- By
**zenia** - Follow User

- 117 Views
- Updated On :

Quantum Cryptography. Qingqing Yuan. Outline. No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature. One Time Pad Encryption. Conventional cryptosystem: Alice and Bob share N random bits b 1 …b N Alice encrypt her message m 1 …m N b 1 m 1 ,…,b N m N

Related searches for Quantum Cryptography

Download Presentation
## PowerPoint Slideshow about 'Quantum Cryptography' - zenia

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Quantum Cryptography

### Discussions……

Qingqing Yuan

Outline

- No-Cloning Theorem
- BB84 Cryptography Protocol
- Quantum Digital Signature

One Time Pad Encryption

- Conventional cryptosystem:
- Alice and Bob share N random bits b1…bN
- Alice encrypt her message m1…mNb1m1,…,bNmN
- Alice send the encrypted string to Bob
- Bob decrypts the message: (mjbj)bj = mj
- As long as b is unknown, this is secure

- Can be passively monitored or copied

Two Qubit Bases

- Define the four qubit states:
- {0,1}(rectilinear) and {+,-}(diagonal) form an orthogonal qubit state.
- They are indistinguishable from each other.

No-Cloning Theorem

- |q = α|0+β|1
- To determine the amplitudes of an unknown qubit, need an unlimited copies
- It is impossible to make a device that perfectly copies an unknown qubit.
- Suppose there is a quantum process that implements: |q,_|q,q
- Contradicts the unitary/linearity restriction of quantum physics

Wiesner’s Quantum Money

- A quantum bill contains a serial number N, and 20 random qubits from {0,1,+,-}
- The Bank knows which string {0,1,+,-}20 is associated with which N
- The Bank can check validity of a bill N by measuring the qubits in the proper 0/1 or +/- bases
- A counterfeiter cannot copy the bill if he does not know the 20 bases

Quantum Cryptography

- In 1984 Bennett and Brassard describe how the quantum money idea with its basis {0,1} vs. {+,-} can be used in quantum key distribution protocol
- Measuring a quantum system in general disturbs it and yields incomplete information about its state before the measurement

Alice

Classical public channel

Bob

Eve

BB84 Protocol (I)- Central Idea: Quantum Key Distribution (QKD) via the {0,1,+,-} states between Alice and Bob

O(N) classical and quantum communication to establish N shared key bits

Public & Classical

Shared Key

BB84 Protocol (II)- Alice sends 4N random qubits {0,1,+,-} to Bob
- Bob measures each qubit randomly in 0/1 or +/- basis
- Alice and Bob compare their 4N basis, and continue with 2N outcomes for which the same basis was used
- Alice and Bob verify the measurement outcomes on random (size N) subset of the 2N bits
- Remaining N outcomes function as the secrete key

Security of BB84

- Without knowing the proper basis, Eve not possible to
- Copy the qubits
- Measure the qubits without disturbing

- Any serious attempt by Eve will be detected when Alice and Bob perform “equality check”

Quantum Coin Tossing

Alice’s bit: 1 0 1 0 0 1 1 1 0 1 1 0

Alice’s basis: Diagonal

Alice sends: - + - + + - - - + - - +

Bob’s basis: R D D R D R D R D D R R

Bob’s rect. table: 0 1 0 1 1 1

Bob’s Dia. table: 0 1 0 1 0 1

Bob guess: diagonal

Alice reply: you win

Alice sends original string to verify.

Quantum Coin Tossing (Cont.)

- Alice may cheat
- Alice create EPR pair for each bit
- She sends one member of the pair and stores the other
- When Bob makes his guess, Alice measure her parts in the opposite basis

Arguments Against QKD

- QKD is not public key cryptography
- Eve can sabotage the quantum channel to force Alice and Bob use classical channel
- Expensive for long keys: Ω(N) qubits of communication for a key of size N

Practical Feasibility of QKD

- Only single qubits are involved
- Simple state preparations and measurements
- Commercial Availability
- id Quantique: http://www.idquantique.com

Outline

- No-Cloning Theorem
- BB84 Cryptography Protocol
- Quantum Digital Signature

Pros of Public Key Cryptography

- High efficiency
- Better key distribution and management
- No danger that public key is compromised
- Certificate authorities

- New protocols
- Digital signature

Quantum One-way Function

- Consider a map f: k fk.
- k is the private key
- fk is the public key

- One-way function: For some maps f, it’s impossible (theoretically) to determine k, even given many copies of fk
- we can give it to many people without revealing the private key k

Digital Signature (Classical scheme)

- Lamport 1979
- One-way function f(x)
- Private key (k0, k1)
- Public key (0,f(k0)), (1,f(k1))
- Sign a bit b: (b, kb)

Quantum Scheme

- Gottesman & Chuang 2001
- Private key (k0(i), k1(i))(i=1, ..., M)
- Public key
- To sign b, send (b, kb(1), kb(2), ..., kb(M)).
- To verify, measure fkto check k = kb(i).

Levels of Acceptance

- Suppose s keys fail the equality test
- If sc1M: 1-ACC: Message comes from Alice, other recipients will agree.
- If c1M < s c2M: 0-ACC: Message comes from Alice, other recipients mightdisagree.
- If s > c2M: REJ: Message might not come from Alice

Reference

- [BB84]: Bennett C. H. & Brassard G., “Quantum cryptography: Public key distribution and coin tossing”
- Daniel Gottesman, Isaac Chuang, “Quantum Digital Signatures”
- http://www.perimeterinstitute.ca/personal/dgottesman/Public-key.ppt

Thank you!

Download Presentation

Connecting to Server..