quantum cryptography - inspiring innovationlomonaco/slides/qcryptohandout.pdf · quantum...

1

QuantumQuantumCrypto ??Crypto ??

CaniCani

Quantum CryptographyQuantum Cryptography

Samuel J. Lomonaco, Jr.Samuel J. Lomonaco, Jr.Dept. of Comp. Dept. of Comp. SciSci. & Electrical Engineering. & Electrical Engineering

University of Maryland Baltimore CountyUniversity of Maryland Baltimore CountyBaltimore, MD 21250Baltimore, MD 21250

Email: Email: [email protected]@UMBC.EDUWebPageWebPage: : http://http://www.csee.umbc.edu/~lomonacowww.csee.umbc.edu/~lomonaco

How Alice Outwits Eve How Alice Outwits Eve oror

LL--OO--OO--PP

• The Defense Advance Research ProjectsAgency (DARPA) & Air Force Research

Laboratory (AFRL), Air Force Materiel Command,USAF Agreement Number F30602-01-2-0522.

• The National Institute for Standards and Technology (NIST)

• The Mathematical Sciences Research Institute (MSRI).

• The L-O-O-P Fund.

• The Institute of Scientific Interchange

LL--OO--OO--PP

This work is supported by:This work is supported by: Introducing AliceIntroducing Alice & Bob& Bob

SenderSender ReceiverReceiver

EavesdropperEavesdropper

AliceAlice BobBob

EveEveBah !Bah !

Humbug !Humbug !

Throb

Throb !!

Introducing AliceIntroducing Alice & Bob& Bob

SenderSender ReceiverReceiver

EavesdropperEavesdropper

AliceAlice BobBob

EveEveBah !Bah !

Humbug !Humbug !

Throb

Throb !! RobertoRoberto

PiaPia

SpiaSpia

Quantum cryptography provides a new Quantum cryptography provides a new mechanism enabling the parties mechanism enabling the parties communicating with one another to:communicating with one another to:

Consequently, it provides a means of Consequently, it provides a means of determining when an encrypted determining when an encrypted communication has been compromised.communication has been compromised.

Key IdeaKey Idea

Automatically detect eavesdroppingAutomatically detect eavesdropping..

2

The DilemmaThe Dilemma

AliceAlice

How do I prevent How do I prevent Eve from Eve from

eavesdropping ???eavesdropping ???

How can I How can I outwit Eve outwit Eve

??????

? ? ? ? ? ?

? ? ? ?

? ?

Alice Takes a Cryptography CourseAlice Takes a Cryptography Course

AliceAlice

TheTheClassicalClassical

WorldWorld

ClassicalClassicalShannonShannon

BitBit

0 or 1

DecisiveIndividual

CopyingCopyingMachineMachine

InIn OutOut

ClassicalClassical BitsBits CanCan BeBe CopiedCopied

CryptographicCryptographicSystemsSystems

3

A Classical Cryptographic Communication SystemA Classical Cryptographic Communication System

InsecureInsecureChannelChannel

P = PlaintextP = PlaintextC = C = CiphertextCiphertext

TransmitterTransmitterAliceAlice

ReceiverReceiverBobBob

EavesdropperEavesdropperEveEve

P = PlaintextP = Plaintext

SecureSecureChannelChannel

InfoInfoSourceSource EncrypterEncrypter DecrypterDecrypter InfoInfo

SinkSink

KeyKey

Catch 22Catch 22

There are perfectly good ways to There are perfectly good ways to communicate in secret communicate in secret providedprovidedwe can already communicate in we can already communicate in secret secret ……

Il cane Il cane cheche sisi mordemorde la codala coda

Classical Crypto SystemsClassical Crypto Systems

CHECK LISTCHECK LIST

•• Eavesdropping Detection ?Eavesdropping Detection ?

•• Authentication ?Authentication ?

•• Catch 22 Solved ?Catch 22 Solved ?

NONO

NONO

NONO

Types of Communication SecurityTypes of Communication Security

•• PracticalPractical SecrecSecrecyy (Circa 106 BC)(Circa 106 BC)

CiphertextCiphertext breakable after breakable after xx yearsyears

ExamplesExamples:: Data Encryption Standard (DES), Data Encryption Standard (DES), Advanced Data Encryption Standard (AES)Advanced Data Encryption Standard (AES)

•• PerfectPerfect SecuritySecurity (Shannon, 1949)(Shannon, 1949)

CiphertextCiphertext CC without key gives no without key gives no information about plaintext information about plaintext PP

( ) ( )Prob P|C Prob P=

An Example of Perfect SecurityAn Example of Perfect SecurityThe The VernamVernam CipherCipher, a.k.a., , a.k.a., the Onethe One--TimeTime--PadPad

Consider a random sequence of bits Consider a random sequence of bits

1 2 nKey K K K K= =

Encrypting algorithmEncrypting algorithm

mod 2i i iC P K= +0110 0101 11011010 1110 01001100 1011 1001

PKC

==

⊕ =

•• Perfectly secure if key Perfectly secure if key KK is unknownis unknown

•• Easy to decode with Easy to decode with Key = KKey = K

DifficultiesDifficulties

•• PROBLEM: Long random bit sequences PROBLEM: Long random bit sequences must be sent over a secure channelmust be sent over a secure channel

•• CATCH 22: There are perfectly good ways CATCH 22: There are perfectly good ways to communicate in secret provided we can to communicate in secret provided we can communicate in secret communicate in secret ……

•• KEY PROBLEM in CRYPTOGRAPHY: KEY PROBLEM in CRYPTOGRAPHY: We need some way to securely We need some way to securely communicate keycommunicate key

4

Objective of All Crypto Systems: Objective of All Crypto Systems: SafetySafety

Old Idea:Old Idea:Unconditional SecurityUnconditional Security

The crypto system can resist any The crypto system can resist any cryptanaliticcryptanalitic attack no matter attack no matter how much computation is involved.how much computation is involved.

The crypto system is The crypto system is unbreakable unbreakable because of the computational cost of because of the computational cost of cryptanalysiscryptanalysis, but would succumb to , but would succumb to an attack with unlimited computation.an attack with unlimited computation.

New Idea:New Idea:ComputationalComputational SecuritySecurity

Objective of All Crypto Systems: Objective of All Crypto Systems: SafetySafety

Computational SecurityComputational Security

•• Requires Requires 10103030 years to be broken on the years to be broken on the fastest known computerfastest known computer

For example, the crypto system:For example, the crypto system:

•• Or, requires Or, requires 1010100100 bits of memory to breakbits of memory to break

•• Or, requires Or, requires 10103030 euros to breakeuros to break

System computationally safe implies safe for System computationally safe implies safe for all practical purposesall practical purposes

Idea comes from a field in computer science called Idea comes from a field in computer science called Computational ComplexityComputational Complexity..

Computational Security Computational Security ((DiffieDiffie--HellmanHellman, circa 1970), circa 1970)

Public PhonePublic PhoneDirectoryDirectory

TransmitterTransmitterAliceAlice

ReceiverReceiverBobBob

EavesdropperEavesdropperEveEve

CCEncrypterEncrypter

InfoInfoSourceSource

PP

DecrypterDecrypter

InfoInfoSinkSink

PP

Public Key Crypto SystemsPublic Key Crypto Systems …… Example: RSAExample: RSA

CC CCInsecureInsecureChannelChannel

EEBB

DDBB

Public Key Crypto SystemsPublic Key Crypto Systems

CHECK LISTCHECK LIST

••Eavesdropping Detection ?Eavesdropping Detection ?

••Authentication ?Authentication ?

•• Catch 22 Solved ?Catch 22 Solved ? Yes & NoYes & No

YesYes

NoNo

Alice Takes a Quantum Mechanics CourseAlice Takes a Quantum Mechanics Course

AliceAlice

5

TheTheQuantumQuantum

WorldWorld

Introducing the Quantum BitIntroducing the Quantum Bit …… The The QubitQubit

Look HereLook Here

IndecisiveIndecisiveIndividualIndividual

Can be bothCan be both 00 & & 11at the same time !at the same time !

Quantum Representations of Quantum Representations of QubitsQubits

ExampleExample 11. . A spinA spin-- particleparticle12

Spin UpSpin Up Spin DownSpin Down

1 01 0

Quantum Representations of Quantum Representations of QubitsQubits

ExampleExample 22. . The polarization state of a photonThe polarization state of a photon

VerticalVerticalPolarizationPolarization

HorizontalHorizontalPolarizationPolarization

1 = 0 = ↔

H=Where does a Where does a QubitQubit live ?live ?

HomeDef. A Hilbert Space is a vector space over together with an inner product such that

HH H, :− − × →

The elements of will be called The elements of will be called ketskets, and , and will be denoted bywill be denoted by label

H

1) & 1 2 1 2, , ,u u v u v u v+ = + 1 2 1 2, , ,vu u v u vu+ = +2) , ,u v u vλ λ=3) , ,u v v u∗ =4) Cauchy seq in , ∀ 1 2, ,u u … H Hlim nn

u→∞

∈

A A QubitQubit is a is a quantum quantum systemsystem whose whose statestate is is represented by a represented by a KetKetlying in a 2lying in a 2--D Hilbert D Hilbert SpaceSpaceH

6

Superposition of StatesSuperposition of States

A typical Qubit is ???

Inde

cisive

0 10 1α α= +

where 2 20 1 1α α+ =

The above Qubit is in a SuperpositionSuperposition of statesand

It is simultaneously both and !!!0 1

10

““CollapseCollapse”” of the Wave Functionof the Wave Function

0 10 1α α+ =

Observer

Qubit

Whoosh !!!

i

Prob

= |a i|

2

MeasurementMeasurementConnectingConnecting

Quantum VillageQuantum Villageto theto the

Classical WorldClassical World

Another Activity in Quantum Village:Another Activity in Quantum Village:

MeasurementMeasurementMeasurementMeasurement

Group of Friendly PhysicistsGroup of Friendly Physicists

Another Activity in Quantum Village:Another Activity in Quantum Village:

MeasurementMeasurementMeasurementMeasurement

Group of Group of AngryAngry PhysicistsPhysicists

ObservablesObservables

What does our observer What does our observer actually observe ?actually observe ?

??????

Observables = Observables = HermitianHermitian OperatorsOperatorsO

H HA

→

O OTA A=

wherewhere

7

, and let , and let denote the corresponding denote the corresponding eigenvalueseigenvaluesLet be the Let be the eigenketseigenkets of of

Observables (Cont.)Observables (Cont.)

What does our observer actually What does our observer actually observe ?observe ?

??????

iϕ OA

OA i i iaϕ ϕ=

ia, i.e., , i.e.,

CaveatCaveat:: We only consider observables whoseWe only consider observables whoseeigenketseigenkets form an orthonormal basis of form an orthonormal basis of H

Observables (Cont.)Observables (Cont.)

What does our observer observe ?What does our observer observe ?

??????

So with probability , the observer So with probability , the observer observes the observes the eigenvalueeigenvalue , and, and

The state of an The state of an nn--QubitQubit register can register can be written in the be written in the eigenketeigenket basis asbasis as

i iiα ϕΨ =∑

ia2

i ip α=

iϕ Whoosh !

Whoosh !

Measurement RevisitedMeasurement Revisited

InIn OutOut

jλ

jj

j

PPψ

ψψ ψ

=ψ

O

BlackBoxBlackBox

MacroWorldMacroWorld

QuantumQuantumWorldWorld

EigenvalueEigenvalueObservableObservable

Q. Sys.Q. Sys.StateState

Q. Sys.Q. Sys.StateState

Pr job Pψ ψ=

j jjPλ= ∑Owherewhere Spectral DecompositionSpectral Decomposition

PhysicalPhysicalRealityReality

PhilosopherPhilosopherTurfTurf

Important Feature ofImportant Feature ofQuantum MechanicsQuantum Mechanics

It is important to mention that:It is important to mention that:

We cannot completelyWe cannot completelycontrol the outcome of control the outcome of quantum measurementquantum measurement

MoreMoreDiracDirac

NotationNotation

More More DiracDirac NotationNotation

LetLet ( )H H* ,Hom=

Hilbert SpaceHilbert Spaceof morphismsof morphismsfrom tofrom toH

We call the elements of We call the elements of BraBra’’s, and s, and denote them asdenote them as

H*

label

8

More More DiracDirac NotationNotation

There is a There is a dualdual correspondencecorrespondence between and between and H* H

KetKetBraBra

There exists a bilinear mapThere exists a bilinear mapdefined bydefined by

which we more which we more simpysimpy denote by denote by

H H* × →( )( )1 2ψ ψ ∈

1 2|ψ ψ

†

ψ ψ↔KetKet Bra

Bra

BraBra--cc--KetKet

DiracDirac Notation (Cont.)Notation (Cont.)

•• Consider a Quantum System in the Consider a Quantum System in the state state

ψ KetKet

•• Suppose we measure many of these Suppose we measure many of these states with the observable states with the observable A

HermitianHermitianOperatorOperator

•• Then the average value of all these Then the average value of all these measurements measurements w.r.tw.r.t. . AA is:is:

( ) | |A A Aψ ψ ψ ψ= =

Avg.Avg.of Aof A

HeisenbergHeisenberg’’s Uncertainty Principles Uncertainty Principle

Otherwise, Otherwise, AA and and BB are are incompatibleincompatible..

DefinitionDefinition. Observables . Observables AA and and BB are are compatiblecompatible if if [ ], 0A B AB BA= − =

Let Let A A A∆ = −

HeisenbergHeisenberg’’s Uncertainty Principles Uncertainty Principle

( ) ( ) [ ] 22 2 1 ,4

A B A B∆ ∆ ≥

is the is the Standard DeviationStandard Deviation. It is . It is a measure a measure of the uncertaintyof the uncertainty of the observable of the observable AA ..( )2A∆

1=

CopyingMachine

OutIn

CloningCloningThe NoThe No-- TheoremTheorem

DieksDieks, , WoottersWootters, , ZurekZurek

An Example of An Example of HeisenbergHeisenberg’’ss

UncertaintyUncertaintyPrinciplePrinciple

Particle Particle vsvs Wave Picture of MatterWave Picture of MatterYoungYoung’’s 2s 2--slit Experimentslit Experiment

EE

BBLLOOCCKK

EE

EE EE

EE

9


EE

BBLLOOCCKK

EE

EE

EE

EE


An interference pattern appearsAn interference pattern appearsParticle Particle notnot observedobserved

But a wave observedBut a wave observed


Observe

Observe

What happens if we observe which ofWhat happens if we observe which ofthe two slits each electron passes ?the two slits each electron passes ?

The interference pattern disappears !! The interference pattern disappears !!

Wave Wave notnot observed;observed;But a particle is observed ! But a particle is observed !

Application of HeisenbergApplication of Heisenberg’’s s UncetaintyUncetainty PrinciplePrinciple

NoteNote:: XX and and PP are are incompatible observablesincompatible observables; for:; for:[ ], 0X P i= − ≠

1=ObservablesObservables

XX Position OperatorPosition Operator

PP Momentum OperatorMomentum Operator

Ergo, to know precisely which of the two slits the Ergo, to know precisely which of the two slits the electron passed through, forces the momentum to be electron passed through, forces the momentum to be uncertainuncertain

Therefore, by Therefore, by HeisenbergHeisenberg’’s Uncertainty Principles Uncertainty Principle::

( ) ( ) [ ]2 2 1 1,4 4

X P X P∆ ∆ ≥ =

UncertaintyUncertaintyin Positionin Position

UncertaintyUncertaintyin Momentumin Momentum

Alice DaydreamsAlice Daydreams

AliceAlice

How do I prevent How do I prevent Eve from Eve from

eavesdropping ???eavesdropping ???

How can I How can I outwit Eve outwit Eve

??????

? ? ? ? ? ?

? ? ? ?

? ?

Alice Has an IdeaAlice Has an Idea

AliceAlice

Idea:Idea: CouldnCouldn’’t I somehow t I somehow use Heisenberguse Heisenberg’’s s

Uncertainty Principle to Uncertainty Principle to detect Evedetect Eve’’s eavesdropping s eavesdropping

??????

But How ???But How ???

10

AliceAlice BobBob

What if I use the What if I use the thethe electron gun to send Bobelectron gun to send Boba message, i.e., an interference pattern ???a message, i.e., an interference pattern ???

AliceAlice

EveEve

Aha! Bob knows the evil Eve is listening in !!!Aha! Bob knows the evil Eve is listening in !!!

BobBob

What if the evil Eve tries to listen in ??? What if the evil Eve tries to listen in ???

Alice Invents the BB84 Alice Invents the BB84 Quantum Crypto ProtocolQuantum Crypto Protocol

BB84 = BennettBB84 = Bennett--BrasardBrasard 19841984

A Quantum Crypto System for the A Quantum Crypto System for the BB84 ProtocolBB84 Protocol

EveEve

TwoTwo--Way CommunicationWay Communication

OneOne--Way CommunicationWay Communication

PublicPublicChannelChannel

Second StageSecond Stage Second StageSecond Stage

QuantumQuantumChannelChannel

AliceAlice BobBob

First StageFirst Stage First StageFirst Stage

The Quantum ChannelThe Quantum Channel

•• Alice will communicate over the quantumAlice will communicate over the quantumchannel by sending channel by sending 00’’s and s and 11’’s, each encoded s, each encoded as a as a quantumquantum polarizationpolarization statestate of an of an individualindividualphotonphoton..

•• Reminder: We note that the Reminder: We note that the polarizationpolarizationstatestate of an of an individualindividual photonphoton is an element is an element

of a 2of a 2--D Hilbert space D Hilbert space HH ..ψ•• The slanted polarization states The slanted polarization states

also form a basis of also form a basis of HH which we will call the which we will call the obliqueoblique basis basis

andand

•• The vertical and horizontal polarization The vertical and horizontal polarization states states

form a basis of form a basis of HH which we will call the which we will call the vertical/horizontalvertical/horizontal ((V/HV/H) basis ) basis

↔andand

Two Bases of 2Two Bases of 2--D Hilbert Space HD Hilbert Space H

11

Quantum ChannelQuantum Channel Encoding ConventionsEncoding Conventions

•• For the For the V/HV/H basis , Alice & Bob agree to basis , Alice & Bob agree to communicate via the following communicate via the following quantum alphabetquantum alphabet

"1" =

"0" = ↔

•• For the For the obliqueoblique basis , Alice & Bob agree basis , Alice & Bob agree to communicate via the following to communicate via the following quantum alphabetquantum alphabet

"1" =

"0" =

Using HeisenbergUsing Heisenberg’’s Uncertainty Principles Uncertainty Principle

•• So Alice communicates to Bob by randomly So Alice communicates to Bob by randomly choosing between the two quantum alphabets choosing between the two quantum alphabets

and .and .

•• Because of HeisenbergBecause of Heisenberg’’s uncertainty principle, s uncertainty principle, Alice & Bob know that observations with respect Alice & Bob know that observations with respect to the basis are incompatible with to the basis are incompatible with observations with respect to the basis.observations with respect to the basis.

BB84: Eve BB84: Eve NotNot Present Present (No Noise is Assumed)(No Noise is Assumed)

AliceAlice

BobBob

↔ ↔

Raw KeyRaw Key

WW CC

0000 11 11 0000

1111

1111

000000 00

00

11111111 11000000 0000

WW WWWWCCCCCC CCCC

00

If Eve is eavesdropping, then she will create If Eve is eavesdropping, then she will create (because of Heisenberg(because of Heisenberg’’s uncertainty principle) an s uncertainty principle) an error rateerror rate between Alicebetween Alice’’s & Bobs & Bob’’s s RAW KEYRAW KEY. .

Thus, Alice and Bob can determine EveThus, Alice and Bob can determine Eve’’s presence by s presence by publicly comparing a small portion of their respective publicly comparing a small portion of their respective RAW RAW KEYKEYss. If there are errors, they know Eve is . If there are errors, they know Eve is present, discard their RAY present, discard their RAY KEYsKEYs, and start all over , and start all over again. If there are no errors, they will then again. If there are no errors, they will then discard the discard the publicallypublically disclosed portion. Then the disclosed portion. Then the undisclosed portion of their RAW undisclosed portion of their RAW KEYsKEYs agree, and is agree, and is now an uncompromised secret now an uncompromised secret FINAL KEYFINAL KEY shared by shared by Alice and Bob. Alice and Bob.

BB84: Eve BB84: Eve IsIs Present Present (No Noise is Assumed)(No Noise is Assumed)

Second CommunicationSecond Communication22--WayWay

First CommunicationFirst Communication11--WayWay

AliceAlice BobBob

QuantumQuantumChannelChannel

Classical PublicClassical PublicChannelChannel

Topic:Topic: Which Observable Did You Use ?Which Observable Did You Use ?

50% of Bits Discarded50% of Bits DiscardedResultResult: : Raw KeyRaw Key

Public DiscussionPublic Discussion

SummarySummary

Their Their Raw KeysRaw Keys agreeagree if Eve not eavesdroppingif Eve not eavesdropping

What HappensWhat Happensifif

Eve Listens In ?Eve Listens In ?

12


AliceAlice

BobBob

--------BobBob’’ss

Raw KeyRaw Key 1111 111100 00

↔ ↔

11111111 11000000 0000

EveEve

1100 11 11 00111111 00 00

1100 11 11 00001111 11 00

-------- 1111 000000 00AliceAlice’’ssRaw KeyRaw Key

Choosing Quantum AlphabetsChoosing Quantum Alphabets

EveEve’’ssChoiceChoice

ProbProb=1/2=1/2

ProbProb=1/2=1/2

BobBob’’ssChoiceChoice

ProbProb=1/2=1/2

ProbProb=1/2=1/2

ProbProb=1/2=1/2

ProbProb=1/2=1/2

Raw KeyRaw Key

Raw KeyRaw Key

Raw KeyRaw Key

Raw KeyRaw Key

AliceAlice’’ssChoiceChoice

ProbProb=1/2=1/2

100%100%

100%100%

50%50%

50%50%


Hence, Hence, if Eve eavesdropsif Eve eavesdrops, then Alice , then Alice & Bob& Bob’’s Raw Keys s Raw Keys disagreedisagree by 25%.by 25%.

The BB84 Protocol Step by StepThe BB84 Protocol Step by StepNo NoiseNo Noise

•• Over the quantum channel, Alice sends her message to Bob, Over the quantum channel, Alice sends her message to Bob, randomly choosing between the quantum alphabetsrandomly choosing between the quantum alphabets

•• Over the public channel, Bob communicates to Alice which Over the public channel, Bob communicates to Alice which quantum alphabets he used for each measurement.quantum alphabets he used for each measurement.

•• Over the public channel, Alice responds by telling Bob which Over the public channel, Alice responds by telling Bob which of his measurements were made with the correct alphabet.of his measurements were made with the correct alphabet.

•• Alice & Bob then delete all bits for which they used Alice & Bob then delete all bits for which they used incompatible quantum alphabets to produce their resulting incompatible quantum alphabets to produce their resulting RAW RAW KEYKEYss..

•• If Eve has not eavesdropped, their If Eve has not eavesdropped, their theirtheir two two RAW RAW KEYKEYsswill be the same.will be the same.

The BB84 Protocol Step by Step (Cont.)The BB84 Protocol Step by Step (Cont.)No NoiseNo Noise

•• Over the public channel, Alice & Bob compare small portions Over the public channel, Alice & Bob compare small portions of their of their RAW RAW KEYKEYss, and then delete the disclosed bits from , and then delete the disclosed bits from their RAW Key to produce their their RAW Key to produce their FINAL KEYFINAL KEY..

•• If Alice & Bob find through their public disclosure that no If Alice & Bob find through their public disclosure that no errors were revealed, then they know Eve was not present, errors were revealed, then they know Eve was not present, and now share a common and now share a common secretsecret FINAL KEYFINAL KEY..

The BB84 With NoiseThe BB84 With Noise

Raw Key is NoisyRaw Key is Noisy

•• Bob can not Bob can not distinquishdistinquish betweenbetween•• Error caused by NoiseError caused by Noise

•• Error caused by EveError caused by Eve

•• Bob adopts the working assumptionBob adopts the working assumption•• All errors caused by EveAll errors caused by Eve

•• Ergo, Eve has some portion of RAW KEYErgo, Eve has some portion of RAW KEY

13

Solution: Solution: PrivacyPrivacy AmplificationAmplification

PrivacyPrivacy AmplificationAmplification: Distilling a smaller : Distilling a smaller secret key from a larger partially secret secret key from a larger partially secret key.key.

Preamble to Privacy AmplificationPreamble to Privacy Amplification

•• Alice & Bob begin by permuting RAW KEY Alice & Bob begin by permuting RAW KEY with a with a publicallypublically disclosed random permutation.disclosed random permutation.

•• Alice & Bob publicly compare blocks of RAW KEY Alice & Bob publicly compare blocks of RAW KEY to estimate error rate to estimate error rate QQ..

•• Alice & Bob discard any portion of the RAW Alice & Bob discard any portion of the RAW KEY that has been publicly disclosed.KEY that has been publicly disclosed.

•• Privacy Amplification not Privacy Amplification not possible! Restart everything !possible! Restart everything !Q Threshold≥ ⇒

Privacy Amplification BeginsPrivacy Amplification Begins

If If Q < ThresholdQ < Threshold, then Privacy Amplification is , then Privacy Amplification is possiblepossible

•• Based on Based on QQ , Alice & Bob estimate that , Alice & Bob estimate that bits out of bits out of nn are known by Eve.are known by Eve.

k≤

•• Let Let s =s = a security parameter to be adjusted as a security parameter to be adjusted as required.required.

•• Alice & Bob compute the parities of Alice & Bob compute the parities of nn--kk--sspublicly chosen random subsets.publicly chosen random subsets.

•• Both Alice & Bob keep these parities secret. Both Alice & Bob keep these parities secret. These parities form the FINAL SECRET KEY.These parities form the FINAL SECRET KEY.

Change in Role for Change in Role for CrytanalystsCrytanalysts

•• Old Role: Crack ciphers !Old Role: Crack ciphers !

•• New Role: Detect eavesdroppers !New Role: Detect eavesdroppers !

Quantum Crypto ProtocolsQuantum Crypto Protocols

•• BB84BB84

•• B92B92

•• EPREPR

•• OthersOthers

The B92 The B92 PrtocolPrtocol

•• Uses 2Uses 2--D Hilbert space D Hilbert space HH for for polarized photonspolarized photons

•• Use only one Quantum AlphabetUse only one Quantum Alphabet

( )| sin 2θ=

where where 0 / 2θ π< <0 =

1 =θ

14

Measurement: POVMMeasurement: POVM

11 |

A−

=+

11 |

A−

=+

? 1A A A= − −

NonNon--CommutingCommutingObservablesObservables

Binary Erasure Binary Erasure ChanelChanel (BEC)(BEC)

•• There are eavesdropping strategies that do modify There are eavesdropping strategies that do modify inconclusive results (i.e., % of erasures).inconclusive results (i.e., % of erasures).

•• There are eavesdropping strategies which do not.There are eavesdropping strategies which do not.

0 =

1 =

p

rp

r ??

( ) 0| sin 2r Rθ= = =

| | | |p A A= =

Eavesdropping StrategiesEavesdropping Strategies

•• Opaque eavesdroppingOpaque eavesdropping

•• Translucent eavesdropping without Translucent eavesdropping without entanglemententanglement

•• Translucent eavesdropping with Translucent eavesdropping with entanglemententanglement

•• Lie low eavesdropping strategiesLie low eavesdropping strategies

•• Other eavesdropping strategies ?Other eavesdropping strategies ?

Opaque EavesdroppingOpaque Eavesdropping

Eve intercepts AliceEve intercepts Alice’’s message, and s message, and then masquerades as Alice by sending then masquerades as Alice by sending on her received message to Bobon her received message to Bob

Translucent Eavesdropping Without EntanglementTranslucent Eavesdropping Without Entanglement

Eve makes the information carrier interact Eve makes the information carrier interact unitarily with her probe, and then lets it unitarily with her probe, and then lets it proceed on to Bob in a slightly modified stateproceed on to Bob in a slightly modified state

0 0'ψ ψ +⇒

1 1'ψ ψ −⇒

where denotes the state of the where denotes the state of the probe.probe.

ψ

Translucent Eavesdropping With EntanglementTranslucent Eavesdropping With Entanglement

To increase her information, Eve may attempt To increase her information, Eve may attempt to entangle the state of her probe and the to entangle the state of her probe and the carrier that she is resending:carrier that she is resending:

0 0' 1'ψ α ψ β ψ+ −⇒ +

1 1' 0'ψ β ψ α ψ− +⇒ +

where denotes the state of the where denotes the state of the probe.probe.

ψ

15

Optical ImplementationsOptical Implementations

•• Over 100 kilometers of fiber Over 100 kilometers of fiber optic cableoptic cable

•• Over 2 kilometers of free spaceOver 2 kilometers of free space

•• There are many There are many testbedtestbed implementations implementations both in USA and the EUboth in USA and the EU

Next ???Next ???

•• Earth/Satellite CommunicationEarth/Satellite Communication

•• Single photon sourcesSingle photon sources

DifficultiesDifficulties

•• MultiMulti--User Quantum Crypto ProtocolsUser Quantum Crypto Protocols

•• A more rigorous mathematical proof that A more rigorous mathematical proof that quantum crypto protocols are impervious to quantum crypto protocols are impervious to all possible eavesdropping strategies.all possible eavesdropping strategies. The EndThe End

Lomonaco, Samuel J., Jr., Lomonaco, Samuel J., Jr., An Entangled Tale An Entangled Tale of Quantum Entanglementof Quantum Entanglement, in AMS PSAPM/58, , in AMS PSAPM/58, (2002), pages 305 (2002), pages 305 –– 349.349.

Quantum Computation and InformationQuantum Computation and Information,, Samuel J. Samuel J. Lomonaco, Jr. and Howard E. BrandtLomonaco, Jr. and Howard E. Brandt (editors),(editors), AMS AMS CONM/305, (2002). CONM/305, (2002).

16

Other PowerPoint Talks to Be Found atOther PowerPoint Talks to Be Found athttp://http://www.csee.umbc.edu/~lomonacowww.csee.umbc.edu/~lomonaco

•• A Rosetta Stone for Quantum ComputationA Rosetta Stone for Quantum Computation

•• Three Quantum AlgorithmsThree Quantum Algorithms

•• Quantum Hidden Subgroup AlgorithmsQuantum Hidden Subgroup Algorithms

•• An Entangled Tale of Quantum EntanglementAn Entangled Tale of Quantum Entanglement

ElementaryElementary

AdvancedAdvanced

quantum cryptography - inspiring innovationlomonaco/slides/qcryptohandout.pdf · quantum...

Documents