applications of quantum cryptography qkd l.
Skip this Video
Loading SlideShow in 5 Seconds..
Applications of Quantum Cryptography – QKD PowerPoint Presentation
Download Presentation
Applications of Quantum Cryptography – QKD

Loading in 2 Seconds...

play fullscreen
1 / 27

Applications of Quantum Cryptography – QKD - PowerPoint PPT Presentation

  • Uploaded on

Applications of Quantum Cryptography – QKD. CS551/851 CR yptography A pplications B istro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “ Quantum Cryptography in Practice ”. Outline. Basics of QKD History of QKD Protocols for QKD BB84 Protocol

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Applications of Quantum Cryptography – QKD' - Albert_Lan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
applications of quantum cryptography qkd

Applications of Quantum Cryptography – QKD


Mike McNett

6 April 2004

Paper: Chip Elliott, David Pearson, and Gregory Troxel. “Quantum Cryptography in Practice”

  • Basics of QKD
  • History of QKD
  • Protocols for QKD
  • BB84 Protocol
  • DARPA / BBN Implementation
  • Other Implementations
  • Pro’s & Con’s
  • Conclusion
quantum cryptography
Quantum Cryptography
  • Better Name – Quantum Key Distribution (QKD) – It’s NOT a new crypto algorithm!
  • Two physically separated parties can create and share random secret keys.
  • Allows them to verify that the key has not been intercepted.
history of qkd
History of QKD
  • Stephen Wiesner – early 1970s wrote paper "Conjugate Coding”
  • Paper by Charles Bennett and Gilles Brassard in 1984 is the basis for QKD protocol BB84. Prototype developed in 1991.
  • Another QKD protocol was invented independently by Artur Ekert in 1991.
two protocols for qkd
Two Protocols for QKD
  • BB84 (and DARPA Project) – uses polarization of photons to encode the bits of information – relies on “uncertainty” to keep Eve from learning the secret key.
  • Ekert – uses entangled photon states to encode the bits – relies on the fact that the information defining the key only "comes into being" after measurements performed by Alice and Bob.
  • Original Paper: Bennett: “Quantum cryptography using any two nonorthogonal states”, Physical Review Letters, Vol. 68, No. 21, 25 May 1992, pp 3121-3124
  • Alice transmits a polarized beam in short bursts. The polarization in each burst is randomly modulated to one of four states (horizontal, vertical, left-circular, or right-circular).
  • Bob measures photon polarizations in a random sequence of bases (rectilinear or circular).
  • Bob tells the sender publicly what sequence of bases were used.
  • Alice tells the receiver publicly which bases were correctly chosen.
  • Alice and Bob discard all observations not from these correctly-chosen bases.
  • The observations are interpreted using a binary scheme: left-circular or horizontal is 0, and right-circular or vertical is 1.
  • representing the types of photon measurements:

+ rectilinear

O circular

  • representing the polarizations themselves:

< left-circular

> right-circular

| vertical

− horizontal

  • Probability that Bob's detector fails to detect the photon at all = 0.5.


bb84 no eavesdropping
BB84 – No Eavesdropping
  • A  B: |<−−−<<−−<>>−<>||−−<
  • Bob randomly decides detector:


  • For each measurement, P(failure to detect photon) = 0.5
  • The results of Bob's measurements are:

− >− −<< |||

  • B  A: types of detectors used and successfully made (but not the measurements themselves):

+ O+ +OO +++

  • Alice tells Bob which measurements were of the correct type:

. . .. (key = 0 0 0 1)

  • Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. In fact, this time there were 4 usable digits generated.
bb84 with eavesdropping
BB84 – With Eavesdropping
  • A  B:<|<−>−<<|<><−<|<−|−<
  • Eavesdropping occurs.

To detect eavesdropping:

  • Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain.
  • A  B: reveals 50% (randomly) of the shared digits.
  • B  A: reveals his corresponding check digits.
  • If > 25% of the check digits are wrong, Alice and Bob know that somebody (Eve) was listening to their exchange.
  • NOTE – 20 photons doesn’t provide good guarantees of detection.
darpa project overview
DARPA Project Overview
  • Combined Effort – BBN, Harvard, Boston University
  • DARPA Project
  • Provides “high speed” QKD. Keys are used by a VPN.
  • Tests against eavesdropping attacks
darpa project overview14
DARPA Project Overview
  • QKD Network – Requires a set of trusted network relays
  • Uses Phase Shifting instead of Polarization
  • Uses a VPN – Uses QKD to generate VPN keys
  • Fully compatible with conventional hosts, routers, firewalls, etc.
  • Quantum Channel also used for timing and framing
  • Eve is very capable – just can’t violate Quantum Physics
qkd attributes
QKD Attributes
  • Key Confidentiality
  • Authentication – Not directly provided by QKD – need alternative methods
  • “Sufficiently” Rapid Key Delivery
  • Robustness
  • Distance (and Location) Independence
  • Resistant to Traffic Analysis

Measures Phase & Value

Randomly selects Phase and Value

Timing and Framing

Randomly chooses Phase Basis

1 s and 0 s
1’s and 0’s
  • Unbalanced Interferometers
  • Provides different delays
  • Must be “identical at Sender and Receiver
1 s and 0 s19
1’s and 0’s
  • Photon follows both paths
  • Long path lags behind short path
  • Travels as two distinct pulses
  • Bob receives
  • Pulses again take long & short paths
1 s and 0 s20
1’s and 0’s
  • Waves are Summed
  • Center Peak – Provides the Bases
1 s and 0 s21
1’s and 0’s
  • 1’s and 0’s represented by adjusting the relative phases of the two waves (SALB and LASB). This is the Δ value.
qkd protocols
QKD Protocols
  • Sifting –Unmatched Bases; “stray” or “lost” qubits
  • Error Correction – Noise & Eaves-dropping detected – Uses “cascade” protocol – Reveals information to Eve so need to track this.
  • Privacy Amplification – reduces Eve’s knowledge obtained by previous EC
  • Authentication – Continuous to avoid man-in-middle attacks – not required to initiate using shared keys – Not well explained in Paper.
  • “Continually” uses new keys obtained from QKD
  • Used in IPSEC Phase 2 hash to update AES keys about once / minute
  • Can support:
    • Rapid reseeding, or
    • One-time pad
  • Supports multiple tunnels, each uniquely configured
  • Time outs (due to insufficient bits available)
  • Noise affects on key establishment. This can’t be detected by IKE.
other implementations
Other Implementations
  • Two Other Implementations of Quantum Key Distribution:
    • D Stucki, N Gisin, O Guinnard, G Ribordy, and H Zbinden. Quantum key distribution over 67 km with a plug&play system. New Journal of Physics 4 (2002) 41.1–41.8.
    • ID Quantine:
  • MagiQ. Whitepaper:
  • Satellite-based QKD:,uxc76lU,Q/nj2182.pdf
pros cons
Pros & Cons
  • Nearly Impossible to steal
  • Detect if someone is listening
  • “Secure”
  • Distance Limitations
  • Availability
    • vulnerable to DOS
    • keys can’t keep up with plaintext
  • Back to Richard!