Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Quantum cryptographyQuantum cryptography-the final battle?-the final battle?
CS4236 Principles of Computer SecurityCS4236 Principles of Computer Security
National University of SingaporeNational University of Singapore
Jonas Rundberg, NT030157AJonas Rundberg, NT030157A
This presentationThis presentation
Quantum Quantum mechanicsmechanics IntroductionIntroduction NotationNotation Polarized photonsPolarized photons ExperimentExperiment
Quantum cryptologyQuantum cryptology Key distributionKey distribution EavesdroppingEavesdropping Detecting Detecting
eavesdroppingeavesdropping NoiseNoise Error correctionError correction Privacy AmplificationPrivacy Amplification EncryptionEncryption
Quantum mechanicsQuantum mechanics
IntroductionIntroduction
Spawned during the last centurySpawned during the last century Describes Describes properties and interaction properties and interaction
between matter at small distance between matter at small distance scalesscales
Quantum state determined byQuantum state determined by(among (among others)others) PositionsPositions VelocitiesVelocities PolarizationsPolarizations SpinsSpins
qubitsqubits
NotationNotation
BraBra/Ket notation (pronounced /Ket notation (pronounced “bracket”)“bracket”)
From Dirac 1958From Dirac 1958 Each state represented by a vector Each state represented by a vector
denoted by a arrow pointing in the denoted by a arrow pointing in the direction of the polarizationdirection of the polarization
NotationNotation
Simplified Bra/Ket-notation in this Simplified Bra/Ket-notation in this presentationpresentation
Representation of polarized photons:Representation of polarized photons: horizontally: horizontally: vertically: vertically: diagonally: diagonally: and and
Polarized photonsPolarized photons
Polarization can be Polarization can be modeled as a linear modeled as a linear combination of combination of basis vectors basis vectors and and
Only interested in Only interested in directiondirection
aa + b + b will result will result in a unit vector in a unit vector ψψ such that |a|such that |a|22 + |b| + |b|22 = 1= 1
ψb
a
Polarized photonsPolarized photons
Measurement of a Measurement of a state not only state not only measuresmeasures but actually but actually transforms that state transforms that state to one of the basis to one of the basis vectors vectors and and
If we chose the basis If we chose the basis vectors vectors and and when when measuring the state of measuring the state of the photon, the result the photon, the result will tell us that the will tell us that the photon's polarization photon's polarization is either is either or or , , nothing in between.nothing in between.
ψb
a
ExperimentExperiment
Classical experimentClassical experiment Equipment:Equipment:
laser pointer laser pointer three polarization filtersthree polarization filters
The beam of light i pointed toward a The beam of light i pointed toward a screen.screen.
The three filters are polarized at The three filters are polarized at , , and and respectively respectively
ExperimentExperiment
The The filter is put in front of the filter is put in front of the screenscreen
Light on outgoing side of filter is now Light on outgoing side of filter is now 50% of original intensity50% of original intensity
ExperimentExperiment
Next we insert a Next we insert a filter whereas no filter whereas no light continue on the output sidelight continue on the output side
ExperimentExperiment
Here is the puzzling part…Here is the puzzling part… We insert a We insert a filter in between filter in between This This increasesincreases the number of photons the number of photons
passing throughpassing through
Experiment explainedExperiment explained
Filter Filter is hit by photons in random is hit by photons in random states. It will measure half of the states. It will measure half of the photons polarized as photons polarized as
Experiment explainedExperiment explained
Filter Filter is perpendicular to that and is perpendicular to that and will measure the photons with will measure the photons with respect to respect to , which none of the , which none of the incoming photons matchincoming photons match
Experiment explainedExperiment explained
Filter Filter measures the state with measures the state with respect to the basis {respect to the basis {, , }}
Experiment explainedExperiment explained
Photons reaching filter Photons reaching filter will be will be measured as measured as with 50% chance. with 50% chance. These photons will be measured by These photons will be measured by filter filter as as with 50% probability with 50% probability and thereby 12,5% of the original and thereby 12,5% of the original light pass through all three filters.light pass through all three filters.
Quantum cryptologyQuantum cryptology
Key distributionKey distribution
Alice and Bob first agree on two Alice and Bob first agree on two representations for ones and zeroes representations for ones and zeroes
One for each basis used, {One for each basis used, {,, } } and {and {, , }. }.
This agreement can be done in publicThis agreement can be done in public DefineDefine
1 = 1 = 0 = 0 = 1 = 1 = 0 = 0 =
Key distribution - BB84Key distribution - BB84
1.1. Alice sends a sequence of photons to Bob.Alice sends a sequence of photons to Bob.Each photon in a state with polarization Each photon in a state with polarization corresponding to 1 or 0, but with randomly corresponding to 1 or 0, but with randomly chosen basis. chosen basis.
2.2. Bob measures the state of the photons he Bob measures the state of the photons he receives, with each state measured with respect receives, with each state measured with respect to randomly chosen basis. to randomly chosen basis.
3.3. Alice and Bob communicates via an open Alice and Bob communicates via an open channel. For each photon, they reveal which channel. For each photon, they reveal which basis was used for encoding and decoding basis was used for encoding and decoding respectively. All photons which has been respectively. All photons which has been encoded and decoded with the same basis are encoded and decoded with the same basis are kept, while all those where the basis don't agree kept, while all those where the basis don't agree are discarded. are discarded.
EavesdroppingEavesdropping
Eve has to randomly select basis for her Eve has to randomly select basis for her measurementmeasurement
Her basis will be wrong in 50% of the time.Her basis will be wrong in 50% of the time. Whatever basis Eve chose she will measure 1 or 0Whatever basis Eve chose she will measure 1 or 0 When Eve picks the wrong basis, there is 50% When Eve picks the wrong basis, there is 50%
chance that she'll measure the right value of the chance that she'll measure the right value of the bitbit
E.g. Alice sends a photon with state E.g. Alice sends a photon with state corresponding to 1 in the {corresponding to 1 in the {,, } basis. Eve picks } basis. Eve picks the {the {, , } basis for her measurement which this } basis for her measurement which this time happens to give a 1 as result, which is time happens to give a 1 as result, which is correct. correct.
EavesdroppingEavesdropping
Yes0yes{, }
Yes0
No1No{, }0
Yes1Yes{, }
No0
Yes1No{, }1
{, }
Yes0
No1No{, }
Yes0Yes{, }0
No0
Yes1No{, }
Yes1Yes{, }1
{, }
CorrectEve’sbit
Eve’sphoton
CorrectEve’sbasis
Alice’sphoton
Alice’sbit
Alice’sbasis
Eves problemEves problem
Eve has to re-send all the photons to Eve has to re-send all the photons to Bob Bob
Will introduce an error, since Eve Will introduce an error, since Eve don't know the correct basis used by don't know the correct basis used by Alice Alice
Bob will detect an increased error Bob will detect an increased error raterate
Still possible for Eve to eavesdrop Still possible for Eve to eavesdrop just a few photons, and hope that just a few photons, and hope that this will not increase the error to an this will not increase the error to an alarming rate. If so, Eve would have alarming rate. If so, Eve would have at least partial knowledge of the key. at least partial knowledge of the key.
Detecting eavesdroppingDetecting eavesdropping When Alice and Bob need to test for When Alice and Bob need to test for
eavesdroppingeavesdropping By randomly selecting a number of bits from By randomly selecting a number of bits from
the key and compute its error ratethe key and compute its error rate Error rate < EError rate < Emax max ⇒⇒ assume no eavesdropping assume no eavesdropping
Error rate > EError rate > Emax max ⇒⇒ assume eavesdropping assume eavesdropping(or the channel is unexpectedly noisy)(or the channel is unexpectedly noisy)Alice and Bob should then discard the whole Alice and Bob should then discard the whole key and start overkey and start over
NoiseNoise
Noise might introduce errorsNoise might introduce errors A detector might detect a photon even A detector might detect a photon even
though there are no photonsthough there are no photons Solution:Solution:
send the photons according to a time schedule.send the photons according to a time schedule. then Bob knows when to expect a photon, and then Bob knows when to expect a photon, and
can discard those that doesn't fit into the can discard those that doesn't fit into the scheme's time window.scheme's time window.
There also has to be some kind of error There also has to be some kind of error correction in the over all process.correction in the over all process.
Error correctionError correction
Suggested by Hoi-Kwong Lo. (Shortened version)Suggested by Hoi-Kwong Lo. (Shortened version)2.2. Alice and Bob agree on a random permutation of Alice and Bob agree on a random permutation of
the bits in the keythe bits in the key3.3. They split the key into blocks of length kThey split the key into blocks of length k4.4. Compare the parity of each block. If they Compare the parity of each block. If they
compute the same parity, the block is considered compute the same parity, the block is considered correct. If their parity is different, they look for correct. If their parity is different, they look for the erroneous bit, using a binary search in the the erroneous bit, using a binary search in the block. Alice and Bob discard the last bit of each block. Alice and Bob discard the last bit of each block whose parity has been announcedblock whose parity has been announced
5.5. This is repeated with different permutations and This is repeated with different permutations and block size, until Alice and Bob fail to find any block size, until Alice and Bob fail to find any disagreement in many subsequent comparisonsdisagreement in many subsequent comparisons
Privacy amplificationPrivacy amplification
Eve might have partial knowledge of the Eve might have partial knowledge of the key. key.
Transform the key into a shorter but Transform the key into a shorter but secure keysecure key
Suppose there are n bits in the key and Suppose there are n bits in the key and Eve has knowledge of m bits. Eve has knowledge of m bits.
Randomly chose a hash function whereRandomly chose a hash function whereh(x): {0,1\}h(x): {0,1\}n n {0,1\} {0,1\} n-m-sn-m-s
Reduces Eve's knowledge of the key to 2 Reduces Eve's knowledge of the key to 2 –s –s
/ ln2/ ln2 bits bits
EncryptionEncryption
Key of same size as the plaintextKey of same size as the plaintext Used as a one-time-padUsed as a one-time-pad Ensures the crypto text to be Ensures the crypto text to be
absolutely unbreakableabsolutely unbreakable
What to comeWhat to come
Theory for quantum cryptography Theory for quantum cryptography already well developedalready well developed
Problems:Problems: quantum cryptography machine quantum cryptography machine
vulnerable to noisevulnerable to noise photons cannot travel long distances photons cannot travel long distances
without being absorbedwithout being absorbed
SummarySummary
The ability to detect eavesdropping The ability to detect eavesdropping ensures secure exchange of the keyensures secure exchange of the key
The use of one-time-pads ensures The use of one-time-pads ensures securitysecurity
Equipment can only be used over Equipment can only be used over short distancesshort distances
Equipment is complex and expensiveEquipment is complex and expensive
Q / AQ / A
ReferencesReferences
[RP00] Eleanor Rie_el, Wolfgang Polak,[RP00] Eleanor Rie_el, Wolfgang Polak,ACM Computing surveys,Vol. 32, No.3.September 2000ACM Computing surveys,Vol. 32, No.3.September 2000
[WWW1] Math Pages, Spin & Polarization[WWW1] Math Pages, Spin & Polarizationhttp://www.mathpages.com/rr/s9-04/9-04.htmhttp://www.mathpages.com/rr/s9-04/9-04.htm
[WWW2] Luisiana Tech University, [WWW2] Luisiana Tech University, Quantum ComputationQuantum Computationhttp://www2.latech.edu/~dgao/CNSM/quantumcomput.htmlhttp://www2.latech.edu/~dgao/CNSM/quantumcomput.html
[WWW3] Edmonton Community Network,[WWW3] Edmonton Community Network,Quantum CryptographyQuantum Cryptographyhttp://home.ecn.ab.ca/~jsavard/crypto/mi060802.htmhttp://home.ecn.ab.ca/~jsavard/crypto/mi060802.htm
[WIK1] Wikipedia -The free encyclopedia[WIK1] Wikipedia -The free encyclopediahttp://www.wikipedia.org/wiki/Bra-ket_notationhttp://www.wikipedia.org/wiki/Bra-ket_notation
ReferencesReferences
[WIK2] Wikipedia -The free encyclopedia[WIK2] Wikipedia -The free encyclopediahttp://www.wikipedia.org/wiki/Interpretation_of_quantum_mhttp://www.wikipedia.org/wiki/Interpretation_of_quantum_mechanicsechanics
[WIK3] Wikipedia -The free encyclopedia[WIK3] Wikipedia -The free encyclopediahttp://www.wikipedia.org/wiki/Copenhagen_interpretationhttp://www.wikipedia.org/wiki/Copenhagen_interpretation
[GIT] Georgia Institute of Technology,[GIT] Georgia Institute of Technology,The fundamental postulates of quantum mechanicsThe fundamental postulates of quantum mechanicshttp://www.physics.gatech.edu/academics/Classes/spring20http://www.physics.gatech.edu/academics/Classes/spring2002/6107/Resources/The fundamental postulates of quantum 02/6107/Resources/The fundamental postulates of quantum mechanics.pdfmechanics.pdf
[HP] Hoi-Kwong Lo, Networked Systems Department,[HP] Hoi-Kwong Lo, Networked Systems Department,Hewlett Packard, Bristol, December 1997, Quantum Hewlett Packard, Bristol, December 1997, Quantum CryptologyCryptology
[SS99] Simon Singh, Code Book, p349-382,[SS99] Simon Singh, Code Book, p349-382,Anchor Books, 1999Anchor Books, 1999
[FoF] Forskning och Framsteg,[FoF] Forskning och Framsteg,No. 3, April 2003No. 3, April 2003