Download
phun with photons n.
Skip this Video
Loading SlideShow in 5 Seconds..
28 April 2005 CS588 Spring 2005 David Evans cs.virginia/evans PowerPoint Presentation
Download Presentation
28 April 2005 CS588 Spring 2005 David Evans cs.virginia/evans

28 April 2005 CS588 Spring 2005 David Evans cs.virginia/evans

0 Views Download Presentation
Download Presentation

28 April 2005 CS588 Spring 2005 David Evans cs.virginia/evans

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Phun with Photons 28 April 2005 CS588 Spring 2005 David Evanshttp://www.cs.virginia.edu/evans

  2. Menu • Visual Cryptography • Quantum Cryptography • Quantum Computing (very briefly) • Cryptographic Hashing Attacks • Boyd and Isabelle CS588 Lecture 22

  3. Visual Cryptography • Can we quickly do a lot of XORs without a computer? • Yes: 0: 1: Key Ciphertext Key Ciphertext .5 probability .5 probability CS588 Lecture 22

  4. Key + Ciphertext Key Ciphertext Key Ciphertext + + = 0 + + = 1 CS588 Lecture 22

  5. Perfect Cipher? Key Ciphertext Key Ciphertext Plaintext 0 1 .5 probability .5 probability CS588 Lecture 22

  6. Perfect Cipher Key Ciphertext Key Ciphertext Plaintext 0 1 .5 probability .5 probability P (C = | M = 0) = .5 P (C = | M = 1) = .5 = Yes! P (C = | M = 0) = .5 P (C = | M = 1) = .5 = CS588 Lecture 22

  7. Authentication for remote voting Nathanael Paul, David Evans, Avi Rubin and Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. 6 April 2003 http://www.cs.virginia.edu/evans/pubs/remote-voting.html • Remote voting offers convenience • 69% votes cast by mail in 2001 in state of Washington • Electronic voting is cheaper and faster • More secure? • New problems: virus, worm, spoofing, denial of service • Mutual authentication • Voter authenticated to server • Server authenticated to voter CS588 Lecture 22

  8. Doing Encryption without Computers • Can’t trust voters to have trustworthy computers • Viruses can tamper with their software • Need to do authentication in a way that doesn’t depend on correctness of user’s software • Lorenz cipher: use XOR to encrypt • Is there a way to do lots of XOR’s without a computer? CS588 Lecture 22

  9. Remote Voting System Each voter is sent a key, ki STEP 1 keys Ek (k1) S Ek(k2) … ki = … Ek(kn) Key: AQEGSDFASDF STEP 2 ki STEP 3 – if ki valid… STEP 4 ki = “AQEGSDFASDF” S client machine client machine CS588 Lecture 22

  10. Authentication by Transparency CS588 Lecture 22

  11. Quantum Cryptography CS588 Lecture 22

  12. Quantum Physics for Dummies • Light behaves like both a wave and a particle at the same time • A single photon is in many states at once • Can’t observe its state without forcing it into one state • Schrödinger’s Cat • Put a live cat in a box with cyanide vial that opens depending on quantum state • Cat is both dead and alive at the same time until you open the box CS588 Lecture 22

  13. Heisenberg’s Uncertainty Principle “We cannot know, as a matter of principle, the present in all its details.” Werner Heisenberg, 1920s If you can’t know all the details about something you can’t copy it. Bits are easy to copy; photons are impossible to copy. CS588 Lecture 22

  14. Quantum Cash Stephen Wiesner, late 60s: “I didn’t get any support from my thesis advisor – he showed no interest in it at all. I showed it to several other people, and they all pulled a strange face, and went straight back to what they were already doing.” (Quoted in Singh, The Code Book) CS588 Lecture 22

  15. Photon Polarity Photons have “spin”: V H +45º -45º Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons Horizontal filter: 100% of H photons 50% of +45º photons (become H photons) 50% of -45º photons (become H photons) 0% of V photons CS588 Lecture 22

  16. Photon Stream Can’t tell difference between V and +45º and –45º photons Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons CS588 Lecture 22

  17. Quantum Cash $10000 $10000 Uncertainty Principal Bank Spinning Photons Unique ID 258309274917392 Richard Feynman Safecracker, Father of Quantum Computing In Dice We Trust $10000 $10000 CS588 Lecture 22

  18. Bank Verifies Bill Uncertainty Principal Unique ID 258309274917392 Spinning Photons Bank aligns filters according to expected values. If photons on bill all pass through filters, the bill is valid. CS588 Lecture 22

  19. Counterfeiting Quantum Cash • To copy a bill, need to know the photons. • Counterfeiter can guess, but loses information. Physics says there is no way to measure the spins without knowing them! CS588 Lecture 22

  20. Perfect Security? • Bill photons: V (¼), +45 (¼), -45 (¼), H (¼) • Guess V-filter: passes 100% of V photons, ½ of +45 and ½ of -45 • p (M = V | passes V filter) = .25 / (.25 + (.5 * .25) + (.5 * .25)) = .25/.5 = .5 If photon passes, counterfeiter can guess it is a V photon, right ½ of the time. If photon doesn’t pass, guess it’s a H photon, right ½ of the time. • p (M = +45 | passes V filter) = .25 • Actually a bit more complicated – can guess some photons wrong, and 50% chance bank won’t notice. CS588 Lecture 22

  21. Guessing One +45º Photon • Passes through V-filter (.5) • Counterfeiter guesses V-photon • Passes through Banks +45 filter (.5) • .25 chance of getting it right • Doesn’t passes through V-filter (.5) • Counterfeiter guesses H-photon • Passes through Banks +45 filter (.5) • .25 chance of getting it right • Probability of not getting caught = .5 • Forge bill with 6 photons = 1/26; use more photons for more valuable bills. CS588 Lecture 22

  22. Quantum Key Distribution CS588 Lecture 22

  23. Quantum Key Distribution • Charles Bennett (1980s) • Use quantum physics to transmit a key with perfect secrecy • Alice sends a stream of random photons • Bob selects random filters to try and guess photons • After, they communicate over insecure channel to figure out which bits were transmitted correctly CS588 Lecture 22

  24. Quantum Key Distribution • Alice generates a random sequence. Transmits: 0: or (Randomly pick H or –45) 1: or (Randomly pick V or +45) • Bob randomly guesses filter: Rectilinear detector: recognizes H and V photons with 100% accuracy, randomly misrecognizes diagonal photons. Diagonal detector: recognizes -45 and +45 photons with 100% accuracy, randomly misrecognizes H and V photons. CS588 Lecture 22

  25. Detecting Photons • Bob picks the right detector: • 100% chance of correctly recognizing bit • Bob picks the wrong detector: • 50% chance of “guessing” bit • Bob can’t tell the difference • But, Alice can (since she picked the photon encoding) CS588 Lecture 22

  26. Finding Correct Guesses • Alice calls Bob over an insecure line, and tell him rectangular/diagonal for each bit. Bob tells Alice if he guessed right. They use the bits he guessed right on as the key. • Alice and Bob do some error checking (e.g., use a checksum) to make sure they have the same key. CS588 Lecture 22

  27. What about Eve? • Eve can intercept the photon stream, and guess filters. • If she guesses right, she can resend the same photon. • If she guesses wrong, 50% chance she will send the wrong photon. • 50% chance Bob will guess the right filter on this photon, so 25% chance of error CS588 Lecture 22

  28. Eve is Caught • When Alice and Bob agree on which bits to use, Eve will have the wrong ones since she guesses different polarities. • Eve cannot eavesdrop without Alice and Bob noticing an unusually high error rate! CS588 Lecture 22

  29. Is this practical? CS588 Lecture 22

  30. http://www.idquantique.com/ (Geneva, Switzerland) CS588 Lecture 22

  31. Movie Teaser

  32. What’s in the “Sneakers” Black Box? A Quantum Computer CS588 Lecture 22

  33. Quantum Computing • Feynman, 1982 • Quantum particles are in all possible states • Can try lots of possible computations at once with the same particles • In theory, can test all possible factorizations/keys/paths/etc. and get the right one! • In practice, major advances required before we can build it (unless the NSA knows something we don’t…): 7-qubit computer • Adding another qubit is more than twice as hard CS588 Lecture 22

  34. Cryptographic Hashing Attacks CS588 Lecture 22

  35. Charge • Tuesday: • Project presentations • Order will be determined pseudorandomly • Reports due • Sneakers: send me email before Monday if you are coming CS588 Lecture 22