Aysajan Abidin,Jan-Åke Larsson

DOI: https://doi.org/10.1007/s11128-013-0641-6

2013-03-02

Abstract:Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman & Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal$_2$ hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability $\epsilon$ and the authentication key has an $\epsilon'$ trace distance to the uniform, then under ITS, the adversary's success probability conditioned on an authentic message-tag pair is only bounded by $\epsilon+|\mT|\epsilon'$, where $|\mT|$ is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to $|\mT|\epsilon'$ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than $\epsilon+\epsilon'$. This proves that the scheme is ($\epsilon+\epsilon'$)-UC-secure, without using the composability theorem.

Cryptography and Security,Quantum Physics

Michele Mosca,Douglas Stebila,Berkant Ustaoğlu

DOI: https://doi.org/10.1007/978-3-642-38616-9_9

2013-01-01

Abstract:Key establishment is a crucial primitive for building secure channels in a multi-party setting. Without quantum mechanics, key establishment can only be done under the assumption that some computational problem is hard. Since digital communication can be easily eavesdropped and recorded, it is important to consider the secrecy of information anticipating future algorithmic and computational discoveries which could break the secrecy of past keys, violating the secrecy of the confidential channel.Quantum key distribution (QKD) can be used generate secret keys that are secure against any future algorithmic or computational improvements. QKD protocols still require authentication of classical communication, although existing security proofs of QKD typically assume idealized authentication. It is generally considered folklore that QKD when used with computationally secure authentication is still secure against an unbounded adversary, provided the adversary did not break the authentication during the run of the protocol.We describe a security model for quantum key distribution extending classical authenticated key exchange (AKE) security models. Using our model, we characterize the long-term security of the BB84 QKD protocol with computationally secure authentication against an eventually unbounded adversary. By basing our model on traditional AKE models, we can more readily compare the relative merits of various forms of QKD and existing classical AKE protocols. This comparison illustrates in which types of adversarial environments different quantum and classical key agreement protocols can be secure.

Qiong Li,Qiang Zhao,Dan Le,Xiamu Niu

DOI: https://doi.org/10.1007/s11128-016-1347-3

IF: 1.965

2016-01-01

Quantum Information Processing

Abstract:In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.

Guihua Zeng,Xinmei Wang

1998-01-01

Abstract:The security of the previous quantum key distribution (QKD) protocols, which is guaranteed by the nature of physics law, is based on the legitimate users. However, impersonation of the legitimate communicators by eavesdroppers, in practice, will be inevitable. In fact, the previous QKD protocols is unsecure without authentication in practical communication. In this paper, we proposed an improved QKD protocol that can simultaneously distribute the quantum secret key and verify the communicators' identity. This presented authentication scheme is provably secure.

Horace Yuen

DOI: https://doi.org/10.1103/PhysRevA.82.062304

2010-12-08

Abstract:We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce guarantee on the attacker's probability of correctly estimating some portion of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help getting at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the QKD key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.

Quantum Physics

Hassan Termos

DOI: https://doi.org/10.3390/e26060447

IF: 2.738

2024-05-27

Entropy

Abstract:This study introduces a novel approach to bolstering quantum key distribution (QKD) security by implementing swift classical channel authentication within the SARG04 and BB84 protocols. We propose mono-authentication, a pioneering paradigm employing quantum-resistant signature algorithms—specifically, CRYSTALS-DILITHIUM and RAINBOW—to authenticate solely at the conclusion of communication. Our numerical analysis comprehensively examines the performance of these algorithms across various block sizes (128, 192, and 256 bits) in both block-based and continuous photon transmission scenarios. Through 100 iterations of simulations, we meticulously assess the impact of noise levels on authentication efficacy. Our results notably highlight CRYSTALS-DILITHIUM's consistent outperformance of RAINBOW, with signature overheads of approximately 0.5% for the QKD-BB84 protocol and 0.4% for the QKD-SARG04 one, when the quantum bit error rate (QBER) is augmented up to 8%. Moreover, our study unveils a correlation between higher security levels and increased authentication times, with CRYSTALS-DILITHIUM maintaining superior efficiency across all key rates up to 10,000 kb/s. These findings underscore the substantial cost and complexity reduction achieved by mono-authentication, particularly in noisy environments, paving the way for more resilient and efficient quantum communication systems.

physics, multidisciplinary

Baokang Zhao,Bo Liu,Chunqing Wu,Wanrong Yu,Jinshu Su,Ilsun You,Francesco Palmieri

DOI: https://doi.org/10.1109/tie.2016.2552152

IF: 7.7

2016-01-01

IEEE Transactions on Industrial Electronics

Abstract:The quantum key distribution (QKD) technology is achieving a growing interest in both the scientific and industrial communities. Based on principles of quantum mechanics, it can provide unconditional security in key exchanges over end-to-end communication channels. Information-theoretically secure (ITS) authentication, the compulsory procedure of QKD systems, avoids the man-in-the-middle attack during the security key generation. In this paper, we propose a novel family of almost strongly universal (ASU) hash functions based on number-theoretic transforms (N-ASU), and prove that N-ASU hash functions can meet the high security requirement of an ITS authentication procedure. With such N-ASU hash functions, we propose a novel efficient NTT-based authentication algorithm (N-Auth) for QKD systems. Such a solution offers nearly the same security guarantees provided by the available authentication algorithms built upon ASU hash functions, but is characterized by a much lower computational complexity. The experimental results show that the N-Auth algorithm can fully meet the real-time and high-performance demands of modern 10-GHz QKD systems, making it a viable solution for the implementation of industrial-strength unconditionally secure broadband communication solutions.

Bo Liu,Baokang Zhao,Chunqing Wu,Wanrong Yu,Ilsun You

DOI: https://doi.org/10.1007/978-3-319-24315-3_29

2015-01-01

Abstract:Quantum Key Distribution (QKD) technology, based on principles of quantum mechanics, can generate unconditional security keys for communication parties. Information-theoretically secure (ITS) authentication, the compulsory procedure of QKD systems, avoids the man-in-the-middle attack during the security key generation. The construction of hash functions is the paramount concern within the ITS authentication. In this extended abstract, we proposed a novel Efficient NTT-based e-Almost Strongly Universal Hash Function. The security of our NTT-based e-ASU hash function meets epsilon <= L(n + 1)/2(n-2). With ultra-low computational amounts of construction and hashing procedures, our proposed NTT-based e-ASU hash function is suitable for QKD systems.

Yi Luo,Hao-Kun Mao,Qiong Li,Nan Chen

DOI: https://doi.org/10.1109/tcomm.2023.3280561

IF: 6.166

2023-01-01

IEEE Transactions on Communications

Abstract:Information-theoretic secure (ITS) authentication is an essential part of a quantum key distribution (QKD) system. In the QKD network, the authentication scheme based on the ITS QKD keys pre-shared by the QKD system. However, such a scheme is subject to the limitation that consumes a significant amount of authentication keys when the scale and communication needs of QKD networks grow. To address the issue, we propose an ITS group authentication scheme for QKD networks that consumes considerably fewer keys. In our scheme, multiple QKD network nodes collaborate and complete the authentication as a group. Compared to the pre-shared keys authentication scheme, our scheme reduces the complexity of authentication key consumption from O(N2d) to O (N), where N is the number of nodes and d is the average path length of the network topology. The security of the proposed scheme is analyzed in detail and simulation experiments are conducted to demonstrate our scheme’s effectiveness for varying networks scales and communication requirements.

telecommunications,engineering, electrical & electronic

Tony Metger,Renato Renner

DOI: https://doi.org/10.1038/s41467-023-40920-8

2023-11-18

Abstract:The goal of quantum key distribution (QKD) is to establish a secure key between two parties connected by an insecure quantum channel. To use a QKD protocol in practice, one has to prove that a finite size key is secure against general attacks: no matter the adversary's attack, they cannot gain useful information about the key. A much simpler task is to prove security against collective attacks, where the adversary is assumed to behave identically and independently in each round. In this work, we provide a formal framework for general QKD protocols and show that for any protocol that can be expressed in this framework, security against general attacks reduces to security against collective attacks, which in turn reduces to a numerical computation. Our proof relies on a recently developed information-theoretic tool called generalised entropy accumulation and can handle generic prepare-and-measure protocols directly without switching to an entanglement-based version.

Quantum Physics

Liu-Jun Wang,Kai-Yi Zhang,Jia-Yong Wang,Jie Cheng,Yong-Hua Yang,Shi-Biao Tang,Di Yan,Yan-Lin Tang,Zhen Liu,Yu Yu,Qiang Zhang,Jian-Wei Pan

DOI: https://doi.org/10.1038/s41534-021-00400-7

IF: 10.758

2021-05-06

npj Quantum Information

Abstract:Abstract Quantum key distribution (QKD) can provide information theoretically secure key exchange even in the era of quantum computers. However, QKD requires the classical channel to be authenticated, the current method for which is pre-sharing symmetric keys. For a QKD network of n users, this method requires $${C}_{n}^{2}=n(n-1)/2$$ C n 2 = n ( n − 1 ) / 2 pairs of symmetric keys to realize pairwise interconnection. In contrast, with the help of a mature public key infrastructure (PKI) and post-quantum cryptography (PQC) with quantum-resistant security, each user only needs to apply for one digital certificate from a certificate authority (CA) to achieve efficient and secure authentication for QKD. We need to assume only the short-term security of the PQC algorithm to achieve long-term security of the distributed keys. Here, we experimentally verified the feasibility, efficiency, and stability of the PQC algorithm in QKD authentication, and demonstrated the advantages when new users join the QKD network. Using the PQC public-key infrastructure, the nodes need to mutually trust only the CA to authenticate each other. QKD combined with PQC authentication will greatly promote and extend the application prospects of quantum-safe communication.

physics, condensed matter, applied, atomic, molecular & chemical,quantum science & technology

Chi-Hang Fred Fung,Xiongfeng Ma,H. F. Chau,Qing-yu Cai

DOI: https://doi.org/10.1103/physreva.85.032308

IF: 2.971

2012-01-01

Physical Review A

Abstract:Privacy amplification (PA) is an essential post-processing step in quantum key distribution (QKD) for removing any information an eavesdropper may have on the final secret key. In this paper, we consider delaying PA of the final key after its use in one-time pad encryption and prove its security. We prove that the security and the key generation rate are not affected by delaying PA. Delaying PA has two applications: it serves as a tool for significantly simplifying the security proof of QKD with a two-way quantum channel, and also it is useful in QKD networks with trusted relays. To illustrate the power of the delayed PA idea, we use it to prove the security of a qubit-based two-way deterministic QKD protocol which uses four states and four encoding operations.

Matthias Christandl,Renato Renner,Artur Ekert

2004-01-01

Abstract:Quantum key distribution allows two parties, traditionally known as Alice and Bob, to establish a secure random cryptographic key if, firstly, they have access to a quantum communication channel, and secondly, they can exchange classical public messages which can be monitored but not altered by an eavesdropper, Eve. Quantum key distribution provides perfect security because, unlike its classical counterpart, it relies on the laws of physics rather than on ensuring that successful eavesdropping would require excessive computational effort. However, security proofs of quantum key distribution are not trivial and are usually restricted in their applicability to specific protocols. In contrast, we present a general and conceptually simple proof which can be applied to a number of different protocols. It relies on the fact that a cryptographic procedure called privacy amplification is equally secure when an adversary’s memory for data storage is quantum rather than classical [1].

Chi-Hang Fred Fung,Xiongfeng Ma,H. F. Chau

DOI: https://doi.org/10.1103/physreva.81.012318

2010-01-01

Abstract:Quantum key distribution (QKD) is a secure key generation method between two distant parties by wisely exploiting properties of quantum mechanics. In QKD, experimental measurement outcomes on quantum states are transformed by the two parties to a secret key. This transformation is composed of many logical steps (as guided by security proofs), which together will ultimately determine the length of the final secret key and its security. We detail the procedure for performing such classical postprocessing taking into account practical concerns (including the finite-size effect and authentication and encryption for classical communications). This procedure is directly applicable to realistic QKD experiments and thus serves as a recipe that specifies what postprocessing operations are needed and what the security level is for certain lengths of the keys. Our result is applicable to the BB84 protocol with a single or entangled photon source.

Hwayean Lee,Jongin Lim,HyungJin Yang

DOI: https://doi.org/10.48550/arXiv.quant-ph/0510144

2005-10-18

Quantum Physics

Abstract:We propose a quantum key distribution protocol with quantum based user authentication. Our protocol is the first one in which users can authenticate each other without previously shared secret and then securely distribute a key where the key may not be exposed to even a trusted third party. The security of our protocol is guaranteed by the properties of the entanglement.

Bing-Hong Li,Yuan-Mei Xie,Xiao-Yu Cao,Chen-Long Li,Yao Fu,Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.1103/PhysRevApplied.20.044011

2023-10-05

Abstract:Quantum digital signatures (QDS), generating correlated bit strings among three remote parties for signatures through quantum law, can guarantee non-repudiation, authenticity, and integrity of messages. Recently, one-time universal hashing QDS framework, exploiting the quantum asymmetric encryption and universal hash functions, has been proposed to significantly improve the signature rate and ensure unconditional security by directly signing the hash value of long messages. However, similar to quantum key distribution, this framework utilizes keys with perfect secrecy by performing privacy amplification that introduces cumbersome matrix operations, thereby consuming large computational resources, causing delays and increasing failure probability. Here, we prove that, different from private communication, imperfect quantum keys with limited information leakage can be used for digital signatures and authentication without compromising the security while having eight orders of magnitude improvement on signature rate for signing a megabit message compared with conventional single-bit schemes. This study significantly reduces the delay for data postprocessing and is compatible with any quantum key generation protocols. In our simulation, taking two-photon twin-field key generation protocol as an example, QDS can be practically implemented over a fiber distance of 650 km between the signer and receiver. For the first time, this study offers a cryptographic application of quantum keys with imperfect secrecy and paves a way for the practical and agile implementation of digital signatures in a future quantum network.

Quantum Physics,Cryptography and Security

N. Syambas,A. Nurhadi

DOI: https://doi.org/10.1109/ICWT.2018.8527822

2018-07-01

Abstract:The security strength of key distribution of most conventional cryptography is relied on mathematical complexity and the irrational time needed to break the algorithm. But it will be ineffective if the secret key distribution procedure is weak. In 1994 Peter Shor proposed an algorithm that can factorize great integer number efficiently by using principle of quantum computer, this algorithm poses a threat to some of the conventional cryptography. Recently, Quantum Key Distribution (QKD) is drawing much attention of researcher as a solution of that problem of key distribution. Theoretically, QKD have been proven can be provide unconditionally secure communication based on quantum mechanics laws. In this article we survey the QKD protocols. Also, we present a little experiment of some QKD protocols that we discussed on this paper.

Physics,Computer Science

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Walter O. Krawec

DOI: https://doi.org/10.48550/arXiv.2203.02989

2022-03-06

Abstract:Two-way quantum key distribution protocols utilize bi-directional quantum communication to establish a shared secret key. Due to the increased attack surface, security analyses remain challenging. Here we investigate a high-dimensional variant of the Ping Pong protocol and perform an information theoretic security analysis in the finite-key setting. Our methods may be broadly applicable to other QKD protocols, especially those relying on two-way channels. Along the way, we show some fascinating benefits to high-dimensional quantum states applied to two-way quantum communication.

Quantum Physics

Christopher Portmann

DOI: https://doi.org/10.1007/978-3-319-56617-7_12

2017-03-29

Abstract:We show that a family of quantum authentication protocols introduced in [Barnum et al., FOCS 2002] can be used to construct a secure quantum channel and additionally recycle all of the secret key if the message is successfully authenticated, and recycle part of the key if tampering is detected. We give a full security proof that constructs the secure channel given only insecure noisy channels and a shared secret key. We also prove that the number of recycled key bits is optimal for this family of protocols, i.e., there exists an adversarial strategy to obtain all non-recycled bits. Previous works recycled less key and only gave partial security proofs, since they did not consider all possible distinguishers (environments) that may be used to distinguish the real setting from the ideal secure quantum channel and secret key resource.

Quantum Physics,Cryptography and Security,Information Theory