The BB84 cryptologic protocol

Similar documents
Security Implications of Quantum Technologies

Quantum Cryptography

10 - February, 2010 Jordan Myronuk

LECTURE NOTES ON Quantum Cryptography

Quantum Cryptography. Marshall Roth March 9, 2007

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Quantum Cryptography and Security of Information Systems

Perfectly secure cipher system.

Secrecy and the Quantum

A probabilistic quantum key transfer protocol

Introduction to Quantum Key Distribution

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

arxiv:quant-ph/ v2 3 Oct 2000

Ping Pong Protocol & Auto-compensation

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

arxiv:quant-ph/ v2 17 Sep 2002

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Theory of Computation Chapter 12: Cryptography

quantum distribution of a sudoku key Sian K. Jones University of South Wales

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Network Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices

Quantum Gates, Circuits & Teleportation

9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance.

Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)

Single and Entangled photons. Edward Pei

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Lecture 1: Introduction to Public key cryptography

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Transmitting and Hiding Quantum Information

RIVF 2006 Tutorial. Prof. Patrick Bellot PhD. Dang Minh Dung. ENST (Paris) & IFI (Hanoi) RIVF 2006 Tutorial. "Quantum Communications"

and Other Fun Stuff James L. Massey

Lecture 2: Quantum bit commitment and authentication

Circuit Complexity. Circuit complexity is based on boolean circuits instead of Turing machines.

Cryptographical Security in the Quantum Random Oracle Model

Asymmetric Encryption

QUANTUM CRYPTOGRAPHY. BCS, Plymouth University, December 1, Professor Kurt Langfeld Centre for Mathematical Sciences, Plymouth University

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

Cryptography in a quantum world

arxiv:quant-ph/ v1 13 Jan 2003

Cryptography. P. Danziger. Transmit...Bob...

Discrete Mathematics GCD, LCM, RSA Algorithm

Great Theoretical Ideas in Computer Science

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski

Quantum walks public key cryptographic system (Extended Abstract)

Quantum Cryptography

Seminar Report On QUANTUM CRYPTOGRAPHY. Submitted by SANTHIMOL A. K. In the partial fulfillment of requirements in degree of

Math 412: Number Theory Lecture 13 Applications of

Problem Set: TT Quantum Information

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Quantum secret sharing based on quantum error-correcting codes

Introduction to Cryptography. Susan Hohenberger

Public Key Cryptography

Expand the Quantum Cipher-text Space by Using a Superposition Key

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Research, Development and Simulation of Quantum Cryptographic Protocols

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Quantum Cryptography : On the Security of the BB84 Key-Exchange Protocol

CRYPTOGRAPHY AND LARGE PRIMES *

John Preskill, Caltech Biedenharn Lecture 2 8 September The security of quantum cryptography

Quantum Wireless Sensor Networks

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

PERFECTLY secure key agreement has been studied recently

arxiv: v1 [quant-ph] 18 May 2018

Introduction to Quantum Cryptography

CPSC 467: Cryptography and Computer Security

MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY

Deep Random based Key Exchange protocol resisting unlimited MITM

Public-key Cryptography and elliptic curves

Other Topics in Quantum Information

Entanglement and Quantum Teleportation

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

arxiv:quant-ph/ v2 2 Jan 2007

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

C. QUANTUM INFORMATION 99

Quantum sampling of mixed states

An Introduction to Quantum Information and Applications

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Entanglement and information

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Key distillation from quantum channels using two-way communication protocols

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

My brief introduction to cryptography

Week 7 An Application to Cryptography

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Quantum Entanglement Assisted Key Distribution

Lecture 28: Public-key Cryptography. Public-key Cryptography

Quantum Information Processing and Diagrams of States

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Detection of Eavesdropping in Quantum Key Distribution using Bell s Theorem and Error Rate Calculations

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Transcription:

The cryptologic protocol of quantum key distribution Dimitri Petritis Institut de recherche mathématique de Rennes Université de Rennes 1 et CNRS (UMR 6625)

Vernam s ciphering Principles of coding and cryptography Message = m A (monoidal closure of finite alphabet A). Length of message m. Coding C : A A (or more generally B ). Decoding D : B A, with DomD = im C = C(DomC), such that D C DomC = 1. Vigenère s 1 coding: key k A with k = m ; c i = m i + k i mod A, i = 1,..., m ; m i = c i k i mod A, i = 1,..., m. A = {a,..., z} {0,..., 25}; m =hello, k =chile, c =jluws. For cryptography: D easy to compute, very difficult to guess. 1 Blaise de Vigenère (1523 1596): diplomat, cryptograph, translator, alchemist, and astrologue.

Vernam s ciphering (1917) Vernam s ciphering Vernam (1917) proposed US Patent 1310719. (k i ) i=1,..., m independent random variables uniformly distributed on A. Key used only once (one time pad). All keys equiprobable, hence all messages m corresponding to given ciphering c equiprobable. If we receive a ciphered message of length 39, all 26 39 = 1.53 10 55 words can be possible messages. Most of them have no meaning. But even if some have meaning, we don t know which is the correct one. m = overwheliminglyvictoriousovertheevilaxis and m = wewonthebattlebutwedefinitelylostthewar are potential source messages (equiprobable)!

Vernam s ciphering Shannon s theorem on cryptography Theorem (Shannon (1949)) m is large, k = m, and the key is used only once, imply a that Vernam s ciphering is ideal (inviolable for all practical purposes). a C Shannon, Communication theory of secrecy systems, Bell System Tech. J., 1949, 28, 656-715. BUT: How to communicate the key? Vernam s ciphering abandoned. Rivest, Shamir, Adleman (1978), or more generally discrete logarithm protocols used instead.

Is RSA secure? Principle of cryptography Vernam s ciphering If p, q large primes and N = pq then hard to factor N. Denote n = log N. Beginnings of RSA protocol (1978), τ = O(exp(n)). Lenstra-Lenstra (1997), τ = O(exp(n 1/3 (log n) 2/3 )). Shor (1994), if a quantum computer existed τ = O(n 3 ). Very rough estimation: 1 operation par nanosecond, n = 1000 O(exp(n)) O(exp(n 1/3 (log n) 2/3 )) O(n 3 ) 10 417 yr 2 0.2 yr 1 s 2 For comparison: age of the universe 1.5 10 10 yr

Principle of cryptography Theorem (Non-cloning) Let φ and ψ unit vectors of H such that φ ψ 0 and φ exp(iθ) ψ. Then, no physical procedure can duplicate them. Must show non-existence of unitary U : H 2 H 2 s.t. U φα = φφ, U ψα = ψψ, for α ancillary 3 pure state. Shall show n 0, U : H (n+2) H (n+2) s.t. U φα 0... α n = φφβ 1... β n and U ψα 0... α n = ψψγ 1... γ n, with α i, β i, and γ i pure states. 3 adj. from Latin ancillaris, from ancilla maidservant.

Proof of non-cloning theorem Proof. Suppose possible: φ ψ = φα 0... α n U Uψα 0... α n = n φ ψ 2 β i γ i. By hypothesis, φ ψ 0 φ ψ n i=1 β i γ i = 1. Cauchy-Schwarz: φ ψ φ ψ 1. But by hypothesis φ e iθ ψ φ ψ 1 φ ψ < 1. n i=1 β i γ i > 1. i=1 Impossible because i, β i γ i β i γ i 1.

Setup of Bennett-Brassard 1984 () protocol quantum channel Alicia Bernardo classical channel Classical channel: public and vulnerable but authenticated, e.g. internet with electronic signature. Quantum channel: vulnerable, e.g. optical fibre or light beam in free air, can be under complete control of an intruder. Use of qubits 4, i.e. pure states of C 2. 4 Experimental use of qudits, with d > 2, for this protocol are now being tested in Concepción.

: ressources Principle of cryptography Alicia and Bernardo agree publicly to use two onb of H = C 2. { ( ) ( )} B + = ɛ + 1 0 =, ɛ + 0 0 1 =, 1 { B = ɛ 0 = ɛ+ 0 + ɛ+ 1, ɛ 1 = ɛ+ 0 } ɛ+ 1. 2 2 First element of each basis associated with bit 0, second element with bit 1; integer n = (4 + δ)n, (N = length of key they wish to use in fine). Alicia possesses apparatus implementing operation T : {0, 1} 2 H. ɛ + 0 if (x, y) = (0, 0), ɛ + 1 if (x, y) = (1, 0), T (x, y) = ɛ (notice T (x, y) = 1). 0 if (x, y) = (0, 1), ɛ 1 if (x, y) = (1, 1);

Generation of the key (Alicia s side) AliciasKeyGeneration Require: UnifRandomGenerator({0, 1}), T, n Ensure: Strings a, b {0, 1} n and sequence ( ψ i ) i=1,...,n generate randomly a 1,..., a n a (a 1,..., a n ) {0, 1} n generate randomly b 1,..., b n b (b 1,..., b n ) {0, 1} n store a, b locally i 1 repeat ψ i T (a i, b i ) transmit ψ i to Bernardo via public quantum channel i i + 1 until i > n

Generation of the key (Bernardo s side) BernardosKeyGeneration Require: UnifRanGen({0, 1}), M = ɛ 1 ɛ 1, for {+, }, n, sequence ψ i, for i = 1,..., n, Ensure: Two strings of n bits a, b {0, 1} n Generate randomly b 1,..., b n b (b 1,..., b n ) {0, 1}n i 1 repeat if b i = 0 then ask whether M + takes value 1 in state ψ i else ask whether M takes value 1 in state ψ i end if if counter triggered then a i 1 else a i 0 end if i i + 1 until i > n a (a 1,..., a n) {0, 1} n transmit string b {0, 1} n to Alicia via public classical channel store locally a, b

Conciliation algorithm (at Alicia s side) Conciliation Require: Strings b, b {0, 1} Ensure: Sequence (k 1,..., k L ) (with L n) of positions of coinciding bits c b b i 1 k 1 repeat k min{j : k j n such that c j = 0} if k n then k i k i i + 1 end if until k > n L i 1 transmit 5 (k 1,..., k L ) to Bernardo via public classical channel 5 Notice that L := L n.

Proof of possibility of key distillation Theorem If no eavesdropping on quantum channel P ( (a k 1,..., a k L ) = (a k1,..., a kl ) ) = 1. Proof. a i b i ψ i b i ψ i M + ψ i a i b i ψ i M ψ i a i 0 0 ɛ + 0 0 0 0 1 1/2 0 or 1 1 0 ɛ + 1 0 1 1 1 1/2 0 or 1 0 1 ɛ 0 0 1/2 0 or 1 1 0 0 1 1 ɛ 1 0 1/2 0 or 1 1 1 1 If b i = b i then P(a i = a i ) = 1. Certainty on coincidences although a s never exchanged.

Reconciliation Principle of cryptography If no intrusion, Alicia and Bernardo can use a sampled at places of coincidence as key because (a k1,..., a kl ) = (a k 1,..., a k L ) a.s. Lemma If no intrusion, for large n, L n = O(n/2) = O(2N). Proof. Simple use law of large numbers.

Eavesdropping Principle of cryptography Encarnación (... del mal) a malevolent third party eavesdrops but cannot copy quantum states. Alicia Bernardo Encarnación Encarnación can use procedure similar to Alicia s and Bernardo s to produce sequence ψ i according to her own sequences (a i, b i ). Since b independent of b and b, b and b will coincide on O(n/4) positions instead of O(n/2).

Eavesdropping detection and reconciliation After Alicia and Bernardo have passed by previous steps, they share positions l = (k 1,..., k L ) where b and b coincide; they know that a, a if sampled according to l must coincide. Bernardo randomly extracts subsequence of l = (r 1,..., r L/2 ) (of size L/2) of l and samples his a sequence on this positions getting ã = (a r 1,..., a r L/2 ). He sends l and ã to Alicia. Alicia checks whether (a r1,..., a rl/2 ) = (a r 1,..., a r L/2 ). If yes, she announces so to Bernardo and they use the complementary sequence that has never been exchanged as key. Else, intrusion is detected.

Topics not touched up to now Need really random numbers. But can buy true RNG USB key. Classical channel authentication can be solved with better protocols than classical 6. Have supposed perfect transmission, but noise always present. Can be solved with quantum error correcting codes 7. Encarnación can be more subtle: get partial information from unsharp measurement 8. 6 See, eg. Kanamori et al., IEEE Globecom 2005 for a review. 7 See, eg. Gottesman, Proc. Symp. Appl. Math. 68, 13 58, AMS (2010)). 8 Next lecture.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback