COMPSCI 290.2: Computer Security “Quantum Cryptography” including Quantum Communication Quantum Computing Page 1 Quantum Communication NOT used to encrypt data! Goal, instead, is to detect eavesdroppers Can be used to exchange a private key Page 2 Uncertainty Principle In quantum mechanics, certain pairs of properties of particles cannot both be known simultaneously, e.g., – Position and momentum of an electron (Heisenberg) If a measurement determines (with precision) the value of one of the properties, then the value of the other cannot be known Page 3 Photon Spin (Polarization) Photons can be given either “rectilinear’’ or “diagonal’’ spin as they travel down a fiber. Rectilinear: or Diagonal: or Measuring rectilinear spin with a rectilinear filter yields polarization of photon. blocked Page 4 What if the wrong filter is used? or (blocked) (equal probability) Page 5 Quantum Key Exchange The goal is to enable Alice and Bob to agree on a private key, even in the face of an eavesdropper, Eve. Like Diffie-Hellman, the protocol is still susceptible to a “man-in-the-middle” attack. But unlike Diffie-Hellman, the protocol does not depend on the difficulty of computing discrete logarithms or any other computational problem. Page 6 BB84 Protocol (Bennet and Brassard) 1. Alice sends Bob a stream of photons randomly polarized in one of 4 polarizations: bit encoding: 0 1 0 1 2. Bob measures the photons in random orientations e.g.: x + + x x x + x (orientations used) \ | - \ / / - \ (measured polarizations) 1 0 1 1 0 0 1 1 (encoded bit values) 3. Bob tells Alice in the open what orientations he used, but not what bit values he measured 4. Alice sends Bob in the open a list of positions at which the orientations are correct Page 7 Detecting an Eavesdropper Alice selects some subset of k of the shared bits and reveals them to Bob in the open. If Bob notices any differences, then Eve must have changed a bit by guessing the wrong polarization when eavesdropping. Eve has little hope of guessing the same polarization as Bob all k times. Each measurement has a ¼ chance of changing a bit value. The probability of not changing any values is (3/4)k – which can be very small if k is chosen large enough Page 8 In the “real world” In April 2014 China began installing a 2000kilometer quantum communications link between Beijing and Shanghai Page 9 Quantum Computers The state of a computer consists of the contents of its memory and storage, including values of registers (including the program counter), memory, disk contents, etc. In a conventional computer each memory “unit” holds one value (e.g., 0 or 1) at a time. Computation consists of a sequence of state transitions. But in a quantum computer, a memory unit holds a “superposituion” of possible values. Page 10 Qubit (somewhat simplified) A single quantum “bit” which is 1 with probability p and 0 with probability 1-p. When measured, outcome is either 0 or 1. Measuring a qubit changes its value! If outcome is 0, p is set to 0, if outcome is 1, p is set to 1. A qubit could be implemented using a photon to carry a horizontal or vertical polarization. Page 11 Quantum Entanglement Suppose two bits have value 00 with probability ½ and 11 with probability ½. If the bits are separated and measured at different locations, the measurements must yield the same values. E.g., if first measurement is 0, second must also be 0. Entanglement also allows multiple states (e.g., 00 vs. 11) to be acted on simultaneously. Difficulty in building a quantum computer is maintaining quantum entanglement in the face of environmental noise (quantum decoherence). Page 12 More on Qubits A qubit is a superposition of two basis states, and , which can be thought of as north and south poles of a unit sphere. https://commons.wikimedia.org/wiki/File:Bloch_sphere.svg I.e., qubit is , where v0 and v1 are complex numbers such that |v0|2 + |v1|2 = 1. (|v0|2 and |v1|2 are probabilities of qubit being 0 or 1) can be written as Page 13 Quantum Gates Qubits are manipulated with quantum logic gates. Gates are just multiplications by unitary matrices. Hadamard matrix like H, e.g., maps to and to Page 14 Factoring Large Primes In 1994 Peter Shor showed that a quantum computer can factor a number n in O(log3 n) time. A similar result holds for solving the discrete logarithm problem. If a large-enough quantum computer can be built, then RSA and Diffie-Hellman key-exchange will no longer be secure. (But largest number factored with this algorithm as of 2015 was 21!) Page 15 Details of Shor’s Algorithm 1. Pick a random number 1 < a < n 2. If a is a factor of n, what a lucky guess! 3. Use a quantum circuit to find smallest r > 1 such that ar = 1 mod n 4. If r is odd or ar/2 = -1 mod n, go back to step 1 5. GCD(ar/2 + 1, n) and GCD(ar/2 - 1, n) are factors of n Example: n = 15, a = 7, r = 4 a1 = 7 mod n, a2 = 4 mod n, a3 = 13 mod n, a4 = 1 mod n a4/2+1 = 50, a4/2-1 = 48 GCD(50,15) = 5, GCD(48,15) = 3 Page 16 Controversial Quantum Computer D-Wave Systems, Inc., purports to build a quantum computer based on a 128-qubit chipset. No convincing demonstration of speed-up over conventional computer yet. Unresolved debate about whether there is actually quantum entanglement among the qubits. (Evidence seems to be leaning towards yes?) Page 17