1 / 22

Quantum Cryptography

Quantum Cryptography. Qingqing Yuan. Outline. No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature. One Time Pad Encryption. Conventional cryptosystem: Alice and Bob share N random bits b 1 …b N Alice encrypt her message m 1 …m N b 1  m 1 ,…,b N  m N

zenia
Download Presentation

Quantum Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quantum Cryptography Qingqing Yuan

  2. Outline • No-Cloning Theorem • BB84 Cryptography Protocol • Quantum Digital Signature

  3. One Time Pad Encryption • Conventional cryptosystem: • Alice and Bob share N random bits b1…bN • Alice encrypt her message m1…mNb1m1,…,bNmN • Alice send the encrypted string to Bob • Bob decrypts the message: (mjbj)bj = mj • As long as b is unknown, this is secure • Can be passively monitored or copied

  4. Two Qubit Bases • Define the four qubit states: • {0,1}(rectilinear) and {+,-}(diagonal) form an orthogonal qubit state. • They are indistinguishable from each other.

  5. No-Cloning Theorem • |q = α|0+β|1 • To determine the amplitudes of an unknown qubit, need an unlimited copies • It is impossible to make a device that perfectly copies an unknown qubit. • Suppose there is a quantum process that implements: |q,_|q,q • Contradicts the unitary/linearity restriction of quantum physics

  6. Wiesner’s Quantum Money • A quantum bill contains a serial number N, and 20 random qubits from {0,1,+,-} • The Bank knows which string {0,1,+,-}20 is associated with which N • The Bank can check validity of a bill N by measuring the qubits in the proper 0/1 or +/- bases • A counterfeiter cannot copy the bill if he does not know the 20 bases

  7. Quantum Cryptography • In 1984 Bennett and Brassard describe how the quantum money idea with its basis {0,1} vs. {+,-} can be used in quantum key distribution protocol • Measuring a quantum system in general disturbs it and yields incomplete information about its state before the measurement

  8. Quantum Channel Alice Classical public channel Bob Eve BB84 Protocol (I) • Central Idea: Quantum Key Distribution (QKD) via the {0,1,+,-} states between Alice and Bob O(N) classical and quantum communication to establish N shared key bits

  9. Quantum Public & Classical Shared Key BB84 Protocol (II) • Alice sends 4N random qubits {0,1,+,-} to Bob • Bob measures each qubit randomly in 0/1 or +/- basis • Alice and Bob compare their 4N basis, and continue with 2N outcomes for which the same basis was used • Alice and Bob verify the measurement outcomes on random (size N) subset of the 2N bits • Remaining N outcomes function as the secrete key

  10. Security of BB84 • Without knowing the proper basis, Eve not possible to • Copy the qubits • Measure the qubits without disturbing • Any serious attempt by Eve will be detected when Alice and Bob perform “equality check”

  11. Quantum Coin Tossing Alice’s bit: 1 0 1 0 0 1 1 1 0 1 1 0 Alice’s basis: Diagonal Alice sends: - + - + + - - - + - - + Bob’s basis: R D D R D R D R D D R R Bob’s rect. table: 0 1 0 1 1 1 Bob’s Dia. table: 0 1 0 1 0 1 Bob guess: diagonal Alice reply: you win Alice sends original string to verify.

  12. Quantum Coin Tossing (Cont.) • Alice may cheat • Alice create EPR pair for each bit • She sends one member of the pair and stores the other • When Bob makes his guess, Alice measure her parts in the opposite basis

  13. Arguments Against QKD • QKD is not public key cryptography • Eve can sabotage the quantum channel to force Alice and Bob use classical channel • Expensive for long keys: Ω(N) qubits of communication for a key of size N

  14. Practical Feasibility of QKD • Only single qubits are involved • Simple state preparations and measurements • Commercial Availability • id Quantique: http://www.idquantique.com

  15. Outline • No-Cloning Theorem • BB84 Cryptography Protocol • Quantum Digital Signature

  16. Pros of Public Key Cryptography • High efficiency • Better key distribution and management • No danger that public key is compromised • Certificate authorities • New protocols • Digital signature

  17. Quantum One-way Function • Consider a map f: k fk. • k is the private key • fk is the public key • One-way function: For some maps f, it’s impossible (theoretically) to determine k, even given many copies of fk • we can give it to many people without revealing the private key k

  18. Digital Signature (Classical scheme) • Lamport 1979 • One-way function f(x) • Private key (k0, k1) • Public key (0,f(k0)), (1,f(k1)) • Sign a bit b: (b, kb)

  19. Quantum Scheme • Gottesman & Chuang 2001 • Private key (k0(i), k1(i))(i=1, ..., M) • Public key • To sign b, send (b, kb(1), kb(2), ..., kb(M)). • To verify, measure fkto check k = kb(i).

  20. Levels of Acceptance • Suppose s keys fail the equality test • If sc1M:  1-ACC: Message comes from Alice, other recipients will agree. • If c1M < s  c2M:  0-ACC: Message comes from Alice, other recipients mightdisagree. • If s > c2M:  REJ: Message might not come from Alice

  21. Reference • [BB84]: Bennett C. H. & Brassard G., “Quantum cryptography: Public key distribution and coin tossing” • Daniel Gottesman, Isaac Chuang, “Quantum Digital Signatures” • http://www.perimeterinstitute.ca/personal/dgottesman/Public-key.ppt

  22. Discussions…… Thank you!

More Related