Quantum Key Distribution. The Starting Point

Similar documents
Practical quantum-key. key- distribution post-processing

Security of Quantum Key Distribution with Imperfect Devices

High rate quantum cryptography with untrusted relay: Theory and experiment

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Quantum key distribution for the lazy and careless

Trustworthiness of detectors in quantum key distribution with untrusted detectors

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute

arxiv: v2 [quant-ph] 8 Feb 2013

Quantum Information Transfer and Processing Miloslav Dušek

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Security of Quantum Cryptography using Photons for Quantum Key Distribution. Karisa Daniels & Chris Marcellino Physics C191C

Practical aspects of QKD security

Ping Pong Protocol & Auto-compensation

Talk at 4th ETSI/IQC workshop on quantum-safe cryptography, September 19-21, 2016

Universally composable and customizable post-processing for practical quantum key distribution

Quantum cryptography: from theory to practice

Practical Quantum Key Distribution

Quantum Hacking. Feihu Xu Dept. of Electrical and Computer Engineering, University of Toronto

Realization of B92 QKD protocol using id3100 Clavis 2 system

Asymptotic Analysis of a Three State Quantum Cryptographic Protocol

Cryptography in a quantum world

Introduction to Quantum Key Distribution

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

APPLICATIONS. Quantum Communications

Entropy Accumulation in Device-independent Protocols

Quantum Technologies for Cryptography

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

Fundamental rate-loss tradeoff for optical quantum key distribution

Quantum key distribution with 2-bit quantum codes

An entangled LED driven quantum relay over 1km

A. Quantum Key Distribution

Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber

Trojan-horse attacks on quantum-key-distribution systems

arxiv:quant-ph/ v6 6 Mar 2007

Quantum Cryptography

Quantum key distribution based on private states

Applications of Quantum Key Distribution (QKD)

Quantum Key Distribution

FUNDAMENTAL AND PRACTICAL PROBLEMS. OF QKD SECURITY-THE ACTUAL AND THE arxiv: v4 [quant-ph] 4 Jun 2012 PERCEIVED SITUATION

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Unconditionally secure deviceindependent

Quantum Correlations as Necessary Precondition for Secure Communication

A semi-device-independent framework based on natural physical assumptions

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Device-independent quantum information. Valerio Scarani Centre for Quantum Technologies National University of Singapore

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Security of quantum-key-distribution protocols using two-way classical communication or weak coherent pulses

Summary. The prospect of a factoring. Consumer key generation. Future long range key. Commercial systems. Metro Networks. exchange. machine. Spin-off.

arxiv:quant-ph/ v1 25 Dec 2006

Untrusted quantum devices. Yaoyun Shi University of Michigan updated Feb. 1, 2014

arxiv: v7 [quant-ph] 20 Mar 2017

Squashing Models for Optical Measurements in Quantum Communication

Practical Quantum Coin Flipping

A Necessary Condition for the Security of Coherent- One-Way Quantum Key Distribution Protocol

Device-Independent Quantum Information Processing (DIQIP)

Device-Independent Quantum Information Processing

Perfectly secure cipher system.

Simulation of BB84 Quantum Key Distribution in depolarizing channel

Quantum Communication

Security Proofs for Quantum Key Distribution Protocols by Numerical Approaches

Quantum key distribution

TWO-LAYER QUANTUM KEY DISTRIBUTION

FAKES STATES ATTACK USING DETECTOR EFFICIENCY MISMATCH ON SARG04, PHASE-TIME, DPSK, AND EKERT PROTOCOLS

Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber

Standardization of Quantum Cryptography in China

arxiv:quant-ph/ v2 17 Sep 2002

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

LECTURE NOTES ON Quantum Cryptography

Quantum Wireless Sensor Networks

arxiv:quant-ph/ v2 7 Nov 2001

arxiv: v1 [quant-ph] 4 Mar 2009

Cyber Security in the Quantum Era

arxiv: v1 [quant-ph] 3 Jul 2018

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

A PRACTICAL TROJAN HORSE FOR BELL-INEQUALITY- BASED QUANTUM CRYPTOGRAPHY

QUANTUM key distribution (QKD) [1] is a provably secure

Cryptography and Security Final Exam

Security of Quantum Key Distribution with Realistic Devices

Chapter 5. Quantum Cryptography

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Universal Single Server Blind Quantum Computation Revisited

John Preskill, Caltech Biedenharn Lecture 2 8 September The security of quantum cryptography

Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)

Quantum threat...and quantum solutions

National Institute of Standards and Technology Gaithersburg, MD, USA

Quantum Key Distribution

Quantum Cryptography and Security of Information Systems

Deterministic secure communications using two-mode squeezed states

Quantum Communication. Serge Massar Université Libre de Bruxelles

Entanglement distillation between solid-state quantum network nodes

Optical Quantum Communication with Quantitative Advantage. Quantum Communication

arxiv: v3 [quant-ph] 25 Feb 2015

Secure Quantum Signatures Using Insecure Quantum Channels

Cryptographical Security in the Quantum Random Oracle Model

An Introduction to Quantum Information. By Aditya Jain. Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

QCRYPT Saturation Attack on Continuous-Variable Quantum Key Distribution System. Hao Qin*, Rupesh Kumar, and Romain Alléaume

arxiv:quant-ph/ v1 26 Mar 2001

Security of high speed quantum key distribution with finite detector dead time

Transcription:

Quantum Key Distribution Norbert Lütkenhaus The Starting Point Quantum Mechanics allows Quantum Key Distribution, which can create an unlimited amount of secret key using -a quantum channel -an authenticated classical channel without imposing limitations on an adversary s resources! Note: no secret key can be generated by -the use by an authenticated classical channel alone nor if one additionally provides -some finite amount of secret seed key (the latter being one method to generated an authenticated classical channel) 1

QKD Work lines 1984 1992 2003 2005 2009 Concepts (Qubit & co): Principle, security definition, secrecy capacity Optical Implementations & their security proofs QKD networks Application Issues: Side cannels Work line I: Concepts what exactly do we mean by secure key? Universal composable security definition [Renner, PhD thesis 2005] ρ ABE ρ AB ρ C 1 ² Under which conditions can we generate secret key 1) given many copies of ρ AB? Horodecki 3, Oppenheim (2005): Private states (secret key from bound entangled states) 2) given measurement results from many copies of ρ AB? Unknown! (Necessary condition: correlations must show entanglement signature!) Tools for security proofs: Quantum DeFinetti Theorem [Renner, PhD thesis 2005] Collective attack = coherent attack Exploration of new security scenarios: bounded storage model [Damgard, Fehr, Salvail, Schaffner, 2005] Assume limited quantum storage of adversary allows also other cryptographic primities such as bit commitment can be run on BB84 hardware 2

Quantum DeFinetti Theorem [Størmer 1969; Caves, Fuchs, Schack 2002] [Renner, PhD thesis 2005] [Renner, Nature, 2007] general state of N systems permutation symmetric state of N systems subset of n systems ρ (n) p(i) ρ i n Π( ρ i + Rest)Π Quantum DeFinetti theorem is at the heart of QM experiments: how and why can we assign density matrices to sources? Application also in entanglement verification (e.g. entanglement witnesses) [van Enk, NL, Kimble, Phys. Rev. A 75, 052318 (2007)] QKD (BB84 protocol) 0% Gap or no gap: are all quantum correlations useful? one-way bound 14,6% 12.8% 20% GAP? [Gottesman/Lo] [Chau] loss of quantum correlations 25% symmetric error rate limit for one-way communication: data should not be explainable ρ AB which is symmetrically extendible Alice Bob B ρ AB = ρ AB A B ρ AB Existence of symmetric extension marginal problem existence of ρ ABB two-way communication 1) no known first-round communication breaks symmetric extension in gap area [Myhr, Renes, Doherty, NL, PRA 79, 042329 (2009)] 2) Conjecture of simple criteria for two-qubit case [Myhr, NL, arxiv:0812.3667] 3

Workline II: Optical Schemes Experimental implementations: weak laser pulses Photon-pair sources Security proofs: finding the qubit in optical modes space! no single-photon sources required for unconditional security Improved optical schemes: decoy state QKD: Photon-pair schemes with untrusted source Strong-reference pulse schemes continuous variable QKD differential-phase-shift QKD key rate G scales as G η with transmittivity η same as with ideal single photon source Improved detectors: detector noise limits distance detector saturation limits key rate GHZ clock rates, distances more than 100 km up-conversion detectors (Stanford) superconducting detectors (NIST) self-referencing detectors Model Summary Reduction Measurement Source Quantum Channel Output Reality Laser Qubits Tagging Quantum Channel Qubits channel testing: decoy method [Hwang; Lo; Wang] Squashing Threshold Detector Output Optical Modes Optical Modes 4

Actual Measurement General Optical Input State ρ in (Large Space) B Squashing Model Full Measurement F M Classical Information [Beaudry, Moroder, NL, PRL 101, 093601 (2008)] Classical Post Processing Theoretically Equivalent Measurement Eve Squash Map Λ + Target Measurement F Q General Optical Input State ρ in (Large Space) Squash Λ Squashed State ρ out (Small Space) B' F Q Classical Post Processing Squashing map exists for BB84 measurements with threshold detectors and random double click assignment! Squashing has already been anticipated in Gottesman, Lo, NL, Preskill 2004. See also [Tsurumaru, Tamaki, Phys. Rev. A 78, 032302 (2008) ] Experiments 260 full experimental papers on record! list with key words soon available on my webpage 5

Paper list Toshiba/NIST/Los Alamos/ One way weak pulse QKD (phase encoding) Security well established: - weak pulse - decoy state - squashing model for detector These systems drive detector development! GHz clockrate (NIST) 1) Keep an eye on amplitudes in phase encoding! loss in the two arms might be different! 2) fast mode-lock lasers or amplitude modulated continuous signals don t work with the standard security proofs! 6

[Inoue, Waks, Yamamoto PRA 68 022317 (2003)] Differential Phase Shift QKD φ Elegant set-up adapted to optical networks φ no full security proof so far! long pulse train looks like ONE high-dimensional signal! Need to develop new tricks to break the problem down Work line III: Application Aspects Side channel: Optical protocols are unconditional secure BUT That does not mean that the optical implementation is secure (Same as in classical crypto: side channels, trojan horses ) Specific attacks: extra degrees of freedom in signal (residual from signal preparation) (Weinfurter) Detector Flashback (Kurtsiefer, Weinfurter) Mismatch of detection windows: faked state attack (Makarov) time shift attack (Lo et al) Countermeasures: -Theory: estimate damage, include in privacy amplification (GLLP) -Experiment: better engineering (optical isolators, precise timing) -Theory: use fundamentals of Quantum Mechanics: Device Independent Security Proofs Finite size effects: 100 received signals cannot be turned into secret key so how many are needed? Guess is 10 6, but it might be 10 10 depends on proof technique! 7

Security and Modelling Actual Experiment e.g. reality based actual devices translation into how we think devices work Quantum Optical Model e.g. mode based e.g. threshold detector model Security Model e.g. qubit based reduction to essentials tagging, squashing ρ ABE ρ AB ρ C 1 ² Security Proof entanglement distillation (Deutsch et al, Lo) information theoretic (Renner) Approaches to side channels security proof via idealized model for devices device independent security proof [Acín et al. PRL. 98, 230501 (2007)] improve model to approach implementation (e.g. efficiency mismatch, reflections in devices) security proof -gives good rate BUT - does not really apply Security of real QKD implementation include verifiable assumptions about devices security proof -applies BUT -does not tolerate sufficient loss 8

1) Trusted repeater networks (made up from point-to-point connections) 2) Full quantum networks ( Talk Jeff Kimble) Work line IV: networks Trusted repeater network: larger customer base Interdisciplinary effect: combination of quantum effects (point-to-point) and classical crypto protocols (secret sharing) network stability, stability against some corrupted nodes Point-to-Point Topology of trusted repeater network: optimum cell size about 20 km (cost optimization) new optimization direction for point-to-point links! (not only maximum distance) Make precise the leverage QKD has in addressing real needs! Solve key management problems, initialization etc Note: authentication key (Carter/Wegman) needs to be secure only for short time! Customer basis Intra-Institutional Networks Service Provider Network Network types Trusted repeater networks: (technologically easy) [Application: User=Operator] Connect trusted repeater stations by point-to-point QKD devices Alice Bob Realisations: DARPA Network 2002-2005 SECOQC Network 2004-2008 Combine Classical with Quantum Cryptography: independent pathes allow secure key as long as at least one path is not compromised Quantum repeater network: (technologically challenging) [Application: Service Provider] Overcomes loss problem allows routing EPR source EPR source Alice Memory Memory Effective Channel Memory Memory Bob Bell measurement Bell measurement (classical) 9

[Alleaume, Roeff, Diamanti, NL, quant-ph/0903.0839] Example: Linear Chain A R 1 R 2 R n-1 R n l l l l B L User demand: rate G QKD characteristics: secret key rate g(d) Cost: # sequential links # parallel links = 0.25 db/km l opt =17.5 km Summary QKD is neither purely engineering, nor is it just a theory toy by definition, security is a theoretical statement by definition, only implementation realizes QKD Ongoing interaction between: cryptographers who provide the goal, security definition, tools quantum theorists for security proofs and system analysis system experimentalists who devise practical schemes device experimentalists who build and optimize devices such as detectors QKD drives and is driven by broader Quantum Information Theory Quantum Definetti Theorem, Symmetric Extendibility of Quantum States, Channel Capacities 10

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback