Create Presentation
Download Presentation

Download Presentation
## 28 April 2005 CS588 Spring 2005 David Evans cs.virginia/evans

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Phun with Photons**28 April 2005 CS588 Spring 2005 David Evanshttp://www.cs.virginia.edu/evans**Menu**• Visual Cryptography • Quantum Cryptography • Quantum Computing (very briefly) • Cryptographic Hashing Attacks • Boyd and Isabelle CS588 Lecture 22**Visual Cryptography**• Can we quickly do a lot of XORs without a computer? • Yes: 0: 1: Key Ciphertext Key Ciphertext .5 probability .5 probability CS588 Lecture 22**Key + Ciphertext**Key Ciphertext Key Ciphertext + + = 0 + + = 1 CS588 Lecture 22**Perfect Cipher?**Key Ciphertext Key Ciphertext Plaintext 0 1 .5 probability .5 probability CS588 Lecture 22**Perfect Cipher**Key Ciphertext Key Ciphertext Plaintext 0 1 .5 probability .5 probability P (C = | M = 0) = .5 P (C = | M = 1) = .5 = Yes! P (C = | M = 0) = .5 P (C = | M = 1) = .5 = CS588 Lecture 22**Authentication for remote voting**Nathanael Paul, David Evans, Avi Rubin and Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. 6 April 2003 http://www.cs.virginia.edu/evans/pubs/remote-voting.html • Remote voting offers convenience • 69% votes cast by mail in 2001 in state of Washington • Electronic voting is cheaper and faster • More secure? • New problems: virus, worm, spoofing, denial of service • Mutual authentication • Voter authenticated to server • Server authenticated to voter CS588 Lecture 22**Doing Encryption without Computers**• Can’t trust voters to have trustworthy computers • Viruses can tamper with their software • Need to do authentication in a way that doesn’t depend on correctness of user’s software • Lorenz cipher: use XOR to encrypt • Is there a way to do lots of XOR’s without a computer? CS588 Lecture 22**Remote Voting System**Each voter is sent a key, ki STEP 1 keys Ek (k1) S Ek(k2) … ki = … Ek(kn) Key: AQEGSDFASDF STEP 2 ki STEP 3 – if ki valid… STEP 4 ki = “AQEGSDFASDF” S client machine client machine CS588 Lecture 22**Authentication by Transparency**CS588 Lecture 22**Quantum Cryptography**CS588 Lecture 22**Quantum Physics for Dummies**• Light behaves like both a wave and a particle at the same time • A single photon is in many states at once • Can’t observe its state without forcing it into one state • Schrödinger’s Cat • Put a live cat in a box with cyanide vial that opens depending on quantum state • Cat is both dead and alive at the same time until you open the box CS588 Lecture 22**Heisenberg’s Uncertainty Principle**“We cannot know, as a matter of principle, the present in all its details.” Werner Heisenberg, 1920s If you can’t know all the details about something you can’t copy it. Bits are easy to copy; photons are impossible to copy. CS588 Lecture 22**Quantum Cash**Stephen Wiesner, late 60s: “I didn’t get any support from my thesis advisor – he showed no interest in it at all. I showed it to several other people, and they all pulled a strange face, and went straight back to what they were already doing.” (Quoted in Singh, The Code Book) CS588 Lecture 22**Photon Polarity**Photons have “spin”: V H +45º -45º Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons Horizontal filter: 100% of H photons 50% of +45º photons (become H photons) 50% of -45º photons (become H photons) 0% of V photons CS588 Lecture 22**Photon Stream**Can’t tell difference between V and +45º and –45º photons Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons CS588 Lecture 22**Quantum Cash**$10000 $10000 Uncertainty Principal Bank Spinning Photons Unique ID 258309274917392 Richard Feynman Safecracker, Father of Quantum Computing In Dice We Trust $10000 $10000 CS588 Lecture 22**Bank Verifies Bill**Uncertainty Principal Unique ID 258309274917392 Spinning Photons Bank aligns filters according to expected values. If photons on bill all pass through filters, the bill is valid. CS588 Lecture 22**Counterfeiting Quantum Cash**• To copy a bill, need to know the photons. • Counterfeiter can guess, but loses information. Physics says there is no way to measure the spins without knowing them! CS588 Lecture 22**Perfect Security?**• Bill photons: V (¼), +45 (¼), -45 (¼), H (¼) • Guess V-filter: passes 100% of V photons, ½ of +45 and ½ of -45 • p (M = V | passes V filter) = .25 / (.25 + (.5 * .25) + (.5 * .25)) = .25/.5 = .5 If photon passes, counterfeiter can guess it is a V photon, right ½ of the time. If photon doesn’t pass, guess it’s a H photon, right ½ of the time. • p (M = +45 | passes V filter) = .25 • Actually a bit more complicated – can guess some photons wrong, and 50% chance bank won’t notice. CS588 Lecture 22**Guessing One +45º Photon**• Passes through V-filter (.5) • Counterfeiter guesses V-photon • Passes through Banks +45 filter (.5) • .25 chance of getting it right • Doesn’t passes through V-filter (.5) • Counterfeiter guesses H-photon • Passes through Banks +45 filter (.5) • .25 chance of getting it right • Probability of not getting caught = .5 • Forge bill with 6 photons = 1/26; use more photons for more valuable bills. CS588 Lecture 22**Quantum Key Distribution**CS588 Lecture 22**Quantum Key Distribution**• Charles Bennett (1980s) • Use quantum physics to transmit a key with perfect secrecy • Alice sends a stream of random photons • Bob selects random filters to try and guess photons • After, they communicate over insecure channel to figure out which bits were transmitted correctly CS588 Lecture 22**Quantum Key Distribution**• Alice generates a random sequence. Transmits: 0: or (Randomly pick H or –45) 1: or (Randomly pick V or +45) • Bob randomly guesses filter: Rectilinear detector: recognizes H and V photons with 100% accuracy, randomly misrecognizes diagonal photons. Diagonal detector: recognizes -45 and +45 photons with 100% accuracy, randomly misrecognizes H and V photons. CS588 Lecture 22**Detecting Photons**• Bob picks the right detector: • 100% chance of correctly recognizing bit • Bob picks the wrong detector: • 50% chance of “guessing” bit • Bob can’t tell the difference • But, Alice can (since she picked the photon encoding) CS588 Lecture 22**Finding Correct Guesses**• Alice calls Bob over an insecure line, and tell him rectangular/diagonal for each bit. Bob tells Alice if he guessed right. They use the bits he guessed right on as the key. • Alice and Bob do some error checking (e.g., use a checksum) to make sure they have the same key. CS588 Lecture 22**What about Eve?**• Eve can intercept the photon stream, and guess filters. • If she guesses right, she can resend the same photon. • If she guesses wrong, 50% chance she will send the wrong photon. • 50% chance Bob will guess the right filter on this photon, so 25% chance of error CS588 Lecture 22**Eve is Caught**• When Alice and Bob agree on which bits to use, Eve will have the wrong ones since she guesses different polarities. • Eve cannot eavesdrop without Alice and Bob noticing an unusually high error rate! CS588 Lecture 22**Is this practical?**CS588 Lecture 22**http://www.idquantique.com/**(Geneva, Switzerland) CS588 Lecture 22**What’s in the “Sneakers” Black Box?**A Quantum Computer CS588 Lecture 22**Quantum Computing**• Feynman, 1982 • Quantum particles are in all possible states • Can try lots of possible computations at once with the same particles • In theory, can test all possible factorizations/keys/paths/etc. and get the right one! • In practice, major advances required before we can build it (unless the NSA knows something we don’t…): 7-qubit computer • Adding another qubit is more than twice as hard CS588 Lecture 22**Cryptographic Hashing Attacks**CS588 Lecture 22**Charge**• Tuesday: • Project presentations • Order will be determined pseudorandomly • Reports due • Sneakers: send me email before Monday if you are coming CS588 Lecture 22