DOCSLIB.ORG

Attacking Quantum Key Distribution with Single-Photon Two-Qubit

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Attacking Quantum Key Distribution with Single-Photon Two-Qubit Attacking quantum key distribution with single-photon two-qubit quantum logic Jeffrey H. Shapiro∗ and Franco N. C. Wong Massachusetts Institute of Technology, Research Laboratory of Electronics, Cambridge, Massachusetts 02139 USA (Dated: September 14, 2018) The Fuchs-Peres-Brandt (FPB) probe realizes the most powerful individual attack on Bennett- Brassard 1984 quantum key distribution (BB84 QKD) by means of a single controlled-NOT (CNOT) gate. This paper describes a complete physical simulation of the FPB-probe attack on polarization- based BB84 QKD using a deterministic CNOT constructed from single-photon two-qubit quantum logic. Adding polarization-preserving quantum nondemolition measurements of photon number to this configuration converts the physical simulation into a true deterministic realization of the FPB attack. PACS numbers: 03.67.Dd, 03.67.Lx, 42.50.Dv, 42.40.Lm I. INTRODUCTION proaches have been discussed [4]. Our particular objec- tive will be to show that current technology permits phys- ical simulation of the Fuchs-Peres-Brandt (FPB) probe Bennett-Brassard 1984 quantum key distribution [5], i.e., the most powerful individual attack on single- (BB84 QKD) using single-photon polarization states photon BB84, and that developments underway in quan- works as follows [1]. In each time interval allotted for tum nondemolition (QND) detection may soon turn this a bit, Alice transmits a single photon in a randomly se- physical simulation into a full implementation of the at- lected polarization, chosen from horizontal (H), vertical tack. Thus we believe it is of interest to construct the (V ), +45◦, or 45◦, while Bob randomly chooses to de- physical simulation and put BB84’s security to the test: tect photons in− either the H/V or 45◦ bases. Bob dis- how much information can Eve really derive about the closes to Alice the sequence of bit intervals± and associated key that Alice and Bob have distilled while keeping Alice measurement bases for which he has detections. Alice and Bob oblivious to her presence. then informs Bob which detections occurred in bases co- incident with the ones that she used. These are the sift The remainder of this paper is organized as follows. events, i.e., bit intervals in which Bob has a detection and In Sec. II we review the FPB probe and its theoret- his count has occurred in the same basis that Alice used. ical performance. In Sec. III we describe a complete An error event is a sift event in which Bob decodes the physical simulation of this probe constructed from single- incorrect bit value. Alice and Bob employ a prescribed photon two-qubit (SPTQ) quantum logic. We conclude, set of operations to identify errors in their sifted bits, in Sec. IV, by showing how the addition of polarization- correct these errors, and apply sufficient privacy ampli- preserving QND measurements of photon number can fication to deny useful key information to any potential convert this physical simulation into a true determinis- eavesdropper (Eve). At the end of the full QKD pro- tic realization of the FPB attack on polarization-based cedure, Alice and Bob have a shared one-time pad with BB84. which they can communicate in complete security. In long-distance QKD systems, most of Alice’s pho- tons will go undetected, owing to propagation loss and II. THE FUCHS-PERES-BRANDT PROBE arXiv:quant-ph/0508051v2 22 Sep 2005 detector inefficiencies. Dark counts and, for atmospheric QKD systems, background counts can cause error events In an individual attack on single-photon BB84 QKD, in these systems, as can intrusion by Eve. Employing Eve probes Alice’s photons one at a time. In a collective an attenuated laser source, in lieu of a true single-photon attack, Eve’s measurements probe groups of Alice’s pho- source, further reduces QKD performance as such sources tons. Less is known about collective attacks [6], so we are typically run at less than one photon on average per will limit our consideration to individual attacks. Fuchs bit interval, and the occurrence of multi-photon events, and Peres [7] described the most general way in which although rare at low average photon number, opens up an individual attack could be performed. Eve supplies a additional vulnerability. Security proofs have been pub- probe photon and lets it interact with Alice’s photon in a lished for ideal BB84 [2], as have security analyses that unitary manner. Eve then sends Alice’s photon to Bob, incorporate a variety of non-idealities [3]. Our attention, and performs a probability operator-valued measurement however, will be directed toward attacking BB84 QKD, (POVM) on the probe photon she has retained. Slutsky as to our knowledge no such experiments have been per- et al. [8] demonstrated that the Fuchs-Peres construct— formed, although a variety of potentially practical ap- with the appropriate choice of probe state, interaction, and measurement—affords Eve the maximum amount of R´enyi information about the error-free sifted bits that Bob receives for a given level of disturbance, i.e., for a ∗Electronic address: [email protected] given probability that a sifted bit will be received in er- 2 |V i ror. Brandt [5] extended the Slutsky et al. treatment by |1i showing that the optimal probe could be realized with a ◦ 45 ◦ single CNOT gate. Figure 1 shows an abstract diagram of |− i |+45 i the resulting Fuchs-Peres-Brandt probe. In what follows we give a brief review of its structure and performance— |0i see [5] for a more detailed treatment—where, for simplic- ity, we assume ideal conditions in which Alice transmits |Hi a single photon per bit interval, there is no propagation loss and no extraneous (background) light collection, and both Eve and Bob have unity quantum efficiency pho- FIG. 2: (Color online) Computational basis for Eve’s CNOT todetectors with no dark counts. These ideal conditions gate referenced to the BB84 polarization states. imply there will not be any errors on sifted bits in the absence of eavesdropping; the case of more realistic con- CNOT’s input and the kets on the right-hand side de- ditions will be discussed briefly in Sec. IV. note the Bob Eve state of the control and target qubits at the CNOT’s⊗ output. Similarly, when Alice uses the Eve 45◦ basis, Eve’s CNOT gate has the following behav- Alice Bob ior,± ◦ ◦ ◦ +45 Tin +45 T+ + 45 TE (8) | ◦i| i −→ | ◦i| i |− ◦i| i 45 Tin 45 T− + +45 TE . (9) FIG. 1: (Color online) Block diagram of the Fuchs-Peres- |− i| i −→ |− i| i | i| i Brandt probe for attacking BB84 QKD. Suppose that Bob measures in the basis that Alice has employed and his outcome matches what Alice sent. In each bit interval Alice transmits, at random, a single Then Eve can learn their shared bit value, once Bob dis- photon in one of the four BB84 polarization states. Eve closes his measurement basis, by distinguishing between uses this photon as the control-qubit input to a CNOT the T+ and T− output states for her target qubit. Of gate whose computational basis—relative to the BB84 course,| i this knowledge| i comes at a cost: Eve has caused polarization states—is shown in Fig. 2, namely an error event whenever Alice and Bob choose a com- mon basis and her target qubit’s output state is TE . 0 cos(π/8) H + sin(π/8) V (1) | i | i ≡ | i | i To maximize the information she derives from this intru- 1 sin(π/8) H + cos(π/8) V , (2) sion, Eve applies the minimum error probability receiver | i ≡ − | i | i for distinguishing between the single-photon polarization in terms of the H/V basis. Eve supplies her own probe states T+ and T− . This is a projective measurement photon, as the target-qubit input to this CNOT gate, in | i | i onto the polarization basis d+ , d− , shown in Fig. 3 the state and given by {| i | i} T C + + S , (3) | ini≡ | i |−i + + d+ = | i |−i = 0 (10) where C = √1 2PE, S = √2PE, = ( 0 1 )/√2, | i √2 | i − |±i | i ± | i and 0 PE 1/2 will turn out to be the error prob- + ≤ ≤ d− = | i − |−i = 1 . (11) ability that Eve’s probe creates on Bob’s sifted bits [9]. | i √2 | i So, as PE increases from 0 to 1/2, Tin goes from + to . The (unnormalized) output states| i that may| occuri for|−i this target qubit are |T−i |d−i = |1i S |T+i T± C + (4) | i ≡ | i± √2|−i S E T . (5) d = 0 | i ≡ √2|−i | +i | i Here is how the FPB probe works. When Alice uses the H/V basis for her photon transmission, Eve’s CNOT gate effects the following transformation, FIG. 3: (Color online) Measurement basis for Eve’s minimum- error-probability discrimination between |T+i and |T−i. H T H T− + V TE (6) | i| ini −→ | i| i | i| i V Tin V T+ + H TE , (7) | i| i −→ | i| i | i| i Two straightforward calculations will now complete where the kets on the left-hand side denote the Al- our review of the FPB probe. First, we find the error ice Eve state of the control and target qubits at the probability that is created by Eve’s presence. Suppose ⊗ 3 Alice and Bob use the H/V basis and Alice has sent H . Alice and Bob will incur an error if the control target| i 1 ⊗ 0.9 output from Eve’s CNOT gate is V TE . The proba- | i| 2 i 0.8 bility that this occurs is TE TE = S /2 = PE.
Load more

Recommended publications
  • Security of Quantum Key Distribution with Entangled Qutrits
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by CERN Document Server Security of Quantum Key Distribution with Entangled Qutrits. Thomas Durt,1 Nicolas J. Cerf,2 Nicolas Gisin,3 and Marek Zukowski˙ 4 1 Toegepaste Natuurkunde en Fotonica, Theoeretische Natuurkunde, Vrije Universiteit Brussel, Pleinlaan 2, 1050 Brussels, Belgium 2 Ecole Polytechnique, CP 165, Universit´e Libre de Bruxelles, 1050 Brussels, Belgium 3 Group of Applied Physics - Optique, Universit´e de Gen`eve, 20 rue de l’Ecole de M´edecine, Gen`eve 4, Switzerland, 4Instytut Fizyki Teoretycznej i Astrofizyki Uniwersytet, Gda´nski, PL-80-952 Gda´nsk, Poland July 2002 Abstract The study of quantum cryptography and quantum non-locality have traditionnally been based on two-level quantum systems (qubits). In this paper we consider a general- isation of Ekert's cryptographic protocol[20] where qubits are replaced by qutrits. The security of this protocol is related to non-locality, in analogy with Ekert's protocol. In order to study its robustness against the optimal individual attacks, we derive the infor- mation gained by a potential eavesdropper applying a cloning-based attack. Introduction Quantum cryptography aims at transmitting a random key in such a way that the presence of an eavesdropper that monitors the communication is revealed by disturbances in the transmission of the key (for a review, see e.g. [21]). Practically, it is enough in order to realize a crypto- graphic protocol that the key signal is encoded into quantum states that belong to incompatible bases, as in the original protocol of Bennett and Brassard[4].
    [Show full text]
  • Progress in Satellite Quantum Key Distribution
    www.nature.com/npjqi REVIEW ARTICLE OPEN Progress in satellite quantum key distribution Robert Bedington 1, Juan Miguel Arrazola1 and Alexander Ling1,2 Quantum key distribution (QKD) is a family of protocols for growing a private encryption key between two parties. Despite much progress, all ground-based QKD approaches have a distance limit due to atmospheric losses or in-fibre attenuation. These limitations make purely ground-based systems impractical for a global distribution network. However, the range of communication may be extended by employing satellites equipped with high-quality optical links. This manuscript summarizes research and development which is beginning to enable QKD with satellites. It includes a discussion of protocols, infrastructure, and the technical challenges involved with implementing such systems, as well as a top level summary of on-going satellite QKD initiatives around the world. npj Quantum Information (2017) 3:30 ; doi:10.1038/s41534-017-0031-5 INTRODUCTION losses that increase exponentially with distance, greatly limiting Quantum key distribution (QKD) is a relatively new cryptographic the secure key rates that can be achieved over long ranges. primitive for establishing a private encryption key between two For any pure-loss channel with transmittance η, it has been parties. The concept has rapidly matured into a commercial shown that the secure key rate per mode of any QKD protocol 5, 6, 7 technology since the first proposal emerged in 1984,1 largely scales linearly with η for small η. This places a fundamental because of a very attractive proposition: the security of QKD is not limit to the maximum distance attainable by QKD protocols based on the computational hardness of solving mathematical relying on direct transmission.
    [Show full text]
  • Practical Quantum Key Distribution Based on the BB84 Protocol
    Practical Quantum Key Distribution based on the BB84 protocol A. Ruiz-Alba, D. Calvo, V. Garcia-Muñoz, A. Martinez, W. Amaya, J.G. Rozo, J. Mora, J. Capmany Instituto de Telecomunicaciones y Aplicaciones Multimedia, Universitat Politècnica de València, 8G Building-access D-Camino de Vera s/n-46022 Valencia (Spain) Corresponding author: [email protected] Abstract relies on photon sources and the so-called pho- ton guns are far from ready. An alternative and This paper provides a review of the most impor- also a complementary approach to increase the tant and widely used Quantum Key Distribution bit rate is to make QKD systems work in paral- systems and then describes our recently pro- lel. This simple engineering approach becomes a posed scheme based on Subcarrier Multiplexing challenge when working with quantum systems: that opens the possibility of parallel Quantum The system should work in parallel but still rely Key Distribution. We report the first-ever ex- on just one source and its security should still be perimental implementation of parallel quantum guaranteed by the principles of quantum me- key distribution using this technique showing a chanics both when Alice prepares the photons maximum multiplexing gain. and when Bob “measures” the incoming states. At the same time the multiplexing technique Keywords: Optical fiber communications, quan- should be safe to Eve gaining any information. tum information, quantum key distribution, sub- carrier multiplexing. In this context, recent progress in the literature [4] remarks that photonics is a key enabling technology for implementing commercial QKD 1. Introduction systems to become a competitive technology in Information Security.
    [Show full text]
  • Quantum Key Distribution Protocols and Applications
    Quantum Key Distribution Protocols and Applications Sheila Cobourne Technical Report RHUL{MA{2011{05 8th March 2011 Department of Mathematics Royal Holloway, University of London Egham, Surrey TW20 0EX, England http://www.rhul.ac.uk/mathematics/techreports Title: Quantum Key Distribution – Protocols and Applications Name: Sheila Cobourne Student Number: 100627811 Supervisor: Carlos Cid Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway, University of London. I declare that this assignment is all my own work and that I have acknowledged all quotations from the published or unpublished works of other people. I declare that I have also read the statements on plagiarism in Section 1 of the Regulations Governing Examination and Assessment Offences and in accordance with it I submit this project report as my own work. Signature: Date: Acknowledgements I would like to thank Carlos Cid for his helpful suggestions and guidance during this project. Also, I would like to express my appreciation to the lecturers at Royal Holloway who have increased my understanding of Information Security immensely over the course of the MSc, without which this project would not have been possible. Contents Table of Figures ................................................................................................... 6 Executive Summary ............................................................................................. 7 Chapter 1 Introduction ...................................................................................
    [Show full text]
  • Lecture 12: Quantum Key Distribution. Secret Key. BB84, E91 and B92 Protocols. Continuous-Variable Protocols. 1. Secret Key. A
    Lecture 12: Quantum key distribution. Secret key. BB84, E91 and B92 protocols. Continuous-variable protocols. 1. Secret key. According to the Vernam theorem, any message (for instance, consisting of binary symbols, 01010101010101), can be encoded in an absolutely secret way if the one uses a secret key of the same length. A key is also a sequence, for instance, 01110001010001. The encoding is done by adding the message and the key modulo 2: 00100100000100. The one who knows the key can decode the encoded message by adding the key to the message modulo 2. The important thing is that the key should be used only once. It is exactly this way that classical cryptography works. Therefore the only task of quantum cryptography is to distribute the secret key between just two users (conventionally called Alice and Bob). This is Quantum Key Distribution (QKD). 2. BB84 protocol, proposed in 1984 by Bennett and Brassard – that’s where the name comes from. The idea is to encode every bit of the secret key into the polarization state of a single photon. Because the polarization state of a single photon cannot be measured without destroying this photon, this information will be ‘fragile’ and not available to the eavesdropper. Any eavesdropper (called Eve) will have to detect the photon, and then she will either reveal herself or will have to re-send this photon. But then she will inevitably send a photon with a wrong polarization state. This will lead to errors, and again the eavesdropper will reveal herself. The protocol then runs as follows.
    [Show full text]
  • Quantum Cryptography: from Theory to Practice
    Quantum cryptography: from theory to practice Eleni Diamanti Laboratoire Traitement et Communication de l’Information CNRS – Télécom ParisTech 1 with Anna Pappa, André Chailloux, Iordanis Kerenidis Two-party secure communications: QKD Alice and Bob trust each other but not the channel Primitive for message exchange: key distribution BB84 QKD protocol: possibly the precursor of the entire field 2 Jouguet, Kunz-Jacques, Leverrier, Grangier, D, Nature Photon. 2013 3 Scarani et al, Rev. Mod. Phys. 2009 Two-party secure communications: QKD Information-theoretic security is possible and feasible! Theory adapted to experimental imperfections 2000: Using laser sources opens a disastrous security loophole in BB84 photon number splitting attacks Brassard, Lütkenhaus, Mor, Sanders, Phys. Rev. Lett. 2000 Solution: Decoy state BB84 protocol, and other Lo, Ma, Chen, Phys. Rev. Lett. 2004 2010: Quantum hacking: setup vulnerabilities not taken into account in security proofs Lydersen et al, Nature Photon. 2010 Solution: Exhaustive search for side channels and updated security proofs? Device independence? Measurement device independence? 4 Two-party secure communications: beyond QKD Alice and Bob do not trust each other Primitives for joint operations: bit commitment, coin flipping, oblivious transfer Until recently relatively ignored by physicists perfect unconditionally secure protocols are impossible, but imperfect protocols with information-theoretic security exist ideal framework to demonstrate quantum advantage protocols require inaccessible
    [Show full text]
  • Gr Qkd 003 V2.1.1 (2018-03)
    ETSI GR QKD 003 V2.1.1 (2018-03) GROUP REPORT Quantum Key Distribution (QKD); Components and Internal Interfaces Disclaimer The present document has been produced and approved by the Group Quantum Key Distribution (QKD) ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. 2 ETSI GR QKD 003 V2.1.1 (2018-03) Reference RGR/QKD-003ed2 Keywords interface, quantum key distribution ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
    [Show full text]
  • Simulation of BB84 Quantum Key Distribution in Depolarizing Channel
    Proceedings of 14th Youth Conference on Communication Simulation of BB84 Quantum Key Distribution in depolarizing channel Hui Qiao, Xiao-yu Chen* College of Information and Electronic Engineering, Zhejiang Gongshang University, Hangzhou, 310018, China [email protected] Abstract: In this paper, we employ the standard BB84 protocol as the basic model of quantum key distribution (QKD) in depolarizing channel. We also give the methods to express the preparation and measurement of quantum states on classical computer and realize the simulation of quantum key distribution. The simulation results are consistent with the theoretical results. It was shown that the simulation of QKD with Matlab is feasible. It provides a new method to demonstrate the QKD protocol. QKD; simulation; depolarizing channel; data reconciliation; privacy amplification Keywords: [4] 1. Introduction 1989 . In 1993, Muller, Breguet, and Gisin demonstrated the feasibility of polarization-coding The purpose of quantum key distribution (QKD) [5] fiber-based QKD over 1.1km telecom fiber and and classical key distribution is consistent, their Townsend, Rarity, and Tapster demonstrated the difference are the realization methods. The classical key feasibility of phase-coding fiber-based QKD over 10km distribution is based on the mathematical theory of telecom fiber[6]. Up to now, the security transmission computational complexity, whereas the QKD based on [7] distance of QKD has been achieved over 120km . the fundamental principle of quantum mechanics. The At present, the study of QKD is limited to first QKD protocol is BB84 protocol, which was theoretical and experimental. The unconditionally secure proposed by Bennett and Brassard in 1984 [1].The protocol in theory needs further experimental verification.
    [Show full text]
  • Quantum Error Correcting Codes and the Security Proof of the BB84 Protocol
    Quantum Error Correcting Codes and the Security Proof of the BB84 Protocol Ramesh Bhandari Laboratory for Telecommunication Sciences 8080 Greenmead Drive, College Park, Maryland 20740, USA [email protected] (Dated: December 2011) We describe the popular BB84 protocol and critically examine its security proof as presented by Shor and Preskill. The proof requires the use of quantum error-correcting codes called the Calderbank-Shor- Steanne (CSS) quantum codes. These quantum codes are constructed in the quantum domain from two suitable classical linear codes, one used to correct for bit-flip errors and the other for phase-flip errors. Consequently, as a prelude to the security proof, the report reviews the essential properties of linear codes, especially the concept of cosets, before building the quantum codes that are utilized in the proof. The proof considers a security entanglement-based protocol, which is subsequently reduced to a “Prepare and Measure” protocol similar in structure to the BB84 protocol, thus establishing the security of the BB84 protocol. The proof, however, is not without assumptions, which are also enumerated. The treatment throughout is pedagogical, and this report, therefore, serves as a useful tutorial for researchers, practitioners and students, new to the field of quantum information science, in particular quantum cryptography, as it develops the proof in a systematic manner, starting from the properties of linear codes, and then advancing to the quantum error-correcting codes, which are critical to the understanding
    [Show full text]
  • Quantum Computing: Lecture Notes
    Quantum Computing: Lecture Notes Ronald de Wolf Preface These lecture notes were formed in small chunks during my “Quantum computing” course at the University of Amsterdam, Feb-May 2011, and compiled into one text thereafter. Each chapter was covered in a lecture of 2 45 minutes, with an additional 45-minute lecture for exercises and × homework. The first half of the course (Chapters 1–7) covers quantum algorithms, the second half covers quantum complexity (Chapters 8–9), stuff involving Alice and Bob (Chapters 10–13), and error-correction (Chapter 14). A 15th lecture about physical implementations and general outlook was more sketchy, and I didn’t write lecture notes for it. These chapters may also be read as a general introduction to the area of quantum computation and information from the perspective of a theoretical computer scientist. While I made an effort to make the text self-contained and consistent, it may still be somewhat rough around the edges; I hope to continue polishing and adding to it. Comments & constructive criticism are very welcome, and can be sent to [email protected] Attribution and acknowledgements Most of the material in Chapters 1–6 comes from the first chapter of my PhD thesis [71], with a number of additions: the lower bound for Simon, the Fourier transform, the geometric explanation of Grover. Chapter 7 is newly written for these notes, inspired by Santha’s survey [62]. Chapters 8 and 9 are largely new as well. Section 3 of Chapter 8, and most of Chapter 10 are taken (with many changes) from my “quantum proofs” survey paper with Andy Drucker [28].
    [Show full text]
  • Practical Quantum Cryptography and Possible Attacks
    Practical Quantum cryptography and possible attacks Alex Ling, Ilja Gerhardt, Antia Lamas-Linares, Christian Kurtsiefer 24C3 , Berlin supported by DSTA and Ministry of Education Overview Cryptography and keys What can quantum crypto do? BB84 type prepare & send implementations Quantum channels Entanglement and quantum cryptography Timing channel attack A side channel-tolerant protocol: E91 revisited Secure Communication symmetric encryption Alice key key Bob 4Kt$jtp 5L9dEe0 I want I want a coffee a coffee insecure channel ─ One time pad / Vernam Cipher: secure for one key bit per bit ─ 3DES, AES & friends: high throughput asymmetric encryption Bob key 2 n, p, q Alice key 1 4Kt$jtp 5L9dEe0 I want I want a coffee a coffee insecure channel RSA, ellipt. curves: simple, secure if you can not get key 1 from key 2 What is wrong with RSA? Bob key 2 n, p, q Alice key 1 4Kt$jtp 5L9dEe0 I want I want a coffee a coffee insecure channel ....if you can not get key 1 from key 2 take dedicated hardware find a clever algorithm ...and you get take a quantum computer the key! take some time..... Classical Key Distribution trusted courier Alice key key Bob tamper-safe devices key key Alice Bob Quantum Key Distribution 1 “ trusted ” courier.... Alice key key Bob information is carried by physical objects: hole in paper, ink, magnetic domain, electrical charge, dye spot, radio wave, light pulse,... classical physics: copying is possible (----> insecure) Photons carry information polarization for 0 and 1: vertical horizontal use polarizing beam splitter to recover 0 or 1: Quantum mechanics...
    [Show full text]
  • A Scalable Simulation of the BB84 Protocol Involving Eavesdropping
    A Scalable Simulation of the BB84 Protocol Involving Eavesdropping Mihai-Zicu Mina1[0000−0002−9793−9203] and Emil Simion2[0000−0003−0561−3474] 1 Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, 060042 Bucharest, Romania mihai [email protected] 2 Center for Research and Training in Innovative Techniques of Applied Mathematics in Engineering, University POLITEHNICA of Bucharest, 060042 Bucharest, Romania [email protected] Abstract. In this article we present the BB84 quantum key distribu- tion scheme from two perspectives. First, we provide a theoretical dis- cussion of the steps Alice and Bob take to reach a shared secret using this protocol, while an eavesdropper Eve is either involved or not. Then, we offer and discuss two distinct implementations that simulate BB84 using IBM's Qiskit framework, the first being an exercise solved dur- ing the \IBM Quantum Challenge" event in early May 2020, while the other was developed independently to showcase the intercept-resend at- tack strategy in detail. We note the latter's scalability and increased output verbosity, which allow for a statistical analysis to determine the probability of detecting the act of eavesdropping. Keywords: Quantum key distribution · BB84 · Intercept-resend attack · Qiskit · Simulation 1 Introduction The process of establishing a shared key is an essential operation in modern cryptographic tasks and the distribution of such key between the communicating parties can be ensured by using the Diffie-Hellman protocol or RSA. However, the underlying security of these schemes is conditioned by the intractability of cer- tain mathematical problems, an aspect that advanced quantum computers can overcome.
    [Show full text]