Quantum Cryptography

1
QuantumCryptography

• Remo Pillat
• COT4810 Spring 2005
• 21 February 2005

2
Overview

• Review of classical cryptography
• Review of quantum mechanics
• Quantum key distribution
• BB-84 protocol
• Security issues
• Conclusions

3
Review Symmetric Key Cryptography
4
Problem in standard cryptography

• Symmetric Key Cryptography
• Key Distribution Problem
• Secret key has to be determined and sent to Bob
• Secure storage and organization is an issue
• Possible solution agree on a key at the time of
  communication
• Problem eavesdroppers
• Public Key Cryptography
• Key exchange not necessary
• Based on mathematically infeasible problems
• Emerging quantum computers are a threat

5
Quantum Mechanics (1)

• Superposition
• Interference is one example of superposition of
  two states
• An object simultaneously possesses two or more
  values for an observable quantity
• Real objects doesnt seem to display this quantum
  mechanical feature
• Entanglement
• Phenomenon, where quantum states of two or more
  objects can only be described in dependence from
  the other
• Even applies if objects are spatially separated
• Quantum entanglement was experimentally proven

6
Quantum Mechanics (2)

• Uncertainty Principle
• Introduced from Werner Heisenberg in 1927
• Basic Claim, that we cannot know both a
  particles position and momentum with unlimited
  accuracy at the same time
• One cannot measure the polarization of a photon
  in the vertical-horizontal basic and
  simultaneously in the diagonal basis
• No-Cloning Theorem
• One cannot duplicate an unknown quantum state
• Profound consequences e.g. in quantum computation
• ? No classical error correction can be used

7
Quantum Key Distribution (QKD)

• Begins with a radically different premise
• Security should be based on known physical laws
  rather than on mathematical complexities
• First described by Charles Bennet and Giles
  Brassard in 1984
• In itself not a full cryptosystem
• Only used to distribute key over an insecure
  communication channel
• Combined with the classical One-Time-Pad a
  provably perfect cryptographic system is
  realizable

8
Types of QKD

• Cryptosystems with encoding based on two
  non-commuting observables (1984)
• Cryptosystems with encoding built upon quantum
  entanglement and the Bell Theorem (1990)
• Cryptosystems with encoding based on two
  non-orthogonal state vectors (1992)

9
The BB-84 Protocol

• Alice sends a series of single photons to Bob,
  each modulated with a random basis (here a
  two-sided card)
• Alice chooses a card side at random, writes a
  random 0 or 1 on that side, and sends the card to
  Bob
• Bob also chooses a side at random and reads that
  sides value.
• When Alice and bob choose the same side, Bob
  reads exactly what Alice wrote, otherwise, he
  reads 0 or 1 at random

10
The BB-84 Protocol - Example
11
Transmission without Eve (1)
Alice sends
Bob measures
Bob reads
12
Transmission without Eve (2)
Bob tells
Alice tells
Agreed Key
13
Transmission with Eve (1)

• Assume that Eve intercepts a qubit propagating
  from Alice to Bob
• If Bob does not receive an expected qubit, inform
  Alice to disregard it
• ? no gain of useful information for Eve
• ? Eve only lowers the bit rate
• Hence Eve must send a qubit to Bob
• Ideally she would like to send this qubit in
  original state, keeping a copy
• ? forbidden by No-Cloning Theorem
• Eve measures each qubit in one of the two basis
• Eve gets 50 information
• Eve introduces 25 error ? QBER (Quantum Bit
  Error Rate)

14
Transmission with Eve (2)
Alice sends
Eve measures
Eve reads
Eve sends
15
Transmission with Eve (3)
Bob measures
Bob reads
Bob tells
Alice tells
16
Transmission with Eve (4)
Alice tells
Bob tells
Eve is detected
17
BB-84 Protocol Security

• Two legitimate users of quantum channel cannot
  prevent eavesdropping
• However the will never be fooled by eavesdropper
• Any effort to tap the channel (however subtle and
  sophisticated) will be detected
• If QBER is too high, can try to set up key
  distribution again
• Eve is completely blocked by Quantum Mechanics
• The Uncertainty principle means that she cant
  measure the photons correctly every time
• Because measurement changes the photons state,
  she cant measure it twice
• The no-cloning theorem prohibits to send an
  undisturbed stream to Bob

18
BB-84 Error Correction

• Small errors can be introduced by noisy channel
• ? only high QBER around 25 are definite sign
  for presence of Eve
• Classical error correction schemes can be used to
  get common undisturbed key
• Parity check
• The parity of a binary number is if the number of
  ones in bit string is odd or even
• Parities are compared in public
• Blocks with agreeing parities are kept after
  discarding one bit per block
• Optimal block length is determined by compromise
  between key losses and remaining bit errors
• Arbitrarily low error rate can be achieved

19
BB-84 Privacy Amplification (1)

• After error correction, Alice and Bob have
  identical copies of a key, but Eve may still have
  some information about it
• One can reduce Eves information down to an
  arbitrarily low value using simple protocols
• Alice chooses pairs of bits and computes their
  XOR value
• She only announces which bits she chose
• Alice and Bob then replace the two bits by their
  XOR value
• ? Shortening of key while keeping it error-free

20
BB-84 Privacy Amplification (2)

• Alice 1 0 1 1 0
• Bob 1 0 1 1 0
• Eve 0 1
• Alice 1 1 1 0
• Bob 1 1 1 0
• Eve ? 1 ? ? is only known with 50
• ? Successively one can reduce Eves information
  on the key

21
Problem of Random Numbers

• Quantum cryptography relies on many random
  choices
• Computers are deterministic systems that cannot
  create truly random numbers
• Hence numbers must be created by random physical
  process
• ? problem of hidden variables
• Quantum random number generator
• Rely on random choice of single photon at a
  beamsplitter
• Randomness is guaranteed by laws of quantum
  mechanics
• Experimental realizations can generate random
  numbers
• at a rate of a few MHz

22
Physical Implementation

• Polarization of photons
• Photons can either be measured rectangular
  (horizontal (a) or vertical (b)
• Photons can either be measured diagonal (45 (c)
  or -45 (d))

Detector can either measure rectangular or
diagonal ? never both
23
Eavesdroppers Strategies

• Eve is assumed to have perfect technology ? only
  limited by the laws of quantum mechanics
• Assumption that all errors are due to Eve
• Eve is not allowed to look over the shoulder of
  Alice or Bob
• Physical problems
• Qubits are prepared not exactly in the basis
  described by theory
• Real source always has a finite probability to
  produce more than one photon
• Dark Counts on Bobs side are possible

24
Individual Attacks

• Also called incoherent attacks
• Eve attaches independent probes to each qubit and
  measures her probes one after the other
• Intercept Resend Attack
• As illustrated Eve gets 50 information,
  introduces QBER of 25
• Very easy to detect
• Symmetric individual attacks
• Eve could get a maximum Shannon information for a
  fixed QBER
• Eve is restricted to incoherently attacks
• Can be shown that key distribution is secure iff

25
Coherent Attacks

• Eve processes several qubits simultaneously
  (coherently)
• Photon number measurements
• All real photon sources have a finite probability
  to emit more than 1 photon
• Eve can measure number of photons without
  disturbing the quantum state
• Eve keeps one and sends the others to Bob
• With todays technology photon number
  measurements are impossible
• In practical application Bob will always see the
  loss in magnitude
• Beam Splitter attack
• Eve splits all pulses in two, analyzing each half
  in one of the two bases
• Eve generates qubits for Bob
• Eve gets information of 67 , but introduces QBER
  of 17
• Alice can introduce a mean photon number so that
  attack is only on a fraction of the pulses
  possible

26
General Security Assessment

• It was proven, that even in noisy channels for a
• the security of the key can always be guaranteed
• The technological implementation of the abstract
  principles will always be questionable
• Obvious equation
• Therefore the implementation part is crucial in
  estimating security

27
Practical Quantum Cryptography

• 1994 1100 meters 1.1 kilometers
• 1996 23 kilometers
• 2004 122 kilometers with QBER 8.9

WDM (wavelength division multiplexer), FS (fiber
stretcher), PBS (polarization beam combiner /
splitter), PC (polarization controller)
28
Issues in Practical QC
(a) QBER increases with fiber length
(b) Bit rate decreases with fiber length
29
Conclusions

• Advantages
• Security principle relies on deep theorems in
  classical quantum mechanics and information
  theory
• Much easier to forecast progress in QC technology
  than in mathematics
• Security depends on the technological level of
  the adversary at the time of the key exchange
• Can be combined with classical cryptographic
  systems
• Disadvantages
• Low bit rate in transmission
• Improved detectors compatible with telecom fibers
  necessary
• Complete and realistic anlyses of security issues
  still missing

30
Bibliography

• 1 Glassner, A.
• Quantum Computing 1 - 3 Computer Graphics
  and Applications Volume 21 , Issue 5
  , July-Aug. 2001
• 2 Gisin, N. et al.
• Quantum Cryptography arXiv quant-ph/0101098
  v2
• July 2004
• 3 Gobby, C. Yuan, Z.L.
• Quantum key distribution over 122 km of
  standard telecom fiber
• Applied Physics Letters 84, 3762-3764 2004
• 4 Saydjari, O.S.
• Quantum Cryptography
• IEEE Security Privacy, 2004

31
Quantum Cryptography - Scheme