1 / 25

Le avventure di Alice, Bob & Eve nel mondo dei quanti

Le avventure di Alice, Bob & Eve nel mondo dei quanti. Stefano Mancini. Dipartimento di Fisica Università di Camerino. Alice. Bob. Eavesdropper. Code-breakers vs Code-makers. Cryptography. Cryptanalysis. Is there a pefect cipher?. Vernam cipher (problem of key distribution)

jrudnick
Download Presentation

Le avventure di Alice, Bob & Eve nel mondo dei quanti

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Le avventure di Alice, Bob & Eve nel mondo dei quanti Stefano Mancini Dipartimento di Fisica Università di Camerino

  2. Alice Bob Eavesdropper

  3. Code-breakers vs Code-makers Cryptography Cryptanalysis

  4. Is there a pefect cipher? • Vernam cipher (problem of key distribution) • Public key cryptosystems • Mathematical, security based oncomputational complexity (use of one-way functions) • Can be broken by quantumcomputers! • In 1994 factorization of RSA 129 was achieved, but with a cluster of 103 workstations working for 8 months. Shor’s algorithm would factor RSA-129 in few seconds running on a quantum computer at the speed of a desktop PC! • Quantum cryptography • Physical, security based on fundamental principles of quantum mechanics

  5. Basic notions about QM • The space of states of a physical system is a Hilbert space on C. A state is a vector of unit norm in such a space. • The space of states of a composite system is the tensor product of the spaces of states of subsystems. • Any physical process (on a closed system) is described by a unitary transformation on H. • Any observable is described by a self-adjoint operator on H and the measurement process projects the system’s state onto an eigenstate of the observable and gives the corresponding eigenvalue as result.

  6. From Cbits to Q(u)bits • Qubit is the smallest (dim=2) Hilbert space associated to a physical system (e.g. spin, photon polarization, etc.).

  7. Quantum Measurement

  8. More on Quantum Measurement • Quantum measurement is an irreversible process! • Measuring Z on states prepared on its basis {|0>,|1>} would not disturb it • Measuring X on states prepared on its basis {|+>,|->} would not disturb it • Measuring Z on states prepared on X basis {|+>,|->} would project it into {|0>,|1>} with Pr=1/2 • Measuring X on states prepared on Z basis {|0>,|1>} would project it into {|+>,|->} with Pr=1/2

  9. Info gain implies disturbance • Theorem. In any attempt to distinguish between two non-orthogonal quantum states, information gain is only possible at expenses of introducing some disturbance.

  10. No-Cloning • Theorem. An unknown quantum state cannot be copied.

  11. What is information ?How much information ? The Entropy measures uncertainty: Logarithm to base 2 gives bits • Example: Binary entropy h(p)=-plog p-(1-p)log(1-p) • Coin flip has uncertainty of 1 bit!

  12. There are several Entropies… H(X,Y) H(X) H(Y) H(X:Y) H(X|Y) H(Y|X)

  13. Quantum Key Distribution BB84 protocol • Alice uses two random bits a and a’ to prepare the state of a qubit |yaa’>: |y00 >=|0> |y10 >=|1> |y01 >=|+> |y11 >=|-> • Alice sends the qubit to Bob through a quantum channel. Since Alice hasn’t revealed a’, Eve can only guess the basis and in the wrong case she disturbes the qubit. However also Bob does not know a’.

  14. Bob measures the qubit in the basis X or Z as determined by a random bit b’ which he creates on his own (0-Z, 1-X). Let Bob’s measurement result be b (0-positive eigenvalue, 1-negative eigenvalue). • Alice publicly announces a’ through a public classical channel. • The above procedure is repeated 4n times. Then Alice and Bob by a discussion over a public channel discard all bits except those for which a’=b’ (raw key, approx 2n bits). • Alice selects n bits (of her 2n) at random and publicly announces the selection. Then Alice and Bob compare the values of these check bits to establish the error rate (or Eve’s presence). • Eventually the remaining n bits are the sifted key.

  15. a’ b a’=b’ implies perfect correlations # usable bits R= _________________________ (# transmit. qubits)+(# transmit. bits) R= 1/6

  16. What is gained by using qubits? Example: a simple intercept-resend strategy Z (|0>, p=1/2) Z (p=1/2) Z (|0>, p=1/4) |0> X (p=1/2) Z (|1>, p=1/4)

  17. What is gained by using qubits? • For a simple intercept-resend eavesdropping,the prob that Eve is present and Alice and Bob choose n uncorrupted (coincident) bits for the check is (3/4)n which goes to zero as n goes to infinity • In this simple example Eve gets 0.5 bits [H(a:e)=0.5] of info per bit in the sifted key for an induced QBER of 25% [d=0.25] • We expect H(a:e) is an increasing function of d, nevertheless, provided d0 Alice and Bob would be able to outwit Eve (ideal situation of no noise in the channel!)

  18. Once Alice and Bob have reconcilied the basis p(a=0)=p(a=1)=1/2 H(a)=h(1/2)=1 p(b=0|a=1)=p(b=1|a=0)=d QBER p(b=0|a=0)=p(b=1|a=1)=1-d p(b=0,a=1)=p(b=0|a=1)p(a=1)=d/2 p(b=1,a=0)=p(b=1|a=0)p(a=0)=d/2 p(b=0,a=0)=p(b=0|a=0)p(a=0)=(1-d)/2 p(b=1,a=1)=p(b=1|a=1)p(a=1)=(1-d)/2 H(a,b)=1+h(d) p(b=0)=p(b=0,a=1)+p(b=0,a=0)=1/2 p(b=1)=p(b=1,b=1)+p(b=1,a=0)=1/2 H(b)=1 H(a:b)=H(a)+H(b)-H(a,b)=1-h(d)

  19. Information Reconciliation & Privacy Amplification In a realistic situation how Alice and Bob would distinguish the effect of Eve intrusion from that of the noise? Suppose at some point Alice, Bob and Eve perform measurements with outcomes a,b,e with P(a,b,e), then: Theorem (Csiszar & Korner 1978). For a given P(a,b,e) Alice and Bob can establish a secret key (using only Information Reconciliation and Privacy Amplification) iff H(a:b)>H(a:e)

  20. The ultimate security proof Measuring d how to know whether H(a:b) > H(a:e) ? Let’s find a bound for H(a:e) by considering collective attacks. Theorem (Hall 1995). Let E and B be two observables in a N (=2n) dim Hilbert space. Denote e,b,|e>,|b> the corresponding eigenvalues, eigenvectors and let c=maxe,b{|<e|b>|} then H(a:e)+H(a:b) < 2log(Nc) This theorem states that if Eve performs a measurement providing her with some info H(a:e), then because of perturbation Bob’s info is necessarily limited

  21. Suppose Alice sends out a large number of qubits and n were received by Bob in the correct basis (N=2n). Relabel the bases such that Alice uses n-times the X-basis, hence Bob’s observable is XX …… X We can bound Eve’s info assuming she measures ZZ …… Z (remember her max info corresponds to her max disturb) Thus e.g. c=|<0|  …  <0|+>  …  |+>|=2-n/2 and by Hall’s th. H(a:e)+H(a:b) < 2log(2n2-n/2)=n The sum of Eve’s and Bob’s info per qubit is  1 By using the above inequality together with the Csizar & Korner th. we get H(a:b)>n/2. Then H(a:b)=[1-h(d)]n >n/2  d<11%

  22. Security condition H(a:e) H(a:b) d (QBER) Now H(a:e)=0.5 with d=0.11 !

  23. Experimental Quantum Cryptography • First demonstration on a table at IBM labs using photons traveling over a distance of 30 cm (1989) • Experiments with fibres (over a distance of 30-50 Km, 1996-2004) using faint laser pulses • Experiments in free space (over a distance of few Km) • Quantum Cryptography Devices already available in the market!

  24. For further information and research at University of Camerino see: http://fisica.unicam.it/stefanomancini/ or contact me at: stefano.mancini@unicam.it

More Related