1 / 44

Quantum Cryptography

Quantum Cryptography. Cryptography Quantum Key Distribution. Main Point. Cryptography Quantum Key Distribution BB84 continuous Security Attack model Information. Introduction. What is Cryptography? Cryptography is the art of rendering a message unintelligible to any unauthorized party

lenci
Download Presentation

Quantum Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quantum Cryptography Cryptography Quantum Key Distribution

  2. Main Point • Cryptography • Quantum Key Distribution • BB84 • continuous • Security • Attack model • Information

  3. Introduction • What is Cryptography? • Cryptography is the art of rendering a message unintelligible to any unauthorized party • dkssudgktpdy • 안녕하세요(Korean) • It is part of the broader field of cryptology, which also includes cryptoanalysis, the art of code breaking

  4. secure Insecure Introduction • Why do we need cryptography? • Suppose Mark want to send a secret message to his girl friend over an insecure channel! I could know what you said!

  5. Cryptography • Key : What’s key? • Encryption : combine a message with some additional information - known as the “key”– and produce a cryptogram. • Decryption : combine a cryptogram with some additional information - known as the “key”– and produce a message.

  6. Cryptography • Asymmetrical(public-key) cryptosystem • Symmetrical(secret-key) cryptosystem

  7. Cryptography • Asymmetrical(public-key) cryptosystem • ElGamal Cryptosystem • Elliptic curve Cryptosystem • The Merkle-Hellman Knapsack Cryptosystem • RSA(Ronald Rivest, Adi Shamir,Leonard Adleman) • etc..

  8. Cryptography • RSA(Ronald Rivest, Adi Shamir,Leonard Adleman) • If Bob wants to be able to receive messages encrypted with a public key cryptosystem, he must first choose a "private" key, which he keeps secret. Then, he computes from this private key a "public" key, which he discloses to any interested party. Alice uses this public key to encrypt her message. She transmits the encrypted message to Bob, who decrypts it with the private key

  9. Cryptography • RSA(Ronald Rivest, Adi Shamir,Leonard Adleman) • Big Prime number factorization is so difficult problem • Public-key cryptosystems are convenient and they have thus become very popular over the last 20 years • What is problem? • Not proven security • Shor’s algorithm

  10. Cryptography • Symmetrical(secret-key) cryptosystem • Block type • DES • AES • etc.. • Stream type • LFSR • One-time pad • etc..

  11. Cryptography • One-time pad • first proposed by Gilbert Vernam in 1926 • This cryptosystem is thus provably secure in the sense of information theory (Shannon 1949) • Actually, this is today the only provably secure cryptosystem • What is problem? • Difficult to implementation

  12. Cryptography • One-time pad Difficult to implementation 00101000.. + Secret channel 01000101.. 01000101.. = + 01101101.. 01101101.. Classical channel = 00101000..

  13. Quantum Key Distribution • sending a “secret key” by using the laws of physics to warrant the complete security of the transmission • Discrete variable • BB84 • B92 • Etc.. • Continuous variable • Squeezed state • Gaussian distribution • Quantum Physics • Principle of Complementary • Heisenberg Uncertainty Principle • Correspondence Principle • etc..

  14. Quantum Key Distribution

  15. Quantum Key Distribution • BB84 • proposed by Charles H. Bennett and Gilles Brassard in 1984 • Two state( |0>, |1>), but four bases(|0,V>, |1,H>, |0,L>, |1,R>) • Bases with such a property are called conjugate => Unpredictable

  16. Quantum Key Distribution • BB84(Protocol) • Alice sends random “bits” (0 or 1) encoded in two 2 different “basis” • Bob randomly chooses either the “+” or the “×” basis and records the transmitted and reflected photons • Bob announces openly his choice of basis (but not the result!) and Alice answers “ok” or “no”. Bits with different basis are discarded • The remaining bits give the secret key

  17. Quantum Key Distribution • BB84(without Eve, no noise)

  18. Quantum Key Distribution • Attack model • Intercept-resend model (opaque eavesdropping) • Error rate • Coherent or joint • Optimal individual • Collective

  19. Quantum Key Distribution • BB84(with Eve, no noise)

  20. Quantum Key Distribution • BB84(with Eve, no noise) • Raw key extraction • Over the public channel, Bob communicates to Alice which quantum alphabet he used for each of his measurements • Alice and Bob then delete all bits for which they used incompatible quantum alphabets to produce their resulting raw keys • Error estimation • Over the public channel, Alice and Bob compare small portions of their raw keys to estimate the error-rate R, and then delete the disclosed bits from their raw keys to produce their tentative final keys

  21. Quantum Key Distribution • BB84(with Eve, no noise) • If one guesses correctly, then Alice’s transmitted bit is received with probability 1. On the other hand, if one guesses incorrectly, then Alice’s transmitted bit is received correctly with probability 1/2 . Thus in general, the probability of correctly receiving Alice’s transmitted bit is

  22. Quantum Key Distribution • BB84(with Eve, no noise) • If there is no intrusion, then Alice’s and Bob’s raw keys will be in total agreement. However, if Eve has been at work, then corresponding bits of Alice’s and Bob’s raw keys will not agree with probability

  23. Quantum Key Distribution • BB84(with Eve, with noise) • We must assume that Bob’s raw key is noisy • Since Bob can not distinguish between errors caused by noise and by those caused by Eve’s intrusion, the only practical working assumption he can adopt is that all errors are caused by Eve’s eavesdropping • Under this working assumption, Eve is always assumed to have some information about bits transmitted from Alice to Bob. Thus, raw key is always only partially secret

  24. Quantum Key Distribution • BB84(with Eve, with noise) • Over the public channel, Alice and Bob compare small portions of their raw keys to estimate the error-rate R, and then delete the disclosed bits from their raw key to produce their tentative final keys. If R exceeds a certain threshold , then privacy amplification is not possible If so, Alice and Bob return to stage 1 to start over. On the other hand, if , then Alice and Bob proceed to Reconciliation

  25. Quantum Key Distribution • Reconciliation Key • Alice and Bob publically agree upon a random permutation, and apply it to what remains of their respective raw keys • Alice and Bob partition the remnant raw key into blocks of length L • For each of these blocks, Alice and Bob publically compare overall parity checks, making sure each time to discard the last bit of each compared block

  26. Quantum Key Distribution • Privacy amplification • Alice and Bob compute from the error-rate R an upper bound k of the number of bits of reconciled key known by Eve • Alice and Bob publically select n−k−s random subsets of reconciled key, without revealing their contents. The undisclosed parities of these subsets become the final secret key

  27. Noise? R=0? Key! No Yes No Yes Resend No Yes Reconciliation Privacy amplification Key! Quantum Key Distribution • BB84(with noise)

  28. Quantum Key Distribution • Security by Information theory • I. Csiszar, and J. Korner, IEEE Trans. Inf. Theory, 24, 330 (1978) • Alice and Bob can establish a secret key (using error correction and privacy amplification) if and only if

  29. Quantum Key Distribution • Security by Information theory • Shannon’s formula

  30. Quantum Key Distribution • Security by Information theory • A Generic Security Proof for Quantum Key Distribution by M. Christandl et al, quant-ph/0402131 • Shannon’s formula • Von Neumann’s formula (Quantum information) • Key Rate R

  31. No perturbation No measurement No eavesdropping Quantum Key Distribution • Where is quantum? • Measurement • every measurement perturbs a system • No-cloning theorem • It is impossible to copy an arbitrary quantum state chosen among a set of non-orthogonal states

  32. Quantum Key Distribution • Experiment • “Experimental Quantum Cryptography” (C.Bennett et al, J.Cryptology 5, 3-28, 1992) • etc.. • What is problem? • Photon Generation • Reliable?

  33. Quantum Key Distribution • Essential feature : quantum channel with non-commuting quantum observables • not restricted to single photon polarization! • New QKD protocol where : • The non-commuting observables are the quadrature operators X and P • i.e. continuous variable

  34. Quantum Key Distribution • Quantum cryptography with Squeezed states(Mark Hillery, PRA, 61, 022309) • Quantum distribution of Gaussian keys using squeezed states(N.J.Cerf et al, PRA, 63, 052311) • The non-commuting observables are the quadrature operators X and P

  35. P X Quantum Key Distribution • Using Squeezed state • The non-commuting observables are the quadrature operators X and P • Reconciliation(sliced) • Privacy Amplification

  36. Quantum Key Distribution • Continuous Variable Quantum Cryptography Using Coherent States(F. Grosshans et al, PRL 88, 057902(2002)) • The non-commuting observables are the quadrature operators X and P • The transmitted light contains weak coherent pulses(about 100 photons) with a gaussian modulation of amplitude and phase • The detection is made using shot-noise limited homodyne detection

  37. P X Quantum Key Distribution • Using Coherent state • The non-commuting observables are the quadrature operators X and P • Reconciliation(sliced) • Privacy Amplification

  38. Quantum Key Distribution • Attack model(Continuous variable) • Intercept-resend model (opaque eavesdropping) • Error rate • Coherent • Individual Optimal • Collective

  39. Quantum Key Distribution • Security by Information theory • Shannon, von Neumann

  40. Quantum Key Distribution • Security by Information theory • Gaussian distribution

  41. Quantum Key Distribution • Security by Information theory • Gaussian state • Information

  42. Conclusion • One-time pad(QKD) • Where is quantum? • Measurement(Discrete, Continuous) • every measurement perturbs a system • No-cloning theorem(Discrete, Continuous) • It is impossible to copy an arbitrary quantum state chosen among a set of non-orthogonal states • Quantum Information theory for Security

  43. Also Many Thanks for all who attend our seminar Acknowledgement • Many Thanks..(M.S. Kim, Jingak Jang, Wonmin Son..)

  44. Reference • Quantum cryptography, N.Gisin et al, quant-ph/0101098

More Related