1 / 22

# Quantum Cryptography - PowerPoint PPT Presentation

Quantum Cryptography. Qingqing Yuan. Outline. No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature. One Time Pad Encryption. Conventional cryptosystem: Alice and Bob share N random bits b 1 …b N Alice encrypt her message m 1 …m N b 1  m 1 ,…,b N  m N

Related searches for Quantum Cryptography

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Quantum Cryptography' - zenia

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Quantum Cryptography

Qingqing Yuan

• No-Cloning Theorem

• BB84 Cryptography Protocol

• Quantum Digital Signature

• Conventional cryptosystem:

• Alice and Bob share N random bits b1…bN

• Alice encrypt her message m1…mNb1m1,…,bNmN

• Alice send the encrypted string to Bob

• Bob decrypts the message: (mjbj)bj = mj

• As long as b is unknown, this is secure

• Can be passively monitored or copied

• Define the four qubit states:

• {0,1}(rectilinear) and {+,-}(diagonal) form an orthogonal qubit state.

• They are indistinguishable from each other.

• |q = α|0+β|1

• To determine the amplitudes of an unknown qubit, need an unlimited copies

• It is impossible to make a device that perfectly copies an unknown qubit.

• Suppose there is a quantum process that implements: |q,_|q,q

• Contradicts the unitary/linearity restriction of quantum physics

• A quantum bill contains a serial number N, and 20 random qubits from {0,1,+,-}

• The Bank knows which string {0,1,+,-}20 is associated with which N

• The Bank can check validity of a bill N by measuring the qubits in the proper 0/1 or +/- bases

• A counterfeiter cannot copy the bill if he does not know the 20 bases

• In 1984 Bennett and Brassard describe how the quantum money idea with its basis {0,1} vs. {+,-} can be used in quantum key distribution protocol

• Measuring a quantum system in general disturbs it and yields incomplete information about its state before the measurement

Alice

Classical public channel

Bob

Eve

BB84 Protocol (I)

• Central Idea: Quantum Key Distribution (QKD) via the {0,1,+,-} states between Alice and Bob

O(N) classical and quantum communication to establish N shared key bits

Public & Classical

Shared Key

BB84 Protocol (II)

• Alice sends 4N random qubits {0,1,+,-} to Bob

• Bob measures each qubit randomly in 0/1 or +/- basis

• Alice and Bob compare their 4N basis, and continue with 2N outcomes for which the same basis was used

• Alice and Bob verify the measurement outcomes on random (size N) subset of the 2N bits

• Remaining N outcomes function as the secrete key

• Without knowing the proper basis, Eve not possible to

• Copy the qubits

• Measure the qubits without disturbing

• Any serious attempt by Eve will be detected when Alice and Bob perform “equality check”

Alice’s bit: 1 0 1 0 0 1 1 1 0 1 1 0

Alice’s basis: Diagonal

Alice sends: - + - + + - - - + - - +

Bob’s basis: R D D R D R D R D D R R

Bob’s rect. table: 0 1 0 1 1 1

Bob’s Dia. table: 0 1 0 1 0 1

Bob guess: diagonal

Alice sends original string to verify.

• Alice may cheat

• Alice create EPR pair for each bit

• She sends one member of the pair and stores the other

• When Bob makes his guess, Alice measure her parts in the opposite basis

• QKD is not public key cryptography

• Eve can sabotage the quantum channel to force Alice and Bob use classical channel

• Expensive for long keys: Ω(N) qubits of communication for a key of size N

• Only single qubits are involved

• Simple state preparations and measurements

• Commercial Availability

• id Quantique: http://www.idquantique.com

• No-Cloning Theorem

• BB84 Cryptography Protocol

• Quantum Digital Signature

• High efficiency

• Better key distribution and management

• No danger that public key is compromised

• Certificate authorities

• New protocols

• Digital signature

• Consider a map f: k fk.

• k is the private key

• fk is the public key

• One-way function: For some maps f, it’s impossible (theoretically) to determine k, even given many copies of fk

• we can give it to many people without revealing the private key k

• Lamport 1979

• One-way function f(x)

• Private key (k0, k1)

• Public key (0,f(k0)), (1,f(k1))

• Sign a bit b: (b, kb)

• Gottesman & Chuang 2001

• Private key (k0(i), k1(i))(i=1, ..., M)

• Public key

• To sign b, send (b, kb(1), kb(2), ..., kb(M)).

• To verify, measure fkto check k = kb(i).

• Suppose s keys fail the equality test

• If sc1M:  1-ACC: Message comes from Alice, other recipients will agree.

• If c1M < s  c2M:  0-ACC: Message comes from Alice, other recipients mightdisagree.

• If s > c2M:  REJ: Message might not come from Alice

• [BB84]: Bennett C. H. & Brassard G., “Quantum cryptography: Public key distribution and coin tossing”

• Daniel Gottesman, Isaac Chuang, “Quantum Digital Signatures”

• http://www.perimeterinstitute.ca/personal/dgottesman/Public-key.ppt

Thank you!