Scribd
Upload
12 views

Quantum Cryptography

This document discusses quantum cryptography and quantum key distribution. It covers motivations for quantum cryptography, background information, how the quantum key distribution protocol works, and attacks against quantum key distribution such as intercept/resend attacks.

Uploaded by

Hamed Moghaddamnia
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
12 views

Quantum Cryptography

This document discusses quantum cryptography and quantum key distribution. It covers motivations for quantum cryptography, background information, how the quantum key distribution protocol works, and attacks against quantum key distribution such as intercept/resend attacks.

Uploaded by

Hamed Moghaddamnia
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 26

Quantum Cryptography

Brandin L Claar
CSE 597E
5 December 2001
Overview
 Motivations for Quantum Cryptography
 Background
 Quantum Key Distribution (QKD)
 Attacks on QKD

08/18/23 Brandin L Claar 2


Motivations
 Desire for privacy in the face of unlimited
computing power
 Current cryptographic schemes based on
unproven mathematical principles like the
existence of a practical trapdoor function
 Shor’s quantum factoring algorithm could
break RSA in polynomial time
 Quantum cryptography realizable with current
technology

08/18/23 Brandin L Claar 3


Photons
 Photons are the discrete bundles of energy
that make up light
 They are electromagnetic waves with electric
and magnetic fields represented by vectors
perpendicular both to each other and the
direction of travel
 The behavior of the electric field vector
determines the polarization of a photon

08/18/23 Brandin L Claar 4


Polarizations
 A linear polarization is always parallel to a
fixed line, e.g. rectilinear and diagonal
polarizations
 A circular polarization creates a circle around
the axis of travel
 Elliptical polarizations exist in between

08/18/23 Brandin L Claar 5


The Poincaré Sphere
z  Any point resting on the
(0,0,1) surface of the unit sphere
represents a valid
(-1,0,0) polarization state for a
photon
(0,-1,0) (0,1,0)  The x, y, and z axes
y represent the rectilinear,
(1,0,0) diagonal, and circular
polarizations respectively
x
(0,0,-1)

x2  y2  z 2  1
08/18/23 Brandin L Claar 6
Bases
z  Diametrically opposed
points on the surface of the
P sphere form a basis
 Here, {P,-P} and {Q,-Q}
-Q represent bases
y  Bases correspond to
Q measurable properties
 Conjugate bases are
x -P separated by 90

08/18/23 Brandin L Claar 7


Quantum Uncertainty
 Quantum mechanics is simply the study of
very small things
 Heisenburg’s uncertainty principle places
limits on the certainty of measurements on
quantum systems
 Inherent uncertainties are expressed as
probabilities

08/18/23 Brandin L Claar 8


Measuring Polarization
z  Imagine a photon in state Q,
measured by {P,-P} where 
P is the angle between P and Q
 It behaves as P with
probability:
y    1  cos 
2
Q cos   
2 2

x -P  It behaves as -P with
probability:
   1  cos 
sin 2   
2 2
08/18/23 Brandin L Claar 9
Measuring Polarization
z  This phenomenon produces
some interesting behavior
P for cryptography
 Prob(P) + Prob(-P) = 1
 If  is 90 or 270,
y Prob(P) = Prob(-P) = .5
Q  If  is 0 or 180,
Prob(P) = 1
x -P

08/18/23 Brandin L Claar 10


Properties for Cryptography
 Given 2 conjugate bases, a photon polarized
with respect to one and measured in another
reveals zero information
 Dirac: this loss is permanent; the system
“jumps” to a state of the measurement basis
 Only measurement in the original basis
reveals the actual state

08/18/23 Brandin L Claar 11


Key to Quantum Cryptography
z  Imagine a bit string
(0,0,1) 1 composed from 2 distinct
quantum alphabets
(-1,0,0)  It is impossible to retrieve
0
(0,-1,0) (0,1,0)
the entire string without
y knowing the correct bases
(1,0,0)  Random measurements by
1 an intruder will necessarily
x alter polarization resulting in
(0,0,-1) 0 errors

08/18/23 Brandin L Claar 12


History
 Conjugate Coding, Stephen Wiesner (late
60’s)
 CRYPTO ’82: Quantum Cryptography, or
unforgeable subway tokens
 Charles H. Bennett, Gilles Brassard: use
photons to transmit instead of store

08/18/23 Brandin L Claar 13


Quantum Key Distribution
 Experimental Quantum Cryptography,
Bennett, Bessette, Brassard, Salvail, Smolin
(1991)
 Allows Alice and Bob to agree on a secure
random key of arbitrary length potentially for
use in a one-time pad

08/18/23 Brandin L Claar 14


The Protocol
 Communication over the Quantum
Channel
 Key Reconciliation
 Privacy Amplification

08/18/23 Brandin L Claar 15


The Quantum Channel

lens
free air optical Wollaston
path (~32cm) prism

LED

photomultiplier
pinhole interference tubes
filter Pockels
cells

08/18/23 Brandin L Claar 16


Basic Protocol
 Alice sends random sequence of 4 types of polarized
photons over the quantum channel: horizontal,
vertical, right-circular, left-circular
 Bob measures each in a random basis
 After full sequence, Bob tells Alice the bases he used
over the public channel
 Alice informs Bob which bases were correct
 Alice and Bob discard the data from incorrectly
measured photons
 The polarization data is converted to a bit string
(↔ = ↶ = 0 and ↕ = ↷ = 1)

08/18/23 Brandin L Claar 17


Basic Protocol Example
↶ ↷ ↔ ↕ ↷ ↔ ↔ ↷ ↷

+ o + + o o + + o

↕ ↷ ↔ ↕ ↶ ↔ ↷

+ o + + o + o

Y Y Y Y

↷ ↔ ↕ ↷

1 0 1 1

08/18/23 Brandin L Claar 18


Key Reconciliation
 Data is compared and errors eliminated by performing
parity checks over the public channel
 Random string permutations are partitioned into blocks
believed to contain 1 error or less
 A bisective search is performed on blocks with incorrect
parity to eliminate the errors
 The last bit of each block whose parity was exposed is
discarded
 This process is repeated with larger and larger block sizes
 The process ends when a number of parity checks of
random subsets of the entire string agree

08/18/23 Brandin L Claar 19


Privacy Amplification
 A hash function h of the following class is randomly
and publicly chosen:
h : {0,1}n  {0,1}n l  s
 With n bits where Eve’s expected deterministic
information is l bits, and an arbitrary security
parameter s, Eve’s expected information on h(x) will
be less than
2 s
ln 2
 h(x) will be the final shared key between Alice and
Bob

08/18/23 Brandin L Claar 20


Attacking QKD
 Intercept/Resend Attack
 Beamsplitting Attack
 Estimating Eve’s Information

08/18/23 Brandin L Claar 21


Intercept/Resend Attack
 Allows Eve to determine the value of each bit with
probability 1
2
 At least 25% of intercepted pulses will generate
errors when read by Bob
 All errors are assumed to be the result of
intercept/resend
 Hence, a conservative estimate of Eve’s information
on the raw quantum transmission (given t detected
errors) is
4t
 5 (4  2 2 )t
2
08/18/23 Brandin L Claar 22
Errors with Intercept/Resend
Error Counts for Various Eavesdropping Methods

6000

5000

4000
Errors (out of
~10000 basis 3000
matches)
2000

1000 bob
eve
0 eve
no eavesdropping

rectilinear

diagonal bob

circular

breidbard
Eve's Measurement Basis

08/18/23 Brandin L Claar 23


Beamsplitting Attack
 Ideally, each pulse sent by Alice would consist of
exactly 1 photon
 The number of expected photons per pulse is 
 Eve is able to learn a constant fraction of the bits by
splitting a pulse
 Given N pulses, the number of bits lost to Eve
through beamsplitting is estimated to be less than
N  5 N (1   )

08/18/23 Brandin L Claar 24


Estimating Eve’s Information
 Given a bit error rate p and a pulse intenstity , Eve
is expected to learn a fraction of the raw key:
4p

2
 Alice and Bob can estimate the number of leaked bits
and use this to eliminate Eve’s information in the
privacy amplification stage:

l  N  5 N (  (1   )  (4  2 2 ) p )

08/18/23 Brandin L Claar 25


Other protocols
 Quantum Oblivious Transfer
 Einstein-Podolsky-Rosen (EPR) effect

08/18/23 Brandin L Claar 26

You might also like