Secrecy and the Quantum

Similar documents
Quantum Entanglement and Cryptography. Deepthi Gopal, Caltech

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Introduction to Quantum Key Distribution

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Quantum Cryptography

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

10 - February, 2010 Jordan Myronuk

Cryptography in a quantum world

Security Implications of Quantum Technologies

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Introduction to Quantum Cryptography

Quantum Cryptography

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

EPR paradox, Bell inequality, etc.

LECTURE NOTES ON Quantum Cryptography

Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

Quantum Cryptography and Security of Information Systems

quantum distribution of a sudoku key Sian K. Jones University of South Wales

Entanglement and information

Entanglement and Quantum Teleportation

The BB84 cryptologic protocol

Lecture 28: Public-key Cryptography. Public-key Cryptography

Chapter 2. A Look Back. 2.1 Substitution ciphers

The Relativistic Quantum World

Quantum Cryptography. Marshall Roth March 9, 2007

Quantum Information Transfer and Processing Miloslav Dušek

Lecture Notes. Advanced Discrete Structures COT S

Research Proposal for Secure Double slit experiment. Sandeep Cheema Security Analyst, Vichara Technologies. Abstract

Quantum Cryptography

Ping Pong Protocol & Auto-compensation

Public Key Cryptography

Other Topics in Quantum Information

1 1D Schrödinger equation: Particle in an infinite box

PERFECTLY secure key agreement has been studied recently

Quantum key distribution for the lazy and careless

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Network Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices

Seminar Report On QUANTUM CRYPTOGRAPHY. Submitted by SANTHIMOL A. K. In the partial fulfillment of requirements in degree of

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Odd Things about Quantum Mechanics: Abandoning Determinism In Newtonian physics, Maxwell theory, Einstein's special or general relativity, if an initi

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

A probabilistic quantum key transfer protocol

Single and Entangled photons. Edward Pei

A Piggybank Protocol for Quantum Cryptography

Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science Quantum Optical Communication

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

CS120, Quantum Cryptography, Fall 2016

Problem Set: TT Quantum Information

Detection of Eavesdropping in Quantum Key Distribution using Bell s Theorem and Error Rate Calculations

Quantum sampling of mixed states

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

Gilles Brassard. Université de Montréal

Cryptography. P. Danziger. Transmit...Bob...

C. QUANTUM INFORMATION 99

1 1D Schrödinger equation: Particle in an infinite box

Lecture 2: Quantum bit commitment and authentication

Quantum cryptography -the final battle?

Quantum Teleportation Pt. 3

An Introduction to Quantum Information. By Aditya Jain. Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata

An Introduction to Quantum Information and Applications

and Other Fun Stuff James L. Massey

Perfectly secure cipher system.

Public-key Cryptography and elliptic curves

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Secrets of Quantum Information Science

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Classical Cryptography

Topics. Probability Theory. Perfect Secrecy. Information Theory

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

Cryptography 2017 Lecture 2

Quantum Information Processing

10. Physics from Quantum Information. I. The Clifton-Bub-Halvorson (CBH) Theorem.

Quantum Cryptography Bertrand Bonnefoy-Claudet Zachary Estrada

Cyber Security in the Quantum Era

Historical cryptography. cryptography encryption main applications: military and diplomacy

A review on quantum teleportation based on: Teleporting an unknown quantum state via dual classical and Einstein- Podolsky-Rosen channels

Example: sending one bit of information across noisy channel. Effects of the noise: flip the bit with probability p.

CPSC 467b: Cryptography and Computer Security

Great Theoretical Ideas in Computer Science

Research Article Novel Quantum Encryption Algorithm Based on Multiqubit Quantum Shift Register and Hill Cipher

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

Device-Independent Quantum Information Processing (DIQIP)

Ground-Satellite QKD Through Free Space. Steven Taylor

Realization of B92 QKD protocol using id3100 Clavis 2 system

Lecture Notes, Week 6

Introduction to Quantum Computing for Folks

Public-Key Cryptosystems CHAPTER 4

Quantum Cryptography

Lecture 2: Perfect Secrecy and its Limitations

C. QUANTUM INFORMATION 111

The Three Upcoming Revolutions in Physics and Astronomy that will Affect Everyone. Quantum Information Nov. 12, 2002

Transcription:

Secrecy and the Quantum Benjamin Schumacher Department of Physics Kenyon College Bright Horizons 35 (July, 2018)

Keeping secrets

Communication Alice sound waves, photons, electrical signals, paper and ink, etc. Bob Rolf Landauer: Information is physical!

The problem of privacy Alice Eve Bob

The science of secrets Cryptography: How to protect secret information Alice encrypts the message encrypted message Bob decrypts the message Alice Bob Eve Cryptanalysis: How to uncover the secrets of others

The key Alice and Bob share secret key information that Eve does not know. plaintext M K C K ciphertext C ciphertext C=M+K Alice Eve Bob plaintext M=C-K Without K, Eve cannot use C to figure out M.

The code wheel A D B G F E C H I J O K M L P Q R S T V U W Z X Y N A D B G F E C H I J O K M L P Q R S T V U W Z X Y N Key is a single letter: K = "W" Rotate inner wheel so align A with W Encryption: Outer letters to inner ones DEAR BOB becomes ZAWN XKX (This cipher is not hard for Eve to "break")

Use a secret to keep a secret For Alice to send a secret message to Bob, they must already share a secret key. Nevertheless, K?? The key can be prearranged. It does not matter where the key comes from (A B, B A, third party, etc.). Key has no meaning can be random. They can reuse the key. However...

How to measure information Claude Shannon (1948): The amount of information in a message depends on the number of possible messages. I = How many yes/no questions are needed to guess the message? = How many bits (0/1) are needed to write message in a binary code? yes, no, no, yes, yes,... 1 0 0 1 1... Using n bits, we can represent 2 n possible messages.

Redundancy The alphabet contains 26 letters, so each letter represents about 5 bits (2 5 = 32). Shannon found that you could guess ordinary English text using only ~2 yes/no questions per letter (in the long run). some letters are more likely some letter combinations are more likely overall message usually "makes sense" *** **** ** **** **** *** ******* a*l *h*t *s *o*d d*e* n*t *l*t*e* all that is gold does not glitter

Known and unknown Information I I(K) 2 bits / letter 5 bits / letter I(C) I(K)+I(M) Eve does not know: the key: I(K) bits M has L letters the plaintext: I(M) 2 L bits Eve does know: the ciphertext: I(C) 5 L bits Length L Given a long enough message, Eve has enough information to figure out both M and K at least in principle!

Examples: Cryptograms and Enigma Simple substitution cipher ("newspaper-type" puzzle) K = scrambling rule for the alphabet I(K) = 88 bits! Eve should be able to "break" such a cipher for messages longer than ~30 letters German Enigma system 3 (of 6) continually shifting rotors "plugboard" yields more possible keys I(K) = 87 bits! NB: The computation required to "break" Enigma is much harder (but still possible)

One-time pad Keep introducing new key information. Never re-use it! Eve's information never catches up! I(K)+I(M) World War II: Shannon uses these ideas to prove the SIGSALY system is secure. I L I(C) Cold War: USSR mistakenly re-uses keys for their "one-time" pad system. US spots this and is able to decrypt some messages (Venona project).

One-time pad Keep introducing new key information. Never re-use it! Eve's information never catches up! I World War II: Shannon uses these ideas to prove the SIGSALY system is secure. How do Alice and Bob distribute new keys? (Note that Eve wins if she knows I(C) a key that Cold Alice War: and USSR mistakenly re-uses Bob believe is secret.) keys for their "one-time" pad system. US spots this and is able to decrypt L some messages (Venona project). I(K)+I(M)

Public-key cryptography plaintext M Use separate encryption and decryption keys. K C K* ciphertext C ciphertext C=e(M,K) Alice Eve Bob plaintext M=d(C,K*) Eve may know K ("public key") but not K*.

Public-key cryptography Encryption key K Decryption key K* Generating K* is easy Computing K* K is easy Computing K K* is hard! How it works: Bob generates K*, K. Bob announces K to Alice (and Eve!) Alice can use K, but Eve can't find K* logically equivalent? Popular choice: Factoring P, Q PQ (easy) PQ P, Q (hard) But using a quantum computer, factoring is relatively easy!

The quantum veil

Wave-particle duality Light propagates in a wave-like way but interacts in a particle-like way. The same is true for electrons, etc. Wave frequency and wavelength determine particle energy and momentum! = h$ % Wave intensity determines particle probability. P = Ψ '

Weak light: One photon at a time! Two slits, photon by photon

Which slit? Introduce devices that can record which slit the photon passes. No interference effect is observed! Quantum interference can only occur when the system is informationally isolated. No physical record formed!

Spins and qubits Z X A spin is a qubit. Spin is the internal angular momentum of a quantum particle (e.g., an electron). We can measure the spin along any axis (X, Z,...). The result is always either +1 or -1 (in units of ħ/2). Spin states: etc. Qubits have all of the usual features of quantum systems: superposition, uncertainty, entanglement.

Quantum cryptography Big news: Charles Bennett and Gilles Brassard win the 2018 Wolf Prize in Physics! One reason: In 1984, Bennett and Brassard showed how to use quantum physics to solve the key distribution problem!

Key distribution problem How can Alice and Bob create a secret key that they know Eve cannot know? K K BB idea: Alice and Bob can exchange quantum particles and public messages.

BB84 Alice sends: Bob measures: Z Z X Z X X Z Z Bob s results: Bob announces which measurements he made (but not the results). Alice announces which of those choices were "correct". At the end: Common random bits that can be used as a key!

What about Eve? quantum stuff Alice and Bob's public conversation tells Eve nothing about the values of their key bits. If Eve makes her own measurements of the qubits, she will disturb their quantum states. Alice and Bob can check for this by "sacrificing" a few of their key bits for comparison.

"Cloning" qubits? quantum stuff Sneaky scheme: Eve makes her own copies ("clones") of the qubits. She measures them later, after Bob has announced his measurements. Quantum no-cloning theorem: It is impossible to duplicate the quantum state of a particle! "Quantum information" cannot be copied! Artur Ekert (1991): Alice and Bob can do quantum key distribution by sharing entangled qubits.

Quantum entanglement A pair of quantum systems can be in an entangled state. Neither system by itself has a definite state. + - Example: Total spin zero (TSZ) state M 1 TSZ 1 2 M 2 + - If we measure particles 1 and 2 along the same axis, we always obtain opposite results. If we measure them along different axes, we see correlations. Einstein: "Spooky action at a distance"!

Commonsense view of correlations: 1. Each particle's behavior is the result of a hidden "program". 2. The particle programs may be created together but function separately. Bell's theorem John Bell (1964): This sensible idea cannot be true for entangled quantum systems!

A strange relationship Two quantum particles can have a relationship that has no "classical" analogue. "Pseudotelepathy" It is tricky to say exactly how the particles do what they do, but... We cannot use entanglement to send messages faster than light. Ekert: Use entanglement for key distribution. Any Eve measurements destroy the entanglement in a detectable way. No-signaling principle

Noise or Eve? Alice prepares quantum systems (entangled qubits, etc.) Bob observes the quantum systems he receives. Alice and Bob must assume that all noise is due to Eve but noise is inevitable!

Distilling entanglement Suppose Alice and Bob share many qubit pairs with "noisy" entanglement. They may perform local quantum operations and exchange classical messages. Alice and Bob end up with fewer pairs having "pure" entanglement.

Distilling entanglement Key distribution can be absolutely secure if and only if entanglement distillation is possible! Suppose Alice and Bob share many qubit pairs with "noisy" entanglement. They may perform local quantum operations and exchange classical messages. Alice and Bob end up with fewer pairs having "pure" entanglement.

Monogamy of entanglement

The Newlywed Game Alice and Bob have a relationship. Interview them separately. Possible questions: X? = Do you like to dance? X? Y? yes/no yes/no X? Y? Y? = Do you like to eat oysters? Individual answers are not predictable, but Alice and Bob give correlated answers. Our variant: Each Alice/Bob pair is asked only once. Questions may be different!

A curious relationship P(agree) X? Y? Are Alice and Bob cheating the game? Maybe. But we can never catch them at it or prove that they are! X? Y? 100% 0% 0% 0% No-signaling principle: The choice of Alice question has no observable effect on Bob's answer (and vice versa).

A question of monogamy Alice Bob Could Alice have exactly the same relationship with someone else (Bill)? No! A X? Y? B X? Y? 100% 0% 0% 0% Bill Suppose we ask Bob X? and Bill Y? If we ask Alice X? then Bob and Bill's answers must disagree. If we ask Alice Y? then Bob and Bill's answers must agree.

A question of monogamy Alice Bob Could Alice have exactly the same relationship with someone else (Bill)? No! A X? Y? B X? Y? 100% 0% 0% 0% No-signaling Bill principle The Alice-Bob Suppose we ask Bob X? and Bill Y? relationship is monogamous If we ask Alice X? then Bob and Bill's answers must disagree. If we ask Alice Y? then Bob and Bill's answers must agree.

Noisy monogamy The Alice-Bob relationship remains monogamous even if the probabilities are not quite 100% and 0%. P(agree) X? X? Y? 85% 15% This can be achieved using an entangled pair of qubits. Y? 15% 15% Quantum entanglement is monogamous! + - X/Y TSZ 1 2 X/Y + -

Keeping Eve out of it If Alice and Bob can share pairs of particles with "pure" entanglement, Eve is automatically excluded! Alice and Bob can use their exclusive statistical relationship to generate a secure cryptographic key.

Are you paranoid enough? Alice and Bob bought their quantum key distribution system from a vendor. It's a "black box" with buttons and lights. But maybe the vendor is really Eve! Maybe the system does not really function exactly as advertised!

Black box security It doesn't matter. Alice and Bob can still guarantee the secrecy of their key! Our proof of monogamy (and thus privacy) only depends on: no-signaling principle observable correlations If Alice and Bob observe the right kinds of correlations in their system, they can use it to obtain a key that is provably secret from Eve even if quantum mechanics is actually wrong.

Privacy and the quantum Privacy is an essential part of the quantum world. We only observe interference if the system is informationally isolated. We cannot faithfully copy quantum information. We can use quantum physics to distribute a secret key. The relationship between entangled particles is monogamous. The monogamy of quantum entanglement does not depend on the truth of quantum mechanics itself only the no-signaling principle!

What we're doing now General operational theories "Boxworld" systems are "boxes" with inputs and outputs that obey the no-signaling principle Such theories can have entanglement, monogamy, no-cloning theorem, key distribution protocols, etc. What features are shared? How is quantum theory special? a c b d NSP: The value of a does not affect the probabilities of d, etc.

Finis

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback