Ping Pong Protocol & Auto-compensation

Similar documents
arxiv:quant-ph/ v1 13 Jan 2003

Problem Set: TT Quantum Information

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

An Introduction to Quantum Information. By Aditya Jain. Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata

Introduction to Quantum Key Distribution

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

LECTURE NOTES ON Quantum Cryptography

Quantum Cryptography. Marshall Roth March 9, 2007

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

10 - February, 2010 Jordan Myronuk

Security of Quantum Cryptography using Photons for Quantum Key Distribution. Karisa Daniels & Chris Marcellino Physics C191C

Transmitting and Hiding Quantum Information

Ground-Satellite QKD Through Free Space. Steven Taylor

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Quantum Cryptography and Security of Information Systems

arxiv:quant-ph/ v1 6 Dec 2005

Security and implementation of differential phase shift quantum key distribution systems

Quantum Communication. Serge Massar Université Libre de Bruxelles

Introduction to Quantum Cryptography

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Security Implications of Quantum Technologies

9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance.

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

1 1D Schrödinger equation: Particle in an infinite box

CS120, Quantum Cryptography, Fall 2016

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute

Quantum key distribution for the lazy and careless

1 1D Schrödinger equation: Particle in an infinite box

Quantum Information Transfer and Processing Miloslav Dušek

Quantum Cryptography

Entanglement and Quantum Teleportation

Security of Quantum Key Distribution with Imperfect Devices

Lecture: Quantum Information

Cyber Security in the Quantum Era

Quantum sampling of mixed states

Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science Quantum Optical Communication

C. QUANTUM INFORMATION 99

Quantum Teleportation Pt. 1

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)

Supplementary Material I. BEAMSPLITTER ATTACK The beamsplitter attack has been discussed [C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smol

EXPERIMENTAL DEMONSTRATION OF QUANTUM KEY

Experimental realization of quantum cryptography communication in free space

A probabilistic quantum key transfer protocol

quantum distribution of a sudoku key Sian K. Jones University of South Wales

Practical aspects of QKD security

Network Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices

Deterministic secure communications using two-mode squeezed states

arxiv: v7 [quant-ph] 20 Mar 2017

Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski

Quantum Key Distribution. The Starting Point

Single qubit + CNOT gates

arxiv: v3 [quant-ph] 6 Sep 2009

Attacks against a Simplified Experimentally Feasible Semiquantum Key Distribution Protocol

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Quantum Teleportation Pt. 3

C. QUANTUM INFORMATION 111

The Relativistic Quantum World

Quantum Secure Direct Communication with Authentication Expansion Using Single Photons

Quantum Cryptography

arxiv:quant-ph/ v2 2 Jan 2007

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

PERFECTLY secure key agreement has been studied recently

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY

Research, Development and Simulation of Quantum Cryptographic Protocols

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

SQL injection principle against BB84 protocol

Quantum Cryptography Bertrand Bonnefoy-Claudet Zachary Estrada

Quantum information and quantum computing

Cryptography in a quantum world

Two-Step Efficient Deterministic Secure Quantum Communication Using Three-Qubit W State

Entanglement and information

A semi-device-independent framework based on natural physical assumptions

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

EPR paradox, Bell inequality, etc.

Device-Independent Quantum Information Processing

Quantum Wireless Sensor Networks

Quantum Cryptography

Detection of Eavesdropping in Quantum Key Distribution using Bell s Theorem and Error Rate Calculations

Realization of B92 QKD protocol using id3100 Clavis 2 system

Quantum key distribution with 2-bit quantum codes

Implementation and Security Analysis of Practical Quantum Secure Direct Communication

Quantum cryptography -the final battle?

Number theory (Chapter 4)

Introduction to Quantum Information Hermann Kampermann

arxiv:quant-ph/ v2 17 Sep 2002

Error Reconciliation in QKD. Distribution

arxiv: v1 [quant-ph] 18 May 2018

The BB84 cryptologic protocol

Lecture 2: Quantum bit commitment and authentication

Efficient controlled quantum secure direct communication based on GHZ-like states

An Introduction to Quantum Information and Applications

Other Topics in Quantum Information

Quantum Hacking. Feihu Xu Dept. of Electrical and Computer Engineering, University of Toronto

Practical quantum-key. key- distribution post-processing

Seminar Report On QUANTUM CRYPTOGRAPHY. Submitted by SANTHIMOL A. K. In the partial fulfillment of requirements in degree of

Research Proposal for Secure Double slit experiment. Sandeep Cheema Security Analyst, Vichara Technologies. Abstract

Transcription:

Ping Pong Protocol & Auto-compensation Adam de la Zerda For QIP seminar Spring 2004 02.06.04

Outline Introduction to QKD protocols + motivation Ping-Pong protocol Security Analysis for Ping-Pong Protocol Vulnerabilities Encoding methods Auto compensation Auto compensation in Ping pong 2

QKD protocols motivation Alternative to public key cryptography. (i.e. RSA) QKD + Block ciphers. (i.e.: Use QKD to transmit key for DES, and have the rest of conversation classically encrypted in DES) 3

Introducing: Ping Pong protocol Uses: QKD Quantum Key Distribution Means: Quantum channel, Authenticated classic channel 4

Scheme Ping Pong Alice wants to send Bob bit: Xi = {0, 1} Bob creates EPR pair: 01 + 10 Ψ + = 2 Bob sends Alice the traveling qubit and keeps the home qubit Bob Traveling qubit - T> Alice >Home qubit H Ψ 0 = Ψ + = 01 HT + 2 10 HT 5

Scheme cont. Alice received qubit: T> and returns to Bob: ~ T = T σ z T,, X X i i = 0 = 1 Bob Alice Home qubit - H> Traveling qubit - T> 6

Scheme cont. Notice that after Alices transformation: Ψ 1 HT = Ψ 1σ + z HT Ψ + HT = Ψ HT,, X X i i = 0 = 1 7

Scheme cont. Bob receives and measures H> and T> in bell-states base. T ~ Bob Traveling qubit Alice Home qubit - H> 8

Scheme cont. Bob knows Xi! Bob s result: + Ψ X = 0 HT i Ψ X = 1 HT i 9

Eavesdropping Eve has nothing to do with T> on the way to Alice. Eve can learn NOTHING about Xi from T> on it s way back to Bob because: We KNOW + { Ψ Ψ } Ψ, 1 Tr Bob 2 { } ± ± Ψ Ψ = I By Passive attack, Eve knows NOTHING on Xi 10

Eavesdropping cont. But what about man in the middle attack? Eve can stall the traveling qubit, send Alice: + Ψ, Alice will give her: Ψ + or Ψ, that is, the classical bit. Eve will encode on the traveling qubit the same, so Bob wouldn t even notice! Eve Bob Home qubit - H> Alice Traveling qubit - T> Note: without Bob s help, Alice can t notice Eve s trick. 11

Eavesdropping cont. Let s define 2 modes for the protocol! 1. Control mode to detect eavesdropping. 2. Message mode to transmit messages/keys.? Are they in control mode or message?mode Eve Bob Alice Home qubit - H> Traveling qubit - T> 12

Eavesdropping cont. Control mode: Alice measures the qubit she received in 0>, 1> base. Contact Bob in classic channel to let him know she chose control mode. Bob measures his home qubit in 0>, 1> base. Alice and Bob compares their result. Eve is detected if the results coincide. 13

Conclusion Alice wants to send X = (X1 X2 Xn) to Bob. Bob creates a singlet, and send one of the qubits to Alice. Alice switches to Control mode with probability c Else, Alice encode her bit onto the traveling qubit and sends back to Bob. Bob receives the qubit from Alice, and measure his home qubit with the traveling qubit in Bell-states base. Bob now knows Xi. Return until all bits are delivered to Bob. 14

Conclusion cont. 15

Von-neumann Entropy Definition of Von-neumann entropy Where are the eigen values of ρ Bounds the maximum information can be gained from a state. Give examples: pure states, completely mixture states 16

security analysis Ping Pong 2 main parts In control mode: Eve detection probability. In message mode: Bound information available to Eve (given that she attacked on the way to Alice) The Attack: Bob sent 0 : Eˆ0, E = α 0, E 00 + β 1, E 01 Bob sent 1 : Eˆ1, E = γ 0, E 10 + δ 1, E 11 17

security analysis Ping Pong 1. Control mode For Eve, the state of the traveling qubit is complete mixture. Bob sends 0> and 1> with probability ½. Consider the case where Bob sends 0> Eve has an ancilla qubit E After Eve s attack: Ψ = Eˆ 0, E Alice measures the qubit in = α 0, E + { 0, 1 } 00 β 1, basis. E 01 Probability for Eve to get caught is: d = β 2 = 1 α 2 18

security analysis - cont. (if Bob sent 0> ) 2. Message Mode The new state after Eve s attack is: in basis: { 0, E, 1 E } 00, 01 2 * α α β ρ = Ψ Ψ = 2 * α β α Assuming Alice encodes a random bit (P0 = P1 = ½, in QKD schemes), the state after Alice s encoding operation: 2 1 1 = + = α 0 ρ ρ σˆ ˆ z ρ σ z 2 2 2 0 β 19

security analysis - cont. A non-tight bound on the information Eve can gain from the state is given by Von-Neumann entropy: We get: I max I max = S ρ ) = Tr{ ρ log ρ } ( 2 ( d) = d log2 d (1 d)log2 (1 d) 1 0 ½ 1 d Note: This is also the Shannon entropy of a binary channel 20

security analysis - cont. If Eve wants full information, she is detected with probability ½: d( I max = 1) = 1 2 Question: what is the probability for Eve s detection in BB84 if Eve wants full information too? 21

security analysis n bits attack s( c, d) = (1 Define c: The probability for control mode. r = 1 c : The probability for message mode. The probability for Eve not to get caught until the next message mode is: c) + After n independent identical attacks Eve maximally gains: bits of information. Eve survives with probability: I = ni max ( d) c(1 d)(1 c) + c 2 (1 d) 2 (1 c) +... = 1 c 1 c(1 d ) s n = s I I max ( d ) = 1 c 1 c(1 d ) I I max ( d ) 22

security analysis - cont. After n independent identical attacks Eve maximally gains: ( ) bits of information. Eve survives with probability: I = ni max d s = f (bits) bits 23

security analysis - discussion Discussion 2. What is missing in the Security Analysis? 3. Would it help to use secret sharing schemes? 4. Can we exploit line disturbance to have perfect eavesdropping? (non detectable eavesdropping) 24

Vulnerabilities - Overview Attacking without eavesdropping: Denial of service Vulnerabilities in lossy channel 25

Vulnerabilities DoS attack Eve can stop connection from Alice to Bob (Pong) and send Bob trash instead. The protocol won t detect Eve! Improved version of classical DoS Bob trash Eve Alice Question?: Can we overcome the vulnerability 26

Vulnerabilities DoS attack cont. Question: Can we overcome the vulnerability? YES! Define additional mode for the protocol in which: 1. Bob measures his qubits. (message mode) 2. Alice informs Bob to move to the new test mode. 3. Alice and Bob compares their bits. 4. If the results do not coincide, Eve is detected! Note: this is a variation of an extension to the protocol suggested in: quant-ph/0402052 - Cai, Qing-yu The ping-pong protocol can be attacked without eavesdropping 27

Various Optical Encodings Polarization encoding Phase encoding ϕ 28

Auto-compensation Sergienko et al., One-Way Entangled-Photon Autocompensating Quantum Cryptography, Quant-ph/0207167. Donald S. Bethune, William P. Risk, An Autocompensating Fiber-Optics Quantum Cryptography Systems Based on Polarization Splitting of Light IEEE journal of quantum electronics, vol. 36 no. 3 march 2000. A. V. Sergienko et al., Symmetric Autocompensating Quantum Key Distribution quant-ph / 0309050. 29

Auto-compensation motivation Various optical encodings for qubits: Polarization Qubit Time bin Qubit The quantum channel posses disturbances for both encodings. We cannot control the disturbances (i.e. a train has just passed near the optical fiber..) We do not want to calibrate our systems every time. 30

Process Polarization encoding: Faraday Mirror - Device that reflects light in a 90 degree rotation from the input light. (i.e. without regard to the polarization of the input light) Phase encoding: AT Attenuator PM Phase modulator L Laser D - Detector 31

Process phase encoding Bob sends Alice strong laser pulse. Alice attenuates it, selects a base and encode bit by phase shifting. Bob guesses Alice s base and measures the qubit. Note: Each PM is used once! 32

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback