quantum cryptography and possible attacks-slide
DESCRIPTION
Slides for SSI project.TRANSCRIPT
Quantum Cryptography
Arinto Murdopo Maria Stylianou
Ioanna Tsalouchidou
13/12/2011
Outline
● Quantum Cryptography● Theoretical Background ● Quantum Key Distribution (QKD)
○ BB84 Protocol● Vulnerabilities & Attacks
○ Faked - state attack
Quantum Cryptography - How it came up
● Cryptography => Secure Communication => Secure Data Transmission
● Two techniques○ Symmetric - key encryption (shared key)
■ Key - distribution problem ○ Asymmetric - key encryption (pair of public&secret keys)
■ Success based on hardware limitations, absence of good algorithms and non-use of quantum computers.
Quantum Cryptography!
Quantum Cryptography
● Quantum Cryptography is ○ the use of laws of quantum physics, to:
■ perform cryptographic functionalities ■ break cryptographic systems
● Examples:○ Quantum Key Distribution (next section)○ Quantum Computers to break existing protocols
Theoretical Background
● Quantum - minimum amount of any physical entity ● Photon Polarization - Quantum Superposition
○ Vertical-Horizontal 2 orthogonal○ Diagonal +-45 degrees states
● Heisenberg Uncertainty Principle
○ “observation causes perturbation”○ no-cloning theorem
Polarized Wave Applet! http://surendranath.tripod.com/Applets/Waves/Polarisation/PW.html
Theoretical Background
Filter to distinguish polarized photons. Correct Filter applied Wrong Filter applied
Quantum Key Distribution - BB84
● First quantum cryptography protocol
● Goal: describe a scheme of two users who want to communicate and exchange data securely.
● Idea: distribute a key securely, based on the laws of
physics.
● Security proofs: ○ If someone reads the state of photon -> state changes○ Not possible to copy the photon in order to encode it with
all possible ways (basis)
Quantum Key Distribution - BB84
Quantum Key Distribution - BB84
Step 1 ● Alice has two choices, key (a) & basis (b), chosen
randomly● Combine bits of a and b, 1-1, ● Four different states of qubit (photon polarization)● Sent through public quantum channels:
○ Optical Fiber○ Free Space
Photon Source
Quantum Key Distribution - BB84
Step 2
● Bob receives qubit from Alice● Bob measures it by choosing random basis using
Beam Splitter (BS), practically it could be 50/50 mirror● PBS sends qubit to certain detector using some rules
Quantum Key Distribution - BB84
Step 2How PBS of a specific basis works
● Let photon that polarized on that basis to pass through to the correct detector
● Otherwise, the photon can head randomly to any of the wrong detectors
Quantum Key Distribution - BB84
Step 2Example of how PBS combining with detector works!
Quantum Key Distribution - BB84
Step 3● 1st communication between Alice and Bob in public
channel● They compare the basis used to encode and measure
the qubit● If Bob.basis == Alice.basis
○ Keep the bit!● Else
○ Discard the bit● The length of the initial key is reduced to half of its length
because the probability of Bob choosing the same basis as Alice is 50%
Quantum Key Distribution - BB84
Step 4● Check if someone has intruded the communication or if
some imperfection of the devices or channel has introduced noise that distort the outcome
● If Eve has intruded the communication, she will DEFINITELY left some traces due to Heisenberg Uncertainty Principle (HUP) and non cloning theorem
Quantum Key Distribution - BB84Step 4
● Alice and Bob performs MANY parity-checks● In this way, they can find out whether Eve has intruded
the communication● Very simple example:
○ Calculate parity of blocks of 4-bits
● Alice sends the parities of her blocks and Bob checks them
Quantum Key Distribution - BB84Step 5
● Now Alice and Bob have the same keys, all the bits are same
● The problem is, in Step 4, Eve manages to find out some portions of their key
● Privacy Amplification comes into the rescue!
Quantum Key Distribution - BB84Step 5
● Alice and Bob apply Hash function to compress the key into the final one. And they should use the same Hash function.
Vulnerabilities - Photon number attack
● Sending more than one photon for each bit leads to photon number attack.
○ Eve can steal extra photons to extract the stolen photons information.
● Ensure photon spitter only sends exactly ONE photon each time.
● Single photon ensures quantum mechanic laws are satisfied.
Vulnerabilities - Spectral attack
● If photons are created by four DIFFERENT laser photo diodes, they have different spectral characteristics.
● Eve performs spectral attack by measuring COLOR, and not polarization.
Vulnerabilities - Random numbers
● Are our random numbers really "Random"?
● Bob side, randomness is determined by BS.● Alice side, randomness if a bit stream cannot be proven
mathematically○ Algorithms generate "random" sequences by following
specific patterns => NOT that random!○ Eve can use same algorithm to extract information.
Entangled Photon Pairs comes to the rescue!
Entangled photon pairs
BB84 with photon pairs
Faked-state attack
General scheme
Faked-state attack
Practical Implementation - Detector replica● Eve has replica of Bob's detector ● To capture the photon and measure it like Bob always does
Faked-state attack
Practical Implementation - Fake Stated Generator
● Blind Bob's detector○ Insensitive to photon
● Forces Bob's detectors to have same "click" as what Eve has measured
○ Bob and Eve have same information
Faked-state attack
Practical Implementation - Blind all Bob's detectors● QKD detectors use Single Photon Avalanche Diode (SPAD)
Faked-state attack
Single Photo Avalanche Diode● Has two modes
○ Geiger Mode○ Linear Mode
Hence, SPAD in Linear Mode can be considered as blind-to-photon.
Faked-state attack
Single Photo Avalanche Diode● How to make SPAD behaves in Linear Mode?
Faked-state attack
Single Photo Avalanche Diode● SPAD in Linear Mode
● Bright illumination causes the capacitor has not enough time to recharge and re-balance the voltage value at point 2
● SPAD's bias voltage below VBreakdown -> Linear Mode
Faked-state attack
Single Photo Avalanche Diode● SPAD in Linear Mode
●
Faked-state attack
Practical Implementation - Force Bob's detector to click● Blinding Bob's detector is not enough● Eve needs to force specific Bob's detector to "click"
according to the measurement result in Eve's detector
Faked-state attack
Practical Implementation - Force Bob's detector to click● SPAD in linear mode ("blind SPAD) -> easily forced to
create a "click"● Sending pulse of light with intensity power "I0"
Faked-state attack
Practical Implementation - Blind the detector● Correct light pulse intensity is important ● (2*I0) is the answer!
Putting them all together!
Faked-state attack
Faked-state attack
Result of the Attack: Impressive!Bob@V Bob@-45 Bob@H Bob@+45
Eve@V 99.51% 0 0 0
Eve@-45 0 99.66% 0 0
Eve@H 0 0 99.80% 0
Eve@+45 0 0 0 99.95%
The end!
Questions?