Quantum Cryptography Quantum Cryptography Quantum Quantum Crypto - - PDF document

SLIDE 1

1

Quantum Quantum Crypto ?? Crypto ?? Cani Cani

Quantum Cryptography Quantum Cryptography

Samuel J. Lomonaco, Jr. Samuel J. Lomonaco, Jr.

• Dept. of Comp.
• Dept. of Comp. Sci
• Sci. & Electrical Engineering

. & Electrical Engineering University of Maryland Baltimore County University of Maryland Baltimore County Baltimore, MD 21250 Baltimore, MD 21250 Email: Email: Lomonaco@UMBC.EDU Lomonaco@UMBC.EDU WebPage WebPage: : http:// http://www.csee.umbc.edu/~lomonaco www.csee.umbc.edu/~lomonaco

How Alice Outwits Eve How Alice Outwits Eve

• r
• r

L L-

• O

O-

• O

O-

• P

P

• The Defense Advance Research Projects

Agency (DARPA) & Air Force Research Laboratory (AFRL), Air Force Materiel Command, USAF Agreement Number F30602-01-2-0522.

• The National Institute for Standards

and Technology (NIST)

• The Mathematical Sciences Research

Institute (MSRI).

• The L-O-O-P Fund.
• The Institute of Scientific Interchange

L L-

• O

O-

• O

O-

• P

P

This work is supported by: This work is supported by: Introducing Alice Introducing Alice & Bob & Bob

Sender Sender Receiver Receiver Eavesdropper Eavesdropper Alice Alice Bob Bob Eve Eve

Bah ! Bah ! Humbug ! Humbug !

Throb Throb !

!

Introducing Alice Introducing Alice & Bob & Bob

Sender Sender Receiver Receiver Eavesdropper Eavesdropper Alice Alice Bob Bob Eve Eve

Bah ! Bah ! Humbug ! Humbug !

Throb Throb !

!

Roberto Roberto Pia Pia

Spia Spia

Quantum cryptography provides a new Quantum cryptography provides a new mechanism enabling the parties mechanism enabling the parties communicating with one another to: communicating with one another to: Consequently, it provides a means of Consequently, it provides a means of determining when an encrypted determining when an encrypted communication has been compromised. communication has been compromised.

Key Idea Key Idea

Automatically detect eavesdropping Automatically detect eavesdropping. .

SLIDE 2

2

The Dilemma The Dilemma

Alice Alice How do I prevent How do I prevent Eve from Eve from eavesdropping ??? eavesdropping ??? How can I How can I

• utwit Eve
• utwit Eve

??? ???

? ? ? ? ? ? ? ? ? ? ? ?

Alice Takes a Cryptography Course Alice Takes a Cryptography Course

Alice Alice

The The Classical Classical World World

Classical Classical Shannon Shannon Bit Bit 0 or 1 Decisive Individual

Copying Copying Machine Machine

In In Out Out

Classical Classical Bits Bits Can Can Be Be Copied Copied

Cryptographic Cryptographic Systems Systems

SLIDE 3

3

A Classical Cryptographic Communication System A Classical Cryptographic Communication System

Insecure Insecure Channel Channel P = Plaintext P = Plaintext C = C = Ciphertext Ciphertext Transmitter Transmitter Alice Alice Receiver Receiver Bob Bob Eavesdropper Eavesdropper Eve Eve P = Plaintext P = Plaintext

Secure Secure

Channel Channel Info Info Source Source Encrypter Encrypter Decrypter Decrypter Info Info Sink Sink

Key Key

Catch 22 Catch 22

There are perfectly good ways to There are perfectly good ways to communicate in secret communicate in secret provided provided we can already communicate in we can already communicate in secret secret … …

Il cane Il cane che che si si morde morde la coda la coda Classical Crypto Systems Classical Crypto Systems

CHECK LIST CHECK LIST

• Eavesdropping Detection ?

Eavesdropping Detection ?

• Authentication ?

Authentication ?

• Catch 22 Solved ?

Catch 22 Solved ? NO NO NO NO NO NO

Types of Communication Security Types of Communication Security

• Practical

Practical Secrec Secrecy y (Circa 106 BC) (Circa 106 BC) Ciphertext Ciphertext breakable after breakable after x x years years Examples Examples: : Data Encryption Standard (DES), Data Encryption Standard (DES), Advanced Data Encryption Standard (AES) Advanced Data Encryption Standard (AES)

• Perfect

Perfect Security Security (Shannon, 1949) (Shannon, 1949) Ciphertext Ciphertext C C without key gives no without key gives no information about plaintext information about plaintext P P

( ) ( ) ( )

Prob P|C Prob P =

An Example of Perfect Security An Example of Perfect Security

The The Vernam Vernam Cipher Cipher, a.k.a., , a.k.a., the One the One-

• Time

Time-

• Pad

Pad Consider a random sequence of bits Consider a random sequence of bits

1 2 n

Key K K K K = = = =

• Encrypting algorithm

Encrypting algorithm

mod 2

i i i

C P K = + = +

0110 0101 1101 1010 1110 0100 1100 1011 1001 P K C = = ⊕ = ⊕ =

• Perfectly secure if key

Perfectly secure if key K K is unknown is unknown

• Easy to decode with

Easy to decode with Key = K Key = K

Difficulties Difficulties

• PROBLEM: Long random bit sequences

PROBLEM: Long random bit sequences must be sent over a secure channel must be sent over a secure channel

• CATCH 22: There are perfectly good ways

CATCH 22: There are perfectly good ways to communicate in secret provided we can to communicate in secret provided we can communicate in secret communicate in secret … …

• KEY PROBLEM in CRYPTOGRAPHY:

KEY PROBLEM in CRYPTOGRAPHY: We need some way to securely We need some way to securely communicate key communicate key

SLIDE 4

4

Objective of All Crypto Systems: Objective of All Crypto Systems: Safety Safety

Old Idea: Old Idea:

Unconditional Security Unconditional Security The crypto system can resist any The crypto system can resist any cryptanalitic cryptanalitic attack no matter attack no matter how much computation is involved. how much computation is involved. The crypto system is The crypto system is unbreakable unbreakable because of the computational cost of because of the computational cost of cryptanalysis cryptanalysis, but would succumb to , but would succumb to an attack with unlimited computation. an attack with unlimited computation.

New Idea: New Idea:

Computational Computational Security

Security

Objective of All Crypto Systems: Objective of All Crypto Systems: Safety Safety Computational Security Computational Security

• Requires

Requires 10 1030

30 years to be broken on the

years to be broken on the fastest known computer fastest known computer For example, the crypto system: For example, the crypto system:

• Or, requires

Or, requires 10 10100

100 bits of memory to break

bits of memory to break

• Or, requires

Or, requires 10 1030

30 euros to break

euros to break System computationally safe implies safe for System computationally safe implies safe for all practical purposes all practical purposes Idea comes from a field in computer science called Idea comes from a field in computer science called Computational Complexity Computational Complexity. .

Computational Security Computational Security

( (Diffie Diffie-

• Hellman

Hellman, circa 1970) , circa 1970)

Public Phone Public Phone Directory Directory Transmitter Transmitter Alice Alice Receiver Receiver Bob Bob Eavesdropper Eavesdropper Eve Eve

C C

Encrypter Encrypter Info Info Source Source

P P

Decrypter Decrypter Info Info Sink Sink

P P Public Key Crypto Systems Public Key Crypto Systems … … Example: RSA Example: RSA C C C C

Insecure Insecure Channel Channel

E EB

B

D DB

B

Public Key Crypto Systems Public Key Crypto Systems

CHECK LIST CHECK LIST

• Eavesdropping Detection ?

Eavesdropping Detection ?

• Authentication ?

Authentication ?

• Catch 22 Solved ?

Catch 22 Solved ? Yes & No Yes & No Yes Yes No No

Alice Takes a Quantum Mechanics Course Alice Takes a Quantum Mechanics Course

Alice Alice

SLIDE 5

5

The The Quantum Quantum World World

Introducing the Quantum Bit Introducing the Quantum Bit …

… The

The Qubit Qubit

Look Here Look Here

Indecisive Indecisive Individual Individual

Can be both Can be both 0 & & 1 1 at the same time ! at the same time !

Quantum Representations of Quantum Representations of Qubits Qubits

Example Example 1 1. . A spin A spin-

• particle

particle

1 2

Spin Up Spin Up Spin Down Spin Down

1 1

Quantum Representations of Quantum Representations of Qubits Qubits

Example Example 2 2. . The polarization state of a photon The polarization state of a photon Vertical Vertical Polarization Polarization Horizontal Horizontal Polarization Polarization

1 = 0 = ↔ = ↔ H=

Where does a Where does a Qubit Qubit live ? live ?

Home

• Def. A Hilbert Space is a vector

space over together with an inner product such that

H

• H

H , : − − − − × →

The elements of will be called The elements of will be called kets kets, and , and will be denoted by will be denoted by label

H

1) &

1 2 1 2

, , , u u v u v u v + = + = +

1 2 1 2

, , , vu u v u vu + = + = +

2)

, , u v u v λ λ λ λ =

3)

, , u v v u

∗ =

4) Cauchy seq in ,

∀

1 2

, , u u … H H lim

n n

u

→∞ →∞

∈

A A Qubit Qubit is a is a quantum quantum system system whose whose state state is is represented by a represented by a Ket Ket lying in a 2 lying in a 2-

• D Hilbert

D Hilbert Space SpaceH

SLIDE 6

6

Superposition of States Superposition of States

A typical Qubit is ??? Indecisive

1

1 α α α α = + = +

where

2 2 1

1 α α α α + = + =

The above Qubit is in a Superposition Superposition of states and It is simultaneously both and !!!

1 1 “ “Collapse Collapse” ” of the Wave Function

• f the Wave Function

1

1 α α α α + = + =

Observer Qubit Whoosh !!!

i

Prob = |ai|2

Measurement Measurement

Connecting Connecting Quantum Village Quantum Village to the to the Classical World Classical World

Another Activity in Quantum Village: Another Activity in Quantum Village:

Measurement Measurement

Measurement Measurement

Group of Friendly Physicists Group of Friendly Physicists

Another Activity in Quantum Village: Another Activity in Quantum Village:

Measurement Measurement

Measurement Measurement

Group of Group of Angry

Angry Physicists

Physicists Observables Observables

What does our observer What does our observer actually observe ? actually observe ?

??? ???

Observables = Observables = Hermitian Hermitian Operators Operators

O

H H

A

→

O O

T A A

=

where where

SLIDE 7

7

, and let , and let denote the corresponding denote the corresponding eigenvalues eigenvalues Let be the Let be the eigenkets eigenkets of

• f

Observables (Cont.) Observables (Cont.) What does our observer actually What does our observer actually

• bserve ?
• bserve ?

??? ???

i

ϕ OA

OA

i i i

a ϕ ϕ ϕ ϕ =

i

a

, i.e., , i.e.,

Caveat Caveat: : We only consider observables whose We only consider observables whose eigenkets eigenkets form an orthonormal basis of form an orthonormal basis of

H

Observables (Cont.) Observables (Cont.) What does our observer observe ? What does our observer observe ?

??? ???

So with probability , the observer So with probability , the observer

• bserves the
• bserves the eigenvalue

eigenvalue , and , and The state of an The state of an n n-

• Qubit

Qubit register can register can be written in the be written in the eigenket eigenket basis as basis as

i i iα ϕ

Ψ = Ψ = ∑

i

a

2 i i

p α =

i

ϕ

W h

• s

h ! W h

• s

h !

Measurement Revisited Measurement Revisited In In Out Out

j

λ

j j j

P P ψ ψ ψ ψ ψ ψ =

ψ O

BlackBox BlackBox MacroWorld MacroWorld Quantum Quantum World World Eigenvalue Eigenvalue Observable Observable

• Q. Sys.
• Q. Sys.

State State

• Q. Sys.
• Q. Sys.

State State

P r

j

• b

P ψ ψ ψ ψ =

j j j

P λ = ∑

O

where where Spectral Decomposition Spectral Decomposition

Physical Physical Reality Reality Philosopher Philosopher Turf Turf

Important Feature of Important Feature of Quantum Mechanics Quantum Mechanics

It is important to mention that: It is important to mention that:

We cannot completely We cannot completely control the outcome of control the outcome of quantum measurement quantum measurement

More More Dirac Dirac Notation Notation

More More Dirac Dirac Notation Notation Let Let

( ) ( )

H H

*

, Hom =

• Hilbert Space

Hilbert Space

• f morphisms
• f morphisms

from to from to

H

• We call the elements of

We call the elements of Bra Bra’ ’s, and s, and denote them as denote them as

H*

label

SLIDE 8

8

More More Dirac Dirac Notation Notation

There is a There is a dual dual correspondence correspondence between and between and

H*

H

Ket Ket Bra Bra There exists a bilinear map There exists a bilinear map defined by defined by which we more which we more simpy simpy denote by denote by

H H

* ×

→ × →

( ) ( )( ) ( )

1 2

ψ ψ ψ ψ ∈

1 2

| ψ ψ ψ ψ

†

ψ ψ ψ ψ

↔

Ket Ket Bra Bra Bra Bra-

• c

c-

• Ket

Ket

Dirac Dirac Notation (Cont.) Notation (Cont.)

• Consider a Quantum System in the

Consider a Quantum System in the state state

ψ

Ket Ket

• Suppose we measure many of these

Suppose we measure many of these states with the observable states with the observable A

Hermitian Hermitian Operator Operator

• Then the average value of all these

Then the average value of all these measurements measurements w.r.t w.r.t. . A A is: is:

( ) ( )

| | A A A ψ ψ ψ ψ ψ ψ = = = =

Avg. Avg.

• f A
• f A

Heisenberg Heisenberg’ ’s Uncertainty Principle s Uncertainty Principle

Otherwise, Otherwise, A A and and B B are are incompatible incompatible. . Definition

• Definition. Observables

. Observables A A and and B B are are compatible compatible if if [

] [ ]

, A B AB BA = − = − =

Let Let

A A A ∆ = ∆ = −

Heisenberg Heisenberg’ ’s Uncertainty Principle s Uncertainty Principle

( ) ( ) ( ) ( ) [ ] [ ]

2 2 2

1 , 4 A B A B ∆ ∆ ∆ ∆ ≥

is the is the Standard Deviation Standard Deviation. It is . It is a measure a measure

• f the uncertainty
• f the uncertainty of the observable
• f the observable A

A . .

( ) ( )

2

A ∆

1 =

• Copying

Machine

Out In

Cloning Cloning The No The No-

• Theorem

Theorem Dieks Dieks, , Wootters Wootters, , Zurek Zurek

An Example of An Example of Heisenberg Heisenberg’ ’s s Uncertainty Uncertainty Principle Principle

Particle Particle vs vs Wave Picture of Matter Wave Picture of Matter Young Young’ ’s 2 s 2-

• slit Experiment

slit Experiment

E E

B B L L O O C C K K

E E E E E E E E

SLIDE 9

9

Particle Particle vs vs Wave Picture of Matter Wave Picture of Matter Young Young’ ’s 2 s 2-

• slit Experiment

slit Experiment

E E

B B L L O O C C K K

E E E E E E E E

Particle Particle vs vs Wave Picture of Matter Wave Picture of Matter Young Young’ ’s 2 s 2-

• slit Experiment

slit Experiment

An interference pattern appears An interference pattern appears Particle Particle not not observed

• bserved

But a wave observed But a wave observed

Particle Particle vs vs Wave Picture of Matter Wave Picture of Matter Young Young’ ’s 2 s 2-

• slit Experiment

slit Experiment

O b s e r v e O b s e r v e What happens if we observe which of What happens if we observe which of the two slits each electron passes ? the two slits each electron passes ?

The interference pattern disappears !! The interference pattern disappears !!

Wave Wave not not observed;

• bserved;

But a particle is observed ! But a particle is observed !

Application of Heisenberg Application of Heisenberg’ ’s s Uncetainty Uncetainty Principle Principle Note Note: : X X and and P P are are incompatible observables incompatible observables; for: ; for:

[ ] [ ]

, X P i = − = − ≠

1 =

• Observables

Observables X X Position Operator Position Operator P P Momentum Operator Momentum Operator

Ergo, to know precisely which of the two slits the Ergo, to know precisely which of the two slits the electron passed through, forces the momentum to be electron passed through, forces the momentum to be uncertain uncertain Therefore, by Therefore, by Heisenberg Heisenberg’ ’s Uncertainty Principle s Uncertainty Principle: :

( ) ( ) ( ) ( ) [ ] [ ]

2 2

1 1 , 4 4 X P X P ∆ ∆ ∆ ∆ ≥ =

Uncertainty Uncertainty in Position in Position Uncertainty Uncertainty in Momentum in Momentum

Alice Daydreams Alice Daydreams

Alice Alice How do I prevent How do I prevent Eve from Eve from eavesdropping ??? eavesdropping ??? How can I How can I

• utwit Eve
• utwit Eve

??? ???

? ? ? ? ? ? ? ? ? ? ? ?

Alice Has an Idea Alice Has an Idea

Alice Alice

Idea: Idea: Couldn Couldn’ ’t I somehow t I somehow use Heisenberg use Heisenberg’ ’s s Uncertainty Principle to Uncertainty Principle to detect Eve detect Eve’ ’s eavesdropping s eavesdropping ??? ???

But How ??? But How ???

SLIDE 10

10

Alice Alice Bob Bob What if I use the What if I use the the the electron gun to send Bob electron gun to send Bob a message, i.e., an interference pattern ??? a message, i.e., an interference pattern ??? Alice Alice Eve Eve

Aha! Bob knows the evil Eve is listening in !!! Aha! Bob knows the evil Eve is listening in !!!

Bob Bob What if the evil Eve tries to listen in ??? What if the evil Eve tries to listen in ???

Alice Invents the BB84 Alice Invents the BB84 Quantum Crypto Protocol Quantum Crypto Protocol

BB84 = Bennett BB84 = Bennett-

• Brasard

Brasard 1984 1984

A Quantum Crypto System for the A Quantum Crypto System for the BB84 Protocol BB84 Protocol

Eve Eve

Two Two-

• Way Communication

Way Communication One One-

• Way Communication

Way Communication

Public Public Channel Channel

Second Stage Second Stage Second Stage Second Stage

Quantum Quantum Channel Channel Alice Alice Bob Bob

First Stage First Stage First Stage First Stage

The Quantum Channel The Quantum Channel

• Alice will communicate over the quantum

Alice will communicate over the quantum channel by sending channel by sending 0 0’ ’s and s and 1 1’ ’s, each encoded s, each encoded as a as a quantum quantum polarization polarization state state of an

• f an individual

individual photon photon. .

• Reminder: We note that the

Reminder: We note that the polarization polarization state state of an

• f an individual

individual photon photon is an element is an element

• f a 2
• f a 2-
• D Hilbert space

D Hilbert space H H . .

ψ

• The slanted polarization states

The slanted polarization states also form a basis of also form a basis of H H which we will call the which we will call the

• blique
• blique basis

basis

• and

and

• The vertical and horizontal polarization

The vertical and horizontal polarization states states form a basis of form a basis of H H which we will call the which we will call the vertical/horizontal vertical/horizontal ( (V/H V/H) basis ) basis

• ↔

and and Two Bases of 2 Two Bases of 2-

• D Hilbert Space H

D Hilbert Space H

SLIDE 11

11

Quantum Channel Quantum Channel Encoding Conventions

Encoding Conventions

• For the

For the V/H V/H basis , Alice & Bob agree to basis , Alice & Bob agree to communicate via the following communicate via the following quantum alphabet quantum alphabet "1" = "0" = ↔ = ↔

• For the

For the oblique

• blique basis , Alice & Bob agree

basis , Alice & Bob agree to communicate via the following to communicate via the following quantum alphabet quantum alphabet "1" = "0" =

Using Heisenberg Using Heisenberg’ ’s Uncertainty Principle s Uncertainty Principle

• So Alice communicates to Bob by randomly

So Alice communicates to Bob by randomly choosing between the two quantum alphabets choosing between the two quantum alphabets and . and .

• Because of Heisenberg

Because of Heisenberg’ ’s uncertainty principle, s uncertainty principle, Alice & Bob know that observations with respect Alice & Bob know that observations with respect to the basis are incompatible with to the basis are incompatible with

• bservations with respect to the basis.
• bservations with respect to the basis.

BB84: Eve BB84: Eve Not Not Present Present (No Noise is Assumed) (No Noise is Assumed) Alice Alice Bob Bob ↔

• ↔

Raw Key Raw Key

W W C C

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

• 1

1 1 1

• W

W W W W W C C C C C C C C C C

If Eve is eavesdropping, then she will create If Eve is eavesdropping, then she will create (because of Heisenberg (because of Heisenberg’ ’s uncertainty principle) an s uncertainty principle) an error rate error rate between Alice between Alice’ ’s & Bob s & Bob’ ’s s RAW KEY RAW KEY. . Thus, Alice and Bob can determine Eve Thus, Alice and Bob can determine Eve’ ’s presence by s presence by publicly comparing a small portion of their respective publicly comparing a small portion of their respective RAW RAW KEY KEYs

• s. If there are errors, they know Eve is

. If there are errors, they know Eve is present, discard their RAY present, discard their RAY KEYs KEYs, and start all over , and start all over

• again. If there are no errors, they will then
• again. If there are no errors, they will then

discard the discard the publically publically disclosed portion. Then the disclosed portion. Then the undisclosed portion of their RAW undisclosed portion of their RAW KEYs KEYs agree, and is agree, and is now an uncompromised secret now an uncompromised secret FINAL KEY FINAL KEY shared by shared by Alice and Bob. Alice and Bob.

BB84: Eve BB84: Eve Is Is Present Present (No Noise is Assumed) (No Noise is Assumed)

Second Communication Second Communication 2 2-

• Way

Way First Communication First Communication 1 1-

• Way

Way

Alice Alice Bob Bob Quantum Quantum Channel Channel Classical Public Classical Public Channel Channel

Topic: Topic: Which Observable Did You Use ? Which Observable Did You Use ?

50% of Bits Discarded 50% of Bits Discarded Result Result: : Raw Key Raw Key

Public Discussion Public Discussion

Summary Summary Their Their Raw Keys Raw Keys agree agree if Eve not eavesdropping if Eve not eavesdropping

What Happens What Happens if if Eve Listens In ? Eve Listens In ?

SLIDE 12

12

BB84: Eve BB84: Eve Is Is Present Present (No Noise is Assumed) (No Noise is Assumed) Alice Alice Bob Bob

• Bob

Bob’ ’s s Raw Key Raw Key

1 1 1 1 1 1 1 1 ↔

• ↔

1 1 1 1 1 1

• 1

1 1 1

• Eve

Eve 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

• 1

1 1 1

Alice Alice’ ’s s Raw Key Raw Key

Choosing Quantum Alphabets Choosing Quantum Alphabets

Eve Eve’ ’s s Choice Choice

Prob Prob=1/2 =1/2 Prob Prob=1/2 =1/2

Bob Bob’ ’s s Choice Choice

Prob Prob=1/2 =1/2 Prob Prob=1/2 =1/2 Prob Prob=1/2 =1/2 Prob Prob=1/2 =1/2

Raw Key Raw Key Raw Key Raw Key Raw Key Raw Key Raw Key Raw Key Alice Alice’ ’s s Choice Choice

Prob Prob=1/2 =1/2

100% 100% 100% 100% 50% 50% 50% 50%

BB84: Eve BB84: Eve Is Is Present Present (No Noise is Assumed) (No Noise is Assumed) Hence, Hence, if Eve eavesdrops if Eve eavesdrops, then Alice , then Alice & Bob & Bob’ ’s Raw Keys s Raw Keys disagree disagree by 25%. by 25%.

The BB84 Protocol Step by Step The BB84 Protocol Step by Step

No Noise No Noise

• Over the quantum channel, Alice sends her message to Bob,

Over the quantum channel, Alice sends her message to Bob, randomly choosing between the quantum alphabets randomly choosing between the quantum alphabets

• Over the public channel, Bob communicates to Alice which

Over the public channel, Bob communicates to Alice which quantum alphabets he used for each measurement. quantum alphabets he used for each measurement.

• Over the public channel, Alice responds by telling Bob which

Over the public channel, Alice responds by telling Bob which

• f his measurements were made with the correct alphabet.
• f his measurements were made with the correct alphabet.
• Alice & Bob then delete all bits for which they used

Alice & Bob then delete all bits for which they used incompatible quantum alphabets to produce their resulting incompatible quantum alphabets to produce their resulting RAW RAW KEY KEYs s. .

• If Eve has not eavesdropped, their

If Eve has not eavesdropped, their their their two two RAW RAW KEY KEYs s will be the same. will be the same.

The BB84 Protocol Step by Step (Cont.) The BB84 Protocol Step by Step (Cont.)

No Noise No Noise

• Over the public channel, Alice & Bob compare small portions

Over the public channel, Alice & Bob compare small portions

• f their
• f their RAW

RAW KEY KEYs s, and then delete the disclosed bits from , and then delete the disclosed bits from their RAW Key to produce their their RAW Key to produce their FINAL KEY FINAL KEY. .

• If Alice & Bob find through their public disclosure that no

If Alice & Bob find through their public disclosure that no errors were revealed, then they know Eve was not present, errors were revealed, then they know Eve was not present, and now share a common and now share a common secret secret FINAL KEY FINAL KEY. .

The BB84 With Noise The BB84 With Noise

Raw Key is Noisy Raw Key is Noisy

• Bob can not

Bob can not distinquish distinquish between between

• Error caused by Noise

Error caused by Noise

• Error caused by Eve

Error caused by Eve

• Bob adopts the working assumption

Bob adopts the working assumption

• All errors caused by Eve

All errors caused by Eve

• Ergo, Eve has some portion of RAW KEY

Ergo, Eve has some portion of RAW KEY

SLIDE 13

13

Solution: Solution: Privacy Privacy Amplification Amplification

Privacy Privacy Amplification Amplification: Distilling a smaller : Distilling a smaller secret key from a larger partially secret secret key from a larger partially secret key. key.

Preamble to Privacy Amplification Preamble to Privacy Amplification

• Alice & Bob begin by permuting RAW KEY

Alice & Bob begin by permuting RAW KEY with a with a publically publically disclosed random permutation. disclosed random permutation.

• Alice & Bob publicly compare blocks of RAW KEY

Alice & Bob publicly compare blocks of RAW KEY to estimate error rate to estimate error rate Q Q. .

• Alice & Bob discard any portion of the RAW

Alice & Bob discard any portion of the RAW KEY that has been publicly disclosed. KEY that has been publicly disclosed.

• Privacy Amplification not

Privacy Amplification not possible! Restart everything ! possible! Restart everything !

Q Threshold ≥ ⇒

Privacy Amplification Begins Privacy Amplification Begins

If If Q < Threshold Q < Threshold, then Privacy Amplification is , then Privacy Amplification is possible possible

• Based on

Based on Q Q , Alice & Bob estimate that , Alice & Bob estimate that bits out of bits out of n n are known by Eve. are known by Eve.

k ≤

• Let

Let s = s = a security parameter to be adjusted as a security parameter to be adjusted as required. required.

• Alice & Bob compute the parities of

Alice & Bob compute the parities of n n-

• k

k-

• s

s publicly chosen random subsets. publicly chosen random subsets.

• Both Alice & Bob keep these parities secret.

Both Alice & Bob keep these parities secret. These parities form the FINAL SECRET KEY. These parities form the FINAL SECRET KEY.

Change in Role for Change in Role for Crytanalysts Crytanalysts

• Old Role: Crack ciphers !

Old Role: Crack ciphers !

• New Role: Detect eavesdroppers !

New Role: Detect eavesdroppers !

Quantum Crypto Protocols Quantum Crypto Protocols

• BB84

BB84

• B92

B92

• EPR

EPR

• Others

Others

The B92 The B92 Prtocol Prtocol

• Uses 2

Uses 2-

• D Hilbert space

D Hilbert space H H for for polarized photons polarized photons

• Use only one Quantum Alphabet

Use only one Quantum Alphabet

( ) ( )

| sin 2θ =

where where 0

/ 2 θ π θ π < < < <

0 = 1 =

θ

SLIDE 14

14

Measurement: POVM Measurement: POVM 1 1 | A − = + 1 1 | A − = +

?

1 A A A = − = − −

Non Non-

• Commuting

Commuting Observables Observables

Binary Erasure Binary Erasure Chanel Chanel (BEC) (BEC)

• There are eavesdropping strategies that do modify

There are eavesdropping strategies that do modify inconclusive results (i.e., % of erasures). inconclusive results (i.e., % of erasures).

• There are eavesdropping strategies which do not.

There are eavesdropping strategies which do not. 0 = 1 =

p

r

p

r

? ?

( ) ( )

| sin 2 r R θ = = = = = | | | | p A A = = = =

Eavesdropping Strategies Eavesdropping Strategies

• Opaque eavesdropping

Opaque eavesdropping

• Translucent eavesdropping without

Translucent eavesdropping without entanglement entanglement

• Translucent eavesdropping with

Translucent eavesdropping with entanglement entanglement

• Lie low eavesdropping strategies

Lie low eavesdropping strategies

• Other eavesdropping strategies ?

Other eavesdropping strategies ?

Opaque Eavesdropping Opaque Eavesdropping

Eve intercepts Alice Eve intercepts Alice’ ’s message, and s message, and then masquerades as Alice by sending then masquerades as Alice by sending

• n her received message to Bob
• n her received message to Bob

Translucent Eavesdropping Without Entanglement Translucent Eavesdropping Without Entanglement Eve makes the information carrier interact Eve makes the information carrier interact unitarily with her probe, and then lets it unitarily with her probe, and then lets it proceed on to Bob in a slightly modified state proceed on to Bob in a slightly modified state

0' ψ ψ ψ ψ + ⇒ 1 1' ψ ψ ψ ψ − ⇒

where denotes the state of the where denotes the state of the probe. probe.

ψ

Translucent Eavesdropping With Entanglement Translucent Eavesdropping With Entanglement To increase her information, Eve may attempt To increase her information, Eve may attempt to entangle the state of her probe and the to entangle the state of her probe and the carrier that she is resending: carrier that she is resending:

0' 1' ψ α ψ α ψ β ψ

+ − + −

⇒ + 1 1' 0' ψ β ψ β ψ α ψ

− + − +

⇒ +

where denotes the state of the where denotes the state of the probe. probe.

ψ

SLIDE 15

15

Optical Implementations Optical Implementations

• Over 100 kilometers of fiber

Over 100 kilometers of fiber

• ptic cable
• ptic cable
• Over 2 kilometers of free space

Over 2 kilometers of free space

• There are many

There are many testbed testbed implementations implementations both in USA and the EU both in USA and the EU

Next ??? Next ???

• Earth/Satellite Communication

Earth/Satellite Communication

• Single photon sources

Single photon sources

Difficulties Difficulties

• Multi

Multi-

• User Quantum Crypto Protocols

User Quantum Crypto Protocols

• A more rigorous mathematical proof that

A more rigorous mathematical proof that quantum crypto protocols are impervious to quantum crypto protocols are impervious to all possible eavesdropping strategies. all possible eavesdropping strategies.

The End The End

Lomonaco, Samuel J., Jr., Lomonaco, Samuel J., Jr., An Entangled Tale An Entangled Tale

• f Quantum Entanglement
• f Quantum Entanglement, in AMS PSAPM/58,

, in AMS PSAPM/58, (2002), pages 305 (2002), pages 305 – – 349. 349.

Quantum Computation and Information Quantum Computation and Information, , Samuel J. Samuel J. Lomonaco, Jr. and Howard E. Brandt Lomonaco, Jr. and Howard E. Brandt (editors), (editors), AMS AMS CONM/305, (2002). CONM/305, (2002).

SLIDE 16

16

Other PowerPoint Talks to Be Found at Other PowerPoint Talks to Be Found at http:// http://www.csee.umbc.edu/~lomonaco www.csee.umbc.edu/~lomonaco

• A Rosetta Stone for Quantum Computation

A Rosetta Stone for Quantum Computation

• Three Quantum Algorithms

Three Quantum Algorithms

• Quantum Hidden Subgroup Algorithms

Quantum Hidden Subgroup Algorithms

• An Entangled Tale of Quantum Entanglement

An Entangled Tale of Quantum Entanglement

Elementary Elementary Advanced Advanced