DOCSLIB.ORG

Picture-Perfect Quantum Key Distribution

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Picture-perfect Quantum Key Distribution Aleks Kissinger1, Sean Tull2, and Bas Westerbaan1 1Institute for Computing and Information Sciences, Radboud University Nijmegen 2Department of Computer Science, University of Oxford We provide a new way to bound the se- Such schemes form part of the program of post- curity of quantum key distribution using quantum cryptography [6]. only two high-level, diagrammatic features On the other hand Bennett and Brassard pro- of quantum processes: the compositional posed a completely different unauthenticated key behavior of complementary measurements agreement protocol, now called BB84 [5], whose and the essential uniqueness of purifica- security is not based on a mathematical prob- tion. We begin by demonstrating a proof lem, but on physical assumptions on quantum in the simplest case, where the eavesdrop- mechanical systems. In this protocol Alice needs per doesn’t noticeably disturb the chan- to be able to send Bob qubits. In most implemen- nel at all and has no quantum memory. tations, like [31], this is done by sending photons We then show how this approach extends over a fiber optic cable, where the qubits are en- straightforwardly to account for an eaves- coded in the polarization of the photons. After dropper with quantum memory and the BB84 other variations have been proposed, no- presence of noise. tably E91 [15], and they are all indiscriminately referred to as Quantum Key Distribution (QKD). 1 Introduction In their original paper, Bennett and Brassard give a short argument for the security of BB84. Traditionally in cryptography, parties use pre- Feeling this proof was not satisfactory, subse- shared keys to communicate securely. In 1976 quent authors have proposed more meticulous Diffie and Hellman introduced the first key agree- proofs, for instance [22]. However, this added ment protocol that allows two parties, say Alice rigor came at the cost of complexity, prompting and Bob, to securely establish a key over an in- Shor and Preskill to publish a `simple proof' [29]. secure channel [14]. There are two caveats to its This did not settle the matter: many subsequent security. First, it's an unauthenticated key agree- publications have appeared on the security of ment protocol,1 and second, its security hinges on BB84 and its variants, differing not only in lev- the difficulty of computing discrete logarithms. els of rigor vs. simplicity, but also in the physi- Famously, Shor showed in 1994 [28] that a (large- cal assumptions and the efficiency of the proto- scale stable) quantum computer is able to calcu- col itself (e.g. qubits required per bit of shared late discrete logarithms with ease, breaking Diffie key) [2,4, 16, 19{21, 23{26]. and Hellman's original scheme. The present paper contributes another proof There are other key agreement protocols whose to the mix, whose primary aim is simplicity. It arXiv:1704.08668v3 [quant-ph] 19 Jul 2017 security is based on mathematical problems is quite different from those that came before, which are believed to be difficult, even for quan- in that we adopt a purely graphical notation tum computers. An example is NewHope [3,7]. and rely on techniques which arose in categor- Aleks Kissinger: [email protected] ical quantum mechanics [1] and the diagram- Sean Tull: [email protected] matic approach to quantum theory [11]. We will Bas Westerbaan: [email protected] show that two high-level features of quantum processes{namely the behavior of complemen- 1An attacker Eve that can intercept and modify all communication between Alice and Bob, can simply im- tary measurements under composition [10] and personate Bob and perform all the steps Bob would. Now the essential uniqueness of purification of quan- Alice thinks she established a shared key with Bob, where tum channels [9]–suffice to show that there exists in reality she established a shared key with Eve. no quantum process with which an eavesdropper 1 can undetectably extract information about Al- holds. We remove the second limitation in Sec- ice and Bob's shared key. tion5 by showing the same graphical proof from We begin by briefly reviewing the graphical Section3 goes through, thanks to the continuity notation for quantum processes, including de- properties of purification and diagram rewriting, pictions of purification and complementary mea- if we replace equality by -closeness in the com- surements. In Section3, we describe a version of pletely bounded norm (written ` ··· =ε ··· '). This cb BB84 in this notation and give a one-line version enables us to give a security bound for the QKD of a proof of correctness which already appears in protocol comparable to the one suggested in [17]. the literature [11, 13], but makes the (unreason- In particular, the fact that Eve's process disturbs ably) strong assumption that Eve is only allowed the channel very little can be formulated as: to measure and re-prepare in the Z and X bases. Our first main result removes this assumption, allowing Eve to perform any quantum process to (attempt to) extract information from Alice and ε ε Φ = Φ = Bob's channel: cb cb Bob ... Eve Φ √ This implies that Eve's process is within N of Alice a separable one: ... We then formulate the condition that Eve's chan- √ nel remains undetected by means of two equa- N ε Φ = ρ tions, corresponding to the cases where Alice and cb Bob's measurement choices agree: for some constant N depending only on the di- mension of Alice and Bob's system. Φ = Φ = 2 Preliminaries Using the behavior of complementary measure- Throughout the paper, we will use string di- ments, we show that this implies that Eve's chan- agram notation for linear maps and channels. nel separates: [11] Systems are depicted as wires and maps as Bob ... Eve Bob ... Eve boxes. To make it clear whether we are work- ing with linear maps between Hilbert spaces or Φ = ρ completely positive maps (CP-maps), we will de- pict finite-dimensional Hilbert spaces H, K, . as Alice Alice thin wires and the associated spaces of operators ... ... B(H), B(K),... as thick wires. While already much more general than previ- A linear map V : H → K and CP-map ous graphical proofs, this still makes two very Φ: B(H) → B(K) (for Hilbert spaces H, K) are strong assumptions. First, it assumes that Eve depicted respectively as: performs the same process each time Alice and Bob use their channel. Second, it assumes all equalities are exact, so it offers no guarantees in K B(K) the presence of noise. V Φ We remove the first limitation in Section4 H B(H) by allowing Eve to maintain an arbitrarily large quantum memory between usages of the chan- We omit wire labels if they are irrelevant or clear nel, and show that the separation argument still from context. Compositions of maps is depicted 2 by plugging boxes together vertically: 2.1 Purification The linear map that sends ρ ∈ B(H) to its trace B(L) L is a CP-map Tr : B(H) → C, which we draw as V Ψ a `ground' symbol: V ◦ U =: K Ψ ◦ Φ =: B(K) Tr = U Φ H Using this notation, we can express the prop- B(H) erty of a CP-map being trace-preserving as fol- lows: and tensor products by putting boxes side-by- side: Φ = H0 K0 B(H0) B(K0) U ⊗V =: U V Φ⊗Ψ =: Φ Ψ Furthermore, any linear map U : H → K in- duces a CP-map Ub : B(H) → B(K) via: H K B(H) B(K) Ub(ρ) = U ρ U † (1) Similarly, maps between tensor products such as We call a CP-map pure if it is of the form of (1). U : H → K ⊗ L or Φ: B(H) → B(K) ⊗ B(L) We call this method of turning a linear map into are depicted as boxes with multiple input/output a pure CP-map doubling. wires: An important theorem about CP-maps is that K L B(K) B(L) any CP-map can be represented in an essentially unique manner, by means of a pure CP-map and U Φ the trace. H B(H) Theorem 2.1 (Stinespring / purification, U : H → K ⊗ L Φ: B(H) → B(K ⊗ L) [8, 30]). For any completely positive map Φ: B(H) → B(K) there is a Hilbert space L and where we identify B(H) ⊗ B(K) =∼ B(H ⊗ K). linear map V : H → K ⊗ L with Identity linear maps/CP-maps are represented as `plain wires': Φ = Vb (2) 1H =: H 1B(H) =: B(H) Moreover, for any (other) linear map V 0 : H → K ⊗L satisfying (2), there is a unitary U : L → L since U ◦ 1H = 1K ◦ U = U and similarly for CP- such that: maps. The trivial system C is depicted as `no wire', since H ⊗ =∼ H and B(H) ⊗ =∼ B(H). C C U Regarding vectors as linear maps v : C → H and V 0 = positive operators as CP-maps ρ : C → B(H), we V can depict vectors |ψi ∈ H and quantum states in ρ ∈ B(H) respectively as maps from 0 to 1 wire: 2.2 Spiders and decoherence H B(H) To each orthonormal basis (ONB) {|ii} of a ψ ρ (finite-dimensional) Hilbert space H, we asso- ciate a family of linear maps called spiders as Similarly, we can depict linear functionals follows: hψ| : H → C and CP-maps of the form e: B(H) → C as maps from 1 to 0 wires: n ... n := = X |i . ii hi . i| e m ψ ... | {z } | {z } i n m H B(H) m 3 where a spider with zero legs is a complex number That is, it projects a positive matrix written with D, the dimension of the Hilbert space.
Recommended publications
  • Security of Quantum Key Distribution with Entangled Qutrits

    Security of Quantum Key Distribution with Entangled Qutrits

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by CERN Document Server Security of Quantum Key Distribution with Entangled Qutrits. Thomas Durt,1 Nicolas J. Cerf,2 Nicolas Gisin,3 and Marek Zukowski˙ 4 1 Toegepaste Natuurkunde en Fotonica, Theoeretische Natuurkunde, Vrije Universiteit Brussel, Pleinlaan 2, 1050 Brussels, Belgium 2 Ecole Polytechnique, CP 165, Universit´e Libre de Bruxelles, 1050 Brussels, Belgium 3 Group of Applied Physics - Optique, Universit´e de Gen`eve, 20 rue de l’Ecole de M´edecine, Gen`eve 4, Switzerland, 4Instytut Fizyki Teoretycznej i Astrofizyki Uniwersytet, Gda´nski, PL-80-952 Gda´nsk, Poland July 2002 Abstract The study of quantum cryptography and quantum non-locality have traditionnally been based on two-level quantum systems (qubits). In this paper we consider a general- isation of Ekert's cryptographic protocol[20] where qubits are replaced by qutrits. The security of this protocol is related to non-locality, in analogy with Ekert's protocol. In order to study its robustness against the optimal individual attacks, we derive the infor- mation gained by a potential eavesdropper applying a cloning-based attack. Introduction Quantum cryptography aims at transmitting a random key in such a way that the presence of an eavesdropper that monitors the communication is revealed by disturbances in the transmission of the key (for a review, see e.g. [21]). Practically, it is enough in order to realize a crypto- graphic protocol that the key signal is encoded into quantum states that belong to incompatible bases, as in the original protocol of Bennett and Brassard[4].
  • RSA: Encryption, Decryption

    RSA: Encryption, Decryption

    Data Communications & Networks Session 11 – Main Theme Network Security Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences Adapted from course textbook resources Computer Networking: A Top-Down Approach, 5/E Copyright 1996-2009 J.F. Kurose and K.W. Ross, All Rights Reserved 1 Agenda 1 Session Overview 2 Network Security 3 Summary and Conclusion 2 What is the class about? .Course description and syllabus: »http://www.nyu.edu/classes/jcf/CSCI-GA.2262-001/ »http://www.cs.nyu.edu/courses/spring15/CSCI- GA.2262-001/index.html .Textbooks: » Computer Networking: A Top-Down Approach (5th Edition) James F. Kurose, Keith W. Ross Addison Wesley ISBN-10: 0136079679, ISBN-13: 978-0136079675, 5th Edition (03/09) 3 Course Overview . Computer Networks and the Internet . Application Layer . Fundamental Data Structures: queues, ring buffers, finite state machines . Data Encoding and Transmission . Local Area Networks and Data Link Control . Wireless Communications . Packet Switching . OSI and Internet Protocol Architecture . Congestion Control and Flow Control Methods . Internet Protocols (IP, ARP, UDP, TCP) . Network (packet) Routing Algorithms (OSPF, Distance Vector) . IP Multicast . Sockets 4 Course Approach . Introduction to Basic Networking Concepts (Network Stack) . Origins of Naming, Addressing, and Routing (TCP, IP, DNS) . Physical Communication Layer . MAC Layer (Ethernet, Bridging) . Routing Protocols (Link State, Distance Vector) . Internet Routing (BGP, OSPF, Programmable Routers) . TCP Basics (Reliable/Unreliable) . Congestion Control . QoS, Fair Queuing, and Queuing Theory . Network Services – Multicast and Unicast . Extensions to Internet Architecture (NATs, IPv6, Proxies) . Network Hardware and Software (How to Build Networks, Routers) . Overlay Networks and Services (How to Implement Network Services) .
  • Large Scale Quantum Key Distribution: Challenges and Solutions

    Large Scale Quantum Key Distribution: Challenges and Solutions

    Large scale quantum key distribution: challenges and solutions QIANG ZHANG,1,2 FEIHU XU,1,2 YU-AO CHEN,1,2 CHENG-ZHI PENG1,2 AND JIAN-WEI PAN1,2,* 1Shanghai Branch, Hefei National Laboratory for Physical Sciences at Microscale and Department of Modern Physics, University of Science and Technology of China, Shanghai, 201315, China 2CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, University of Science and Technology of China, Shanghai 201315, P. R. China *[email protected], [email protected] Abstract: Quantum key distribution (QKD) together with one time pad encoding can provide information-theoretical security for communication. Currently, though QKD has been widely deployed in many metropolitan fiber networks, its implementation in a large scale remains experimentally challenging. This letter provides a brief review on the experimental efforts towards the goal of global QKD, including the security of practical QKD with imperfect devices, QKD metropolitan and backbone networks over optical fiber and satellite-based QKD over free space. 1. Introduction Quantum key distribution (QKD) [1,2], together with one time pad (OTP) [3] method, provides a secure means of communication with information-theoretical security based on the basic principle of quantum mechanics. Light is a natural and optimal candidate for the realization of QKD due to its flying nature and its compatibility with today’s fiber-based telecom network. The ultimate goal of the field is to realize a global QKD network for worldwide applications. Tremendous efforts have been put towards this goal [4–6]. Despite significant progresses over the past decades, there are still two major challenges for large-scale QKD network.
  • Semi-Quantum Communication: Protocols for Key Agreement, Controlled Secure Direct Communication and Dialogue Arxiv:1702.07861V1

    Semi-Quantum Communication: Protocols for Key Agreement, Controlled Secure Direct Communication and Dialogue Arxiv:1702.07861V1

    Semi-quantum communication: Protocols for key agreement, controlled secure direct communication and dialogue Chitra Shuklaa;,∗ Kishore Thapliyalb;,y Anirban Pathakb;z aGraduate School of Information Science, Nagoya University, Furo-cho 1, Chikusa-ku, Nagoya, 464-8601, Japan bJaypee Institute of Information Technology, A-10, Sector-62, Noida, UP-201307, India February 28, 2017 Abstract Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specif- ically, first time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e- commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Further, it addresses a funda- mental question in context of a large number problems- how much quantumness is (how many quan- tum parties are) required to perform a specific secure communication task? Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate-coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance. arXiv:1702.07861v1 [quant-ph] 25 Feb 2017 Keywords: Semi-quantum protocol, quantum communication, key agreement, quantum dialogue, deter- ministic secure quantum communication, secure direct quantum communication.
  • Machine Learning Aided Carrier Recovery in Continuous-Variable Quantum Key Distribution

    Machine Learning Aided Carrier Recovery in Continuous-Variable Quantum Key Distribution

    Machine Learning Aided Carrier Recovery in Continuous-Variable Quantum Key Distribution T Gehring1, H-M Chin1,2, N Jain1, D Zibar2, and U L Andersen1 1Department of Physics, Technical University of Denmark, Lyngby, Denmark 2Department of Photonics, Technical University of Denmark, Lyngby, Denmark Contact Email: [email protected] Continuous-variable quantum key distribution (CV-QKD) makes use of in-phase and quadrature mod- ulation and coherent detection to distribute secret keys between two parties for data encryption with future proof security. The secret key rate of such CV-QKD systems is limited by excess noise, which is attributed to an eavesdropper. A key issue typical to all modern CV-QKD systems implemented with a reference or pilot signal and an independent local oscillator is controlling the excess noise generated from the fre- quency and phase noise accrued by the transmitter and receiver. Therefore accurate phase estimation and compensation, so-called carrier recovery, is a critical subsystem of CV-QKD. Here, we present the implementation of a machine learning framework based on Bayesian inference, namely an unscented Kalman filter (UKF), for estimation of phase noise and compare it to a standard reference method. Experimental results obtained over a 20 km fiber-optic link indicate that the UKF can ensure very low excess noise even at low pilot powers. The measurements exhibited low variance and high stability in excess noise over a wide range of pilot signal to noise ratios. The machine learning framework may enable CV-QKD systems with low implementation complexity, which can seamlessly work on diverse transmission lines, and it may have applications in the implemen- tation of other cryptographic protocols, cloud-based photonic quantum computing, as well as in quantum sensing..
  • SECURING CLOUDS – the QUANTUM WAY 1 Introduction

    SECURING CLOUDS – the QUANTUM WAY 1 Introduction

    SECURING CLOUDS – THE QUANTUM WAY Marmik Pandya Department of Information Assurance Northeastern University Boston, USA 1 Introduction Quantum mechanics is the study of the small particles that make up the universe – for instance, atoms et al. At such a microscopic level, the laws of classical mechanics fail to explain most of the observed phenomenon. At such a state quantum properties exhibited by particles is quite noticeable. Before we move forward a basic question arises that, what are quantum properties? To answer this question, we'll look at the basis of quantum mechanics – The Heisenberg's Uncertainty Principle. The uncertainty principle states that the more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa. For instance, if you measure the position of an electron revolving around the nucleus an atom, you cannot accurately measure its velocity. If you measure the electron's velocity, you cannot accurately determine its position. Equation for Heisenberg's uncertainty principle: Where σx standard deviation of position, σx the standard deviation of momentum and ħ is the reduced Planck constant, h / 2π. In a practical scenario, this principle is applied to photons. Photons – the smallest measure of light, can exist in all of their possible states at once and also they don’t have any mass. This means that whatever direction a photon can spin in -- say, diagonally, vertically and horizontally -- it does all at once. This is exactly the same as if you constantly moved east, west, north, south, and up-and-down at the same time.
  • Lecture 12: Quantum Key Distribution. Secret Key. BB84, E91 and B92 Protocols. Continuous-Variable Protocols. 1. Secret Key. A

    Lecture 12: Quantum Key Distribution. Secret Key. BB84, E91 and B92 Protocols. Continuous-Variable Protocols. 1. Secret Key. A

    Lecture 12: Quantum key distribution. Secret key. BB84, E91 and B92 protocols. Continuous-variable protocols. 1. Secret key. According to the Vernam theorem, any message (for instance, consisting of binary symbols, 01010101010101), can be encoded in an absolutely secret way if the one uses a secret key of the same length. A key is also a sequence, for instance, 01110001010001. The encoding is done by adding the message and the key modulo 2: 00100100000100. The one who knows the key can decode the encoded message by adding the key to the message modulo 2. The important thing is that the key should be used only once. It is exactly this way that classical cryptography works. Therefore the only task of quantum cryptography is to distribute the secret key between just two users (conventionally called Alice and Bob). This is Quantum Key Distribution (QKD). 2. BB84 protocol, proposed in 1984 by Bennett and Brassard – that’s where the name comes from. The idea is to encode every bit of the secret key into the polarization state of a single photon. Because the polarization state of a single photon cannot be measured without destroying this photon, this information will be ‘fragile’ and not available to the eavesdropper. Any eavesdropper (called Eve) will have to detect the photon, and then she will either reveal herself or will have to re-send this photon. But then she will inevitably send a photon with a wrong polarization state. This will lead to errors, and again the eavesdropper will reveal herself. The protocol then runs as follows.
  • Device-Independent Quantum Cryptography for Continuous Variables

    Device-Independent Quantum Cryptography for Continuous Variables

    Device-Independent Quantum Cryptography for Continuous Variables Kevin Marshall1, ∗ and Christian Weedbrook1, 2, y 1Department of Physics, University of Toronto, Toronto, M5S 3G4, Canada 2QKD Corp., 60 St. George St., Toronto, M5S 3G4, Canada (Dated: October 8, 2018) We present the first device-independent quantum cryptography protocol for continuous variables. Our scheme is based on the Gottesman-Kitaev-Preskill encoding scheme whereby a qubit is embedded in the infinite-dimensional space of a quantum harmonic oscillator. The novel application of discrete-variable device- independent quantum key distribution to this encoding enables a continuous-variable analogue. Since the se- curity of this protocol is based on discrete-variables we inherit by default security against collective attacks and, under certain memoryless assumptions, coherent attacks. We find that our protocol is valid over the same distances as its discrete-variable counterpart, except that we are able to take advantage of high efficiency com- mercially available detectors where, for the most part, only homodyne detection is required. This offers the potential of removing the difficulty in closing the loopholes associated with Bell inequalities. PACS numbers: 03.67.Dd, 03.67.Hk, 42.50.-p, 89.70.Cf I. INTRODUCTION parties may share a private key despite having no knowledge of the inner workings of their respective devices. Conversely, Quantum key distribution (QKD) [1,2] is a method by in conventional QKD protocols it is regularly assumed that which two parties, Alice and Bob, may generate a shared both parties have a high degree of control over both state secret key over an insecure quantum channel monitored by preparation as well as measurement.
  • Analysing and Patching SPEKE in ISO/IEC

    Analysing and Patching SPEKE in ISO/IEC

    1 Analysing and Patching SPEKE in ISO/IEC Feng Hao, Roberto Metere, Siamak F. Shahandashti and Changyu Dong Abstract—Simple Password Exponential Key Exchange reported. Over the years, SPEKE has been used in several (SPEKE) is a well-known Password Authenticated Key Ex- commercial applications: for example, the secure messaging change (PAKE) protocol that has been used in Blackberry on Blackberry phones [11] and Entrust’s TruePass end-to- phones for secure messaging and Entrust’s TruePass end-to- end web products. It has also been included into international end web products [16]. SPEKE has also been included into standards such as ISO/IEC 11770-4 and IEEE P1363.2. In the international standards such as IEEE P1363.2 [22] and this paper, we analyse the SPEKE protocol as specified in the ISO/IEC 11770-4 [24]. ISO/IEC and IEEE standards. We identify that the protocol is Given the wide usage of SPEKE in practical applications vulnerable to two new attacks: an impersonation attack that and its inclusion in standards, we believe a thorough allows an attacker to impersonate a user without knowing the password by launching two parallel sessions with the victim, analysis of SPEKE is both necessary and important. In and a key-malleability attack that allows a man-in-the-middle this paper, we revisit SPEKE and its variants specified in (MITM) to manipulate the session key without being detected the original paper [25], the IEEE 1363.2 [22] and ISO/IEC by the end users. Both attacks have been acknowledged by 11770-4 [23] standards.
  • Gr Qkd 003 V2.1.1 (2018-03)

    Gr Qkd 003 V2.1.1 (2018-03)

    ETSI GR QKD 003 V2.1.1 (2018-03) GROUP REPORT Quantum Key Distribution (QKD); Components and Internal Interfaces Disclaimer The present document has been produced and approved by the Group Quantum Key Distribution (QKD) ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. 2 ETSI GR QKD 003 V2.1.1 (2018-03) Reference RGR/QKD-003ed2 Keywords interface, quantum key distribution ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
  • Scalable Quantum Cryptography Network for Protected Automation Communication Making Quantum Key Distribution (QKD) Available to Critical Energy Infrastructure

    Scalable Quantum Cryptography Network for Protected Automation Communication Making Quantum Key Distribution (QKD) Available to Critical Energy Infrastructure

    Scalable Quantum Cryptography Network for Protected Automation Communication Making quantum key distribution (QKD) available to critical energy infrastructure Background changes the key in an immediate and Benefits measurable way, reducing the risk that The power grid is increasingly more reliant information thought to be securely • QKD lets the operator know, in real- on a distributed network of automation encrypted has actually been compromised. time, if a secret key has been stolen components such as phasor measurement units (PMUs) and supervisory control and Objectives • Reduces the risk that a “man-in-the- data acquisition (SCADA) systems, to middle” cyber-attack might allow In the past, QKD solutions have been unauthorized access to energy manage the generation, transmission and limited to point-to-point communications sector data distribution of electricity. As the number only. To network many devices required of deployed components has grown dedicated QKD systems to be established Partners rapidly, so too has the need for between every client on the network. This accompanying cybersecurity measures that resulted in an expensive and complex • Qubitekk, Inc. (lead) enable the grid to sustain critical functions network of multiple QKD links. To • Oak Ridge National Laboratory even during a cyber-attack. To protect achieve multi-client communications over (ORNL) against cyber-attacks, many aspects of a single quantum channel, Oak Ridge cybersecurity must be addressed in • Schweitzer Engineering Laboratories National Laboratory (ORNL) developed a parallel. However, authentication and cost-effective solution that combined • EPB encryption of data communication between commercial point-to-point QKD systems • University of Tennessee distributed automation components is of with a new, innovative add-on technology particular importance to ensure resilient called Accessible QKD for Cost-Effective energy delivery systems.
  • Quantum Error Correcting Codes and the Security Proof of the BB84 Protocol

    Quantum Error Correcting Codes and the Security Proof of the BB84 Protocol

    Quantum Error Correcting Codes and the Security Proof of the BB84 Protocol Ramesh Bhandari Laboratory for Telecommunication Sciences 8080 Greenmead Drive, College Park, Maryland 20740, USA [email protected] (Dated: December 2011) We describe the popular BB84 protocol and critically examine its security proof as presented by Shor and Preskill. The proof requires the use of quantum error-correcting codes called the Calderbank-Shor- Steanne (CSS) quantum codes. These quantum codes are constructed in the quantum domain from two suitable classical linear codes, one used to correct for bit-flip errors and the other for phase-flip errors. Consequently, as a prelude to the security proof, the report reviews the essential properties of linear codes, especially the concept of cosets, before building the quantum codes that are utilized in the proof. The proof considers a security entanglement-based protocol, which is subsequently reduced to a “Prepare and Measure” protocol similar in structure to the BB84 protocol, thus establishing the security of the BB84 protocol. The proof, however, is not without assumptions, which are also enumerated. The treatment throughout is pedagogical, and this report, therefore, serves as a useful tutorial for researchers, practitioners and students, new to the field of quantum information science, in particular quantum cryptography, as it develops the proof in a systematic manner, starting from the properties of linear codes, and then advancing to the quantum error-correcting codes, which are critical to the understanding