Quantum cryptography

1
Quantum cryptography

• CS415 Biometrics and Cryptography
• UTC/CSE

2
Introduction

• Light waves are propagated as discrete particles
  known as photons.
• Polarization of the light is carried by the
  direction of the angular momentum, or spin of the
  photons.

3
Polarized photons

• Polarization can be modeled as a linear
  combination of basis vectors vertical (?) and
  horizontal (?)
• A quantum state of a photon is described as a
  vector
• quantum cryptography often uses photons in 1 of 4
  polarizations (in degrees) 0, 45, 90, 135

4
Properties of Quantum Information

• Heisenberg Uncertainty Principle (HUP)
• If there is a particle, such as an electron,
  moving through space, it is impossibly to measure
  both its position and momentum precisely.

5
A polarization filter

• A polarization filter is a material that allows
  only light of a specified polarizatio direction
  to pass.
• A photon will either pass or not pass through a
  polorization filter, but if it emerges it will be
  aligned with the filter regardless of its initial
  state. There are no partial photons.

6
Polarization by a Filter

• Unpolarized light enters a vertically aligned
  filter, some light is absorbed and the remainder
  is polarized in the vertical direction.
• A second filter tilted at some angle q absorbs
  some of the polarized light and transmits the
  rest, giving it a new polarization.

7
Polarization by a Filter

• If the first one is the generator from Alice, a
  vertical polarized light is generated.
• There is a certain probability that the photon
  will pass through the second filter. The
  probability depends on the angle q.
• The angle increases from 0 to 90 degree, and
  the probability decreases from 1 to 0. When q is
  45 degree, the probability is precisely 50.

8
Polarization by a Filter
Transmitting light polarization and measurements
determine the polarization of the outgoing light.

Perpendicular ? blocked Otherwise ? some pass
9
More examples
????
?
10
Quantum Cryptography
11
Quantum Cryptography

• Better Name Quantum Key Distribution (QKD)
  Its NOT a new crypto algorithm!
• Two physically separated parties can create and
  share random secret keys.
• Allows them to verify that the key has not been
  intercepted.

12
Quantum Key Distribution

• Requires two channels
• one quantum channel (subject to adversary and/or
  noises)
• one public channel (authentic, unjammable,
  subject to eavesdropping)

13
BB84 QKD protocol

• uses polarization of photons to encode the bits
  of information relies on uncertainty to keep
  Eve from learning the secret key.
• Bennett Quantum cryptography using any two
  nonorthogonal states, Physical Review Letters,
  Vol. 68, No. 21, 25 May 1992, pp 3121-3124

Charles H. Bennett an IBM Fellow at IBM Research
Gilles Brassard Canada Research Chair in Quantum
Information processing
14
Properties of Quantum Information

• Quantum no-cloning theorem an unknown quantum
  state cannot be cloned.
• Measurement generally disturbs a quantum state
• one can set up a rectilinear measurement or a
  circular (diagonal) measurement
• a circular (diagonal) measurement disturbs the
  states of those diagonal photons having 0/90

15
Properties of Quantum Information
16
BB84

• Alice transmits short bursts. The polarization in
  each burst is randomly modulated to one of four
  states (horizontal, vertical, left-circular, or
  right-circular).
• Bob measures photon polarizations in a random
  sequence of bases (rectilinear or diagonal).
• Bob tells the sender publicly what sequence of
  bases were used.
• Alice tells the receiver publicly which bases
  were correctly chosen.
• Alice and Bob discard all observations not from
  these correctly-chosen bases.
• The observations are interpreted using a binary
  scheme left-circular or horizontal is 0, and
  right-circular or vertical is 1.

17
BB84

• representing the types of photon measurements
• rectilinear
• O circular
• representing the polarizations themselves
• lt left-circular
• gt right-circular
• vertical
• - horizontal
• Probability that Bob's detector fails to detect
  the photon at all 0.5.

Reference http//monet.mercersburg.edu/henle/bb84
/demo.php
18
BB84 No Eavesdropping

• A ? B lt---ltlt--ltgtgt-ltgt--lt
• Bob randomly decides detector
• OOOOOOO
• For each measurement, P(failure to detect photon)
  0.5
• The results of Bob's measurements are
• - gt- -ltlt
• B ? A types of detectors used and successfully
  made (but not the measurements themselves)
• O OO
• Alice tells Bob which measurements were of the
  correct type
• . . . .
• - - lt (key 0 0 0 1)
• Bob only makes the same kind of measurement as
  Alice about half the time. Given that the P(B
  detector fails) 0.5, you would expect about 5
  out of 20 usable shared digits to remain. In
  fact, this time there were 4 usable digits
  generated.

19
BB84 With Eavesdropping

• A ? B ltlt-gt-ltltltgtlt-ltlt--lt
• Eavesdropping occurs.
• To detect eavesdropping
• Bob only makes the same kind of measurement as
  Alice about half the time. Given that the P(B
  detector fails) 0.5, you would expect about 5
  out of 20 usable shared digits to remain.
• A ? B reveals 50 (randomly) of the shared
  digits.
• B ? A reveals his corresponding check digits.
• If gt 25 of the check digits are wrong, Alice and
  Bob know that somebody (Eve) was listening to
  their exchange.
• NOTE 20 photons doesnt provide good guarantees
  of detection.

20
DARPA Quantum Network
21
Pros Cons

• Nearly Impossible to steal
• Detect if someone is listening
• Secure
• Distance Limitations
• Availability
• vulnerable to DOS
• keys cant keep up with plaintext

22
Quantum cryptology
23
Key distribution

• Alice and Bob first agree on two representations
  for ones and zeroes
• One for each basis used, ?,? and ?, ?.
• This agreement can be done in public
• Define1 ? 0 ?1 ? 0 ?

24
Key distribution - BB84

• Alice sends a sequence of photons to Bob.Each
  photon in a state with polarization corresponding
  to 1 or 0, but with randomly chosen basis.
• Bob measures the state of the photons he
  receives, with each state measured with respect
  to randomly chosen basis.
• Alice and Bob communicates via an open channel.
  For each photon, they reveal which basis was used
  for encoding and decoding respectively. All
  photons which has been encoded and decoded with
  the same basis are kept, while all those where
  the basis don't agree are discarded.

25
Eavesdropping

• Eve has to randomly select basis for her
  measurement
• Her basis will be wrong in 50 of the time.
• Whatever basis Eve chose she will measure 1 or 0
• When Eve picks the wrong basis, there is 50
  chance that she'll measure the right value of the
  bit
• E.g. Alice sends a photon with state
  corresponding to 1 in the ?,? basis. Eve picks
  the ?, ? basis for her measurement which this
  time happens to give a 1 as result, which is
  correct.

26
Eavesdropping
27
Eves problem

• Eve has to re-send all the photons to Bob
• Will introduce an error, since Eve don't know the
  correct basis used by Alice
• Bob will detect an increased error rate
• Still possible for Eve to eavesdrop just a few
  photons, and hope that this will not increase the
  error to an alarming rate. If so, Eve would have
  at least partial knowledge of the key.

28
Detecting eavesdropping

• When Alice and Bob need to test for eavesdropping
• By randomly selecting a number of bits from the
  key and compute its error rate
• Error rate lt Emax ? assume no eavesdropping
• Error rate gt Emax ? assume eavesdropping(or the
  channel is unexpectedly noisy)Alice and Bob
  should then discard the whole key and start over

29
Noise

• Noise might introduce errors
• A detector might detect a photon even though
  there are no photons
• Solution
• send the photons according to a time schedule.
• then Bob knows when to expect a photon, and can
  discard those that doesn't fit into the scheme's
  time window.
• There also has to be some kind of error
  correction in the over all process.

30
Error correction

• Suggested by Hoi-Kwong Lo. (Shortened version)
• Alice and Bob agree on a random permutation of
  the bits in the key
• They split the key into blocks of length k
• Compare the parity of each block. If they compute
  the same parity, the block is considered correct.
  If their parity is different, they look for the
  erroneous bit, using a binary search in the
  block. Alice and Bob discard the last bit of each
  block whose parity has been announced
• This is repeated with different permutations and
  block size, until Alice and Bob fail to find any
  disagreement in many subsequent comparisons

31
Privacy amplification

• Eve might have partial knowledge of the key.
• Transform the key into a shorter but secure key
• Suppose there are n bits in the key and Eve has
  knowledge of m bits.
• Randomly chose a hash function whereh(x)
  0,1\n ? 0,1\ n-m-s
• Reduces Eve's knowledge of the key to 2 s / ln2
  bits

32
Encryption

• Key of same size as the plaintext
• Used as a one-time-pad
• Ensures the crypto text to be absolutely
  unbreakable

33
What to come

• Theory for quantum cryptography already well
  developed
• Problems
• quantum cryptography machine vulnerable to noise
• photons cannot travel long distances without
  being absorbed

34
Summary

• The ability to detect eavesdropping ensures
  secure exchange of the key
• The use of one-time-pads ensures security
• Equipment can only be used over short distances
• Equipment is complex and expensive