Quantum Cryptography

1
Quantum Cryptography

• Cryptography
• Quantum Key Distribution

2
Main Point

• Cryptography
• Quantum Key Distribution
• BB84
• continuous
• Security
• Attack model
• Information

3
Introduction

• What is Cryptography?
• Cryptography is the art of rendering a message
  unintelligible to any unauthorized party
• dkssudgktpdy
• ?????(Korean)
• It is part of the broader field of cryptology,
  which also includes cryptoanalysis, the art of
  code breaking

4
Introduction

• Why do we need cryptography?
• Suppose Mark want to send a secret message to his
  girl friend over an insecure channel!

I could know what you said!
5
Cryptography

• Key Whats key?
• Encryption combine a message with some
  additional information - known as the key and
  produce a cryptogram.
• Decryption combine a cryptogram with some
  additional information - known as the key and
  produce a message.

6
Cryptography

• Asymmetrical(public-key) cryptosystem
• Symmetrical(secret-key) cryptosystem

7
Cryptography

• Asymmetrical(public-key) cryptosystem
• ElGamal Cryptosystem
• Elliptic curve Cryptosystem
• The Merkle-Hellman Knapsack Cryptosystem
• RSA(Ronald Rivest, Adi Shamir,Leonard Adleman)
• etc..

8
Cryptography

• RSA(Ronald Rivest, Adi Shamir,Leonard Adleman)
• If Bob wants to be able to receive messages
  encrypted with a public key cryptosystem, he must
  first choose a "private" key, which he keeps
  secret. Then, he computes from this private key a
  "public" key, which he discloses to any
  interested party. Alice uses this public key to
  encrypt her message. She transmits the encrypted
  message to Bob, who decrypts it with the private
  key

9
Cryptography

• RSA(Ronald Rivest, Adi Shamir,Leonard Adleman)
• Big Prime number factorization is so difficult
  problem
• Public-key cryptosystems are convenient and they
  have thus become very popular over the last 20
  years
• What is problem?
• Not proven security
• Shors algorithm

10
Cryptography

• Symmetrical(secret-key) cryptosystem
• Block type
• DES
• AES
• etc..
• Stream type
• LFSR
• One-time pad
• etc..

11
Cryptography

• One-time pad
• first proposed by Gilbert Vernam in 1926
• This cryptosystem is thus provably secure in the
  sense of information theory (Shannon 1949)
• Actually, this is today the only provably secure
  cryptosystem
• What is problem?
• Difficult to implementation

12
Cryptography

• One-time pad

Difficult to implementation
00101000..

Secret channel
01000101..
01000101..


01101101..
01101101..
Classical channel

00101000..
13
Quantum Key Distribution

• sending a secret key by using the laws of
  physics to warrant the complete security of the
  transmission
• Discrete variable
• BB84
• B92
• Etc..
• Continuous variable
• Squeezed state
• Gaussian distribution

• Quantum Physics
• Principle of Complementary
• Heisenberg Uncertainty Principle
• Correspondence Principle
• etc..

14
Quantum Key Distribution
15
Quantum Key Distribution

• BB84
• proposed by Charles H. Bennett and Gilles
  Brassard in 1984
• Two state( 0gt, 1gt), but four bases(0,Vgt,
  1,Hgt, 0,Lgt, 1,Rgt)
• Bases with such a property are called conjugate
  gt Unpredictable

16
Quantum Key Distribution

• BB84(Protocol)
• Alice sends random bits (0 or 1) encoded in two
  2 different basis
• Bob randomly chooses either the or the
  basis and records the transmitted and reflected
  photons
• Bob announces openly his choice of basis (but not
  the result!) and Alice answers ok or no. Bits
  with different basis are discarded
• The remaining bits give the secret key

17
Quantum Key Distribution

• BB84(without Eve, no noise)

18
Quantum Key Distribution

• Attack model
• Intercept-resend model (opaque eavesdropping)
• Error rate
• Coherent or joint
• Optimal individual
• Collective

19
Quantum Key Distribution

• BB84(with Eve, no noise)

20
Quantum Key Distribution

• BB84(with Eve, no noise)
• Raw key extraction
• Over the public channel, Bob communicates to
  Alice which quantum alphabet he used for each of
  his measurements
• Alice and Bob then delete all bits for which they
  used incompatible quantum alphabets to produce
  their resulting raw keys
• Error estimation
• Over the public channel, Alice and Bob compare
  small portions of their raw keys to estimate the
  error-rate R, and then delete the disclosed bits
  from their raw keys to produce their tentative
  final keys

21
Quantum Key Distribution

• BB84(with Eve, no noise)
• If one guesses correctly, then Alices
  transmitted bit is received with probability 1.
  On the other hand, if one guesses incorrectly,
  then Alices transmitted bit is received
  correctly with probability 1/2 . Thus in general,
  the probability of correctly receiving Alices
  transmitted bit is

22
Quantum Key Distribution

• BB84(with Eve, no noise)
• If there is no intrusion, then Alices and Bobs
  raw keys will be in total agreement. However, if
  Eve has been at work, then corresponding bits of
  Alices and Bobs raw keys will not agree with
  probability

23
Quantum Key Distribution

• BB84(with Eve, with noise)
• We must assume that Bobs raw key is noisy
• Since Bob can not distinguish between errors
  caused by noise and by those caused by Eves
  intrusion, the only practical working assumption
  he can adopt is that all errors are caused by
  Eves eavesdropping
• Under this working assumption, Eve is always
  assumed to have some information about bits
  transmitted from Alice to Bob. Thus, raw key is
  always only partially secret

24
Quantum Key Distribution

• BB84(with Eve, with noise)
• Over the public channel, Alice and Bob compare
  small portions of their raw keys to estimate the
  error-rate R, and then delete the disclosed bits
  from their raw key to produce their tentative
  final keys. If R exceeds a certain threshold
  , then privacy amplification is not possible If
  so, Alice and Bob return to stage 1 to start
  over. On the other hand, if , then
  Alice and Bob proceed to Reconciliation

25
Quantum Key Distribution

• Reconciliation Key
• Alice and Bob publically agree upon a random
  permutation, and apply it to what remains of
  their respective raw keys
• Alice and Bob partition the remnant raw key into
  blocks of length L
• For each of these blocks, Alice and Bob
  publically compare overall parity checks, making
  sure each time to discard the last bit of each
  compared block

26
Quantum Key Distribution

• Privacy amplification
• Alice and Bob compute from the error-rate R an
  upper bound k of the number of bits of reconciled
  key known by Eve
• Alice and Bob publically select n-k-s random
  subsets of reconciled key, without revealing
  their contents. The undisclosed parities of these
  subsets become the final secret key

27
Quantum Key Distribution

• BB84(with noise)

28
Quantum Key Distribution

• Security by Information theory
• I. Csiszar, and J. Korner, IEEE Trans. Inf.
  Theory, 24, 330 (1978)
• Alice and Bob can establish a secret key (using
  error correction and privacy amplification) if
  and only if

29
Quantum Key Distribution

• Security by Information theory
• Shannons formula

30
Quantum Key Distribution

• Security by Information theory
• A Generic Security Proof for Quantum Key
  Distribution by M. Christandl et al,
  quant-ph/0402131
• Shannons formula
• Von Neumanns formula (Quantum information)
• Key Rate R

31
Quantum Key Distribution

• Where is quantum?
• Measurement
• every measurement perturbs a system
• No-cloning theorem
• It is impossible to copy an arbitrary quantum
  state chosen among a set of non-orthogonal states

32
Quantum Key Distribution

• Experiment
• Experimental Quantum Cryptography (C.Bennett et
  al, J.Cryptology 5, 3-28, 1992)
• etc..
• What is problem?
• Photon Generation
• Reliable?

33
Quantum Key Distribution

• Essential feature quantum channel with
  non-commuting quantum observables
• not restricted to single photon polarization!
• New QKD protocol where
• The non-commuting observables are the quadrature
  operators X and P
• i.e. continuous variable

34
Quantum Key Distribution

• Quantum cryptography with Squeezed states(Mark
  Hillery, PRA, 61, 022309)
• Quantum distribution of Gaussian keys using
  squeezed states(N.J.Cerf et al, PRA, 63, 052311)
• The non-commuting observables are the quadrature
  operators X and P

35
Quantum Key Distribution

• Using Squeezed state
• The non-commuting observables are the quadrature
  operators X and P
• Reconciliation(sliced)
• Privacy Amplification

36
Quantum Key Distribution

• Continuous Variable Quantum Cryptography Using
  Coherent States(F. Grosshans et al, PRL 88,
  057902(2002))
• The non-commuting observables are the quadrature
  operators X and P
• The transmitted light contains weak coherent
  pulses(about 100 photons) with a gaussian
  modulation of amplitude and phase
• The detection is made using shot-noise limited
  homodyne detection

37
Quantum Key Distribution

• Using Coherent state
• The non-commuting observables are the quadrature
  operators X and P
• Reconciliation(sliced)
• Privacy Amplification

38
Quantum Key Distribution

• Attack model(Continuous variable)
• Intercept-resend model (opaque eavesdropping)
• Error rate
• Coherent
• Individual Optimal
• Collective

39
Quantum Key Distribution

• Security by Information theory
• Shannon, von Neumann

40
Quantum Key Distribution

• Security by Information theory
• Gaussian distribution

41
Quantum Key Distribution

• Security by Information theory
• Gaussian state
• Information

42
Conclusion

• One-time pad(QKD)
• Where is quantum?
• Measurement(Discrete, Continuous)
• every measurement perturbs a system
• No-cloning theorem(Discrete, Continuous)
• It is impossible to copy an arbitrary quantum
  state chosen among a set of non-orthogonal states
• Quantum Information theory for Security

43
Acknowledgement

• Many Thanks..(M.S. Kim, Jingak Jang, Wonmin Son..)

44
Reference

• Quantum cryptography, N.Gisin et al,
  quant-ph/0101098