Quantum Crypto ?? Quantum Cryptography or How Alice Outwits Eve Cani Samuel J. Lomonaco, Jr. Dept. of Comp. Sci. Sci. & Electrical Engineering University of Maryland Baltimore County Baltimore, MD 21250 Email: [email protected] WebPage: WebPage: http://www.csee.umbc.edu/~lomonaco http://www.csee.umbc.edu/~lomonaco L-O-O-P Introducing Alice & Bob This work is supported by: The Defense Advance Research Projects Agency (DARPA) & Air Force Research Laboratory (AFRL), Air Force Materiel Command, USAF Agreement Number F30602-01-2-0522. • • The National Institute for Standards and Technology (NIST) • The Mathematical Sciences Research Institute (MSRI). • L-O-O-P • rob Th Alice Sender ! Bob Receiver Eve Bah ! Humbug ! The L-O-O-P Fund. The Institute of Scientific Interchange Eavesdropper Introducing Alice & Bob rob Th Alice Sender ! Key Idea Roberto Bob Quantum cryptography provides a new mechanism enabling the parties communicating with one another to: Receiver Eve Pia Spia Bah ! Humbug ! Automatically detect eavesdropping. eavesdropping. Consequently, it provides a means of determining when an encrypted communication has been compromised. Eavesdropper 1 The Dilemma How do I prevent Eve from eavesdropping ??? How can I outwit Eve ??? ?? ? ? Alice Takes a Cryptography Course ? ? Alice Alice The Classical World Classical Shannon Bit Decisive Individual 0 or 1 Classical Bits Can Be Copied In Copying Machine Out Cryptographic Systems 2 A Classical Cryptographic Communication System Eavesdropper Eve Transmitter Alice Info Source Key Insecure Channel Encrypter P = Plaintext Il cane che si morde la coda Receiver Bob Decrypter C = Ciphertext P = Plaintext Catch 22 Info Sink There are perfectly good ways to communicate in secret provided we can already communicate in secret … Secure Channel Classical Crypto Systems Types of Communication Security • Practical Secrecy Secrecy (Circa 106 BC) Ciphertext breakable after x years CHECK LIST • Catch 22 Solved ? • Authentication ? • Eavesdropping Detection ? NO Examples: Examples: Data Encryption Standard (DES), Advanced Data Encryption Standard (AES) NO NO • Perfect Security (Shannon, 1949) Ciphertext C without key gives no information about plaintext P Prob ( P|C ) = Prob ( P ) An Example of Perfect Security The Vernam Cipher, Cipher, a.k.a., the OneOne-TimeTime-Pad Consider a random sequence of bits Key = K = K 1 K 2 Kn Encrypting algorithm C i = Pi + K i mod 2 ⊕ P K = 0110 0101 1101 = 1010 1110 0100 C = 1100 1011 1001 • Perfectly secure if key K is unknown • Easy to decode with Key = K Difficulties • PROBLEM: Long random bit sequences must be sent over a secure channel • CATCH 22: There are perfectly good ways to communicate in secret provided we can communicate in secret … • KEY PROBLEM in CRYPTOGRAPHY: We need some way to securely communicate key 3 Objective of All Crypto Systems: Safety Objective of All Crypto Systems: Safety Old Idea: New Idea: Unconditional Security Computational Security The crypto system can resist any cryptanalitic attack no matter how much computation is involved. The crypto system is unbreakable because of the computational cost of cryptanalysis, cryptanalysis, but would succumb to an attack with unlimited computation. Computational Security Computational Security (DiffieDiffie-Hellman, Hellman, circa 1970) For example, the crypto system: Public Key Crypto Systems • Requires 10 years to be broken on the fastest known computer 30 • Or, requires 10 • Or, requires 10 100 30 EB C bits of memory to break euros to break Idea comes from a field in computer science called Computational Complexity. Complexity. Public Key Crypto Systems P Info Source Example: RSA Public Phone Directory Insecure Channel Encrypter System computationally safe implies safe for all practical purposes … C Eavesdropper Eve Transmitter Alice C Decrypter DB P Info Sink Receiver Bob Alice Takes a Quantum Mechanics Course CHECK LIST • Catch 22 Solved ? •Authentication ? •Eavesdropping Detection ? Yes & No Yes No Alice 4 Introducing the Quantum Bit The Quantum World … The Qubit Look Here Indecisive Individual Can be both 0 & 1 at the same time ! Quantum Representations of Qubits Example 1. A spinspin- 1 particle 2 Quantum Representations of Qubits Example 2. The polarization state of a photon Vertical Polarization Spin Up Spin Down 1 1 0 0 Where does a Qubit live ? Def. A Hilbert Space is a vector space H over together with an inner product − , − : H × H → such that 1= Horizontal Polarization 0= ↔ H= Home u1 +u2, v = u1, v + u2, v & v,u1 +u2 = v, u1 + v,u2 2) u, λ v = λ u, v 3) u, v ∗ = v , u 4) ∀ Cauchy seq u1 , u2 ,… in H , lim un ∈ H n→∞ 1) A Qubit is a quantum system whose state is represented by a Ket lying in a 22-D Hilbert Space H The elements of H will be called kets, kets, and will be denoted by label 5 “Collapse” Collapse” of the Wave Function Superposition of States 2 α 0 0 + α1 1 = 2 It is simultaneously both 0 and 1 !!! = Pr ob |a | i 2 α 0 + α1 = 1 The above Qubit is in a Superposition of states 0 1 and Observer !!! = α 0 0 + α1 1 W ho os h where Qubit ??? In de ci siv e A typical Qubit is i Another Activity in Quantum Village: Measurement Measurement Measurement Connecting Quantum Village to the Classical World Group of Friendly Physicists Observables Another Activity in Quantum Village: Measurement Measurement ??? What does our observer actually observe ? Observables = Hermitian Operators O A H → H where Group of Angry Physicists T OA = OA 6 ??? Observables (Cont.) What does our observer actually observe ? What does our observer observe ? The state of an n-Qubit register can be written in the eigenket basis as Let ϕ i be the eigenkets of O A, and let a i denote the corresponding eigenvalues , i.e., O A ϕ i = ai ϕ i Caveat: Caveat: We only consider observables whose eigenkets form an orthonormal basis of H Ψ = ∑ i αi ϕi 2 So with probability pi = α i , the observer observes the eigenvalue ai , and ϕi Measurement Revisited Observable ??? Observables (Cont.) MacroWorld λj O h os o h W ! Important Feature of Quantum Mechanics Eigenvalue It is important to mention that: Physical Reality In Philosopher Turf ψ BlackBox Q. Sys. State where O = Quantum World ∑ j Prob= ψ Pj ψ Out ψ j = Pj ψ ψ Pj ψ Q. Sys. State We cannot completely control the outcome of quantum measurement λ j P j Spectral Decomposition More Dirac Notation More Dirac Notation Let H* = Hom ( H, We call the elements of denote them as ) H* Hilbert Space of morphisms from H to Bra’ Bra’s, and label 7 Dirac Notation (Cont.) More Dirac Notation There is a dual correspondence between t Ke ψ † ↔ψ H * and H Br a H* × H → ( ψ 1 )( ψ 2 ) ∈ There exists a bilinear map defined by • Consider a Quantum System in the state Ket ψ • Suppose we measure many of these states with the observable A • Then the average value of all these which we more simpy denote by measurements w.r.t. w.r.t. A is: ψ 1 |ψ 2 ψ ( A ψ ) = ψ | A|ψ = A BraBra-c-Ket Ket Bra Heisenberg’ Heisenberg’s Uncertainty Principle Definition. Definition. Observables A and B are compatible if Hermitian Operator Avg. of A The NoNo-Cloning Theorem =1 [ A, B ] = AB − BA = 0 Dieks, Dieks, Wootters, Wootters, Zurek Otherwise, A and B are incompatible. incompatible. Let In ∆A = A − A Copying Machine Heisenberg’ Heisenberg’s Uncertainty Principle ( ∆A ) 2 ( ∆B ) 2 ≥ 1 4 [ A, B ] 2 Out ( ∆A ) is the Standard Deviation. Deviation. It is a measure of the uncertainty of the observable A . 2 Particle vs Wave Picture of Matter Young’ Young’s 22-slit Experiment An Example of Heisenberg’s Uncertainty Principle E E E E B L O C K E 8 Particle vs Wave Picture of Matter Young’ Young’s 22-slit Experiment E E B L O C K E Particle vs Wave Picture of Matter Young’ Young’s 22-slit Experiment E E Particle not observed An interference appears But a wave pattern observed Particle vs Wave Picture of Matter Young’ Young’s 22-slit Experiment O bs er ve Application of Heisenberg’ Heisenberg’s Uncetainty Principle Observables =1 X Position Operator P Momentum Operator Note: observables; for: Note: X and P are incompatible observables; [ X , P ] = −i ≠ 0 Therefore, by Heisenberg’ Heisenberg’s Uncertainty Principle: Principle: 1 1 2 2 ( ∆X ) ( ∆ P ) ≥ [ X , P ] = 4 4 What happens if we observe which of the two slits each electron passes ? Uncertainty in Position The interference pattern disappears !! Wave not observed; But a particle is observed ! Alice Daydreams How do I prevent Eve from eavesdropping ??? How can I outwit Eve ??? ?? ? ? Alice ? ? Uncertainty in Momentum Ergo, to know precisely which of the two slits the electron passed through, forces the momentum to be uncertain Alice Has an Idea But How ??? Idea: Couldn’ Couldn’t I somehow use Heisenberg’ Heisenberg’s Uncertainty Principle to detect Eve’ Eve’s eavesdropping ??? Alice 9 Alice Bob Bob Alice Eve What if I use the the electron gun to send Bob a message, i.e., an interference pattern ??? Alice Invents the BB84 Quantum Crypto Protocol What if the evil Eve tries to listen in ??? Aha! Bob knows the evil Eve is listening in !!! A Quantum Crypto System for the BB84 Protocol TwoTwo-Way Communication BB84 = BennettBennett-Brasard 1984 Second Stage Alice Public Channel Second Stage Eve First Stage Quantum Channel Bob First Stage OneOne-Way Communication The Quantum Channel • Alice will communicate over the quantum channel by sending 0’s and 1’s, each encoded as a quantum polarization state of an individual photon. photon. • Reminder: We note that the polarization state of an individual photon is an element of a 22-D Hilbert space H . ψ Two Bases of 22-D Hilbert Space H • The vertical and horizontal polarization states and ↔ form a basis of H which we will call the vertical/horizontal (V/H) V/H) basis • The slanted polarization states and also form a basis of H which we will call the oblique basis 10 Quantum Channel Encoding Conventions Using Heisenberg’ Heisenberg’s Uncertainty Principle • For the V/H basis , Alice & Bob agree to communicate via the following quantum alphabet • Because of Heisenberg’ Heisenberg’s uncertainty principle, Alice & Bob know that observations with respect to the basis are incompatible with observations with respect to the basis. "1" = "0" = ↔ • For the oblique basis , Alice & Bob agree to communicate via the following quantum alphabet • So Alice communicates to Bob by randomly choosing between the two quantum alphabets and . "1" = "0" = BB84: Eve Not Present (No Noise is Assumed) BB84: Eve Is Present (No Noise is Assumed) Alice If Eve is eavesdropping, then she will create (because of Heisenberg’ Heisenberg’s uncertainty principle) an error rate between Alice’ Alice’s & Bob’ Bob’s RAW KEY. KEY. ↔ 1 0 0 1 1 0 0 ↔ 1 0 1 W C W C C C C WC W Bob 1 0 0 1 1 1 0 0 1 1 0 0 0 0 0 0 Thus, Alice and Bob can determine Eve’ Eve’s presence by publicly comparing a small portion of their respective RAW KEYs KEYs. If there are errors, they know Eve is present, discard their RAY KEYs, KEYs, and start all over again. If there are no errors, they will then discard the publically disclosed portion. Then the undisclosed portion of their RAW KEYs agree, and is now an uncompromised secret FINAL KEY shared by Alice and Bob. Raw Key Summary Public Discussion Topic: Which Observable Did You Use ? Classical Public Channel Alice Second Communication 2-Way Bob Quantum Channel First Communication 1-Way What Happens if Eve Listens In ? 50% of Bits Discarded Result: Result: Raw Key Their Raw Keys agree if Eve not eavesdropping 11 BB84: Eve Is Present (No Noise is Assumed) Alice’ Alice’s Raw Key - 0 - 1 1 0 0 - 0 Choosing Quantum Alphabets - Raw Key Alice Prob=1/2 Prob=1/2 ↔ 1 0 0 1 1 0 1 1 1 ↔ 0 0 1 1 0 1 0 1 1 0 Raw Key Prob=1/2 Prob=1/2 50% Prob=1/2 Prob=1/2 Eve Prob=1/2 Prob=1/2 0 Raw Key 50% Prob=1/2 Prob=1/2 Bob Bob’ Bob’s Raw Key 100% Prob=1/2 Prob=1/2 Prob=1/2 Prob=1/2 1 0 1 1 1 1 1 0 0 0 - 0 - 1 1 1 1 - 0 - Raw Key Alice’ Alice’s Choice Eve’ Eve’s Choice Bob’ Bob’s Choice 100% The BB84 Protocol Step by Step BB84: Eve Is Present (No Noise is Assumed) No Noise • Over the quantum channel, Alice sends her message to Bob, randomly choosing between the quantum alphabets Hence, if Eve eavesdrops, eavesdrops, then Alice & Bob’ Bob’s Raw Keys disagree by 25%. • Over the public channel, Bob communicates to Alice which quantum alphabets he used for each measurement. • Over the public channel, Alice responds by telling Bob which of his measurements were made with the correct alphabet. • Alice & Bob then delete all bits for which they used incompatible quantum alphabets to produce their resulting RAW KEYs KEYs. • If Eve has not eavesdropped, their their two RAW KEYs KEYs will be the same. The BB84 Protocol Step by Step (Cont.) No Noise • Over the public channel, Alice & Bob compare small portions of their RAW KEYs KEYs, and then delete the disclosed bits from their RAW Key to produce their FINAL KEY. KEY. • If Alice & Bob find through their public disclosure that no errors were revealed, then they know Eve was not present, and now share a common secret FINAL KEY. KEY. The BB84 With Noise Raw Key is Noisy • Bob can not distinquish between • Error caused by Noise • Error caused by Eve • Bob adopts the working assumption • All errors caused by Eve • Ergo, Eve has some portion of RAW KEY 12 Solution: Privacy Amplification Preamble to Privacy Amplification • Alice & Bob begin by permuting RAW KEY with a publically disclosed random permutation. Privacy Amplification: Amplification: Distilling a smaller secret key from a larger partially secret key. • Alice & Bob publicly compare blocks of RAW KEY to estimate error rate Q. • Alice & Bob discard any portion of the RAW KEY that has been publicly disclosed. • Q ≥ Threshold ⇒ Privacy Amplification not possible! Restart everything ! Privacy Amplification Begins If Q < Threshold, Threshold, then Privacy Amplification is possible • Based on Q , Alice & Bob estimate that bits out of n are known by Eve. ≤k • Let s = a security parameter to be adjusted as required. • Alice & Bob compute the parities of publicly chosen random subsets. Change in Role for Crytanalysts • Old Role: • New Role: Crack ciphers ! Detect eavesdroppers ! n-k-s • Both Alice & Bob keep these parities secret. These parities form the FINAL SECRET KEY. Quantum Crypto Protocols The B92 Prtocol • BB84 • Uses 22-D Hilbert space • B92 • Use only one Quantum Alphabet • EPR • Others polarized photons H for θ 1= where 0 < θ < π / 2 0 = | = sin ( 2θ ) 13 Measurement: POVM Binary Erasure Chanel (BEC) p 1 = A = A = 1− 1+ | 1− 1+ | NonNon-Commuting Observables A? = 1 − A − A r r 0 = ? p p= |A | r= | = |A | = sin ( 2θ ) = R0 • There are eavesdropping strategies that do modify inconclusive results (i.e., % of erasures). • There are eavesdropping strategies which do not. Eavesdropping Strategies • Opaque eavesdropping • Translucent eavesdropping without entanglement • Translucent eavesdropping with Opaque Eavesdropping Eve intercepts Alice’ Alice’s message, and then masquerades as Alice by sending on her received message to Bob entanglement • Lie low eavesdropping strategies • Other eavesdropping strategies ? Translucent Eavesdropping Without Entanglement Translucent Eavesdropping With Entanglement Eve makes the information carrier interact unitarily with her probe, and then lets it proceed on to Bob in a slightly modified state To increase her information, Eve may attempt to entangle the state of her probe and the carrier that she is resending: where probe. ψ 0 ψ ⇒ 0' ψ + 0 ψ ⇒α 0' ψ+ + β 1' ψ− 1 ψ ⇒ 1' ψ − 1 ψ ⇒β 1' ψ− +α 0' ψ+ denotes the state of the where probe. ψ denotes the state of the 14 Optical Implementations • Over 100 kilometers of fiber Next ??? optic cable • Earth/Satellite Communication • Over 2 kilometers of free space • Single photon sources • There are many testbed implementations both in USA and the EU Difficulties • MultiMulti-User Quantum Crypto Protocols • A more rigorous mathematical proof that quantum crypto protocols are impervious to all possible eavesdropping strategies. Lomonaco, Samuel J., Jr., An Entangled Tale of Quantum Entanglement, Entanglement, in AMS PSAPM/58, (2002), pages 305 – 349. The End Quantum Computation and Information, Information, Samuel J. Lomonaco, Jr. and Howard E. Brandt (editors), AMS CONM/305, (2002). 15 Other PowerPoint Talks to Be Found at http://www.csee.umbc.edu/~lomonaco http://www.csee.umbc.edu/~lomonaco Elementary • A Rosetta Stone for Quantum Computation • Three Quantum Algorithms • Quantum Hidden Subgroup Algorithms • An Entangled Tale of Quantum Entanglement Advanced 16
© Copyright 2026 Paperzz