Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) www.icfo.es Quantum Cryptography (III)

Published byChester West Modified over 8 years ago

Similar presentations

Presentation on theme: "Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) www.icfo.es Quantum Cryptography (III)"— Presentation transcript:

1 Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) www.icfo.es Quantum Cryptography (III)

2 Device-Independent QKD Quantum cryptography is the only provable secure way of transmitting information through an authenticated public channel. Its security is based on Quantum Mechanics. Is the validity of Quantum Mechanics the only assumption required for secure QKD? NO! The honest parties should have some knowledge about their devices.

3 Device-Independent QKD Example: BB84 Alice Bob x y a b If x=y → perfect correlations If x≠y → no correlations The state is separable. No secure QKD! The observed data are the same as those for perfect BB84 with qubits.

4 Device-Independent QKD Standard QKD protocols based their security on: 1.Quantum Mechanics: any eavesdropper, however powerful, must obey the laws of quantum physics. 2.No information leakage: no unwanted classical information must leak out of Alice's and Bob's laboratories. 3.Alice and Bob have an authenticated public channel. 4.Knowledge of the devices: Alice and Bob have an (almost) perfect control of the devices.

5 On assumptions A QKD protocol should be based on testable assumptions. Alice and Bob local spaces have dimension equal to two. Is this a testable assumption? What is an assumption? Any hypothesis that (i) is not needed in the perfect scenario where the honest parties share a secret key but (ii) is essential for the distribution of the secret key. Is no information leakage a real assumption?

6 Device-Independent QKD Is there a protocol for secure QKD based on without requiring any assumption on the devices? Alice Bob x y a b The devices are now seen as quantum black boxes. Alice and Bob estimate the observed probability distribution and bound Eve’s information. over all states such that

7 Bell’s inequalities violation Bell’s inequality violation is a necessary condition for security If the correlations are local: A perfect copy of the local instructions can go to Eve. Whenever some correlations do not violate any Bell’s inequality, they can be reproduced by measuring a separable state. Bell’s inequalities are the only entanglement witnesses which are independent of the Hilbert space dimension. Any protocol should be built from non-local correlations. Barrett, Hardy & Kent

8 CHSH Protocol x y a b The settings x=0,1 and y=0,1 are used to compute the violation of the CHSH inequality. The setting x=2 and y=1 are used in for the secret key. The settings are depicted in a qubit-like picture for the sake of simplicity. They can be any measurements compatible with the observed statistics.

9 CHSH Protocol The protocol is secure in the case of zero noise, i.e. when Alice and Bob observe the maximal violation of the CHSH inequality. Cirelson: The maximal quantum violation of the CHSH inequality is This violation can already be achieved by measuring a two-qubit maximally entangled state. Any other quantum realization of this violation is basically equivalent to a maximally entangled state of two qubits. Eve cannot be correlated at all at the point of maximal violation → Security

10 Device-Independent QKD We have developed a device- independent QKD scheme and prove its security under the assumption of N copies of the same probability distribution. The obtained key rates are clearly comparable to those obtained for standard schemes. Less assumptions Stronger security! General security proof? De Finetti theorem for this situation, with uncharacterized devices?

11 Given, does it have a quantum origin? The boundary of quantum correlations Classical Correlations QM Classical correlations (CS): Quantum correlations (QS): Bell’s Theorem The set of classical correlations, for finite alphabets of inputs and outputs defines a convex set with a finite number of extreme points. The quantum set is also convex but does not have a finite number of extreme points. What’s the quantum boundary?

12 Practical implementations

13 Quantum communication protocols Single-photon source Single-photon detector Quantum channel

14 Practical implementations  Single photon source  Weak laser pulse  |  with |  |<<1.  Quantum channel  Fiber optic.  Single photon detectors  Avalanche photodiodes. Real devices imperfections open security loopholes!

15 Time-bin qubit  qubit :  any qubit state can be created and measured in any basis variable coupler variable coupler 1 0   h AliceBob D 0 D 1 switch 1 0

16 Plug & Play Perfect interference (V  99%) without any adjustments, since: both pulses travel the same path in inverse order both pulses have exactly the same polarisation thanks to FM Drawback: Trojan horse attacks Alice Bob

17 Photon number splitting attack Alice Bob Weak coherent pulse: The pulse contains n photons with probability If the channel has sufficiently large losses, Eve can use the presence of multi-photon pulses and break the protocol, without introducing any error.

18 Photon number splitting attacks Alice Bob Eve 1 photon, Pr(n=1) Eve blocks the single-photon pulses Lossy quantum channel (L) 2 photon, Pr(n=2). The imperfect source produces a clone! Eve keeps one of the photons and forwards the other to Bob through a perfect line. Eve keeps her photon until the basis reconciliation → she can read the information. Bob receives the qubit unperturbed. If Eve can reproduce the losses in the channel via the two-photon pulses, BB84 remains insecure! This defines a critical value of the losses, or distance, for the implementation.

19 Possible solution: SARG Alice Bob 0 0 1 1 0 0 1 1 Change the encoding 1 0 0 1 Consider the case where Alice has sent +z. The reconciliation works as follows: 1.Alice announces the sent state plus one of the neighbours, say +x. 2.If Bob measures z, he gets the result +z, so he cannot identify the state. In this case, the parties reject the symbol. 3.If Bob measures x, he may get the result –x, so he knows that the sent state was +z. The symbol is accepted. Otherwise it is rejected. If Eve keeps one photon, she is not able to read the information perfectly even after the reconciliation part of the protocol.

20 Decoy state QKD Alice Bob Alice uses sources of different amplitudes for the encoding. Hwang If Eve applies the PNS attack, Alice and Bob will see a difference between the sources → they detect the attacks and abort the protocol. Thus, using the different amplitudes, Alice and Bob can estimate the amount of multi-photon pulses Eve is attacking and the information she is getting. Decoy-state QKD can be as robust as implementations using ideal single-photon sources.

21 Conclusions Basic idea Protocols Security proofs Exact relation with entanglement? Practical protocols Security proofs? More general scenarios New privacy amplification theory Very inter-disciplinary line of research

22 Thanks for your attention!

Download ppt "Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) www.icfo.es Quantum Cryptography (III)"

Similar presentations

Quantum Cryptography Post Tenebras Lux!

Quantum Cryptography Post Tenebras Lux!
QCRYPT 2011, Zurich, September 2011 Lluis Masanes 1, Stefano Pironio 2 and Antonio Acín 1,3 1 ICFO-Institut de Ciencies Fotoniques, Barcelona 2 Université.

QCRYPT 2011, Zurich, September 2011 Lluis Masanes 1, Stefano Pironio 2 and Antonio Acín 1,3 1 ICFO-Institut de Ciencies Fotoniques, Barcelona 2 Université.
Quantum Computing MAS 725 Hartmut Klauck NTU 5.3.2012.

Quantum Computing MAS 725 Hartmut Klauck NTU
I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.

I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.
Implementation of Practically Secure Quantum Bit Commitment Protocol Ariel Danan School of Physics Tel Aviv University September 2008.

Implementation of Practically Secure Quantum Bit Commitment Protocol Ariel Danan School of Physics Tel Aviv University September 2008.
Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,

Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 quantum teleportation David Riethmiller 28 May 2007.

1 quantum teleportation David Riethmiller 28 May 2007.
Ilja Gerhardt QUANTUM OPTICS CQT GROUP Ilja Gerhardt, Matthew P. Peloso, Caleb Ho, Antía Lamas-Linares and Christian Kurtsiefer Entanglement-based Free.

Ilja Gerhardt QUANTUM OPTICS CQT GROUP Ilja Gerhardt, Matthew P. Peloso, Caleb Ho, Antía Lamas-Linares and Christian Kurtsiefer Entanglement-based Free.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.

Quantum Cryptography Ranveer Raaj Joyseeree & Andreas Fognini Alice Bob Eve.
Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK

Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Quantum Key Distribution Yet another method of generating a key.

Quantum Key Distribution Yet another method of generating a key.
Quantum information: the new frontier Karl Svozil TU Wien/Theoretical Physics

Quantum information: the new frontier Karl Svozil TU Wien/Theoretical Physics
Interactive Proofs For Quantum Computations Dorit Aharonov, Michael Ben-Or, Elad Eban School of Computer Science and Engineering The Hebrew University.

Interactive Proofs For Quantum Computations Dorit Aharonov, Michael Ben-Or, Elad Eban School of Computer Science and Engineering The Hebrew University.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.

Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.

Similar presentations

Ads by Google