quantum cryptography - tu wien

History & ReferencesProtocols

Secrecy protection principlesRealizations

Quantum Cryptographyhttp://tph.tuwien.ac.at/˜svozil/publ/2005-qcrypt-pres.pdf

Karl Svozil

Institut fur Theoretische Physik, University of Technology Vienna,Wiedner Hauptstraße 8-10/136, A-1040 Vienna, Austria

[email protected]

16. 3. 2005

Karl Svozil Quantum Cryptography



ReferencesHistory

References

WIE83 Stephen Wiesner, “Conjugate coding,” Sigact News, 15,78-88 (1983) [manuscript written circa 1970]

BBBSS92 Charles H. Bennett and F. Bessette and G. Brassard and L.Salvail and J. Smolin, “Experimental QuantumCryptography,” Journal of Cryptology, 5, 3-28 (1992)

I Charles H. Bennett and Gilles Brassard and Artur K. Ekert,“Quantum Cryptography,” Scientific American, 267, 50-57(1992)

GRTZ02 Nicolas Gisin, Gregoire Ribordy, Wolfgang Tittel, and HugoZbinden, “Quantum cryptography,” Rev. Mod. Phys. 74,145-195 (2002) http://link.aps.org/abstract/RMP/v74/p145

I David Mermin, “Lecture Notes on Quantum Computation,”[Cornell University, Physics 481-681, CS 483; Spring, 2005]http://people.ccmr.cornell.edu/˜mermin/qcomp/chap6.pdf




ReferencesHistory

History

1970 Stephen Wiesner, “Conjugate coding:” noisy transmission oftwo or more “complementary messages” by using singlephotons in two or more complementary polarizationdirections/bases.

1984 BB84 Protocol: key growing via quantum channel &additional classical bidirectional communication channel

1991 EPR-Ekert protocol: maximally entangled state, threecomplementary polarization directions; additional securityconfirmation by violation of Bell-type inequality through datawhich cannot be directly used for coding




Wiesner’s conjugate coding schemeBB84 ProtocolEPR-Ekert protocolInterferometric protocols

Wiesner’s conjugate coding scheme

from [WIE83](ca. 1970)Karl Svozil Quantum Cryptography




BB84 Protocol

from [BBBSS92]





EPR-Ekert protocol

Parametrization of |ψ〉 = x |+〉+ y |−〉 by two angles 0 ≤ θ ≤ π(azimutal) and 0 ≤ ϕ ≤ 2π.Let the expectation value measured by a pair of particles along thedirections ai and bj beE (ai , bj) = P++(ai , bj) + P−−(ai , bj)− P+−(ai , bj)− P−+(ai , bj).Consider the Clauser-Horne-Shimony-Halt (CHSH) termS = E (a1, b1)− E (a1, b3) + E (a3, b1) + E (a3, b3).With the six measurement directions corresponding to ϕ = 0 (forall six), and θa

1 = 0, θa2 = π/4, θa

3 = π/2, θb1 = π/4, θb

2 = π/2, andθb3 = 3π/4 (three per side), S = −2

√2 is maximally violated by

the Tsirelson bound.Constant monitoring of S certifies the absence of aneavesdropper.





Interferometric protocols

from [GRTZ02]Karl Svozil Quantum Cryptography



Single particle eventsComplementarityNo-cloning (no-copy) theoremMan-in-the-middle attack

Single particle production, manipulation & detection

It is essential to use single particle states, otherwise “Eve” couldeavesdrop on the extra particles.





Complementarity

Eavesdropping randomizes the state transmitted from Alice to Bob.





No-cloning (no-copy) theorem

I Ideally, a perfect Qcopy device A, acting upon an arbitrarystate ψ and some arbitrary blank state b, would do this:

ψ ⊗ |b〉 ⊗ |Ai 〉 −→ ψ ⊗ ψ ⊗ |Af 〉.I Suppose it would copy the two “quasi-classical” state “+”

and “−” accordingly:

|+, b,Ai 〉 −→ |+,+,Af 〉, |−, b,Ai 〉 −→ |−,−,Af 〉.I By the linearity of quantum mechanics, the state

1√2(|+〉+ |−〉) is copied according to

1√2(|+〉+ |−〉)⊗ |b,Ai 〉 −→

1√2(|+,+,Af 〉+ |−,−,Af 〉)

6= 1√2(|+〉+ |−〉)⊗ 1√

2(|+〉+ |−〉)⊗ |Ai 〉.





Man-in-the-middle attack using both the classical &quantum channels

iiicq iiicqbox-in-the-middle

fake “Bob” fake “Alice”

Eve

BobAlice

copy ormisinform

from http://arxiv.org/abs/quant-ph/0501062





Man-in-the-middle attack using both the classical &quantum channels

I Compare: “Standard quantum key distribution protocols are provablysecure against eavesdropping attacks, if quantum theory is correct.”(from http://arxiv.org/abs/quant-ph/0405101).

I To: “The need for the public (non-quantum) channel in this schemeto be immune to active eavesdropping can be relaxed if the Alice andBob have agreed beforehand on a small secret [[classicalcryptographic]] key,..”(from BB84: C. H. Bennett and G. Brassard, inProceedings of the IEEE International Conference on Computers,Systems, and Signal Processing, Bangalore, India (IEEE ComputerSociety Press, 1984), pp. 175-179.)

I “In accordance with our general philosophy that QKD forms a partof an overall cryptographic architecture, and not an entirely novelarchitecture of its own, the DARPA Quantum Network currentlyemploys the standardized authentication mechanisms built into theInternet security architecture (IPsec), and in particular thoseprovided by the Internet Key Exchange (IKE) protocol.” (fromhttp://arxiv.org/abs/quant-ph/0503058)




Techniques & gadgets1989 IBM Yorktown Heights1993 Lake Geneva & 2004 Vienna2003-present DARPA Network Boston

Techniques & gadgets

I Photon sources: faint laser pulses, photon pairs generated byparametric downconversion, photon guns, . . .

I Quantum channels: single-mode fibers, free-space links, . . .

I Single-photon detection: photon counters, . . .

I (Quantum) Random number generators: calcite prism, . . .





1989 IBM Yorktown Heights





1993 Lake Geneva





2004 Vienna





2003-present DARPA Network Boston





Thank you for your attention!


quantum cryptography - tu wien

Documents