- 59 Views
- Uploaded on
- Presentation posted in: General

Quantum Cryptography

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Quantum Cryptography

Alice

Bob

Eve

Ranveer Raaj Joyseeree & Andreas Fognini

Classical Algorithms

1.Asymmetrical (public-key) cryptosystems:

Message

Encrypted message

Message

Public

Private

- First implementationnn RSA (Ronald Rivest, Adi Shamir, and Leonard Adleman) 1978

- Very convenient, Internet

- Idea is based on computational complexity f(x) = y, x = ?.

- rely on unproven assumptions

Classical Algorithms

Classical Algorithms

2. Symmetrical (secret-key) cryptosystems:

Distribute key over secure channel

M

M

S

XOR

XOR

- only provably secure cryptosystem known today

- not handy, key as long as message

- key only valid for one transmission

- how to send the key in a secure manner?

Quantum Cryptography: The BB84 Portocol

Ingredients: 1) One photon no copying,

2) Two non orthonormal bases sets

3) Insecure classical channel; Internet

What it does: Secure distribution of a key, can't be used to send messages

How it works:

50% correlated

Physikalische Blätter 55, 25 (1999)

Eve's copy machine

Copy machine:

e.g.

50% decrease

in correlation!

Alice and Bob recognize

attack from error rate!

Conclusion

- Quantum cryptography means just the exchange of keys
- Actual transmission of data is done with classical algorithms
- Alice & Bob can find out when Eve tries to eavesdrop.

Hacking Quantum Key Distribution systems

- QKD systems promise enhanced security.
- In fact, quantum cryptography is proveably secure.
- Surely one cannot eavesdrop on such systems, right?

Hacking QKD systems

- Security is easy to prove while assuming perfect apparatus and a noise-free channel.
- Those assumptions are not valid for practical systems e.g. Clavis2 from ID Quantique and QPN 5505 from MagiQ Technologies.
- Vulnerabilities thus appear.

Hacking by tailored illumination

- Lydersen et al. (2010) proposed a method to eavesdrop on a QKD system undetected.
- The hack exploits a vulnerability associated with the avalanche photo diodes (APD‘s) used to detect photons.

Avalanche photo diodes

- Can detect single photons when properly set.
- However, they are sensitive to more than just quantum states.

Modes of operation of APD’s

- Geiger and linear modes

Geiger mode

- VAPD is usually fixed and called bias voltage and in Geiger mode, Vbias > Vbr.
- An incident photon creates an electron-hole pair, leading to an avalanche of carriers and a surge of current IAPD beyond Ith. That is detected as a click.
- Vbias is then made smaller than Vbr to stop flow of carriers. Subsequently it is restored to its original value in preparation for the next photon.

Linear mode

- Vbias < Vbr.
- Detected current is proportional to incident optical power Popt.
- Clicks again occur when IAPD > Ith.

Operation in practical QKD systems

- Vbias is varied as shown such that APD is in Geiger mode only when a photon is expected
- That is to minimize false detections due to thermal fluctuations.
- However, it is still sensitive to bright light in linear mode.

The hack in detail

- Eve uses an intercept-resend attack.
- She uses a copy of Bob to detect states in a random basis.
- Sends her results to Bob as bright light pulses, with peak power > Pth, instead of individual photons.
- She also blinds Bob‘s APD‘s to make them operate as classical photodiodes only at all times to improve QBER.

The hack in detail

- Cis a 50:50 coupler used in phase-encoded QKD systems.
- When Eve‘s and Bob‘s bases match, trigger pulse from Eve constructively interferes and hits detector corresponding to what Eve detected.
- Otherwise, no constructive interference and both detectors hit with equal energy.
- Click only observed if detected current > Ith.

The hack in detail

- Clicks also only observed when Eve and Bob have matching bases.
- This means Eve and Bob now have identical bit values and basis choices, independently of photons emitted by Alice.
- However, half the bits are lost in the process of eavesdropping.

Performance issues?

- Usually, transmittance from Alice to Bob < 50%.
- APDs have a quantum efficiency < 50%.
- However, trigger pulses cause clicks in all cases.
- Loss of bits is thus compensated for and Eve stays undetected

Other methods

- Method presented is not the only known exploit.
- Zhao et al. (2008) attempted a time-shift attack.
- Xu et al. (2010) attempted a phase remapping attack.

Conclusion

- QKD systems are unconditionally secure, based on the fundamental laws of physics.
- However, physical realisations of those systems violate some of the assumptions of the security proof.
- Eavesdroppers may thus intercept sent messages without being detected.

Used Material

- Rev Mod Phys 74, 145 (2002)
- PhysikalischeBlätter 55, 25 (1999)
- Nature Photonics 4, 686 (2010)
- Experimental demonstration of phase-remapping attack in a practical quantum key distribution system. Xu et al. (2010)
- Hacking commercial quantum cryptography systems by tailored bright illumination. Lydersen et al. (2010)
- Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems. Zhao et al. (2008).