Practical quantum-key. key- distribution post-processing

Similar documents
Universally composable and customizable post-processing for practical quantum key distribution

Quantum Key Distribution. The Starting Point

Security of Quantum Key Distribution with Imperfect Devices

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute

Asymptotic Analysis of a Three State Quantum Cryptographic Protocol

Quantum cryptography: from theory to practice

arxiv: v2 [quant-ph] 8 Feb 2013

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

A. Quantum Key Distribution

Security of Quantum Cryptography using Photons for Quantum Key Distribution. Karisa Daniels & Chris Marcellino Physics C191C

Introduction to Quantum Key Distribution

Realization of B92 QKD protocol using id3100 Clavis 2 system

Simulation of BB84 Quantum Key Distribution in depolarizing channel

Quantum Hacking. Feihu Xu Dept. of Electrical and Computer Engineering, University of Toronto

Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber

Quantum key distribution for the lazy and careless

Security of Quantum Key Distribution with Realistic Devices

Practical Quantum Key Distribution

arxiv:quant-ph/ v3 13 Mar 2007

FUNDAMENTAL AND PRACTICAL PROBLEMS. OF QKD SECURITY-THE ACTUAL AND THE arxiv: v4 [quant-ph] 4 Jun 2012 PERCEIVED SITUATION

arxiv: v3 [quant-ph] 14 Sep 2009

Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber

LECTURE NOTES ON Quantum Cryptography

Trustworthiness of detectors in quantum key distribution with untrusted detectors

SECURITY OF QUANTUM KEY DISTRIBUTION USING WEAK COHERENT STATES WITH NONRANDOM PHASES

Quantum key distribution with 2-bit quantum codes

Cryptography in a quantum world

arxiv:quant-ph/ v1 13 Mar 2007

Quantum Key Distribution

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

Security Issues Associated With Error Correction And Privacy Amplification In Quantum Key Distribution

arxiv: v7 [quant-ph] 20 Mar 2017

Quantum Correlations as Necessary Precondition for Secure Communication

A Security Real-time Privacy Amplification Scheme in QKD System

Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)

Tight finite-key analysis for quantum cryptography

Security of high speed quantum key distribution with finite detector dead time

C. QUANTUM INFORMATION 111

Quantum Cryptography and Security of Information Systems

Quantum Key Distribution

Xiongfeng Ma Center for Quantum Information

Squashing Models for Optical Measurements in Quantum Communication

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Security of quantum-key-distribution protocols using two-way classical communication or weak coherent pulses

arxiv: v1 [quant-ph] 30 Jan 2017

John Preskill, Caltech Biedenharn Lecture 2 8 September The security of quantum cryptography

arxiv:quant-ph/ v2 7 Nov 2001

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

arxiv:quant-ph/ v6 6 Mar 2007

Quantum Cryptography

arxiv:quant-ph/ v1 25 Dec 2006

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

FAKES STATES ATTACK USING DETECTOR EFFICIENCY MISMATCH ON SARG04, PHASE-TIME, DPSK, AND EKERT PROTOCOLS

arxiv:quant-ph/ v2 17 Sep 2002

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

Applications of Quantum Key Distribution (QKD)

arxiv:quant-ph/ v2 11 Jan 2006

arxiv: v1 [quant-ph] 18 May 2018

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Practical Quantum Coin Flipping

arxiv:quant-ph/ v2 11 Jan 2006

Quantum Cryptography: A Short Historical overview and Recent Developments

Realization of Finite-Size Continuous-Variable Quantum Key Distribution based on Einstein-Podolsky-Rosen Entangled Light

Quantum Information Transfer and Processing Miloslav Dušek

Quantum key distribution based on private states

Trojan-horse attacks on quantum-key-distribution systems

High rate quantum cryptography with untrusted relay: Theory and experiment

Two-Step Efficient Deterministic Secure Quantum Communication Using Three-Qubit W State

Efficient Quantum Key Distribution. Abstract

10 - February, 2010 Jordan Myronuk

C. QUANTUM INFORMATION 99

A Necessary Condition for the Security of Coherent- One-Way Quantum Key Distribution Protocol

Ping Pong Protocol & Auto-compensation

Problems of the CASCADE Protocol and Renyi Entropy Reduction in Classical and Quantum Key Generation

arxiv:quant-ph/ v1 6 Dec 2005

Teleportation of Quantum States (1993; Bennett, Brassard, Crepeau, Jozsa, Peres, Wootters)

Security of quantum key distribution with non-i.i.d. light sources

Entropy Accumulation in Device-independent Protocols

National Institute of Standards and Technology Gaithersburg, MD, USA

Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science Quantum Optical Communication

Secure Quantum Signatures Using Insecure Quantum Channels

Security and implementation of differential phase shift quantum key distribution systems

One-sided Device-Independent Quantum Key Distribution: Security, feasibility, and the connection with steering

Quantum Cryptography : On the Security of the BB84 Key-Exchange Protocol

arxiv: v1 [quant-ph] 6 Jun 2013

Attacks against a Simplified Experimentally Feasible Semiquantum Key Distribution Protocol

Multi-Partied Quantum Digital Signature Scheme Without Assumptions On Quantum Channel Security

Beating Quantum Hackers

TWO-LAYER QUANTUM KEY DISTRIBUTION

On Free Space Quantum Key Distribution and its Implementation with a Polarization-Entangled Parametric Down Conversion Source.

Experimental realization of quantum cryptography communication in free space

Introduction to Quantum Cryptography

Supplementary Material I. BEAMSPLITTER ATTACK The beamsplitter attack has been discussed [C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smol

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

Counterfactual Quantum Deterministic Key Distribution

arxiv: v2 [quant-ph] 14 May 2015

1 1D Schrödinger equation: Particle in an infinite box

Transcription:

Practical quantum-key key- distribution post-processing processing Xiongfeng Ma 马雄峰 IQC, University of Waterloo Chi-Hang Fred Fung, Jean-Christian Boileau, Hoi Fung Chau arxiv:0904.1994 Hoi-Kwong Lo, Norbert Lütkenhaus 1

Outline Introduction Finite key analysis Post-processing Conclusion 2

Introduction 3

A little bit history Prepare-and and-measure protocols BB84, six-state state Entanglement based protocols Ekert91, BBM92 Unconditional security proof Mayers (1996) Lo and Chau (1999) Shor and Preskill (2000) Security analysis for QKD with imperfect devices E.g. Mayers, Lütkenhaus,, ILM Koashi-Preskill Gottesman-Lo Lo-Lütkenhaus-Preskill (GLLP) 4

Basis independent setup BBM92 (Bennett,( Brassard & Mermin 1992) Eve One can assume Eve has a full control of the source. The basis choice is independent of the state in the channel. The source can be treated as a perfect single photon (qubit( qubit) or EPR source. M. Koashi and J. Preskill,, Phys. Rev. Lett.., 90, 057902, (2003). X. Ma, C.-H. F. Fung, and H.-K. Lo, PRA 76, 012307 (2007). 5

Objectives Link between security analyses and experiments Infinite-key analysis to finite-key analysis Post-processing From raw key to final key, step by step Parameter optimization Biased basis choice Security parameter vs. secure-key cost Towards a security analysis standard 6

Finite key analysis 7

Finite-key issues Initial key Authentication: man-in in-the-middle attack Other uses: encryption of classical communication in the post- processing Composability Generated key may be used for the next round of QKD Key growth rather than key distribution No perfect key in real-life life Identical: Alice and Bob share the same key Real-life: life: no perfect error correction code, i.e., any error correction code can only guarantee with a certain confidence interval Private: Eve knows nothing about the final key Real-life: life: Eve can just guess the bit values of the initial key with a successful probability, ε=2 -k 8

Composable security Confidence interval / Failure probability Confidence interval: the probability that the final key is identical ical and private, 1-ε The failure probability for n rounds: nε, n, linear dependence Exponentially decreasing with key cost k A rough guess: ε=2 -O(k) per round Smaller than a certain threshold determined by some practical use of the key, say 10-10 Remark: it does not mean Eve knows nε-bit n information about the final key Composable security definition Failure probability is smaller than the pre-determined threshold for all rounds of QKD system usages M. Ben-Or et al, in TCC (2005), 386. R. Renner and R. König,, in TCC (2005), 407. 9

To-do list Re-exam exam security proofs Underlying assumptions Formulas from asymptotic security analyses should be re- derived Note: all the security analyses are about privacy amplification Calculate failure probability and secure-key cost For each step: basis sift, error correction, authentication, error verification, and phase error rate estimation Efficiency of privacy amplification Parameter optimization Biased basis choice secure-key cost for each step 10

Post-processing 11

Underlying assumptions A single photon (qubit( qubit) ) source or a basis- independent source Coherent state (e.g., with decoy state) QKD: in progress A detection system: compatible with the squashing model Classical communication Random number generator and key management 12

Procedures I Key sift [neither authenticated nor encrypted] Discard all no-clicks and randomly assign double- clicks Other sift scheme might be applied, e.g., Ma, Moroder and Lütkenhaus, arxiv:0812.4301 (2008) Basis sift [authenticated but not encrypted] Use a 2k-bit secure key to generate a Toeplitz matrix Calculate the tag by multiply the matrix with her/his basis string Send each other the basis string with the tag Discard those bits that used different bases Other sift scheme might be applied, e.g., SARG 04 13

Procedures II Error correction [not authenticated but encrypted] Any error correction scheme can be applied here Count the number of bits in the classical communication Error verification [essentially an authentication problem] Alice sends an encrypted tag to Bob Bob verify the tag If failed, they can go back to error correction again 14

Procedures III Phase error rate estimation Prob.{phase error} = Prob.{bit error} Asymptotically, rates probabilities A simple random sampling problem 15

Procedure IV Privacy amplification [authenticated but not encrypted] Alice generates an n x +n z +l-1bit random bit string and sends it to Bob through an authenticated channel They use this random bit string to generate a Teoplitz matrix to do privacy amplification 16

Final key rate Key rate formula Finite-key effect Phase error rate estimation, which determines the biased basis choice k 3 : cost of authentication, error verification, efficiency of privacy amplification 17

Finite-key effects Error correction [fixed] Phase error rate estimation: The amount of privacy amplification Optimal basis bias Other parts Authentication Error verification Efficiency of privacy amplification 18

Quick results An extreme example Raw key size n=10 30 and ε=10 k 3 =947 bits and ε 3 <10-32 A typical example n=10 7, ε=10-7 ; k 3 =202 bits and ε 3 <10-9 Observation =10-30 Main effect comes from phase error estimation The efficiency of privacy amplification is close to 1 The costs of authentication and error verification are negligible in a normal (say, data size >10k) experiment 30 ; 19

Bias 1 0.95 0.9 0.85 0.8 0.75 0.7 0.65 e x =e z =4% ε=10-7 100% error correction efficiency 0.6 0.55 0.5 10 2 10 4 10 6 10 8 10 10 10 12 Raw key data size p x set by Alice q x obtained by Bob 20

0.7 0.6 Key rate per raw key 0.5 0.4 0.3 0.2 e x =e z =4% ε=10-7 100% error correction efficiency 0.1 Finite key Asymptotic key 0 10 2 10 4 10 6 10 8 10 10 10 12 Raw key data size 21

Conclusion A practical post-processing processing scheme with failure probability as the security definition Error verification: essentially an authentication scheme Phase error estimation: a strict bound Efficiency of privacy amplification: high Parameter optimization: main finite-key effect comes from phase error rate estimation 22

Further discussion Further improvement in the privacy amplification step: no classical communication needed? Efficiency: failure probability, secure-key cost Detector efficiency mismatch Squashing model Finite-key analysis for other protocols, such as decoy-state, COW and DPS Compare with other approaches, such as the one by Scarani and Renner 23

References X. Ma, C.-H. F. Fung, J.-C. Boileau, H. F. Chau, arxiv:0904.1994 H. Krawczyk, in Advances in Cryptology - CRYPTO'94 (Springer- Verlag, 1994), 893, 129-139. 139. N. Lütkenhaus, L Phys. Rev. A 59, 3301 (1999). M. Koashi and J. Preskill,, Phys. Rev. Lett.., 90, 057902, (2003). M. Ben-Or et al, in TCC (2005), 386. R. Renner and R. König, K in TCC (2005), 407. M. Hayashi, Phys. Rev. A 74, 022307 (2006). X. Ma, C.-H. F. Fung, and H.-K. Lo, PRA 76, 012307 (2007). V. Scarani and R. Renner, Phys. Rev. Lett.. 100, 200501 (2008). T. Tsurumaru and K. Tamaki, Phys. Rev. A 78, 032302 (2008). N. J. Beaudry,, T. Moroder,, and N. LütkenhausL tkenhaus,, Phys. Rev. Lett.. 101, 093601 (2008). 24

Thank you! Xiongfeng Ma, ICQFT 09 25

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback