Quantum cryptography
1 / 22

Quantum Cryptography - PowerPoint PPT Presentation

  • Updated On :

Quantum Cryptography. Qingqing Yuan. Outline. No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature. One Time Pad Encryption. Conventional cryptosystem: Alice and Bob share N random bits b 1 …b N Alice encrypt her message m 1 …m N b 1  m 1 ,…,b N  m N

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Quantum Cryptography' - zenia

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Quantum cryptography l.jpg

Quantum Cryptography

Qingqing Yuan

Outline l.jpg

  • No-Cloning Theorem

  • BB84 Cryptography Protocol

  • Quantum Digital Signature

One time pad encryption l.jpg
One Time Pad Encryption

  • Conventional cryptosystem:

    • Alice and Bob share N random bits b1…bN

    • Alice encrypt her message m1…mNb1m1,…,bNmN

    • Alice send the encrypted string to Bob

    • Bob decrypts the message: (mjbj)bj = mj

    • As long as b is unknown, this is secure

  • Can be passively monitored or copied

Two qubit bases l.jpg
Two Qubit Bases

  • Define the four qubit states:

  • {0,1}(rectilinear) and {+,-}(diagonal) form an orthogonal qubit state.

  • They are indistinguishable from each other.

No cloning theorem l.jpg
No-Cloning Theorem

  • |q = α|0+β|1

    • To determine the amplitudes of an unknown qubit, need an unlimited copies

    • It is impossible to make a device that perfectly copies an unknown qubit.

      • Suppose there is a quantum process that implements: |q,_|q,q

      • Contradicts the unitary/linearity restriction of quantum physics

Wiesner s quantum money l.jpg
Wiesner’s Quantum Money

  • A quantum bill contains a serial number N, and 20 random qubits from {0,1,+,-}

  • The Bank knows which string {0,1,+,-}20 is associated with which N

  • The Bank can check validity of a bill N by measuring the qubits in the proper 0/1 or +/- bases

  • A counterfeiter cannot copy the bill if he does not know the 20 bases

Quantum cryptography7 l.jpg
Quantum Cryptography

  • In 1984 Bennett and Brassard describe how the quantum money idea with its basis {0,1} vs. {+,-} can be used in quantum key distribution protocol

  • Measuring a quantum system in general disturbs it and yields incomplete information about its state before the measurement

Bb84 protocol i l.jpg

Quantum Channel


Classical public channel



BB84 Protocol (I)

  • Central Idea: Quantum Key Distribution (QKD) via the {0,1,+,-} states between Alice and Bob

O(N) classical and quantum communication to establish N shared key bits

Bb84 protocol ii l.jpg


Public & Classical

Shared Key

BB84 Protocol (II)

  • Alice sends 4N random qubits {0,1,+,-} to Bob

  • Bob measures each qubit randomly in 0/1 or +/- basis

  • Alice and Bob compare their 4N basis, and continue with 2N outcomes for which the same basis was used

  • Alice and Bob verify the measurement outcomes on random (size N) subset of the 2N bits

  • Remaining N outcomes function as the secrete key

Security of bb84 l.jpg
Security of BB84

  • Without knowing the proper basis, Eve not possible to

    • Copy the qubits

    • Measure the qubits without disturbing

  • Any serious attempt by Eve will be detected when Alice and Bob perform “equality check”

Quantum coin tossing l.jpg
Quantum Coin Tossing

Alice’s bit: 1 0 1 0 0 1 1 1 0 1 1 0

Alice’s basis: Diagonal

Alice sends: - + - + + - - - + - - +

Bob’s basis: R D D R D R D R D D R R

Bob’s rect. table: 0 1 0 1 1 1

Bob’s Dia. table: 0 1 0 1 0 1

Bob guess: diagonal

Alice reply: you win

Alice sends original string to verify.

Quantum coin tossing cont l.jpg
Quantum Coin Tossing (Cont.)

  • Alice may cheat

    • Alice create EPR pair for each bit

    • She sends one member of the pair and stores the other

    • When Bob makes his guess, Alice measure her parts in the opposite basis

Arguments against qkd l.jpg
Arguments Against QKD

  • QKD is not public key cryptography

  • Eve can sabotage the quantum channel to force Alice and Bob use classical channel

  • Expensive for long keys: Ω(N) qubits of communication for a key of size N

Practical feasibility of qkd l.jpg
Practical Feasibility of QKD

  • Only single qubits are involved

  • Simple state preparations and measurements

  • Commercial Availability

    • id Quantique: http://www.idquantique.com

Outline15 l.jpg

  • No-Cloning Theorem

  • BB84 Cryptography Protocol

  • Quantum Digital Signature

Pros of public key cryptography l.jpg
Pros of Public Key Cryptography

  • High efficiency

  • Better key distribution and management

    • No danger that public key is compromised

    • Certificate authorities

  • New protocols

    • Digital signature

Quantum one way function l.jpg
Quantum One-way Function

  • Consider a map f: k fk.

    • k is the private key

    • fk is the public key

  • One-way function: For some maps f, it’s impossible (theoretically) to determine k, even given many copies of fk

  • we can give it to many people without revealing the private key k

Digital signature classical scheme l.jpg
Digital Signature (Classical scheme)

  • Lamport 1979

  • One-way function f(x)

  • Private key (k0, k1)

  • Public key (0,f(k0)), (1,f(k1))

  • Sign a bit b: (b, kb)

Quantum scheme l.jpg
Quantum Scheme

  • Gottesman & Chuang 2001

    • Private key (k0(i), k1(i))(i=1, ..., M)

    • Public key

    • To sign b, send (b, kb(1), kb(2), ..., kb(M)).

    • To verify, measure fkto check k = kb(i).

Levels of acceptance l.jpg
Levels of Acceptance

  • Suppose s keys fail the equality test

    • If sc1M:  1-ACC: Message comes from Alice, other recipients will agree.

    • If c1M < s  c2M:  0-ACC: Message comes from Alice, other recipients mightdisagree.

    • If s > c2M:  REJ: Message might not come from Alice

Reference l.jpg

  • [BB84]: Bennett C. H. & Brassard G., “Quantum cryptography: Public key distribution and coin tossing”

  • Daniel Gottesman, Isaac Chuang, “Quantum Digital Signatures”

  • http://www.perimeterinstitute.ca/personal/dgottesman/Public-key.ppt

Discussions l.jpg


Thank you!