Applications of Quantum Cryptography

1
Applications of Quantum Cryptography QKD

• CS551/851CRyptographyApplicationsBistro
• Mike McNett
• 6 April 2004
• Paper Chip Elliott, David Pearson, and Gregory
  Troxel. Quantum Cryptography in Practice

2
Outline

• Basics of QKD
• History of QKD
• Protocols for QKD
• BB84 Protocol
• DARPA / BBN Implementation
• Other Implementations
• Pros Cons
• Conclusion

3
Quantum Cryptography

• Better Name Quantum Key Distribution (QKD)
  Its NOT a new crypto algorithm!
• Two physically separated parties can create and
  share random secret keys.
• Allows them to verify that the key has not been
  intercepted.

4
Basic Idea
5
History of QKD

• Stephen Wiesner early 1970s wrote paper
  "Conjugate Coding
• Paper by Charles Bennett and Gilles Brassard in
  1984 is the basis for QKD protocol BB84.
  Prototype developed in 1991.
• Another QKD protocol was invented independently
  by Artur Ekert in 1991.

6
Two Protocols for QKD

• BB84 (and DARPA Project) uses polarization of
  photons to encode the bits of information
  relies on uncertainty to keep Eve from learning
  the secret key.
• Ekert uses entangled photon states to encode
  the bits relies on the fact that the
  information defining the key only "comes into
  being" after measurements performed by Alice and
  Bob.

7
BB84

• Original Paper Bennett Quantum cryptography
  using any two nonorthogonal states, Physical
  Review Letters, Vol. 68, No. 21, 25 May 1992, pp
  3121-3124

8
BB84

• Alice transmits a polarized beam in short bursts.
  The polarization in each burst is randomly
  modulated to one of four states (horizontal,
  vertical, left-circular, or right-circular).
• Bob measures photon polarizations in a random
  sequence of bases (rectilinear or circular).
• Bob tells the sender publicly what sequence of
  bases were used.
• Alice tells the receiver publicly which bases
  were correctly chosen.
• Alice and Bob discard all observations not from
  these correctly-chosen bases.
• The observations are interpreted using a binary
  scheme left-circular or horizontal is 0, and
  right-circular or vertical is 1.

9
BB84

• representing the types of photon measurements
• rectilinear
• O circular
• representing the polarizations themselves
• lt left-circular
• gt right-circular
• vertical
• - horizontal
• Probability that Bob's detector fails to detect
  the photon at all 0.5.

Reference http//monet.mercersburg.edu/henle/bb84
/demo.php
10
BB84 No Eavesdropping

• A ? B lt---ltlt--ltgtgt-ltgt--lt
• Bob randomly decides detector
• OOOOOOO
• For each measurement, P(failure to detect photon)
  0.5
• The results of Bob's measurements are
• - gt- -ltlt
• B ? A types of detectors used and successfully
  made (but not the measurements themselves)
• O OO
• Alice tells Bob which measurements were of the
  correct type
• . . . . (key 0 0 0 1)
• Bob only makes the same kind of measurement as
  Alice about half the time. Given that the P(B
  detector fails) 0.5, you would expect about 5
  out of 20 usable shared digits to remain. In
  fact, this time there were 4 usable digits
  generated.

11
BB84 With Eavesdropping

• A ? B ltlt-gt-ltltltgtlt-ltlt--lt
• Eavesdropping occurs.
• To detect eavesdropping
• Bob only makes the same kind of measurement as
  Alice about half the time. Given that the P(B
  detector fails) 0.5, you would expect about 5
  out of 20 usable shared digits to remain.
• A ? B reveals 50 (randomly) of the shared
  digits.
• B ? A reveals his corresponding check digits.
• If gt 25 of the check digits are wrong, Alice and
  Bob know that somebody (Eve) was listening to
  their exchange.
• NOTE 20 photons doesnt provide good guarantees
  of detection.

12
DARPA Project
13
DARPA Project Overview

• Combined Effort BBN, Harvard, Boston University
• DARPA Project
• Provides high speed QKD. Keys are used by a
  VPN.
• Tests against eavesdropping attacks

14
DARPA Project Overview

• QKD Network Requires a set of trusted network
  relays
• Uses Phase Shifting instead of Polarization
• Uses a VPN Uses QKD to generate VPN keys
• Fully compatible with conventional hosts,
  routers, firewalls, etc.
• Quantum Channel also used for timing and framing
• Eve is very capable just cant violate Quantum
  Physics

15
QKD Attributes

• Key Confidentiality
• Authentication Not directly provided by QKD
  need alternative methods
• Sufficiently Rapid Key Delivery
• Robustness
• Distance (and Location) Independence
• Resistant to Traffic Analysis

16
DARPA Quantum Network
17
Measures Phase Value
Randomly selects Phase and Value
Timing and Framing
Randomly chooses Phase Basis
18
1s and 0s

• Unbalanced Interferometers
• Provides different delays
• Must be identical at Sender and Receiver

19
1s and 0s

• Photon follows both paths
• Long path lags behind short path
• Travels as two distinct pulses
• Bob receives
• Pulses again take long short paths

20
1s and 0s

• Waves are Summed
• Center Peak Provides the Bases

21
1s and 0s

• 1s and 0s represented by adjusting the relative
  phases of the two waves (SALB and LASB). This is
  the ? value.

22
1s and 0s

• 1s and 0s represented by adjusting the phase ?
  value.
• Encodes 1 or 0 value in either of two randomly
  selected nonorthogonal bases.
• 0 phase shift of 0 (basis 0) or phase shift p/2
  (basis 1)
• 1 phase shift of p (basis 0) or phase shift
  3p/2 (basis 1)
• Randomly applies one of four phase shifts to
  encode four different (basis, value) pairs
• If ? 0 or p, then compatible bases
• If ? p/2 or 3p/2, then incompatible bases
• Heavily dependent on correct timing Alice
  provides

23
QKD Protocols

• Sifting Unmatched Bases stray or lost
  qubits
• Error Correction Noise Eaves-dropping
  detected Uses cascade protocol Reveals
  information to Eve so need to track this.
• Privacy Amplification reduces Eves knowledge
  obtained by previous EC
• Authentication Continuous to avoid
  man-in-middle attacks not required to initiate
  using shared keys Not well explained in Paper.

24
IPSEC

• Continually uses new keys obtained from QKD
• Used in IPSEC Phase 2 hash to update AES keys
  about once / minute
• Can support
• Rapid reseeding, or
• One-time pad
• Supports multiple tunnels, each uniquely
  configured

25
QKD Extensions
Key Lifetime and Key Size

• Can support
• Rapid reseeding, or
• One-time pad

26
Issues

• Time outs (due to insufficient bits available)
• Noise affects on key establishment. This cant
  be detected by IKE.

27
Other Implementations

• Two Other Implementations of Quantum Key
  Distribution
• D Stucki, N Gisin, O Guinnard, G Ribordy, and H
  Zbinden. Quantum key distribution over 67 km with
  a plugplay system. New Journal of Physics 4
  (2002) 41.141.8.
• ID Quantine http//www.idquantique.com/files/intr
  oduction.pdf
• MagiQ. Whitepaper http//www.magiqtech.com/regist
  ration/MagiQWhitePaper.pdf
• Satellite-based QKD http//ej.iop.org/links/q68/B
  KUvFWVrm756,uxc76lU,Q/nj2182.pdf

28
Pros Cons

• Nearly Impossible to steal
• Detect if someone is listening
• Secure
• Distance Limitations
• Availability
• vulnerable to DOS
• keys cant keep up with plaintext

29
Questions?

• Back to Richard!