10 - February, 2010

Jordan Myronuk

• Classical Cryptography

• EPR Paradox]• The need for QKD

• Quantum Bits and Entanglement• No Cloning Theorem• Polarization of Photons

• BB84 Protocol• Probability of Qubit States• Example of QKD• Intercept-Resend Attack

Image From Digital World Tokyo LINK

• One-time pad (Vernam, 1917)o Uses each symmetric random key once, and is discarded

o There is no encryption method that requires less keys (Shannon, 1947)

o Alice and Bob must have a way of securely sharing their keys that are as long as the text to be encrypted.

• Impractical method to share keys given the large amounts of information to be shared today.

• Key space increased to the point where it becomes computationally infeasible for an adversary for cryptanalysis.

• Quantum computation has the ability to factor large numbers efficiently, rendering today's schemes computationally insecure. (Shor, 1994, 1997, Shor’s Algorithm)

• Entangled particles are emitted simultaneouslyo Entangled ElectronsElectron 'a' has spin UPElectron 'b' has spin DOWNLaw of ConservationCan be separated by vast distances, light years apart.

• Observation\Measurement of one of the electrons must be the exact opposite of the other, but

• Nothing can travel faster than the speed of light due to Einstein's special relativity.

• ...a property Einstein described as, "spooky action at a distance"

Since an action on an entangled particle has an immediate effect on its complementary particle, the information seems to travel faster than light

Observation of an entangled particle influences its state, but prior to the observation, the state can not be known due to superposition.

Light behaves as a wave during propagation, but collapses into a photon when conducting measured observation.

Peter Shor – Shor’s Algorithm (1994)

Uses a specific number of Qubits to solve

Finds the prime factors of an integer N in O((log N)3)

Break‟s RSA

Factoring is efficient

Requires a Quantum computer which doesn‟t exist yet

• A classical bit has 2 states • A quantum bit, Qubit, can have 3 states:

o Superposition – can be in both places at once

o The double-slit experimento Interference Patterno Wave-Particle duality of light waves-photonso The light photons move through the slits as a wave, but

collapse as a photon on the wall.

Images from Blacklight Power Inc. LINK

Classical Idea

An opponent, Oscar, must perform a measurement on a quantum particle such as a photon to extract information.

This measurement consumes the photon, and modifies the state of the entangled particles.

Since the photon is consumed, the loss of energy can be detected as a loss of signal providing an indicator of eavesdropping.

The no cloning theorem states, “One cannot duplicate an unknown quantum state while keeping the original in tact.”

This prevents a man-in-the-middle attack as we will see using probability later.

No Cloning Theorem – Wootters and Zurek, 1982

Alice holds a source that generates individual photons.

Bob can detect these photons

Alice will encrypt the key using the polarization state of these individual photons.

Horizontal-Vertical Basis

+45°/-45° Basis

Bits are encoded as:

Physical polarization States:

Our quantum channel to transmit this information could be a laser beam, or through fibre-optic cable.

Alice and Bob use two channels. Classical Channel

such as Radio, Internet, etc.

Quantum Channel

Classical channel uses classical bits Oscar could intercept

and forward the bits from Alice to Bob.

Quantum channel uses Qubits Generated from the

H/V process

Generated from the +45°/-45° process

no-cloning of qubits

You cannot determine which generation was used without measurement.

Alice sends a photon to Bob encoded in one of the 4 possible states:

This process is repeated N times.

Bob does not know the basis which had been selected before transmission.

If Bob receives a Qubit in the + polarization using his + polarization, then the bits correlate correctly100% of the time

However, if Bob receives a + polarization Qubit in the x polarization, then the probability reduces to 50%.

When a HV polarization of a photon passes through the HV polarizing mirror, it will pass with 100% probability.

With the same mirror, but a ±45° polarization photon is sent, it can be projected into the incorrect basis equal to 50%.

It is possible that a photon in another polarization can make it through the polarizing „mirror‟ as a projection into the other basis

• When Bob chooses to measure in the same basis as Alice, he

will get the bits correct 100% of the time.

• When the incorrect basis is chosen, Bob has a 50% chance of

guessing the correct Qubit

•P(Guessing Correct Basis) = 50%

•P(Interpreting Correct Bit)= 50%

For each of Alice‟s transmitted N Qubits, Bob sends the Qubits randomly to either basis to be decoded.

Pr[Correct Basis] = 0.5

Pr[Incorrect Basis] = 1- Pr[Correct Basis] = 0.5

Pr[Matching Alice] = 0.75

Bob communicates back the results of his guessing to Alice over the classical channel.

Alice tells Bob for which bits he guessed correctly over the classical channel

They discard the incorrect bits and agree on a raw key.

• Alice wishes to securely share a key with Bob

• Oscar can listen to the quantum channel

• Alice and Bob use the classical channel to verify the raw key

• Oscar must guess like Bob does, which introduces error in the

channel.

• The probability of Bob guessing correctly drops to 62.5%

• Indicator that an eavesdropper was present

• Alice Sends

• Bob now uses the classical channel to tell Alice

which machine he used to decode each Qubit.

• Alice responds in the classical channel with the bits

that were guessed correctly.

Bits 1 1 0 1 0 0 1 0

Basis + + X X + X X +

• Bob ReceivesBits 0/1 1 0/1 1 0 0 1 0

Basis X + + X + X X +

• Alice

• Bob discards the bits in red as he guessed incorrectly

Bits 1 1 0 1 0 0 1 0

Basis + + X X + X X +

• BobBits 0/1 1 0/1 1 0 0/1 1 0

Basis X + + X + + X +

• Alice

• Alice does the same

Bits 1 1 0 1 0 0 1 0

Basis + + X X + X X +

• BobBits 0/1 1 0/1 1 0 0/1 1 0

Basis X + + X + + X +

• The Agreed Upon Raw Key: 11010Bits 1 1 0 1 0

Basis + X + X +

•In order to verify, Alice can ask Bob a query about a subset of

the raw key bits.

•Alice:What is the 5th bit?

•Bob:0

•Alice 0=0 is true, the key is secure.

Now we will look at an example of when Oscar has

eavesdropped on the quantum channel.

Suppose Oscar taps the quantum channel and intercepts the Qubits before they reach Bob

Oscar has to use the same guesses as Bob to determine the Qubits that were sent.

With equal probability, Oscar will process a Qubit in a random bias, and re-transmit the Qubit in the same bias that was used to process the incoming Qubit.

50% of the time, Oscar will be correct

•Since Oscar must also guess, 50% of his guesses will be

correct

•This is reflected in the same raw key as before

Bits 1 1 0/1 1 0/1

Basis + X X X X

•Alice asks Bob for the 5th bit again

•Alice sees on her end it’s a 1, but Bob’s reply is a 0, therefore

an eavesdropper was present on the quantum channel and

changed the state of a bit by observing it.

Bits 1 1 0 1 0

Basis + X X X X

•Oscar is able to block the quantum channel as easily as blocking the

laser beam, or cutting the fibre optic cable

•Force Alice and Bob to use a classical method of cryptography

•Oscar can generate enough interference on the quantum channel that

once the probability that Bob can guess the correct bits drops below

17%, a secure key cannot be established.

•Csiszár and Körner (1978)

[1] Scarani et al. The Security of Practical Quantum Key Distribution. Reviews of Modern Physics, Vol. 81, 2009.

[2] Mermin, David N. Lecture Notes on Quantum Computation, Cornell University, 2006

[3] A. Einstein, B. Podolsky, N. Rosen. Can Quantum-Mechanical Description of Physical Reality Be Considered Complete? Institure for Advanced Study, Princeton, NJ. 1935

[4] Csiszár, I., and J. Körner, IEEE Transactions on Information Theory. 1978.

[5] Wootters, W. K., and W. H. Zurek, Nature. London, 1982

1. What does Shor‟s Algorithm do?2. What are the states of a Qubit?3. How does a Man-in-the-middle attack work over a

Quantum channel?4. What does the No-Cloning theorem prevent, and why does

it work?5. If you send Bob the bits below, what is your raw key?

6. If a specific bit of Bob‟s raw key is incorrect, what can you determine about the key exchange over the quantum channel?

Bits 1 1 0 1 1 1 0 0 1 0 1 0

Bias X + X + X X X X + + X X

Bits 1 0/1 0 1 1 1 0 0 1 0 1 0/1

Bias X X + + X X X X + + X +

Bob’s Response:

1. Factors large primes efficiently in O(logN)3

2. 0, 1 and BOTH = 3 states3. Captures Qubits with a guessed bias, and retransmits them

on the same guessed bias.4. Prevents copying of photons because they are destroyed

upon measuring them.5. If you send Bob the bits below, what is your raw key?

6. An eavesdropper was listening on the quantum channel.

Bits 1 1 0 1 1 1 0 0 1 0 1 0

Bias X + X + X X X X + + X X

raw key=11100101