Literature Review

1.2.1 Quantum Direct Secure Communication – Ping Pong Protocol

Quantum direct communication (QDC) aims at provision of confidentiality without resorting

to classic encryption. Unlike QKD, QSDC do not require any prior key agreement between
users for the authentication. The foundation of direct communication can be traced out to
the QKD protocol of Long and Liu with a few adjustments proposed as the earliest
bidirectional protocol. The similarity between QKD and QSDC is both can communicate
using public classic channel.
In 2002, Kim Bostrom and Timo Felbinger proposed a paper on ping pong protocol. The
protocol exploits one of the quantum behaviours, the entanglement of qubits pair. The fact
that the entanglement is a very fragile quantum resource can be taken into advantage as
any tampering effort of eavesdropper will alter the original state.
In contrast of other QKD scheme, ping-pong protocol belongs to the class of deterministic
protocols as no shared key needed to be established. Hence, it permits the idea to use all
the transmitted photons without any bits need to be discarded. The presented scheme is
instantaneous as the information can be decoded directly during transmission. However,
protocols that process particles individually are quasi-secure. Quasi-security means that
before eavesdropping detection, which is inevitable for long sequences, part of the sensitive
information may be revealed to the eavesdropper. As for key agreement, direct secure
communication seem to be more versatile cryptographic primitive. The fact that it can offer
security comparable to QKD, make it a good engine for key agreement.
Ping Pong also provide higher eavesdropping detection probability compared to BB84 or
other related QKD scheme. In case of eavesdropping attacks with full information gain, the
detection rate is 50% per control transmission, which is significantly higher than what BB84
offered.
Let us consider the ping pong paradigm which was originally proposed. Bob, the receiver of
information, prepare two qubits in bell state ¿ Ψ +¿ ht =√ 1(¿ 01)ht +¿ 10 ¿ ht ¿, where h and t
denote for ‘home’ and ‘travel’. He keep one (namely home qubit) , then send another
through quantum channel to Alice. Alice will decide either to perform the Z operation
(phase flip) or do nothing to the travel qubit. Then she sends the travelling qubit to Bob
through quantum channel. Bob, who now has both photons can perform the Bell
Measurement, resulting either original state or, depending on what Alice’s operation is.
Consider Eve is in the middle of communication between these two legitimated users. If she
decides to intercept some information encoded by Alice, her measurement’s result will be
insignificant. From the travel qubit alone, the encoded information cannot be extracted. Eve
has access only to the travel qubit which before and after encoding looks like maximally
mixed state.With probability c, Alice can also switch to control mode then instead of
performing operation, she performs measurement in the same basis and using the public
channel, she sends the result to Bob. Bob also switch to control mode and perform the
measurement in the same basis. Indeed, decoding is possible only if a Bell state
measurement is performed on both qubits together to evaluate the state by means of the
correlations between them. Therefore, passive eavesdropping Is nowhere possible.
However, Alice need to check the genuinely of the qubit, as Eve may try to insert fake qubit.
As for countermeasure, with probability c, Alice will switch to control mode and perform
measurement on computational basis upon receiving the qubit. Later, she needs to ask Bob
to also perform the measurement on the same basis using classical public channel. Both will
switch between message mode (MM) and control mode (CM) randomly. The outcome is
preserved only if the qubit measured by both parties is the same one. Any effort from Eve to
manipulate the original qubit will lead to anticorrelated and some discrepancies of the
measurement result, indicating the sign of eavesdropping. With sufficiently enough control
cycles, Bob and Alice can make sure that quantum channel is secure from any spoofing
action.

1.2.2 Attack on Seminal Ping Pong Protocol

Such protocol has inspired many authors to further discuss the idea of ping pong protocols.
Within five years of publish, the original authors released their follow-up paper regarding
the attack scenario raised by various authors upon the security of the protocol. The
protocol, apart from their lesser security margin, is easier to be implemented in practical. In
fact, quantum optics lab in Potsdam, Germany has succeeded implementing the ping pong
protocol using entangled photons, randomly switching between MM and CM.

The fact that the stock protocol does not consider the lossy or imperfect quantum channel
has been raised by Wojcik in his paper (2007). Wojcik’s attack concerns about the
imperfection of the channel that potentially open the door for undetectable eavesdropping.
He proposed a smart scheme that enable Eve to gain information without being detected.
With the efficiency less than 60%, Eve would be able to mimic the losses expected by Alice
and Bob. Hence, she can remain undetected. In the same paper, Wojcik also propose
counterattack plan by proposing some error corrections and privacy amplifications, similar
to QKD during signal processing.
Qing-yu Cai with his DOS- attack mentioned that integrity of the information might be
compromised, despite acknowledging the protocol’s security. In the scenario when signal
transmitting occurs between two legitimated parties, Eve would not interrupt any signal
during control mode. However, in message mode, Eve’s attack is undetectable, therefore
any operation made by her will result in zero detection probability. Eve captures the travel
back qubit Alice sent to Bob and performs a measurement in the basis Bz and forwards to
Bob this qubit. The result obtained by Bob would be meaningless, since the entanglement
property of the qubits has been disturbed. To detect such attack described above, the ‘ping-
pong’ protocol should be modified by adding some standard method of message
authentication. In other paper, he also raised a concern regards the invisible fake photon
that potentially feeds in during signal processing. However, by adding some filters to their
setup, such attack could be encountered. Again, the attack does not exploit a weakness of
the protocol itself but rather of certain imperfect implementations of the protocol.

Zhang proposed the same Wojcik’s attack, known as ZML-attack on imperfect quantum
channel. The attack is simply by expanding the domain of effective eavesdropping up to
80%. The mechanic of the attack is fully mimic the Wojcik’s scheme, therefore the
countermeasure can be re-established by some adjustment to the protocol. In later work,
Zhang also claimed the same attack in the perfect quantum channel, and he also raised
claim that the security proof is wrong. However, Felbinger and Bostrom in their follow up
paper answered the claims and explained that the claim is based on misunderstanding of
the security proof and miscalculation at crucial part.
1.2 LITERATURE REVIEW

1.2.1 The Ping Pong Protocol in Short.

The state prepare by Bob are sent to Alice through quantum channel. Then Alice will perform some
coding operation using some unitary transformation, send back to Bob through some quantum
channel. There are two communication mode used by Alice, which are Control Mode (CM) and
(MM).

In 2002, Bolstrom and Felbinger proposed ping-pong protocol. In contrast to other quantum
cryptographic schemes, the presented scheme is instantaneous as the information can be decoded
directly during transmission. This protocol take use of two maximally entangled bell states. Bob
prepares two qubits in the bell state bla3. He keep one (namely home qubit) , then send another
through quantum channel to Alice. Alice will decide either to perform the Z operation or do nothing
to the travel qubit. Then she send the travelling qubit to Bob through quantum channel. Bob, who
now has both photon can perform the Bell Measurement , resulting either original state or ,
depending on what Alice’s operation is. With probability c, Alice can also switch to control mode
then instead of performing operation, she perform measurement in the same basis. Using the public
channel, she send the result to Bob. Bob also switch to control mode and perform the measurement
in the same basis.

The eavesdropper will mainly focus and restricted on travelling photon, as she will has no way to
access the other photon. In MM, Eve will perform the Attack operation, E on the operation the
composed system, then Alice will perform her operation Z or I afterward. The only detection
probability is based on operation E by Eve.

Equation below show the maximal knowledge that Eve can achieve. In order to avoid getting
detected , d = 0. However, the equation will later give such result, I=0 which indicate that if Eve will
gain no information.

As p= ½ , if Eve want to gain full information, By choosing a desired information gain I0 > 0 per
attack, Eve has to face a detection probability dI0> 0. If she wants to gain the
full information (I0 1), the detection probability is dI0 1 1=2. Any effective eavesdropping attack
can be detected.

1.2.2 Attack Scenarios on Protocol

Limitation of theories:

1. The entanglement is a very fragile quantum resource and its handling is technically
challenging.
2. The scheme becomes insecure when losses and/or communication errors and imperfection
of devices are taken into account.
3. The problem with the ping-pong protocol security lies in the fact that the offered
eavesdropping detection probability per signal particle is too low.
4. In effect, an eavesdropper is detected with a reasonably probability only for sufficiently long
sequences. In practice, such protocols cannot be used because an eavesdropper can
intercept some part of the message before he is detected.
5. Solution:
a. some additional quantum processing analogous to privacy amplification in QKD
protocols has been proposed
b. To cope with this problem a two-step and/or batch processing of qubits has been
proposed.
c. However, those solutions are not implementable with the current technology because of
the requirement of the large photonic quantum memory registers
d. The estimated security of the ping-pong protocols is even worse in noisy environments
when legitimate users tolerate some level of transmission error and/or losses. If that
level is too high compared to the quality of the channel, then an eavesdropper can peek
some fraction of signal particles hiding himself behind accepted quantum bit error rate
(QBER) threshold.