1 / 27

Applications of Quantum Cryptography – QKD

Applications of Quantum Cryptography – QKD. CS551/851 CR yptography A pplications B istro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “ Quantum Cryptography in Practice ”. Outline. Basics of QKD History of QKD Protocols for QKD BB84 Protocol

michaelpedersen
Download Presentation

Applications of Quantum Cryptography – QKD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Applications of Quantum Cryptography – QKD CS551/851CRyptographyApplicationsBistro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “Quantum Cryptography in Practice”

  2. Outline • Basics of QKD • History of QKD • Protocols for QKD • BB84 Protocol • DARPA / BBN Implementation • Other Implementations • Pro’s & Con’s • Conclusion

  3. Quantum Cryptography • Better Name – Quantum Key Distribution (QKD) – It’s NOT a new crypto algorithm! • Two physically separated parties can create and share random secret keys. • Allows them to verify that the key has not been intercepted.

  4. Basic Idea

  5. History of QKD • Stephen Wiesner – early 1970s wrote paper "Conjugate Coding” • Paper by Charles Bennett and Gilles Brassard in 1984 is the basis for QKD protocol BB84. Prototype developed in 1991. • Another QKD protocol was invented independently by Artur Ekert in 1991.

  6. Two Protocols for QKD • BB84 (and DARPA Project) – uses polarization of photons to encode the bits of information – relies on “uncertainty” to keep Eve from learning the secret key. • Ekert – uses entangled photon states to encode the bits – relies on the fact that the information defining the key only "comes into being" after measurements performed by Alice and Bob.

  7. BB84 • Original Paper: Bennett: “Quantum cryptography using any two nonorthogonal states”, Physical Review Letters, Vol. 68, No. 21, 25 May 1992, pp 3121-3124

  8. BB84 • Alice transmits a polarized beam in short bursts. The polarization in each burst is randomly modulated to one of four states (horizontal, vertical, left-circular, or right-circular). • Bob measures photon polarizations in a random sequence of bases (rectilinear or circular). • Bob tells the sender publicly what sequence of bases were used. • Alice tells the receiver publicly which bases were correctly chosen. • Alice and Bob discard all observations not from these correctly-chosen bases. • The observations are interpreted using a binary scheme: left-circular or horizontal is 0, and right-circular or vertical is 1.

  9. BB84 • representing the types of photon measurements: + rectilinear O circular • representing the polarizations themselves: < left-circular > right-circular | vertical − horizontal • Probability that Bob's detector fails to detect the photon at all = 0.5. Reference: http://monet.mercersburg.edu/henle/bb84/demo.php

  10. BB84 – No Eavesdropping • A  B: |<−−−<<−−<>>−<>||−−< • Bob randomly decides detector: ++++O+O+OO+O+++++O+O • For each measurement, P(failure to detect photon) = 0.5 • The results of Bob's measurements are: − >− −<< ||| • B  A: types of detectors used and successfully made (but not the measurements themselves): + O+ +OO +++ • Alice tells Bob which measurements were of the correct type: . . .. (key = 0 0 0 1) • Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. In fact, this time there were 4 usable digits generated.

  11. BB84 – With Eavesdropping • A  B:<|<−>−<<|<><−<|<−|−< • Eavesdropping occurs. To detect eavesdropping: • Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. • A  B: reveals 50% (randomly) of the shared digits. • B  A: reveals his corresponding check digits. • If > 25% of the check digits are wrong, Alice and Bob know that somebody (Eve) was listening to their exchange. • NOTE – 20 photons doesn’t provide good guarantees of detection.

  12. DARPA Project

  13. DARPA Project Overview • Combined Effort – BBN, Harvard, Boston University • DARPA Project • Provides “high speed” QKD. Keys are used by a VPN. • Tests against eavesdropping attacks

  14. DARPA Project Overview • QKD Network – Requires a set of trusted network relays • Uses Phase Shifting instead of Polarization • Uses a VPN – Uses QKD to generate VPN keys • Fully compatible with conventional hosts, routers, firewalls, etc. • Quantum Channel also used for timing and framing • Eve is very capable – just can’t violate Quantum Physics

  15. QKD Attributes • Key Confidentiality • Authentication – Not directly provided by QKD – need alternative methods • “Sufficiently” Rapid Key Delivery • Robustness • Distance (and Location) Independence • Resistant to Traffic Analysis

  16. DARPA Quantum Network

  17. Measures Phase & Value Randomly selects Phase and Value Timing and Framing Randomly chooses Phase Basis

  18. 1’s and 0’s • Unbalanced Interferometers • Provides different delays • Must be “identical at Sender and Receiver

  19. 1’s and 0’s • Photon follows both paths • Long path lags behind short path • Travels as two distinct pulses • Bob receives • Pulses again take long & short paths

  20. 1’s and 0’s • Waves are Summed • Center Peak – Provides the Bases

  21. 1’s and 0’s • 1’s and 0’s represented by adjusting the relative phases of the two waves (SALB and LASB). This is the Δ value.

  22. QKD Protocols • Sifting –Unmatched Bases; “stray” or “lost” qubits • Error Correction – Noise & Eaves-dropping detected – Uses “cascade” protocol – Reveals information to Eve so need to track this. • Privacy Amplification – reduces Eve’s knowledge obtained by previous EC • Authentication – Continuous to avoid man-in-middle attacks – not required to initiate using shared keys – Not well explained in Paper.

  23. IPSEC • “Continually” uses new keys obtained from QKD • Used in IPSEC Phase 2 hash to update AES keys about once / minute • Can support: • Rapid reseeding, or • One-time pad • Supports multiple tunnels, each uniquely configured

  24. Issues • Time outs (due to insufficient bits available) • Noise affects on key establishment. This can’t be detected by IKE.

  25. Other Implementations • Two Other Implementations of Quantum Key Distribution: • D Stucki, N Gisin, O Guinnard, G Ribordy, and H Zbinden. Quantum key distribution over 67 km with a plug&play system. New Journal of Physics 4 (2002) 41.1–41.8. • ID Quantine: http://www.idquantique.com/files/introduction.pdf • MagiQ. Whitepaper: http://www.magiqtech.com/registration/MagiQWhitePaper.pdf • Satellite-based QKD: http://ej.iop.org/links/q68/BKUvFWVrm756,uxc76lU,Q/nj2182.pdf

  26. Pros & Cons • Nearly Impossible to steal • Detect if someone is listening • “Secure” • Distance Limitations • Availability • vulnerable to DOS • keys can’t keep up with plaintext

  27. Questions? • Back to Richard!

More Related