Cyril Branciard,Nicolas Gisin,Valerio Scarani

DOI: https://doi.org/10.48550/arXiv.0710.4884

2007-10-25

Quantum Physics

Abstract:The Differential-Phase-Shift (DPS) and the Coherent-One-Way (COW) are among the most practical protocols for quantum cryptography, and are therefore the object of fast-paced experimental developments. The assessment of their security is also a challenge for theorists: the existing tools, that allow to prove security against the most general attacks, do not apply to these two protocols in any straightforward way. We present new upper bounds for their security in the limit of large distances ($d \gtrsim 50$km with typical values in optical fibers) by considering a large class of collective attacks, namely those in which the adversary attaches ancillary quantum systems to each pulse or to each pair of pulses. We introduce also two modified versions of the COW protocol, which may prove more robust than the original one.

Fei Gao,Fenzhuo Guo,Qiaoyan Wen,Fuchen Zhu

DOI: https://doi.org/10.48550/arXiv.quant-ph/0505053

2005-05-09

Quantum Physics

Abstract:In the paper [Phys. Rev. A 65, 052331(2002)], an entanglement-based quantum key distribution protocol for d-level systems was proposed. However, in this Comment, it is shown that this protocol is insecure for a special attack strategy.

Matthias Christandl,Renato Renner,Artur Ekert

2004-01-01

Abstract:Quantum key distribution allows two parties, traditionally known as Alice and Bob, to establish a secure random cryptographic key if, firstly, they have access to a quantum communication channel, and secondly, they can exchange classical public messages which can be monitored but not altered by an eavesdropper, Eve. Quantum key distribution provides perfect security because, unlike its classical counterpart, it relies on the laws of physics rather than on ensuring that successful eavesdropping would require excessive computational effort. However, security proofs of quantum key distribution are not trivial and are usually restricted in their applicability to specific protocols. In contrast, we present a general and conceptually simple proof which can be applied to a number of different protocols. It relies on the fact that a cryptographic procedure called privacy amplification is equally secure when an adversary’s memory for data storage is quantum rather than classical [1].

Horace Yuen

DOI: https://doi.org/10.1103/PhysRevA.82.062304

2010-12-08

Abstract:We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce guarantee on the attacker's probability of correctly estimating some portion of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help getting at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the QKD key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.

Quantum Physics

Zhen-Qiang Yin,Hong-Wei Li,Zheng-Fu Han,Guang-Can Guo

DOI: https://doi.org/10.1103/PhysRevA.82.042335

2010-07-19

Abstract:Recently, a "counterfactual" quantum key distribution scheme was proposed by Tae-Gon Noh [1]. In this scheme, two legitimate distant peers may share secret keys even when the information carriers are not traveled in the quantum channel. We find that this protocol is equivalent to an entanglement distillation protocol (EDP). According to this equivalence, a strict security proof and the asymptotic key bit rate are both obtained when perfect single photon source is applied and Trojan-horse attack can be detected. We also find that the security of this scheme is deeply related with not only the bit error rate but also the yields of photons. And our security proof may shed light on security of other two-way protocols.

Quantum Physics

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Dominic Mayers,Andrew Yao

DOI: https://doi.org/10.1109/SFCS.1998.743501

1998-01-01

Abstract:Quantum key distribution, first proposed by C.H. Bennett and G. Brassard (1984), provides a possible key distribution scheme whose security depends only on the quantum laws of physics. So far the protocol has been proved secure even under channel noise and detector faults of the receiver but is vulnerable if the photon source used is imperfect. In this paper we propose and give a concrete design for a new concept, self-checking source, which requires the manufacturer of the photon source to provide certain tests; these tests are designed such that, if passed, the source is guaranteed to be adequate for the security of the quantum key distribution protocol, even though the testing devices may not be built to the original specification. The main mathematical result is a structural theorem which states that, for any state in a Hilbert space, if certain EPR-type equations are satisfied, the state must be essentially the orthogonal sum of EPR pairs

Marc Kaplan,Gaëtan Leurent,Anthony Leverrier,María Naya-Plasencia

DOI: https://doi.org/10.13154/tosc.v2016.i1.71-94

2017-03-07

Abstract:Quantum computers, that may become available one day, would impact many scientific fields, most notably cryptography since many asymmetric primitives are insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other hand, symmetric primitives seem less vulnerable against quantum computing: the main known applicable result is Grover's algorithm that gives a quadratic speed-up for exhaustive search. In this work, we examine more closely the security of symmetric ciphers against quantum attacks. Since our trust in symmetric ciphers relies mostly on their ability to resist cryptanalysis techniques, we investigate quantum cryptanalysis techniques. More specifically, we consider quantum versions of differential and linear cryptanalysis. We show that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced: we don't get a quadratic speed-up for all variants of the attacks. This allows us to demonstrate the following non-intuitive result: the best attack in the classical world does not necessarily lead to the best quantum one. We give some examples of application on ciphers LAC and KLEIN. We also discuss the important difference between an adversary that can only perform quantum computations, and an adversary that can also make quantum queries to a keyed primitive.

Quantum Physics,Cryptography and Security

D. P. Nadlinger,P. Drmota,B. C. Nichol,G. Araneda,D. Main,R. Srinivas,D. M. Lucas,C. J. Ballance,K. Ivanov,E. Y-Z. Tan,P. Sekatski,R. L. Urbanke,R. Renner,N. Sangouard,J-D. Bancal

DOI: https://doi.org/10.1038/s41586-022-04941-5

2023-09-06

Abstract:Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorisation to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols like the one proposed by Bennett and Brassard provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. However, quantum protocols realised so far are subject to a new class of attacks exploiting implementation defects in the physical devices involved, as demonstrated in numerous ingenious experiments. Following the pioneering work of Ekert proposing the use of entanglement to bound an adversary's information from Bell's theorem, we present here the experimental realisation of a complete quantum key distribution protocol immune to these vulnerabilities. We achieve this by combining theoretical developments on finite-statistics analysis, error correction, and privacy amplification, with an event-ready scheme enabling the rapid generation of high-fidelity entanglement between two trapped-ion qubits connected by an optical fibre link. The secrecy of our key is guaranteed device-independently: it is based on the validity of quantum theory, and certified by measurement statistics observed during the experiment. Our result shows that provably secure cryptography with real-world devices is possible, and paves the way for further quantum information applications based on the device-independence principle.

Quantum Physics,Cryptography and Security

Shin Sun,Kenneth Goodenough,Daniel Bhatti,David Elkouss

2024-10-25

Abstract:Realizing secure communication between distant parties is one of quantum technology's main goals. Although quantum key distribution promises information-theoretic security for sharing a secret key, the key rate heavily depends on the level of noise in the quantum channel. To overcome the noise, both quantum and classical techniques exist, i.e., entanglement distillation and classical advantage distillation. So far, these techniques have only been used separately from each other. Herein, we present a two-stage distillation scheme concatenating entanglement distillation with classical advantage distillation. While for the advantage distillation, we use a fixed protocol, i.e., the repetition code, in the case of entanglement distillation, we employ an enumeration algorithm to find the optimal protocol. We test our scheme for different noisy entangled states and demonstrate its quantitative advantage: our two-stage distillation scheme achieves finite key rates even in the high-noise regime where entanglement distillation or advantage distillation alone cannot afford key sharing. Since the advantage distillation part does not introduce further requirements on quantum resources, the proposed scheme is well-suited for near-term quantum key distribution tasks.

Quantum Physics

Antonio Acín,Daniel Cavalcanti,Elsa Passaro,Stefano Pironio,Paul Skrzypczyk

DOI: https://doi.org/10.1103/PhysRevA.93.012319

2016-01-28

Abstract:In recent years, several hacking attacks have broken the security of quantum cryptography implementations by exploiting the presence of losses and the ability of the eavesdropper to tune detection efficiencies. We present a simple attack of this form that applies to any protocol in which the key is constructed from the results of untrusted measurements performed on particles coming from an insecure source or channel. Because of its generality, the attack applies to a large class of protocols, from standard prepare-and-measure to device-independent schemes. Our attack gives bounds on the critical detection efficiencies necessary for secure quantum distribution, which show that the implementation of most partly device independent solutions is, from the point of view of detection efficiency, almost as demanding as fully device-independent ones. We also show how our attack implies the existence of a form of bound randomness, namely non-local correlations in which a non-signalling eavesdropper can find out a posteriori the result of any implemented measurement.

Quantum Physics

Mathieu Bozzio,Claude Crépeau,Petros Wallden,Philip Walther

2024-11-14

Abstract:Due to its fundamental principles, quantum theory holds the promise to enhance the security of modern cryptography, from message encryption to anonymous communication, digital signatures, online banking, leader election, one-time passwords and delegated computation. While quantum key distribution (QKD) has already enabled secure key exchange over hundreds of kilometers, a myriad of other quantum-cryptographic primitives are being developed to secure future applications against quantum adversaries. This article surveys the theoretical and experimental developments in quantum cryptography beyond QKD over the past decades, along with advances in secure quantum computation. It provides an intuitive classification of the main quantum primitives and their security levels, summarizes their possibilities and limits, and discusses their implementation with current photonic technology.

Quantum Physics

Ilya Merkulov,Rotem Arnon-Friedman

2023-07-02

Abstract:In device-independent (DI) quantum protocols, the security statements are oblivious to the characterization of the quantum apparatus - they are based solely on the classical interaction with the quantum devices as well as some well-defined assumptions. The most commonly known setup is the so-called non-local one, in which two devices that cannot communicate between themselves present a violation of a Bell inequality. In recent years, a new variant of DI protocols, that requires only a single device, arose. In this novel research avenue, the no-communication assumption is replaced with a computational assumption, namely, that the device cannot solve certain post-quantum cryptographic tasks. The protocols for, e.g., randomness certification, in this setting that have been analyzed in the literature used ad hoc proof techniques and the strength of the achieved results is hard to judge and compare due to their complexity. Here, we build on ideas coming from the study of non-local DI protocols and develop a modular proof technique for the single-device computational setting. We present a flexible framework for proving the security of such protocols by utilizing a combination of tools from quantum information theory, such as the entropic uncertainty relation and the entropy accumulation theorem. This leads to an insightful and simple proof of security, as well as to explicit quantitative bounds. Our work acts as the basis for the analysis of future protocols for DI randomness generation, expansion, amplification and key distribution based on post-quantum cryptographic assumptions.

Quantum Physics,Cryptography and Security

Marek Winczewski

2023-11-14

Abstract:The following submission constitutes a guide and an introduction to a collection of articles submitted as a Ph.D. dissertation at the University of Gdańsk. In the dissertation, we study the fundamental limitations within the selected quantum and supra-quantum cryptographic scenarios in the form of upper bounds on the achievable key rates. We investigate various security paradigms, bipartite and multipartite settings, as well as single-shot and asymptotic regimes. Our studies, however, extend beyond the derivations of the upper bounds on the secret key rates in the mentioned scenarios. In particular, we propose a novel type of rerouting attack on the quantum Internet for which we find a countermeasure and benchmark its efficiency. Furthermore, we propose several upper bounds on the performance of quantum (key) repeaters settings. We derive a lower bound on the secret key agreement capacity of a quantum network, which we tighten in an important case of a bidirectional quantum network. The squashed nonlocality derived here as an upper bound on the secret key rate is a novel non-faithful measure of nonlocality. Furthermore, the notion of the non-signaling complete extension arising from the complete extension postulate as a counterpart of purification of a quantum state allows us to study analogies between non-signaling and quantum key distribution scenarios.

Quantum Physics,Cryptography and Security

Dong Jiang,Yuanyuan Chen,Xuemei Gu,Ling Xie,Lijun Chen

DOI: https://doi.org/10.1038/srep44934

IF: 4.6

2017-01-01

Scientific Reports

Abstract:Deterministic secure quantum communication (DSQC) can transmit secret messages between two parties without first generating a shared secret key. Compared with quantum key distribution (QKD), DSQC avoids the waste of qubits arising from basis reconciliation and thus reaches higher efficiency. In this paper, based on data block transmission and order rearrangement technologies, we propose a DSQC protocol. It utilizes a set of single d-level systems as message carriers, which are used to directly encode the secret message in one communication process. Theoretical analysis shows that these employed technologies guarantee the security, and the use of a higher dimensional quantum system makes our protocol achieve higher security and efficiency. Since only quantum memory is required for implementation, our protocol is feasible with current technologies. Furthermore, Trojan horse attack (THA) is taken into account in our protocol. We give a THA model and show that THA significantly increases the multi-photon rate and can thus be detected.

Ross C. O'Connell,Kannan Jagannathan

DOI: https://doi.org/10.1119/1.1524165

2002-12-11

Abstract:The inverse square force law admits a conserved vector that lies in the plane of motion. This vector has been associated with the names of Laplace, Runge, and Lenz, among others. Many workers have explored aspects of the symmetry and degeneracy associated with this vector and with analogous dynamical symmetris. We define a conserved dynamical variable $\alpha$ that characterizes the orientation of the orbit in two-dimensional configuration space for the Kepler problem and an analogous variable $\beta$ for the isotropic harmonics oscillator. This orbit orientation variable is canonically conjugate to the angular momentum component normal to the plane of motion. We explore the canoncial one-parameter group of transformations generated by $\alpha (\beta).$ Because we have an obvious pair of conserved canonically conjugate variables, it is desirable to us them as a coordinate-momentum pair. In terms of these phase space coordinates, the form of the Hamiltonian is nearly trivial because neither member of the pair can occur explicitly in the Hamiltonian. From these considerations we gain a simple picture of the dynamics in phase space. The procedure we use is in the spirit of the Hamilton-Jacobi method.

Classical Physics,Physics Education

Francesco Mazzoncini,Balthazar Bauer,Peter Brown,Romain Alléaume

2023-11-27

Abstract:We introduce an explicit construction for a key distribution protocol in the Quantum Computational Timelock (QCT) security model, where one assumes that computationally secure encryption may only be broken after a time much longer than the coherence time of available quantum memories. Taking advantage of the QCT assumptions, we build a key distribution protocol called HM-QCT from the Hidden Matching problem for which there exists an exponential gap in one-way communication complexity between classical and quantum strategies. We establish that the security of HM-QCT against arbitrary i.i.d. attacks can be reduced to the difficulty of solving the underlying Hidden Matching problem with classical information. Legitimate users, on the other hand, can use quantum communication, which gives them the possibility of sending multiple copies of the same quantum state while retaining an information advantage. This leads to an everlasting secure key distribution scheme over $n$ bosonic modes. Such a level of security is unattainable with purely classical techniques. Remarkably, the scheme remains secure with up to $\mathcal{O}\big( \frac{\sqrt{n}}{\log(n)}\big)$ input photons for each channel use, extending the functionalities and potentially outperforming QKD rates by several orders of magnitudes.

Quantum Physics

K Chen,HK Lo

2005-01-01

Abstract:We propose a wide class of distillation schemes for multi-partite entangled states that are CSS-states. Our proposal provides not only superior efficiency, but also new insights on the connection between CSS-states and bipartite graph states. We then consider the applications of our distillation schemes for two cryptographic tasks-namely, (a) conference key agreement and (b) quantum sharing of classical secrets. In particular, we construct "prepare-and-measure" protocols. Also we study the yield of those protocols and the threshold value of the fidelity above which the protocols can function securely. Surprisingly, our protocols will function securely even when the initial state does not violate the standard Bell-inequalities for GHZ states. Experimental realization involving only bi-partite entanglement is also suggested.

Konrad Schlichtholz,Bianka Woloncewicz,Tamoghna Das,Marcin Markiewicz,Marek Żukowski

2023-11-14

Abstract:We present a single-photon based device-independent quantum key distribution scheme secure even against no-signaling eavesdropping, which covers quantum attacks, as well as ones beyond laws of physics but still obeying the rules for spatially separated events. The operational scheme is inspired by the Tan-Walls-Collett (1991) interferometric setup, which used the entangled state of two exit modes of a 50-50 beamsplitter resulting from a single photon entering one of its input ports, and weak homodyne measurements at two spatially separated measurement stations. The physics and non-classically of such an arrangement has been understood only recently. Our protocol links basic features of the first two emblematic protocols, BB84 and Ekert91, namely the random bits of the cryptographic key are obtained by measurements on single photon, while the security is positively tested if one observes a violation of a specific Bell inequality. The security analysis presented here is based on a decomposition of the correlations into extremal points of a no-signaling polytope which allows for identification of the optimal strategy for any eavesdropping constrained only by the no-signalling principle. For this strategy, the key rate is calculated, which is then connected with the violation of a specific Clauser-Horne inequality. We also adapt this analysis to propose a self-testing quantum random number generator.

Quantum Physics

Zhao-Xi Xiong,Han-Duo Shi,Yi-Nan Wang,Li Jing,Jin Lei,Liang-Zhu Mu,Heng Fan

DOI: https://doi.org/10.1103/physreva.85.012334

2012-01-01

Abstract:We study a general quantum key distribution protocol in higher dimension. In this protocol, quantum states in arbitrary $g+1$ ($1\le g\le d$) out of all $d+1$ mutually unbiased bases in a d-dimensional system can be used for the key encoding. This provides a natural generalization of the quantum key distribution in higher dimension and recovers the previously known results for $g=1$ and $d$. In our investigation, we study Eve's attack by two slightly different approaches. One is considering the optimal cloner for Eve, and the other, defined as the optimal attack, is maximizing Eve's information. We derive results for both approaches and show the deviation of the optimal cloner from the optimal attack. With our systematic investigation of the quantum key distribution protocols in higher dimension, one may balance the security gain and the implementation cost by changing the number of bases in the key encoding. As a side product, we also prove the equivalency between the optimal phase covariant quantum cloning machine and the optimal cloner for the $g=d-1$ quantum key distribution.