quantum cryptography - tu wien
TRANSCRIPT
History & ReferencesProtocols
Secrecy protection principlesRealizations
Quantum Cryptographyhttp://tph.tuwien.ac.at/˜svozil/publ/2005-qcrypt-pres.pdf
Karl Svozil
Institut fur Theoretische Physik, University of Technology Vienna,Wiedner Hauptstraße 8-10/136, A-1040 Vienna, Austria
16. 3. 2005
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
ReferencesHistory
References
WIE83 Stephen Wiesner, “Conjugate coding,” Sigact News, 15,78-88 (1983) [manuscript written circa 1970]
BBBSS92 Charles H. Bennett and F. Bessette and G. Brassard and L.Salvail and J. Smolin, “Experimental QuantumCryptography,” Journal of Cryptology, 5, 3-28 (1992)
I Charles H. Bennett and Gilles Brassard and Artur K. Ekert,“Quantum Cryptography,” Scientific American, 267, 50-57(1992)
GRTZ02 Nicolas Gisin, Gregoire Ribordy, Wolfgang Tittel, and HugoZbinden, “Quantum cryptography,” Rev. Mod. Phys. 74,145-195 (2002) http://link.aps.org/abstract/RMP/v74/p145
I David Mermin, “Lecture Notes on Quantum Computation,”[Cornell University, Physics 481-681, CS 483; Spring, 2005]http://people.ccmr.cornell.edu/˜mermin/qcomp/chap6.pdf
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
ReferencesHistory
History
1970 Stephen Wiesner, “Conjugate coding:” noisy transmission oftwo or more “complementary messages” by using singlephotons in two or more complementary polarizationdirections/bases.
1984 BB84 Protocol: key growing via quantum channel &additional classical bidirectional communication channel
1991 EPR-Ekert protocol: maximally entangled state, threecomplementary polarization directions; additional securityconfirmation by violation of Bell-type inequality through datawhich cannot be directly used for coding
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Wiesner’s conjugate coding schemeBB84 ProtocolEPR-Ekert protocolInterferometric protocols
Wiesner’s conjugate coding scheme
from [WIE83](ca. 1970)Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Wiesner’s conjugate coding schemeBB84 ProtocolEPR-Ekert protocolInterferometric protocols
BB84 Protocol
from [BBBSS92]
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Wiesner’s conjugate coding schemeBB84 ProtocolEPR-Ekert protocolInterferometric protocols
EPR-Ekert protocol
Parametrization of |ψ〉 = x |+〉+ y |−〉 by two angles 0 ≤ θ ≤ π(azimutal) and 0 ≤ ϕ ≤ 2π.Let the expectation value measured by a pair of particles along thedirections ai and bj beE (ai , bj) = P++(ai , bj) + P−−(ai , bj)− P+−(ai , bj)− P−+(ai , bj).Consider the Clauser-Horne-Shimony-Halt (CHSH) termS = E (a1, b1)− E (a1, b3) + E (a3, b1) + E (a3, b3).With the six measurement directions corresponding to ϕ = 0 (forall six), and θa
1 = 0, θa2 = π/4, θa
3 = π/2, θb1 = π/4, θb
2 = π/2, andθb3 = 3π/4 (three per side), S = −2
√2 is maximally violated by
the Tsirelson bound.Constant monitoring of S certifies the absence of aneavesdropper.
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Wiesner’s conjugate coding schemeBB84 ProtocolEPR-Ekert protocolInterferometric protocols
Interferometric protocols
from [GRTZ02]Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Single particle eventsComplementarityNo-cloning (no-copy) theoremMan-in-the-middle attack
Single particle production, manipulation & detection
It is essential to use single particle states, otherwise “Eve” couldeavesdrop on the extra particles.
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Single particle eventsComplementarityNo-cloning (no-copy) theoremMan-in-the-middle attack
Complementarity
Eavesdropping randomizes the state transmitted from Alice to Bob.
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Single particle eventsComplementarityNo-cloning (no-copy) theoremMan-in-the-middle attack
No-cloning (no-copy) theorem
I Ideally, a perfect Qcopy device A, acting upon an arbitrarystate ψ and some arbitrary blank state b, would do this:
ψ ⊗ |b〉 ⊗ |Ai 〉 −→ ψ ⊗ ψ ⊗ |Af 〉.I Suppose it would copy the two “quasi-classical” state “+”
and “−” accordingly:
|+, b,Ai 〉 −→ |+,+,Af 〉, |−, b,Ai 〉 −→ |−,−,Af 〉.I By the linearity of quantum mechanics, the state
1√2(|+〉+ |−〉) is copied according to
1√2(|+〉+ |−〉)⊗ |b,Ai 〉 −→
1√2(|+,+,Af 〉+ |−,−,Af 〉)
6= 1√2(|+〉+ |−〉)⊗ 1√
2(|+〉+ |−〉)⊗ |Ai 〉.
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Single particle eventsComplementarityNo-cloning (no-copy) theoremMan-in-the-middle attack
Man-in-the-middle attack using both the classical &quantum channels
iiicq iiicqbox-in-the-middle
fake “Bob” fake “Alice”
Eve
BobAlice
copy ormisinform
from http://arxiv.org/abs/quant-ph/0501062
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Single particle eventsComplementarityNo-cloning (no-copy) theoremMan-in-the-middle attack
Man-in-the-middle attack using both the classical &quantum channels
I Compare: “Standard quantum key distribution protocols are provablysecure against eavesdropping attacks, if quantum theory is correct.”(from http://arxiv.org/abs/quant-ph/0405101).
I To: “The need for the public (non-quantum) channel in this schemeto be immune to active eavesdropping can be relaxed if the Alice andBob have agreed beforehand on a small secret [[classicalcryptographic]] key,..”(from BB84: C. H. Bennett and G. Brassard, inProceedings of the IEEE International Conference on Computers,Systems, and Signal Processing, Bangalore, India (IEEE ComputerSociety Press, 1984), pp. 175-179.)
I “In accordance with our general philosophy that QKD forms a partof an overall cryptographic architecture, and not an entirely novelarchitecture of its own, the DARPA Quantum Network currentlyemploys the standardized authentication mechanisms built into theInternet security architecture (IPsec), and in particular thoseprovided by the Internet Key Exchange (IKE) protocol.” (fromhttp://arxiv.org/abs/quant-ph/0503058)
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Techniques & gadgets1989 IBM Yorktown Heights1993 Lake Geneva & 2004 Vienna2003-present DARPA Network Boston
Techniques & gadgets
I Photon sources: faint laser pulses, photon pairs generated byparametric downconversion, photon guns, . . .
I Quantum channels: single-mode fibers, free-space links, . . .
I Single-photon detection: photon counters, . . .
I (Quantum) Random number generators: calcite prism, . . .
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Techniques & gadgets1989 IBM Yorktown Heights1993 Lake Geneva & 2004 Vienna2003-present DARPA Network Boston
1989 IBM Yorktown Heights
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Techniques & gadgets1989 IBM Yorktown Heights1993 Lake Geneva & 2004 Vienna2003-present DARPA Network Boston
1993 Lake Geneva
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Techniques & gadgets1989 IBM Yorktown Heights1993 Lake Geneva & 2004 Vienna2003-present DARPA Network Boston
2004 Vienna
Karl Svozil Quantum Cryptography
History & ReferencesProtocols
Secrecy protection principlesRealizations
Techniques & gadgets1989 IBM Yorktown Heights1993 Lake Geneva & 2004 Vienna2003-present DARPA Network Boston
2003-present DARPA Network Boston
Karl Svozil Quantum Cryptography