quantum cryptography 101

Quantum Cryptography

Omar Shehab

Department of Computer Science and Electrical EngineeringUniversity of Maryland, Baltimore County

Baltimore, Maryland 21250

[email protected]

September 21, 2012

Curiosity

We start with following questions:

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 2 / 52

Curiosity (contd.)

How strong are the classical cryptographic schemes?


Curiosity (contd.)

Is it possible to break them quickly?


Let’s take an example

RSA (Rivest et al. [1978]) is a standard classical cryptographicscheme.


Here is the situation

Alice wants to send a message to Bob.

Both of them are worried about Eve who is notoriously tryingto intercept the message.


Proposed solution

Alice decides a secret key and encrypts her message with thatkey.

The encrypted message is sent to Bob over public channel.

Alice sends the key to Bob over a secure channel.

Bob decrypts the message with the key.


Issue with the solution

How to find a secure channel to transfer the key?


It is a good idea?

What if Alice decides another secret sub-key to encrypt the originalkey and send it over the public channel?


Let’s see!

Another sub-sub-key to encrypt the sub-key and anothersub-sub-sub-key to secure the sub-sub-key and so on...


It never stops!

Catch-22 (Lomonaco [1998])!


Now what?

Let us redefine ’secret’ !


’Secret’

A secret is secret if it is always secret!A secret is secret is it is computationally unbreakable (Lomonaco[1998])!


Computationally secret!!!

Here comes RSA!


Assumptions in RSA

The assumption is that the problem of factoring large number isnot in P, NP-complete, and co-NP-complete (Rivest et al. [1978]).


How confident?

So far true for classical computers.


Are we safe then?

There are other issues.


An issue with public key cryptography

Eavesdropping cannot be detected in classical public keycryptographic solutions (Lomonaco [1998]).


New in the town

Quantum Cryptography!!!


Quantum Cryptography

We need quantum computers.


No more ’bits’

Qubits replace bits. Logic one and zero are no longer the scalers 1and 0. They are expressed by orthonormal pairs of vectors living inHilbert space (a special type of vector space) (Lomonaco [1998]).


What are those orthonormal pairs of vectors?

They are called basis sets.


Basis sets

They can be chosen in a number of ways.


Basis sets: Example 1

Let the set be S+.

S+ ≡{(

10

),

(01

)}

These vectors are orthonormal to each other.


Basis sets: Example 2

Let the set be SX .

SX ≡{

1√2

(−11

), 1√

2

(11

)}

These vectors are orthonormal to each other.


Qubits

What may Qubits look like in real world?


Qubits (contd.)

Spin of an electron (12or −12)

Polarization of a photon (horizontal or vertical, right circularor left circular, 45◦clockwiseorcounter − clockwise etc.)

and many other . . .


Logical impression

Using S+,

Logic 1 ≡(

01

), Logic 0 ≡

(10

)or vice versa.

Using SX ,

Logic 1 ≡ 1√2

(−11

), Logic 0 ≡ 1√

2

(11

)or vice versa.


Features

Qubits have following features:


Qubits: Feature 1

Qubits cannot be copied (Wootters and Zurek [1982]). If someonetries to copy a qubit, the information gets destroyed. So, theproblem of eavesdropping detection is solved.


Qubits: Feature 2

Qubits can be in two opposite states at the same time. Forexample, a qubit can be both logic 1 and logic 0 at the same time.


Qubits: Feature 2 (contd.)

If a qubit is in state 1√2

(11

), it is both in logic 1 and logic 0 with

equal probability.


Qubits: Feature 3

To read the information of a qubit, we need to measure it. Inquantum world, results of measurement are always probabilistic.So, we end up with information with specific amount of probabilityassociated to it.


Feature 3: Example

If we want to read (measure) an arbitrary qubit using S+, we will

get

(01

)with some probability and ≡

(10

)with the

complementary amount of probability.

If we read the same qubit using SX , we will get 1√2

(−11

)with

some probability and 1√2

(11

)with the complementary amount of

probability.


A note about basis set

While working with quantum information, you can encode yourmessage with any basis set whenever you want. So, while sending amessage, a part of the message can be encoded using the basis setSX and rest of the message can be encoded using the basis set S+.


Message with mixed basis sets

Bit index 1 2 3 4

Logical impression 1 0 1 0

Qubits

(01

)1√2

(11

)1√2

(−11

) (10

)Basis set S+ SX SX S+


Back to Alice!

We recommend Alice and Bob to buy quantum computers.


Alice’s secret key

Alice wants to send a secret key consisting random bits.Say, she wants to send a 12-bit key. Alice flips a coin for each bitand sets the bit to 1 for head and 0 for tail. For one instance, letthe logical impression of the message be,0 1 1 0 1 1 1 0 1 0 1 0.


Alice’s secret key (contd.)

So far, Alice has decided only the logical version of the secret key.She is yet to decide the basis on which she will encode thecorresponding qubits.



Alice chooses the basis sets in random too. For each bit, if it ishead, the basis set is S+ otherwise SX .



The situation may be as in the following table.

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Sec

ret

key

0 1 1 0 1 1 1 0 1 0 1 0

Bas

isse

t

S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+

Qu

bit (

10

)(01

)(− 1√2

1√2

)(10

)(10

)(10

)(− 1√2

1√2

)(10

)(− 1√2

1√2

)(1√21√2

)(1√21√2

)(10

)


Bob receives and measures the key

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Bas

isse

t

SX S+ SX SX S+ SX S+ S+ SX SX SX S+

Res

ult

0 1 1 1 1 0 1 0 1 0 1 0

Ori

gin

alke

y

0 1 1 0 1 1 1 0 1 0 1 0

Rea

lb

asis



Message at Bob’s end

Bob will guess right basis 50% of the time. For those correct basissets, the results of measurement will be exactly what Alice sent.For the rest of the message, Bob will have wrong data.


Confirmation of basis with Alice

Bob informs Alice the basis he has used for each bit through publicchannel. Whenever, there is a basis mismatch, they discard thecorresponding bit. Here is the scenario,

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Alic

e


Bob

SX S+ SX SX S+ SX S+ S+ SX SX SX S+

Mat

ch

X X X X X X X X

Key

1 1 1 0 1 0 1 0


Eavesdropping

To intercept the message, Eve needs to measure the qubits justlike Bob does. She cannot copy and forward the original messageto Bob due to the no-cloning theorem. So, Eve can also guess only50% of the information correctly. To hide her existence, Eve needsto resend the data to Bob. Any measurement collapses thequantum superposition of the qubits. So, Bob only receives theresult of measurements, not the original qubits.


Bob measures Eve’s

When Bob measures the message coming from Eve, there isanother layer of applying wrong random bases, which decreases theprobability of getting the original message by more than 50%. Bobneeds a way to detect the eavesdropping.


Detection

Bob shares half of the remaining bits with Alice over publicchannel. If there is only a tiny percentage of mismatch (due tonoise), they can safely assume that Eve hasn’t listened to theircommunication. Here is the scenario,

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Key

1 1 1 0 1 0 1 0

Exc

han

ge

X X X X

Sec

ret

1 1 0 1


Detection (contd.)

With 12-bit secret key, after measurement and intrusion detection,4 bits are still secret. So, if Alice wants a 100-bit secret key, shemay safely start with a 300-bit key.


Meet BB

This scheme is called the BB84 Quantum Key Exchange protocol.

Figure: Charles H. Bennett

Figure: Gilles Brassard


2012 Nobel Prize?

Thomson Reuters Predicts 2012 Nobel prize in physics may go tothese two people.


Bibliography I

Samuel J. Lomonaco. A quick glance at quantum cryptography. 1998.

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems.Communications of the ACM, 21:120–126, 1978.

W. K. Wootters and W. H. Zurek. A single quantum cannot be cloned. volume 299, pages 802–803, 1982.


Questions?


quantum cryptography 101

Documents