Quantum Cryptography
Qingqing Yuan
Outline
No-Cloning Theorem
BB84 Cryptography Protocol
Quantum Digital Signature
One Time Pad Encryption
Conventional cryptosystem:
Alice and Bob share N random bits b
1
b
N
Alice encrypt her message m
1
m
N
b
1
m
1
,,b
N
m
N
Alice send the encrypted string to Bob
Bob decrypts the message: (m
j
b
j
)b
j
= m
j
As long as b is unknown, this is secure
Can be passively monitored or copied
Two Qubit Bases
Define the four qubit states:
{0,1}(rectilinear) and {+,-}(diagonal) form an
orthogonal qubit state.
They are indistinguishable from each other.
=
+ = +
) 1 0 (
) 1 0 (
1
0
2
1
2
1
No-Cloning Theorem
|q) = |0)+|1)
To determine the amplitudes of an unknown
qubit, need an unlimited copies
It is impossible to make a device that
perfectly copies an unknown qubit.
Suppose there is a quantum process that
implements: |q,_)|q,q)
Contradicts the unitary/linearity restriction of
quantum physics
Wiesners Quantum Money
A quantum bill contains a serial number N, and
20 random qubits from {0,1,+,-}
The Bank knows which string {0,1,+,-}
20
is
associated with which N
The Bank can check validity of a bill N by
measuring the qubits in the proper 0/1 or +/-
bases
A counterfeiter cannot copy the bill if he
does not know the 20 bases
Quantum Cryptography
In 1984 Bennett and Brassard
describe how the quantum money idea
with its basis {0,1} vs. {+,-} can be used
in quantum key distribution protocol
Measuring a quantum system in general
disturbs it and yields incomplete
information about its state before the
measurement
BB84 Protocol (I)
Central Idea: Quantum Key Distribution
(QKD) via the {0,1,+,-} states between
Alice and Bob
Alice
Bob
Quantum Channel
Classical public channel
Eve
O(N) classical and quantum communication
to establish N shared key bits
BB84 Protocol (II)
1) Alice sends 4N random qubits e{0,1,+,-} to Bob
2) Bob measures each qubit randomly in 0/1 or +/-
basis
3) Alice and Bob compare their 4N basis, and continue
with ~2N outcomes for which the same basis was
used
4) Alice and Bob verify the measurement outcomes on
random (size N) subset of the 2N bits
5) Remaining N outcomes function as the secrete key
Quantum
Public & Classical
Shared Key
Security of BB84
Without knowing the proper basis, Eve
not possible to
Copy the qubits
Measure the qubits without disturbing
Any serious attempt by Eve will be
detected when Alice and Bob perform
equality check
Quantum Coin Tossing
Alices bit: 1 0 1 0 0 1 1 1 0 1 1 0
Alices basis: Diagonal
Alice sends: - + - + + - - - + - - +
Bobs basis: R D D R D R D R D D R R
Bobs rect. table: 0 1 0 1 1 1
Bobs Dia. table: 0 1 0 1 0 1
Bob guess: diagonal
Alice reply: you win
Alice sends original string to verify.
Quantum Coin Tossing (Cont.)
Alice may cheat
Alice create EPR pair for each bit
She sends one member of the pair and
stores the other
When Bob makes his guess, Alice measure
her parts in the opposite basis
Arguments Against QKD
QKD is not public key cryptography
Eve can sabotage the quantum channel
to force Alice and Bob use classical
channel
Expensive for long keys: (N) qubits
of communication for a key of size N
Practical Feasibility of QKD
Only single qubits are involved
Simple state preparations and
measurements
Commercial Availability
id Quantique: [Link]
Outline
No-Cloning Theorem
BB84 Cryptography Protocol
Quantum Digital Signature
Pros of Public Key Cryptography
High efficiency
Better key distribution and management
No danger that public key is compromised
Certificate authorities
New protocols
Digital signature
Quantum One-way Function
Consider a map f: k f
k
).
k is the private key
f
k
) is the public key
One-way function: For some maps f, its
impossible (theoretically) to determine
k, even given many copies of f
k
)
we can give it to many people without
revealing the private key k
Digital Signature (Classical scheme)
Lamport 1979
One-way function f(x)
Private key (k
0
, k
1
)
Public key (0,f(k
0
)), (1,f(k
1
))
Sign a bit b: (b, k
b
)
Quantum Scheme
Gottesman & Chuang 2001
Private key (k
0
(i)
, k
1
(i)
) (i=1, ..., M)
Public key
To sign b, send (b, k
b
(1)
, k
b
(2)
, ..., k
b
(M)
).
To verify, measure f
k
) to check k = k
b
(i)
.
{ } ) )
i i
k k
f f
1 0
| , |
Levels of Acceptance
Suppose s keys fail the equality test
If ssc
1
M: 1-ACC: Message comes from
Alice, other recipients will agree.
If c
1
M < s s c
2
M: 0-ACC: Message
comes from Alice, other recipients might
disagree.
If s > c
2
M: REJ: Message might not
come from Alice
Reference
[BB84]: Bennett C. H. & Brassard G.,
Quantum cryptography: Public key
distribution and coin tossing
Daniel Gottesman, Isaac Chuang,
Quantum Digital Signatures
[Link]
sonal/dgottesman/[Link]
Discussions
Thank you!