and symmetric cryptography quant-ph/ ] G Zeng G Guo Quantum authentication protocol quant-ph/146 [13] Y Zhang C Li and G Guo Quantum authentication using entangled state quant-ph/844 [14] T Hwang K-C Lee and C-M Li Provably Secure Three- Party uthenticated Quantum Key Distribution Protocols IJCT SPT-OCT 11 vailable online@wwwictacom 1594