Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantum Cryptography Cryptography Quantum Key Distribution.

Published byJordon Elkington Modified over 9 years ago

Similar presentations

Presentation on theme: "Quantum Cryptography Cryptography Quantum Key Distribution."— Presentation transcript:

1 Quantum Cryptography Cryptography Quantum Key Distribution

2 Main Point Cryptography Quantum Key Distribution  BB84  continuous Security  Attack model  Information

3 Introduction What is Cryptography? Cryptography is the art of rendering a message unintelligible to any unauthorized party  dkssudgktpdy  안녕하세요 (Korean) It is part of the broader field of cryptology, which also includes cryptoanalysis, the art of code breaking

4 Introduction Why do we need cryptography? Suppose Mark want to send a secret message to his girl friend over an insecure channel! Insecure secure

5 Cryptography Key : What’s key? Encryption : combine a message with some additional information - known as the “key” – and produce a cryptogram. Decryption : combine a cryptogram with some additional information - known as the “key” – and produce a message.

6 Asymmetrical(public-key) cryptosystem Symmetrical(secret-key) cryptosystem Cryptography

7 Asymmetrical(public-key) cryptosystem  ElGamal Cryptosystem  Elliptic curve Cryptosystem  The Merkle-Hellman Knapsack Cryptosystem  RSA(Ronald Rivest, Adi Shamir,Leonard Adleman)  etc..

8 Cryptography RSA(Ronald Rivest, Adi Shamir,Leonard Adleman)  If Bob wants to be able to receive messages encrypted with a public key cryptosystem, he must first choose a "private" key, which he keeps secret. Then, he computes from this private key a "public" key, which he discloses to any interested party. Alice uses this public key to encrypt her message. She transmits the encrypted message to Bob, who decrypts it with the private key

9 Cryptography RSA(Ronald Rivest, Adi Shamir,Leonard Adleman)  Big Prime number factorization is so difficult problem  Public-key cryptosystems are convenient and they have thus become very popular over the last 20 years What is problem?  Not proven security  Shor’s algorithm

10 Cryptography Symmetrical(secret-key) cryptosystem  Block type DES AES etc..  Stream type LFSR One-time pad etc..

11 Cryptography One-time pad  first proposed by Gilbert Vernam in 1926  This cryptosystem is thus provably secure in the sense of information theory (Shannon 1949) Actually, this is today the only provably secure cryptosystem What is problem?  Difficult to implementation

12 Cryptography 00101000.. 01000101.. 01101101.. One-time pad 01000101.. + = Secret channel Classical channel 01101101.. + = 00101000.. Difficult to implementation

13 sending a “secret key” by using the laws of physics to warrant the complete security of the transmission  Discrete variable BB84 B92 Etc..  Continuous variable Squeezed state Gaussian distribution Quantum Key Distribution Quantum Physics Principle of Complementary Heisenberg Uncertainty Principle Correspondence Principle etc..

14 Quantum Key Distribution Cryptography Asymmetric RSA symmetric One-time pad Quantum Cryptography DescreteContinuous Quantum Mechanics Number theory, Algebra..

15 Quantum Key Distribution BB84  proposed by Charles H. Bennett and Gilles Brassard in 1984  Two state( |0>, |1>), but four bases(|0,V>, |1,H>, |0,L>, |1,R>)  Bases with such a property are called conjugate => Unpredictable

16 Quantum Key Distribution BB84(Protocol)  Alice sends random “bits” (0 or 1) encoded in two 2 different “basis”  Bob randomly chooses either the “+” or the “×” basis and records the transmitted and reflected photons  Bob announces openly his choice of basis (but not the result!) and Alice answers “ok” or “no”. Bits with different basis are discarded  The remaining bits give the secret key

17 Quantum Key Distribution BB84(without Eve, no noise)

18 Quantum Key Distribution Attack model  Intercept-resend model (opaque eavesdropping) Error rate  Coherent or joint  Optimal individual  Collective

19 Quantum Key Distribution BB84(with Eve, no noise)

20 Quantum Key Distribution BB84(with Eve, no noise)  Raw key extraction Over the public channel, Bob communicates to Alice which quantum alphabet he used for each of his measurements Alice and Bob then delete all bits for which they used incompatible quantum alphabets to produce their resulting raw keys  Error estimation Over the public channel, Alice and Bob compare small portions of their raw keys to estimate the error-rate R, and then delete the disclosed bits from their raw keys to produce their tentative final keys

21 Quantum Key Distribution BB84(with Eve, no noise) If one guesses correctly, then Alice’s transmitted bit is received with probability 1. On the other hand, if one guesses incorrectly, then Alice’s transmitted bit is received correctly with probability 1/2. Thus in general, the probability of correctly receiving Alice’s transmitted bit is

22 Quantum Key Distribution BB84(with Eve, no noise) If there is no intrusion, then Alice’s and Bob’s raw keys will be in total agreement. However, if Eve has been at work, then corresponding bits of Alice’s and Bob’s raw keys will not agree with probability

23 Quantum Key Distribution BB84(with Eve, with noise) We must assume that Bob’s raw key is noisy  Since Bob can not distinguish between errors caused by noise and by those caused by Eve’s intrusion, the only practical working assumption he can adopt is that all errors are caused by Eve’s eavesdropping  Under this working assumption, Eve is always assumed to have some information about bits transmitted from Alice to Bob. Thus, raw key is always only partially secret

24 Quantum Key Distribution BB84(with Eve, with noise) Over the public channel, Alice and Bob compare small portions of their raw keys to estimate the error-rate R, and then delete the disclosed bits from their raw key to produce their tentative final keys. If R exceeds a certain threshold, then privacy amplification is not possible If so, Alice and Bob return to stage 1 to start over. On the other hand, if, then Alice and Bob proceed to Reconciliation

25 Quantum Key Distribution Reconciliation Key  Alice and Bob publically agree upon a random permutation, and apply it to what remains of their respective raw keys  Alice and Bob partition the remnant raw key into blocks of length L  For each of these blocks, Alice and Bob publically compare overall parity checks, making sure each time to discard the last bit of each compared block

26 Quantum Key Distribution Privacy amplification  Alice and Bob compute from the error-rate R an upper bound k of the number of bits of reconciled key known by Eve  Alice and Bob publically select n−k−s random subsets of reconciled key, without revealing their contents. The undisclosed parities of these subsets become the final secret key

27 Quantum Key Distribution BB84(with noise) Noise? ReconciliationPrivacy amplification Resend R=0? No Yes Key! Yes Key!

28 Quantum Key Distribution Security by Information theory  I. Csiszar, and J. Korner, IEEE Trans. Inf. Theory, 24, 330 (1978)  Alice and Bob can establish a secret key (using error correction and privacy amplification) if and only if

29 Quantum Key Distribution Security by Information theory  Shannon’s formula

30 Quantum Key Distribution Security by Information theory  A Generic Security Proof for Quantum Key Distribution by M. Christandl et al, quant- ph/0402131  Shannon’s formula  Von Neumann’s formula (Quantum information)  Key Rate R

31 Quantum Key Distribution Where is quantum?  Measurement every measurement perturbs a system  No-cloning theorem It is impossible to copy an arbitrary quantum state chosen among a set of non-orthogonal states No perturbation No measurement No eavesdropping

32 Quantum Key Distribution Experiment  “Experimental Quantum Cryptography” (C.Bennett et al, J.Cryptology 5, 3-28, 1992)  etc.. What is problem?  Photon Generation  Reliable?

33 Quantum Key Distribution Essential feature : quantum channel with non-commuting quantum observables  not restricted to single photon polarization! New QKD protocol where :  The non-commuting observables are the quadrature operators X and P  i.e. continuous variable

34 Quantum Key Distribution Quantum cryptography with Squeezed states(Mark Hillery, PRA, 61, 022309) Quantum distribution of Gaussian keys using squeezed states(N.J.Cerf et al, PRA, 63, 052311)  The non-commuting observables are the quadrature operators X and P

35 Quantum Key Distribution Using Squeezed state The non-commuting observables are the quadrature operators X and P Reconciliation(sliced) Privacy Amplification P X

36 Quantum Key Distribution Continuous Variable Quantum Cryptography Using Coherent States(F. Grosshans et al, PRL 88, 057902(2002))  The non-commuting observables are the quadrature operators X and P  The transmitted light contains weak coherent pulses(about 100 photons) with a gaussian modulation of amplitude and phase  The detection is made using shot-noise limited homodyne detection

37 Quantum Key Distribution Using Coherent state The non-commuting observables are the quadrature operators X and P Reconciliation(sliced) Privacy Amplification P X

38 Quantum Key Distribution Attack model(Continuous variable)  Intercept-resend model (opaque eavesdropping) Error rate  Coherent  Individual Optimal  Collective

39 Quantum Key Distribution Security by Information theory  Shannon, von Neumann

40 Quantum Key Distribution Security by Information theory  Gaussian distribution

41 Quantum Key Distribution Security by Information theory  Gaussian state  Information

42 Conclusion One-time pad(QKD) Where is quantum?  Measurement(Discrete, Continuous) every measurement perturbs a system  No-cloning theorem(Discrete, Continuous) It is impossible to copy an arbitrary quantum state chosen among a set of non-orthogonal states  Quantum Information theory for Security

43 Acknowledgement Many Thanks..(M.S. Kim, Jingak Jang, Wonmin Son..) Also Many Thanks for all who attend our seminar

44 Reference Quantum cryptography, N.Gisin et al, quant-ph/0101098

Download ppt "Quantum Cryptography Cryptography Quantum Key Distribution."

Similar presentations

Quantum Cryptography http://www.dcs.warwick.ac.uk/~esvbb Nick Papanikolaou Third Year CSE Student npapanikolaou@iee.org http://www.dcs.warwick.ac.uk/~esvbb.

Quantum Cryptography Nick Papanikolaou Third Year CSE Student
Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou

Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou
Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc 8230. Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.

QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.
Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.

Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK

Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.

QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.
Quantum Key Distribution Yet another method of generating a key.

Quantum Key Distribution Yet another method of generating a key.
Quantum Cryptography Marshall Roth March 9, 2007.

Quantum Cryptography Marshall Roth March 9, 2007.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.

Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

Similar presentations

Ads by Google