cryptography lecture 10 - quantum key distributionkey distribution is a problem in cryptography...
TRANSCRIPT
![Page 1: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/1.jpg)
Cryptography Lecture 10Quantum key distribution
![Page 2: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/2.jpg)
Key distribution is a problem in cryptography
Public key transfer rests on the (unproven) hardness of certainmathematical problems such as factoring
PublicKey
SecretKey
Alice Bob
Eve
Encrypt Decrypt
![Page 3: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/3.jpg)
Key distribution is a problem in cryptography
Another solution: Transfer the key secretly, and use symmetrickey cryptography
Key Key
Alice Bob
Eve
Encrypt Decrypt
![Page 4: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/4.jpg)
Quantum key distribution
Task: to transfer (share) secret keyIdea: Content on a quantum channel changes when Eve listens(The classical channel in the scheme is not encrypted)
Alice Bob
Eve
![Page 5: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/5.jpg)
ISY’s quantum key distribution system
Alice Source
Bob
Quantum channel
![Page 6: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/6.jpg)
Polarized light
Iafter = Ibefore
Iafter = 0
Iafter = 12 Ibefore
Iafter = 12 Ibefore
![Page 7: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/7.jpg)
Polarized photons
Ppass = 1
Ppass = 0
?
![Page 8: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/8.jpg)
Polarized photons
Ppass = 1
Ppass = 0
?
![Page 9: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/9.jpg)
Polarized photons
Ppass = 1
Ppass = 0
{ Ppass = 12
Ppass = 12
![Page 10: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/10.jpg)
Polarized photons
X = 1
X = 0
{ X = 1
X = 0
![Page 11: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/11.jpg)
Polarized photons
X = 1
X = 0
![Page 12: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/12.jpg)
Analysis station
Horizontalpolarization
Verticalpolarization
Half-waveplate
Polarizingbeamsplitter
![Page 13: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/13.jpg)
Measurement destroys earlier state
{ X = 1
Note!
X = 0
![Page 14: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/14.jpg)
Heisenberg’s uncertainty relation
∆x∆p ≥ ~2
In our case, X is a bit value, and
∆x×∆x◦ ≥1
2
∣∣∣〈x+〉 − 1
2
∣∣∣The standard deviations on the right can only be 0 if theexpectation on the left is 1/2
![Page 15: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/15.jpg)
Quantum channel (BB84)
AliceBob
X = 1
X = 0
![Page 16: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/16.jpg)
Source
Comp-crystals
Half-waveplates
Mirror
Nonlinearcrystal
Laser
![Page 17: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/17.jpg)
Encoding on the quantum channel
Coding HV (Horizontal-Vertical), +, encoding 0
Data 0 Data 1
Coding PM (Plus-Minus 45°), ×, encoding 1
Data 0 Data 1
![Page 18: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/18.jpg)
Analysis station
Horizontalpolarization
Verticalpolarization
Half-waveplate
Polarizingbeamsplitter
![Page 19: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/19.jpg)
Example
Alice
1 Enc 0
Bob
1
Enc 0
![Page 20: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/20.jpg)
Example
Alice
1 Enc 1
Bob
0 or 1with equalprobability
Enc 1
![Page 21: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/21.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
![Page 22: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/22.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
011010010010111010110100100111
![Page 23: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/23.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
011010010010111010110100100111
![Page 24: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/24.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
![Page 25: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/25.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
101011000011100111100100101111
“Raw key”
![Page 26: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/26.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
101011000011100111100100101111
After quantum bits have arrived, perform sifting:compare encodings used, and remove nonmatching slots
“Raw key”
![Page 27: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/27.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
0/11/0/1/00/1/00/1/01/11/01/01101/0/0/100/11/1
0/01/1/0/10/0/10/0/11/01/11/11101/1/1/000/01/0
101011000011100111100100101111
After quantum bits have arrived, perform sifting:compare encodings used, and remove nonmatching slots
“Raw key”
![Page 28: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/28.jpg)
Data streams
Alice’s data 101101001011110011100101001110
Alice’s enc
Bob’s enc
Bob’s data
0/11/0/1/00/1/00/1/01/11/01/01101/0/0/100/11/1
0/01/1/0/10/0/10/0/11/01/11/11101/1/1/000/01/0
101011000011100111100100101111
“Sifted key”
![Page 29: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/29.jpg)
Example
Alice
1 Enc 0
Bob
1
Enc 0
Eve
1
Enc 0
![Page 30: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/30.jpg)
Example
Alice
1 Enc 0
Bob
0 or 1with equalprobability
Enc 0
Eve
0 or 1with equalprobability
Enc 1
![Page 31: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/31.jpg)
Measurement destroys earlier state
{ X = 1
Note!
X = 0
![Page 32: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/32.jpg)
Heisenberg’s uncertainty relation
∆x∆p ≥ ~2
In our case, X is a bit value, and
∆x×∆x◦ ≥1
2
∣∣∣〈x+〉 − 1
2
∣∣∣The standard deviations on the right can only be 0 if theexpectation on the left is 1/2
![Page 33: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/33.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
Eve must guess the encoding
![Page 34: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/34.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
111010100100111101011101011011
Eve must guess the encoding
![Page 35: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/35.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
111010100100111101011101011011
001101101111110100101100010110
![Page 36: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/36.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
111010100100111101011101011011
001101101111110100101100010110
This changes the polarization of some photons
![Page 37: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/37.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
011010010010111010110100100111
001101001001101111110111000010
111010100100111101011101011011
001101101111110100101100010110
011110101010110110000110010111
This changes the polarization of some photons
![Page 38: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/38.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
0/11/0/1/00/1/00/1/01/11/01/01101/0/0/100/11/1
0/01/1/0/10/0/10/0/11/01/11/11101/1/1/000/01/0
111010100100111101011101011011
001101101111110100101100010110
011110101010110110000110010111
Alice and Bob sifts (and tells Eve the encoding used)
![Page 39: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/39.jpg)
Data streams, with eavesdropper
Alice’s data 101101001011110011100101001110
Alice’s enc
Eve’s enc
Eve’s data
Bob’s enc
Bob’s data
0/11/0/1/00/1/00/1/01/11/01/01101/0/0/100/11/1
0/01/1/0/10/0/10/0/11/01/11/11101/1/1/000/01/0
111010100100111101011101011011
001101101111110100101100010110
011110101010110110000110010111
If Eve’s encoding is wrong, Bob receives noise
![Page 40: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/40.jpg)
Attack possibilities for Eve
• Intercept-resend (Heisenberg)• Entangling probe (Monogamy of entanglement)• Cloning (No-cloning theorem)• Coherent attacks (more advanced versions of the above)• Side channel attacks
• Photon-numbersplitting
• Trojan horse• Weaknesses of
the equipment
![Page 41: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/41.jpg)
Quantum Key Distribution, version 1
• Generate raw key• Sift the key• Check the noise level
Problem 1
• A real-life quantum channel has noise even without Eve
![Page 42: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/42.jpg)
Quantum Key Distribution, version 2
• Generate raw key• Sift the key• Reduce and check the noise level
Reconciliation (Error correction)
• Bob takes two random bit values (e.g., nr 137 and 501)• He calculates their XOR and sends the bit indices and the
XOR value to Alice• Alice compares with her XOR value• If the XOR values are the same, keep the first bit value,
otherwise none of them
![Page 43: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/43.jpg)
Quantum Key Distribution, version 2
• Generate raw key• Sift the key• Reduce and check the noise level
Problem 2
• A real-life quantum channel has noise even without Eve• Eve might have better technology than Alice and Bob (less
noisy quantum channel)• In that case, she can change to her quantum channel and
also eavesdrop, up to the former noise level
![Page 44: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/44.jpg)
Quantum Key Distribution, version 3
• Generate raw key• Sift the key• Reduce and check the noise level• Reduce Eve’s information on the new key
Privacy amplification
• Bob takes two random bit indices (e.g., nr 43 and 212)• He sends the bit indices to Alice (but not the XOR value)• Alice and Bob individually computes the XOR value• They remove their bit values and insert the XOR value
(without having sent them on the classical channel)
![Page 45: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/45.jpg)
Quantum Key Distribution, version 3
• Generate raw key• Sift the key• Reduce and check the noise level• Reduce Eve’s information on the new key
Noise limit
• BB84 can manage a QBER of 11%
![Page 46: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/46.jpg)
Quantum Key Distribution, version 3
• Generate raw key• Sift the key• Reduce and check the noise level• Reduce Eve’s information on the new key
Problem 3
• Messages on real-life classical channels can be modified
![Page 47: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/47.jpg)
Man-in-the-middle
Eve can pretend to be Bob when she speaks to Alice and pretendto be Alice when she speaks to Bob
Alice Bob
Eve
![Page 48: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/48.jpg)
Man-in-the-middle
Eve can pretend to be Bob when she speaks to Alice and pretendto be Alice when she speaks to Bob
Alice BobEveB EveA
![Page 49: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/49.jpg)
Quantum Key Distribution, final version
• Generate raw key• Sift the key• Reduce and check the noise level• Reduce Eve’s information on the new key• Authenticate the messages on the classical channel
![Page 50: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/50.jpg)
Quantum Key Distribution, final version
On the quantum channel
On the classical channel
• Generate raw key• Sift the key• Reduce and check the noise level• Reduce Eve’s information on the new key• Authenticate the messages on the classical channel
![Page 51: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/51.jpg)
Quantum Key Distribution, final version
On the quantum channel
On the classical channel
Eve’s presence is noticed in this step
Or in this step
• Generate raw key• Sift the key• Reduce and check the noise level• Reduce Eve’s information on the new key• Authenticate the messages on the classical channel
![Page 52: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/52.jpg)
Wegman-Carter-authentication
If you try to generate an authentication tag for a message withoutknowing the secret key, all tag values have equal probability
This is (almost) true even after having seen a message-tag pair
One-time-padIf you try to decrypt a cryptotext without knowing the secret key,all cleartexts have equal probability
![Page 53: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/53.jpg)
Wegman-Carter-authentication
Uses a secret key value k to select a function from an “ε-AlmostStrongly Universal-2 hash function family” {hk}
The key value k is unknown to Eve, and then, the family is suchthat
P(hk(mE) = tE
)= 2−T
Seeing a message-tag pair reveals some of the key to Eve, buteven then
P(hk(mE) = tE
∣∣∣hk(mA) = tA
)≤ ε
often= 2 · 2−T
One-time-padP(Dk(cA) = mA
)= 2−M
![Page 54: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/54.jpg)
Wegman-Carter-authentication
Uses a secret key value k to select a function from an “ε-AlmostStrongly Universal-2 hash function family” {hk}
The key value k is unknown to Eve, and then, the family is suchthat
P(hk(mE) = tE
)= 2−T
Seeing a message-tag pair reveals some of the key to Eve, buteven then
P(hk(mE) = tE
∣∣∣hk(mA) = tA
)≤ ε often
= 2 · 2−T
One-time-padP(Dk(cA) = mA
)= 2−M
![Page 55: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/55.jpg)
A 2−T -Almost Strongly Universal-2 hash function family
Messages are integers mod 2M and tags are integers mod2T � 2M
Select a (public) prime p > 2M and a secret key k = (a, b) wherea and b are integers mod p, and let
hk(m) = (am + b mod p) mod 2T
One-time-pad
Ek(m) = m + k mod 2M , Dk(c) = c − k mod 2M
![Page 56: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/56.jpg)
A 2−T -Almost Strongly Universal-2 hash function family
Messages are integers mod 2M and tags are integers mod2T � 2M
Select a (public) prime p > 2M and a secret key k = (a, b) wherea and b are integers mod p, and let
hk(m) = (am + b mod p) mod 2T
Two uses of hk reveals the values of a and b
Key consumption is twice the message length M (!)
By increasing ε to 2 · 2−T and using a clever constructionWegman and Carter reduced this to logM
![Page 57: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/57.jpg)
Quantum Key Distribution = Quantum Key Expansion
• Raw key generation• Sifting• Reconciliation• Privacy amplification• Authentication
Key consumption of the system• Information-theoretically secure auth uses secret key• The system needs secret key to start• Key consumption is logarithmic in message length• Key production is linear in message length
![Page 58: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/58.jpg)
Attack possibilities for Eve
• Intercept-resend (Heisenberg)• Entangling probe (Monogamy of entanglement)• Cloning (No-cloning theorem)• Coherent attacks (more advanced versions of the above)• Side channel attacks
• Photon-numbersplitting
• Trojan horse• Weaknesses of
the equipment
![Page 59: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/59.jpg)
Commercial products
![Page 60: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/60.jpg)
Network in Vienna (2008)
![Page 61: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/61.jpg)
A long-range system has been tested on the Canary islands
![Page 62: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/62.jpg)
There are also plans of a repeater on ISS
![Page 63: Cryptography Lecture 10 - Quantum key distributionKey distribution is a problem in cryptography Public key transfer rests on the (unproven) hardness of certain mathematical problems](https://reader034.vdocuments.mx/reader034/viewer/2022042214/5eba4d26d7a800336d44dc28/html5/thumbnails/63.jpg)
ISY’s quantum key distribution system
Alice Source
Bob
Quantum channel