Download presentation

Presentation is loading. Please wait.

Published byJordon Elkington Modified over 4 years ago

1
Quantum Cryptography Cryptography Quantum Key Distribution

2
Main Point Cryptography Quantum Key Distribution BB84 continuous Security Attack model Information

3
Introduction What is Cryptography? Cryptography is the art of rendering a message unintelligible to any unauthorized party dkssudgktpdy 안녕하세요 (Korean) It is part of the broader field of cryptology, which also includes cryptoanalysis, the art of code breaking

4
Introduction Why do we need cryptography? Suppose Mark want to send a secret message to his girl friend over an insecure channel! Insecure secure

5
Cryptography Key : What’s key? Encryption : combine a message with some additional information - known as the “key” – and produce a cryptogram. Decryption : combine a cryptogram with some additional information - known as the “key” – and produce a message.

6
Asymmetrical(public-key) cryptosystem Symmetrical(secret-key) cryptosystem Cryptography

7
Asymmetrical(public-key) cryptosystem ElGamal Cryptosystem Elliptic curve Cryptosystem The Merkle-Hellman Knapsack Cryptosystem RSA(Ronald Rivest, Adi Shamir,Leonard Adleman) etc..

8
Cryptography RSA(Ronald Rivest, Adi Shamir,Leonard Adleman) If Bob wants to be able to receive messages encrypted with a public key cryptosystem, he must first choose a "private" key, which he keeps secret. Then, he computes from this private key a "public" key, which he discloses to any interested party. Alice uses this public key to encrypt her message. She transmits the encrypted message to Bob, who decrypts it with the private key

9
Cryptography RSA(Ronald Rivest, Adi Shamir,Leonard Adleman) Big Prime number factorization is so difficult problem Public-key cryptosystems are convenient and they have thus become very popular over the last 20 years What is problem? Not proven security Shor’s algorithm

10
Cryptography Symmetrical(secret-key) cryptosystem Block type DES AES etc.. Stream type LFSR One-time pad etc..

11
Cryptography One-time pad first proposed by Gilbert Vernam in 1926 This cryptosystem is thus provably secure in the sense of information theory (Shannon 1949) Actually, this is today the only provably secure cryptosystem What is problem? Difficult to implementation

12
Cryptography 00101000.. 01000101.. 01101101.. One-time pad 01000101.. + = Secret channel Classical channel 01101101.. + = 00101000.. Difficult to implementation

13
sending a “secret key” by using the laws of physics to warrant the complete security of the transmission Discrete variable BB84 B92 Etc.. Continuous variable Squeezed state Gaussian distribution Quantum Key Distribution Quantum Physics Principle of Complementary Heisenberg Uncertainty Principle Correspondence Principle etc..

14
Quantum Key Distribution Cryptography Asymmetric RSA symmetric One-time pad Quantum Cryptography DescreteContinuous Quantum Mechanics Number theory, Algebra..

15
Quantum Key Distribution BB84 proposed by Charles H. Bennett and Gilles Brassard in 1984 Two state( |0>, |1>), but four bases(|0,V>, |1,H>, |0,L>, |1,R>) Bases with such a property are called conjugate => Unpredictable

16
Quantum Key Distribution BB84(Protocol) Alice sends random “bits” (0 or 1) encoded in two 2 different “basis” Bob randomly chooses either the “+” or the “×” basis and records the transmitted and reflected photons Bob announces openly his choice of basis (but not the result!) and Alice answers “ok” or “no”. Bits with different basis are discarded The remaining bits give the secret key

17
Quantum Key Distribution BB84(without Eve, no noise)

18
Quantum Key Distribution Attack model Intercept-resend model (opaque eavesdropping) Error rate Coherent or joint Optimal individual Collective

19
Quantum Key Distribution BB84(with Eve, no noise)

20
Quantum Key Distribution BB84(with Eve, no noise) Raw key extraction Over the public channel, Bob communicates to Alice which quantum alphabet he used for each of his measurements Alice and Bob then delete all bits for which they used incompatible quantum alphabets to produce their resulting raw keys Error estimation Over the public channel, Alice and Bob compare small portions of their raw keys to estimate the error-rate R, and then delete the disclosed bits from their raw keys to produce their tentative final keys

21
Quantum Key Distribution BB84(with Eve, no noise) If one guesses correctly, then Alice’s transmitted bit is received with probability 1. On the other hand, if one guesses incorrectly, then Alice’s transmitted bit is received correctly with probability 1/2. Thus in general, the probability of correctly receiving Alice’s transmitted bit is

22
Quantum Key Distribution BB84(with Eve, no noise) If there is no intrusion, then Alice’s and Bob’s raw keys will be in total agreement. However, if Eve has been at work, then corresponding bits of Alice’s and Bob’s raw keys will not agree with probability

23
Quantum Key Distribution BB84(with Eve, with noise) We must assume that Bob’s raw key is noisy Since Bob can not distinguish between errors caused by noise and by those caused by Eve’s intrusion, the only practical working assumption he can adopt is that all errors are caused by Eve’s eavesdropping Under this working assumption, Eve is always assumed to have some information about bits transmitted from Alice to Bob. Thus, raw key is always only partially secret

24
Quantum Key Distribution BB84(with Eve, with noise) Over the public channel, Alice and Bob compare small portions of their raw keys to estimate the error-rate R, and then delete the disclosed bits from their raw key to produce their tentative final keys. If R exceeds a certain threshold, then privacy amplification is not possible If so, Alice and Bob return to stage 1 to start over. On the other hand, if, then Alice and Bob proceed to Reconciliation

25
Quantum Key Distribution Reconciliation Key Alice and Bob publically agree upon a random permutation, and apply it to what remains of their respective raw keys Alice and Bob partition the remnant raw key into blocks of length L For each of these blocks, Alice and Bob publically compare overall parity checks, making sure each time to discard the last bit of each compared block

26
Quantum Key Distribution Privacy amplification Alice and Bob compute from the error-rate R an upper bound k of the number of bits of reconciled key known by Eve Alice and Bob publically select n−k−s random subsets of reconciled key, without revealing their contents. The undisclosed parities of these subsets become the final secret key

27
Quantum Key Distribution BB84(with noise) Noise? ReconciliationPrivacy amplification Resend R=0? No Yes Key! Yes Key!

28
Quantum Key Distribution Security by Information theory I. Csiszar, and J. Korner, IEEE Trans. Inf. Theory, 24, 330 (1978) Alice and Bob can establish a secret key (using error correction and privacy amplification) if and only if

29
Quantum Key Distribution Security by Information theory Shannon’s formula

30
Quantum Key Distribution Security by Information theory A Generic Security Proof for Quantum Key Distribution by M. Christandl et al, quant- ph/0402131 Shannon’s formula Von Neumann’s formula (Quantum information) Key Rate R

31
Quantum Key Distribution Where is quantum? Measurement every measurement perturbs a system No-cloning theorem It is impossible to copy an arbitrary quantum state chosen among a set of non-orthogonal states No perturbation No measurement No eavesdropping

32
Quantum Key Distribution Experiment “Experimental Quantum Cryptography” (C.Bennett et al, J.Cryptology 5, 3-28, 1992) etc.. What is problem? Photon Generation Reliable?

33
Quantum Key Distribution Essential feature : quantum channel with non-commuting quantum observables not restricted to single photon polarization! New QKD protocol where : The non-commuting observables are the quadrature operators X and P i.e. continuous variable

34
Quantum Key Distribution Quantum cryptography with Squeezed states(Mark Hillery, PRA, 61, 022309) Quantum distribution of Gaussian keys using squeezed states(N.J.Cerf et al, PRA, 63, 052311) The non-commuting observables are the quadrature operators X and P

35
Quantum Key Distribution Using Squeezed state The non-commuting observables are the quadrature operators X and P Reconciliation(sliced) Privacy Amplification P X

36
Quantum Key Distribution Continuous Variable Quantum Cryptography Using Coherent States(F. Grosshans et al, PRL 88, 057902(2002)) The non-commuting observables are the quadrature operators X and P The transmitted light contains weak coherent pulses(about 100 photons) with a gaussian modulation of amplitude and phase The detection is made using shot-noise limited homodyne detection

37
Quantum Key Distribution Using Coherent state The non-commuting observables are the quadrature operators X and P Reconciliation(sliced) Privacy Amplification P X

38
Quantum Key Distribution Attack model(Continuous variable) Intercept-resend model (opaque eavesdropping) Error rate Coherent Individual Optimal Collective

39
Quantum Key Distribution Security by Information theory Shannon, von Neumann

40
Quantum Key Distribution Security by Information theory Gaussian distribution

41
Quantum Key Distribution Security by Information theory Gaussian state Information

42
Conclusion One-time pad(QKD) Where is quantum? Measurement(Discrete, Continuous) every measurement perturbs a system No-cloning theorem(Discrete, Continuous) It is impossible to copy an arbitrary quantum state chosen among a set of non-orthogonal states Quantum Information theory for Security

43
Acknowledgement Many Thanks..(M.S. Kim, Jingak Jang, Wonmin Son..) Also Many Thanks for all who attend our seminar

44
Reference Quantum cryptography, N.Gisin et al, quant-ph/0101098

Similar presentations

OK

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google