Department of Software The University of Babylon LECTURE NOTES ON Quantum Cryptography By Dr. Samaher Hussein Ali College of Information Technology, University of Babylon, Iraq Samaher_hussein@yahoo.com 17 December 2012 Introduction • One: hard problems in mathematics – Breaking the system requires an efficient algorithm for solving a hard problem – e.g. Factoring large numbers, discrete logarithms – Examples: RSA, El Gamal – Used in public key systems – Slow • Two: information theory – Texts scrambled by repeated application of bit shifts and permutations – Examples: DES, AES – Used in private key systems – Fast 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Technology Determines What is Breakable RSA Cryptosystem C = Me mod n d = e-1 mod ((p-1) (q-1)) RSA vs. supercomputer: 40 Tflop/s (4 x 1012 flop/sec) – RSA wins! RSA vs. Quantum Computer – computer wins! 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Modern Ciphers vs. Quantum Computer • “Hard problem” variety – Exponential speedup – easily breaks algorithms such as RSA – If information requires long term protection (e.g. 20+ years), these algorithms are already dead • “Information theory” variety – Quadratic speedup (so far) – Longer keys can keep them useful 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Quantum Crypto – Why? Quantum Cryptography • is one of the new field in the cryptography to design the system promises of new level of security in the communication system • Protect against attack by quantum computer – or any future machine • Eavesdropping detection – Hard to do now • High volume key distribution – If it can be made fast enough 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Quantum Mechanics for Cryptography – Measurement Basis • Basis – frame of reference for quantum measurement • Example – polarization vertical/horizontal vs. diagonal – Horizontal filter, light gets through = 0 – Vertical filter, light gets through = 1 – 45 deg. filter, light = 0 – 135 deg. filter, light = 1 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 No cloning theorem • It is not possible to create perfect copies of a quantum state in transit for the purpose of measurement, while sending on the original. Consequently, current practical quantum cryptography setups are point to point based or at best within a Local Area Network since optical fiber amplifiers cannot be used. 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Entanglement • Two or more quantum systems can be entangled Causality and Superposition Causality, together with the superposition principle can be used for secure key distribution. If the two terms that constitute a superposition state are sent with a time delay relative to each other, and if they are not essentially connected, then Eve cannot spy on them. 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 A Quantum Key Distribution with Single Photons • The transmitter is traditionally called Alice and the receiver Bob, while the intruder is called Eve. Single photons Quantum key distribution with single polarized photons was originally proposed by Bennett and Brassard in 1984 (BB84 protocol). There are two data transmission channels involved: the classical (high density) and quantum (low density) channels. 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 BB84 protocol • Alice sends randomly one of the four quantum states Bit value ‘0’ 0 , 1 2 Bit value ‘1’ 1 , 1 2 0 1 0 1 • with equal probability, • When Bob receives a state from Alice, he chooses randomly either 0 , 1 , • And also Bob result correlates with the bit Alice sent only when he picked the right basis i.e. the one used by Alice. After Bob has measured the necessary number of states, Alice communicates with Bob via the classical channel and tells him when she used which basis. They discard the cases in which they used different bases, and therefore establish a secret key, called the sifted key. 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Comparing measurements Alice’s Bit 0 1 0 1 1 Alice’s Basis + × × + × Bob’s Basis + + × + × Bob’s Bit 0 0 0 1 1 Photon The test bits allow Alice and Bob to test whether the channel is secure. 17 December 2012 Dr. Samaher Hussein Ali Test bits Notes of Lecture 12 Getting the Final Key Alice’s Bit 0 1 0 1 1 Alice’s Basis + × × + × Bob’s Basis + + × + × Bob’s Bit 0 0 0 1 1 Photon Test bits discarded Final Key = 01 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 Quantum Eavesdropping • It is impossible for Eve to gain perfect knowledge of the quantum state sent by Alice to Bob. However, Eve can gain partial knowledge via a probing auxiliary quantum system in contact with the signal so that they interact, and then perform a projection measurement on the auxiliary system to retrieve some information. • Ideally we can always identify Eve by the occurrence of errors during transmission. But this is not that easy in the real world. There will always be detector noise, misalignments of detectors and transmission losses. It is not even possible in principle to distinguish errors due to noise from errors due to intrusion. We therefore have to assume that all errors are due to eavesdropping. • Since it is necessary that Alice and Bob share an identical string of bits, they must rectify any discrepancy in their sifted key. This concerns error correction and uses the public channel. 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12 QKD vs. Public/Private Key protocols 17 December 2012 Dr. Samaher Hussein Ali Notes of Lecture 12