applications of quantum cryptography – qkd
DESCRIPTION
Applications of Quantum Cryptography – QKD. CS551/851 CR yptography A pplications B istro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “ Quantum Cryptography in Practice ”. Outline. Basics of QKD History of QKD Protocols for QKD BB84 Protocol - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/1.jpg)
Applications of Quantum Cryptography – QKD
CS551/851CRyptographyApplicationsBistro
Mike McNett 6 April 2004
Paper: Chip Elliott, David Pearson, and Gregory Troxel. “Quantum Cryptography in Practice”
![Page 2: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/2.jpg)
Outline
• Basics of QKD
• History of QKD
• Protocols for QKD
• BB84 Protocol
• DARPA / BBN Implementation
• Other Implementations
• Pro’s & Con’s
• Conclusion
![Page 3: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/3.jpg)
Quantum Cryptography
• Better Name – Quantum Key Distribution (QKD) – It’s NOT a new crypto algorithm!
• Two physically separated parties can create and share random secret keys.
• Allows them to verify that the key has not been intercepted.
![Page 4: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/4.jpg)
Basic Idea
![Page 5: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/5.jpg)
History of QKD• Stephen Wiesner – early 1970s wrote paper
"Conjugate Coding”
• Paper by Charles Bennett and Gilles Brassard in 1984 is the basis for QKD protocol BB84. Prototype developed in 1991.
• Another QKD protocol was invented independently by Artur Ekert in 1991.
![Page 6: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/6.jpg)
Two Protocols for QKD• BB84 (and DARPA Project) – uses
polarization of photons to encode the bits of information – relies on “uncertainty” to keep Eve from learning the secret key.
• Ekert – uses entangled photon states to encode the bits – relies on the fact that the information defining the key only "comes into being" after measurements performed by Alice and Bob.
![Page 7: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/7.jpg)
BB84• Original Paper: Bennett: “Quantum cryptography
using any two nonorthogonal states”, Physical Review Letters, Vol. 68, No. 21, 25 May 1992, pp 3121-3124
![Page 8: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/8.jpg)
BB84• Alice transmits a polarized beam in short bursts. The
polarization in each burst is randomly modulated to one of four states (horizontal, vertical, left-circular, or right-circular).
• Bob measures photon polarizations in a random sequence of bases (rectilinear or circular).
• Bob tells the sender publicly what sequence of bases were used.
• Alice tells the receiver publicly which bases were correctly chosen.
• Alice and Bob discard all observations not from these correctly-chosen bases.
• The observations are interpreted using a binary scheme: left-circular or horizontal is 0, and right-circular or vertical is 1.
![Page 9: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/9.jpg)
BB84• representing the types of photon measurements:
+ rectilinear
O circular • representing the polarizations themselves:
< left-circular
> right-circular
| vertical
− horizontal• Probability that Bob's detector fails to detect the
photon at all = 0.5.
Reference: http://monet.mercersburg.edu/henle/bb84/demo.php
![Page 10: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/10.jpg)
BB84 – No Eavesdropping• A B: |<−−−<<−−<>>−<>||−−< • Bob randomly decides detector:
++++O+O+OO+O+++++O+O• For each measurement, P(failure to detect photon) = 0.5 • The results of Bob's measurements are:
− >− −<< ||| • B A: types of detectors used and successfully made (but not the
measurements themselves):
+ O+ +OO +++ • Alice tells Bob which measurements were of the correct type:
. . . . (key = 0 0 0 1)• Bob only makes the same kind of measurement as Alice about half the
time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. In fact, this time there were 4 usable digits generated.
![Page 11: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/11.jpg)
BB84 – With Eavesdropping• A B: <|<−>−<<|<><−<|<−|−<• Eavesdropping occurs.
To detect eavesdropping:• Bob only makes the same kind of measurement as Alice about
half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain.
• A B: reveals 50% (randomly) of the shared digits.• B A: reveals his corresponding check digits.• If > 25% of the check digits are wrong, Alice and Bob know that
somebody (Eve) was listening to their exchange.
• NOTE – 20 photons doesn’t provide good guarantees of detection.
![Page 12: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/12.jpg)
DARPA Project
![Page 13: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/13.jpg)
DARPA Project Overview
• Combined Effort – BBN, Harvard, Boston University
• DARPA Project
• Provides “high speed” QKD. Keys are used by a VPN.
• Tests against eavesdropping attacks
![Page 14: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/14.jpg)
DARPA Project Overview
• QKD Network – Requires a set of trusted network relays
• Uses Phase Shifting instead of Polarization• Uses a VPN – Uses QKD to generate VPN keys• Fully compatible with conventional hosts, routers,
firewalls, etc.• Quantum Channel also used for timing and
framing• Eve is very capable – just can’t violate Quantum
Physics
![Page 15: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/15.jpg)
QKD Attributes
• Key Confidentiality
• Authentication – Not directly provided by QKD – need alternative methods
• “Sufficiently” Rapid Key Delivery
• Robustness
• Distance (and Location) Independence
• Resistant to Traffic Analysis
![Page 16: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/16.jpg)
DARPA Quantum Network
![Page 17: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/17.jpg)
Randomly selects Phase and Value
Randomly chooses Phase Basis
Measures Phase & Value
Timing and Framing
![Page 18: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/18.jpg)
1’s and 0’s
• Unbalanced Interferometers
• Provides different delays
• Must be “identical at Sender and Receiver
![Page 19: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/19.jpg)
1’s and 0’s• Photon follows both paths
• Long path lags behind short path
• Travels as two distinct pulses
• Bob receives
• Pulses again take long & short paths
![Page 20: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/20.jpg)
1’s and 0’s• Waves are Summed
• Center Peak – Provides the Bases
![Page 21: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/21.jpg)
1’s and 0’s• 1’s and 0’s represented by adjusting the relative
phases of the two waves (SALB and LASB). This is the Δ value.
![Page 22: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/22.jpg)
QKD Protocols
• Sifting –Unmatched Bases; “stray” or “lost” qubits
• Error Correction – Noise & Eaves-dropping detected – Uses “cascade” protocol – Reveals information to Eve so need to track this.
• Privacy Amplification – reduces Eve’s knowledge obtained by previous EC
• Authentication – Continuous to avoid man-in-middle attacks – not required to initiate using shared keys – Not well explained in Paper.
![Page 23: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/23.jpg)
IPSEC
• “Continually” uses new keys obtained from QKD
• Used in IPSEC Phase 2 hash to update AES keys about once / minute
• Can support:– Rapid reseeding, or– One-time pad
• Supports multiple tunnels, each uniquely configured
![Page 24: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/24.jpg)
Issues
• Time outs (due to insufficient bits available)
• Noise affects on key establishment. This can’t be detected by IKE.
![Page 25: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/25.jpg)
Other Implementations
• Two Other Implementations of Quantum Key Distribution:– D Stucki, N Gisin, O Guinnard, G Ribordy, and H Zbinden.
Quantum key distribution over 67 km with a plug&play system. New Journal of Physics 4 (2002) 41.1–41.8.
– ID Quantine: http://www.idquantique.com/files/introduction.pdf
• MagiQ. Whitepaper: http://www.magiqtech.com/registration/MagiQWhitePaper.pdf
• Satellite-based QKD: http://ej.iop.org/links/q68/BKUvFWVrm756,uxc76lU,Q/nj2182.pdf
![Page 26: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/26.jpg)
Pros & Cons
• Nearly Impossible to steal
• Detect if someone is listening
• “Secure”
• Distance Limitations
• Availability– vulnerable to DOS– keys can’t keep up with plaintext
![Page 27: Applications of Quantum Cryptography – QKD](https://reader036.vdocuments.us/reader036/viewer/2022081421/56813ad6550346895da31108/html5/thumbnails/27.jpg)
Questions?
• Back to Richard!