1 / 26

Quantum Cryptography

Quantum Cryptography. Brandin L Claar CSE 597E 5 December 2001. Overview. Motivations for Quantum Cryptography Background Quantum Key Distribution (QKD) Attacks on QKD. Motivations. Desire for privacy in the face of unlimited computing power

bary
Download Presentation

Quantum Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quantum Cryptography Brandin L Claar CSE 597E 5 December 2001

  2. Overview • Motivations for Quantum Cryptography • Background • Quantum Key Distribution (QKD) • Attacks on QKD Brandin L Claar

  3. Motivations • Desire for privacy in the face of unlimited computing power • Current cryptographic schemes based on unproven mathematical principles like the existence of a practical trapdoor function • Shor’s quantum factoring algorithm could break RSA in polynomial time • Quantum cryptography realizable with current technology Brandin L Claar

  4. Photons • Photons are the discrete bundles of energy that make up light • They are electromagnetic waves with electric and magnetic fields represented by vectors perpendicular both to each other and the direction of travel • The behavior of the electric field vector determines the polarization of a photon Brandin L Claar

  5. Polarizations • A linear polarization is always parallel to a fixed line, e.g. rectilinear and diagonal polarizations • A circular polarization creates a circle around the axis of travel • Elliptical polarizations exist in between Brandin L Claar

  6. The Poincaré Sphere z • Any point resting on the surface of the unit sphere represents a valid polarization state for a photon • The x, y, and z axes represent the rectilinear, diagonal, and circular polarizations respectively (0,0,1) (-1,0,0) (0,-1,0) (0,1,0) y (1,0,0) x (0,0,-1) Brandin L Claar

  7. Bases • Diametrically opposed points on the surface of the sphere form a basis • Here, {P,-P} and {Q,-Q} represent bases • Bases correspond to measurable properties • Conjugate bases are separated by 90 z P -Q y Q -P x Brandin L Claar

  8. Quantum Uncertainty • Quantum mechanics is simply the study of very small things • Heisenburg’s uncertainty principle places limits on the certainty of measurements on quantum systems • Inherent uncertainties are expressed as probabilities Brandin L Claar

  9. Measuring Polarization z • Imagine a photon in state Q, measured by {P,-P} where  is the angle between P and Q • It behaves as P with probability: P y Q • It behaves as -P with probability: -P x Brandin L Claar

  10. Measuring Polarization z • This phenomenon produces some interesting behavior for cryptography • Prob(P) + Prob(-P) = 1 • If  is 90 or 270, Prob(P) = Prob(-P) = .5 • If  is 0 or 180, Prob(P) = 1 P y Q -P x Brandin L Claar

  11. Properties for Cryptography • Given 2 conjugate bases, a photon polarized with respect to one and measured in another reveals zero information • Dirac: this loss is permanent; the system “jumps” to a state of the measurement basis • Only measurement in the original basis reveals the actual state Brandin L Claar

  12. Key to Quantum Cryptography z • Imagine a bit string composed from 2 distinct quantum alphabets • It is impossible to retrieve the entire string without knowing the correct bases • Random measurements by an intruder will necessarily alter polarization resulting in errors 1 (0,0,1) (-1,0,0) 0 (0,-1,0) (0,1,0) y (1,0,0) 1 x 0 (0,0,-1) Brandin L Claar

  13. History • Conjugate Coding, Stephen Wiesner (late 60’s) • CRYPTO ’82: Quantum Cryptography, or unforgeable subway tokens • Charles H. Bennett, Gilles Brassard: use photons to transmit instead of store Brandin L Claar

  14. Quantum Key Distribution • Experimental Quantum Cryptography, Bennett, Bessette, Brassard, Salvail, Smolin (1991) • Allows Alice and Bob to agree on a secure random key of arbitrary length potentially for use in a one-time pad Brandin L Claar

  15. The Protocol • Communication over the Quantum Channel • Key Reconciliation • Privacy Amplification Brandin L Claar

  16. The Quantum Channel lens free air optical path (~32cm) Wollaston prism LED photomultiplier tubes pinhole interference filter Pockels cells Brandin L Claar

  17. Basic Protocol • Alice sends random sequence of 4 types of polarized photons over the quantum channel: horizontal, vertical, right-circular, left-circular • Bob measures each in a random basis • After full sequence, Bob tells Alice the bases he used over the public channel • Alice informs Bob which bases were correct • Alice and Bob discard the data from incorrectly measured photons • The polarization data is converted to a bit string (↔ = ↶ = 0 and ↕ = ↷ = 1) Brandin L Claar

  18. Basic Protocol Example ↶ ↷ ↔ ↕ ↷ ↔ ↔ ↷ ↷ + o + + o o + + o ↕ ↷ ↔ ↕ ↶ ↔ ↷ + o + + o + o Y Y Y Y ↷ ↔ ↕ ↷ 1 0 1 1 Brandin L Claar

  19. Key Reconciliation • Data is compared and errors eliminated by performing parity checks over the public channel • Random string permutations are partitioned into blocks believed to contain 1 error or less • A bisective search is performed on blocks with incorrect parity to eliminate the errors • The last bit of each block whose parity was exposed is discarded • This process is repeated with larger and larger block sizes • The process ends when a number of parity checks of random subsets of the entire string agree Brandin L Claar

  20. Privacy Amplification • A hash function h of the following class is randomly and publicly chosen: • With n bits where Eve’s expected deterministic information is l bits, and an arbitrary security parameter s, Eve’s expected information on h(x) will be less than • h(x) will be the final shared key between Alice and Bob Brandin L Claar

  21. Attacking QKD • Intercept/Resend Attack • Beamsplitting Attack • Estimating Eve’s Information Brandin L Claar

  22. Intercept/Resend Attack • Allows Eve to determine the value of each bit with probability • At least 25% of intercepted pulses will generate errors when read by Bob • All errors are assumed to be the result of intercept/resend • Hence, a conservative estimate of Eve’s information on the raw quantum transmission (given t detected errors) is Brandin L Claar

  23. Errors with Intercept/Resend Brandin L Claar

  24. Beamsplitting Attack • Ideally, each pulse sent by Alice would consist of exactly 1 photon • The number of expected photons per pulse is  • Eve is able to learn a constant fraction of the bits by splitting a pulse • Given N pulses, the number of bits lost to Eve through beamsplitting is estimated to be less than Brandin L Claar

  25. Estimating Eve’s Information • Given a bit error rate p and a pulse intenstity , Eve is expected to learn a fraction of the raw key: • Alice and Bob can estimate the number of leaked bits and use this to eliminate Eve’s information in the privacy amplification stage: Brandin L Claar

  26. Other protocols • Quantum Oblivious Transfer • Einstein-Podolsky-Rosen (EPR) effect Brandin L Claar

More Related