Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Presentation on theme: "Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe."— Presentation transcript:

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe

Outline Classical Cryptography Private vs. Public Key Cryptosystem Classical Key Distribution Quantum Code-breaking Quantum Key Distribution

References P. Shor, “Algorithms for Quantum Computation: Discrete Logarithms and Factoring ”, Proceedings, 35th Annual Symposium on Foundations of Computer Science pp. 124-134. November 1994. Nielsen and Chuang, “Quantum Computation and Quantum Information” William Stallings, “Cryptography and Network Security: Principles and Practice”

Classical Cryptography Private Key Cryptosystem (Symmetric) - Secret key (same for encrypt/decrypt) - Encrypt/Decrypt algo may or may not be known - Examples: DES, AES, IDEA Public Key Cryptosystem (Asymmetric) - proposed by Diffie, Helman [1976] - Encrypt/Decrypt Algo and Public key known - Examples: RSA, RC5

Private vs. Public Key Algorithms Public Key - Main disadvantage is that it is expensive in terms of computational power Private Key - Faster and cheaper then Public Key - main disadvantage is that somehow we need to distribute the unique private key Remember: Security depends on unproven mathematical assumptions -difficulty in factoring,finding discrete log etc.

Classical Key Distribution Use public key algorithm to distribute the private key Example: Algorithms proposed by Diffie/Helman or Rivest et.al. (RSA) can be used to distribute the private key. How ?

Classical Key Distribution (Diffie/Helman) Alice and Bob choose Y and modulus p Alice’s function : Y A (mod p) Bob’s function : Y B (mod p) Private key is : Y AB = Y BA (mod p) Eve cannot compute Y AB from p, Y, Y A, Y B One-way function: f(A)=Y A (mod p) –easy to compute. f –1 (Y A ) is called the “discrete logarithm” and is hard to compute

Shor’s Discrete Log Algorithm Using Quantum Computation Given prime number p, generator g of the multiplicative group (mod p) and x, we need to find r such that g r = x (mod p) Choose a and b and create a superposition Apply Fourier Transform to the above state to send a => c and b => d p-2 p-2 S = 1/(p-1) Σ Σ |a,b,g a x -b (mod p)> a=0 b=0

Shor’s Discrete Log Algorithm Using Quantum Computation Probability of observing a state |c,d,y> with y = g k (mod p) is given by Recover r from a pair c,d such that | 1/{(p-1)q} Σ exp {(ac+bd)2пi/q) | 2 a,b,a-rb=k (mod p) -1/2q <= d/q + (r/q)(c – {c(p-1)} q /(p-1)) <= 1/2q (mod1)

Classical Key Distribution (RSA) Choose two prime numbers p and q (secret) Calculate n = p*q (available to public) Calculate  (n) = (p-1)(q-1) Select e such that 1 < e <  (n) and gcd(  (n),e) = 1 (e is made public too) Calculate d such that d*e = 1 mod  (n) Public key KU = {e,n} Private key KR = {d,n}

Shor’s Factoring Algorithm Using Quantum Computing Choose a smooth q such that 2n 2 <= q <= 4n 2 Choose x at random such that gcd(x,n)=1 Calculate the discrete Fourier transform of a table of x a mod n, order log(q) times

Shor’s Factoring Algorithm Using Quantum Computing Use a continued fraction technique to guess r Two factors of n are then gcd(x r/2 - 1,n) and gcd(x r/2 + 1,n) If the factors are 1 and n, try again.

Quantum Key Distribution (QKD) Protocol to create private key bits between two pairs over a public channel Provably secure (conditioned only on fundamental laws of physics being correct) Information gain implies disturbance - Eve cannot gain any information from the qubits transmitted from A to B without disturbing their state

BB84 QKD Protocol Alice creates two strings a and b of lengths (4+δ)n each Basis X = {|0>, |1>}, Z = {|+>, |->} a i is encoded in basis X/Z if bit b i is 0/1 |ψ> = Bob receives |ψ> from Alice Alice and Bob discard those bits where Bob and Alice’s measurements differed -if less then 2n bits left then abort the protocol | ψ akbk > k goes from 1 to (4+ δ)n

BB84 QKD Protocol Alice selects selects a subset of n bits (as the check bits) and conveys to Bob Alice and Bob compare these n check bits. -If more then an acceptable number of bits disagree, protocol is aborted Alice and Bob perform information reconciliation and privacy amplification on remaining n bits to obtain m private key bits

Conclusions Classical key distribution by using Public Key algorithms can be broken by Quantum Computing Algorithms Quantum Key Distribution is provably secure ! (at least if fundamental laws of physics continue to hold) Promising future for Quantum Cryptography !!