Device Independent Quantum Key Distribution using Three-Party - - PowerPoint PPT Presentation

Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy

Jyotirmoy Basak, Arpita Maitra and Subhamoy Maitra Indian Statistical Institute & C R Rao AIMSCS

December 18, 2019

Device Independent Quantum Key Distribution using Three-Part

Quantum Cryptology: Motivation

The pioneering developments in the domain of Classical cryptography in 1970’s are:

Diffie-Hellman Key Exchange and RSA (Rivest-Shamir-Adleman) Public Key Cryptosystem. Elliptic Curve Cryptosystem is also extremely popular now.

Diffie-Hellman Key Exchange: based on Discrete Log Problem RSA (Rivest-Shamir-Adleman) Public Key Cryptosystem: based on factorization of a large number Security would be compromised in post quantum era due to the pioneering result of Shor (1994).

Device Independent Quantum Key Distribution using Three-Part

Solutions

Lattice based and Code based Cryptosystems:

Classical algorithms considerable Research not as efficient as RSA/ECC, may be used shortly in commercial domain in case quantum computers arrive

Alternative solution: Quantum Cryptography

Quantum Algorithms

Warrants the security against quantum adversary

Device Independent Quantum Key Distribution using Three-Part

Quantum Key Distribution (QKD): Basic Idea

Quantum Channel and Qubits Security proofs from Physics:

No-Cloning Perfect distinguishability is not possible for Non-Orthogonal States

Device Independent Quantum Key Distribution using Three-Part

Cloning: Possible in classical domain, not in quantum

Possible to copy a classical bit Not possible for an unknown quantum bit A result of quantum mechanics Stated by Wootters, Zurek, and Dieks in 1982

• W. K. Wootters and W. H. Zurek. A Single Quantum Cannot

be Cloned, Nature 299 (1982), pp. 802803.

• D. Dieks. Communication by EPR devices, Physics Letters A,
• vol. 92(6) (1982), pp. 271272.

Huge implications in quantum computing, quantum information, quantum cryptography and related fields.

Device Independent Quantum Key Distribution using Three-Part

Orthogonal quantum states: distinguishable

Possible to distinguish two orthogonal states only Given two orthogonal states {|ψ, |ψ⊥}, it is possible to distinguish them with certainty. For example, {|0, |1}; { 1 √ 2 (|0 + |1), 1 √ 2 (|0 − |1)} { 1 √ 2 (|0 + i|1), 1 √ 2 (|0 − i|1)}

Device Independent Quantum Key Distribution using Three-Part

Distinguishability of Nonorthogonal quantum states

Not possible to distinguish two nonorthogonal quantum states with certainty Given two nonorthogonal states {|ψ0, |ψ1}, it is not possible to distinguish them with probability 1. Example: it is given that the two states are |0, |0+|1

√ 2 , two

nonorthogonal states. Then it is not possible to exactly identify each one.

Device Independent Quantum Key Distribution using Three-Part

Quantum Key Exchange Protocol: BB84

Initiated by Charles Bennett and Gilles Brassard in 1979

• G. Brassard. Brief History of Quantum Cryptography: A Personal Perspective.

[quant-ph/0604072]

The paper was not getting accepted initially Finally published as “Quantum Cryptography: Public key distribution and coin tossing”, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984) Citation: more than 7500, Google Scholar A scheme for quantum key distribution scheme The first protocol in the area of quantum cryptography The basics of this protocol comes from the seminal concept by Wiesner.

• S. Wiesner. Conjugate Coding. Manuscript 1970, subsequently published in

SIGACT News 15:1, 78–88, 1983.

Device Independent Quantum Key Distribution using Three-Part

BB84: Basic Idea

To transmit 0 or 1 securely. Choose different bases: {|0, |1}; { 1 √ 2 (|0 + |1), 1 √ 2 (|0 − |1)} Take any basis. Encode 0 to one qubit and 1 to another qubit. If we use only a single basis, then anybody can measure in that basis, get the information and reproduce. Thus Alice needs to encode randomly with more than one bases. Bob will also measure in random basis. Basis will match in a proportion of cases and from that key will be prepared (after error correction, verification and privacy amplification).

Device Independent Quantum Key Distribution using Three-Part

Variants of BB84: The present trend

Quantum Key Distribution: usually based on three main assumptions:

validity of Quantum Mechanics assumption of no-information leakage from the honest parties’ laboratories fact that the honest parties have a sufficiently good knowledge

• f their devices

All the three assumptions are necessary for the security of standard protocols, such as BB84 and its variants. For example, Alice and Bob may unknowingly use multi-photon source in BB84. It causes Photon Number Splitting (PNS) attack. Removing the third assumption is the motivation towards Device Independent Quantum Key Distribution (DI-QKD).

Device Independent Quantum Key Distribution using Three-Part

Device Independent Quantum Key Distribution

A QKD protocol whose security can then be proven without making any assumptions on the devices. These protocols, that are named Device Independent, offer a stronger form of security since they require the minimal assumptions. Security comes from some input-output statistics of devices, for example testing Bell inequality or CHSH inequality (John Clauser, Michael Horne, Abner Shimony, and Richard Holt)

Device Independent Quantum Key Distribution using Three-Part

CHSH game

Two versions of the solution: Classical and Quantum Alice is given an input x and Bob is given an input y The rule of the game is that after receiving the input they can not communicate between themselves. Alice outputs a; Bob outputs b They win when a ⊕ b = x ∧ y Best classical strategy: Alice outputs 0, Bob outputs 0 (Same for 1), Probability of success: 0.75 Quantum Strategy outperforms Classical Strategy, Probability

• f success: 0.853, requires sharing of Maximally entangled

states between Alice and Bob

Device Independent Quantum Key Distribution using Three-Part

Fully Device Independent QKD

• U. Vazirani and T. Vidick, Fully device independent quantum

key distribution, Phys. Rev. Lett., 113, 140501, Published 29 September 2014. Exploiting quantum CHSH game, the authors proposed a new QKD protocol and proved its device-independent security with tolerance of a constant noise rate and guaranteed generation

• f a linear amount of key.

Device Independent Quantum Key Distribution using Three-Part

Multi Party Pseudo Telepathy

For any n ≥ 3, the game Gn consists of n players. The bit string x1 . . . xn contains even number of 1’s. Each player Ai receives a single input bit xi and is requested to produce an output bit yi. x1 . . . xn is the question and y1 . . . yn is the answer. The game Gn will be won by this team of n players if

n

• i=1

yi ≡ 1 2

n

• i=1

xi(mod 2). For winning collectively, if HW(x1 . . . xn) = 0 mod 4, (resp. 2 mod 4), then HW(y1 . . . yn) should be even (resp. odd)

Device Independent Quantum Key Distribution using Three-Part

Multi Party Pseudo Telepathy (Contd.)

No communication is allowed among the n participants after receiving the inputs and before producing the outputs. It has been proved that no classical strategy for the game Gn can be successful with a probability better than 1

2 + 2−⌈n/2⌉.

Quantum entanglement serves to eliminate the classical need to communicate and it is shown that there exists a perfect quantum protocol where the n parties will always win the game.

Device Independent Quantum Key Distribution using Three-Part

Pseudo Telepathy (the set up)

Define |Φ+

n =

1 √ 2 |0n + 1 √ 2 |1n and |Φ−

n =

1 √ 2 |0n − 1 √ 2 |1n. H denotes Hadamard transform. S denotes the unitary transformation S|0 → |0, S|1 → i|1. If S is applied to any two qubits of |Φ+

n leaving the other

qubits undisturbed then the resulting state is |Φ−

n and vice

versa.

Device Independent Quantum Key Distribution using Three-Part

Pseudo Telepathy (the set up, contd.)

If |Φ+

n is distributed among n players and if exactly m of

them apply S to their qubit, then the resulting global state will be |Φ+

n if m ≡ 0 mod 4 and |Φ− n if m ≡ 2 mod 4.

Note that (H⊗n)|Φ+

n =

1 √ 2n−1

• wt(y)≡0 mod 2

|y and (H⊗n)|Φ−

n =

1 √ 2n−1

• wt(y)≡1 mod 2

|y.

Device Independent Quantum Key Distribution using Three-Part

Pseudo Telepathy (the quantum algorithm)

The players are allowed to share a prior entanglement, the state |Φ+

n .

1 If xi = 1, Ai applies transformation S to his qubit; otherwise

he does nothing.

2 He applies H to his qubit. 3 He measures his qubit in order to obtain y. 4 He produces yi as his output.

The game Gn is always won by the n distributed parties without any communication among themselves.

Device Independent Quantum Key Distribution using Three-Part

Our protocol

We consider three party quantum Pseudo Telepathy The entangled states used are GHZ states of the form

|000+|111 √ 2

The first two particles are with Alice and the last one is shared with Bob through a public quantum channel where Eve has an access Alice and Bob randomly choose the inputs, xi ∈ {0, 1}, for their respective devices In this phase they do not communicate among themselves

Device Independent Quantum Key Distribution using Three-Part

Assumptions Required for Our Protocol

Alice possesses two black boxes denoted by DA

1 and DA 2

Bob has the remaining one denoted by DB

1

Each box can take an input xi ∈ {0, 1} and can output yi ∈ {0, 1} In each run i ∈ {1, · · · , n} of the protocol, Alice selects two random bits x1, x2 ∈ {0, 1} as input to her devices DA

1 and DA 2

respectively Bob selects a random bit x3 ∈ {0, 1} as input to his device DB

1

The devices obey the laws of quantum mechanics and they are specially isolated from each other and from any adversary. All the devices are memoryless, i.e., each use of the device is independent of its previous use.

Device Independent Quantum Key Distribution using Three-Part

Our Protocol (Contd.)

After getting the inputs, they perform respective operations based upon their input choices as mentioned in the multi-party pseudo-telepathy game After the corresponding operation, if the measurement result is |0, they output 0, and 1 otherwise After the measurement, Alice and Bob will discuss their respective input choices publicly and discard all the cases where the number of 1’s in the input string is odd They have to discard an expected n

2 number of inputs

Let the remaining set be A.

Device Independent Quantum Key Distribution using Three-Part

Our Protocol (Contd.)

Alice chooses a random subset of size γ|A| and shares it publicly with Bob, where 0 < γ < 1 They publicly discuss the inputs and the corresponding

• utputs for the states in γ|A| and check what fraction of

these inputs satisfy the multi-party pseudo telepathy (parity) condition If the success probability is less than 1 − η (where η is the amount of tolerable noise), then they abort the protocol Otherwise, they proceed further and generate shared secret key from the rest (1 − γ)|A| states In key generation phase, for the rest (1 − γ)|A| states, Alice computes (x1 ∨ x2) ⊕ y1 ⊕ y2 Bob outputs y3

Device Independent Quantum Key Distribution using Three-Part

Strategy for key generation

Input

Possible

• utput

Operation

Extracted key Alice (x1x2) Bob (x3) Alice (y1y2) Bob (y3) Alice (x1 ∨ x2) ⊕ y1 ⊕ y2 Bob (y3)

Alice Bob 00 00 (0 ∨ 0) ⊕ 0 ⊕ 0 = 0 11 (0 ∨ 0) ⊕ 1 ⊕ 1 = 0 01 1 (0 ∨ 0) ⊕ 0 ⊕ 1 = 1 1 1 1 10 1 (0 ∨ 0) ⊕ 1 ⊕ 0 = 1 1 1 1 11 10 (1 ∨ 1) ⊕ 1 ⊕ 0 = 0 01 (1 ∨ 1) ⊕ 0 ⊕ 1 = 0 00 1 (1 ∨ 1) ⊕ 0 ⊕ 0 = 1 1 1 1 11 1 (1 ∨ 1) ⊕ 1 ⊕ 1 = 1 1 1 1 01 1 10 (0 ∨ 1) ⊕ 1 ⊕ 0 = 0 01 (0 ∨ 1) ⊕ 0 ⊕ 1 = 0 00 1 (0 ∨ 1) ⊕ 0 ⊕ 0 = 1 1 1 1 11 1 (0 ∨ 1) ⊕ 1 ⊕ 1 = 1 1 1 1 10 1 10 (1 ∨ 0) ⊕ 1 ⊕ 0 = 0 01 (1 ∨ 0) ⊕ 0 ⊕ 1 = 0 00 1 (1 ∨ 0) ⊕ 0 ⊕ 0 = 1 1 1 1 11 1 (1 ∨ 0) ⊕ 1 ⊕ 1 = 1 1 1 1

Table: Strategy for key generation

Device Independent Quantum Key Distribution using Three-Part

Security Analysis

It can be shown that if the winning probability at Pseudo-telepathy phase will be 1 − η, where η is infinitesimal small quantity, the shared states are O(√η) close to perfect GHZ states From the monogamy relation of entanglement, it can also be shown that if the shared entangled states are ǫ close to perfect GHZ state, then Eve’s extracted key will be ǫ close to a random bit stream, i.e, 1 2||ρABE − Ik 2m ⊗ ρE|| ≤ ǫ, where, ρABE denotes the joint system shared by Alice, Bob and Eve and ρE denotes the marginal state on the system of the adversary

Device Independent Quantum Key Distribution using Three-Part

Advantages of this Protocol

We propose Device Independence (DI) Security We use lesser qubits compared to Vidick-Vazirani protocol Instead of the CHSH game, we use Multi-Party Pseudo-Telepathy (MPPT) for checking DI. This provides a success probability of 1 (compared to 0.85 in CHSH). Several bases are considered in VV-QKD as it uses the CHSH game for checking the DI, but the key is generated in a different basis In our approach, the MPPT game is only used to derive the raw secret key and thus no additional basis is required.

Device Independent Quantum Key Distribution using Three-Part

Caveat

We provide some ideas towards security of the protocol We do not claim a complete security proof covering all the aspects So far we did not identify any cryptanalytic results on our scheme We believe publication of this protocol will attract either further cryptanalytic efforts or theorems to explain formal security results Use of two devices in Alice’s end requires the assumption that those two devices must be purchased as independent equipments

Device Independent Quantum Key Distribution using Three-Part

Commercial QKD Equipments

Several commercial products are available in international market Quantum Key Distribution System (Q-Box). MagiQ Technologies Inc. http://www.magiqtech.com Company which provides quantum key distribution equipments, quantum random number generator, single photon counter etc. ID Quantique (IDQ). http://www.idquantique.com/ As far as we know, no equipment for DI-QKD is commercially available

Device Independent Quantum Key Distribution using Three-Part

Thank You

Device Independent Quantum Key Distribution using Three-Part