Christopher Battarbee,Christoph Striecks,Ludovic Perret,Sebastian Ramacher,Kevin Verhaeghe

2024-11-07

Abstract:Authenticated Key Exchange (AKE) between any two entities is one of the most important security protocols available for securing our digital networks and infrastructures. In PQCrypto 2023, Bruckner, Ramacher and Striecks proposed a novel hybrid AKE (HAKE) protocol, dubbed Muckle+, that is particularly useful in large quantum-safe networks consisting of a large number of nodes. Their protocol is hybrid in the sense that it allows key material from conventional and post-quantum primitives, as well as from quantum key distribution, to be incorporated into a single end-to-end shared key. To achieve the desired authentication properties, Muckle+ utilizes post-quantum digital signatures. However, available instantiations of such signatures schemes are not yet efficient enough compared to their post-quantum key-encapsulation mechanism (KEM) counterparts, particularly in large networks with potentially several connections in a short period of time. To mitigate this gap, we propose Muckle# that pushes the efficiency boundaries of currently known HAKE constructions. Muckle# uses post-quantum key-encapsulating mechanisms for implicit authentication inspired by recent works done in the area of Transport Layer Security (TLS) protocols, particularly, in KEMTLS (CCS'20). We port those ideas to the HAKE framework and develop novel proof techniques on the way. Due to our novel KEM-based approach, the resulting protocol has a slightly different message flow compared to prior work that we carefully align with the HAKE framework and which makes our changes to the Muckle+ non-trivial.

Cryptography and Security,Quantum Physics

G. Brands,C.B. Roellgen,K.U. Vogel

DOI: https://doi.org/10.48550/arXiv.1510.07456

2018-01-19

Abstract:A Post-Quantum Key Exchange is needed since the availability of quantum computers that allegedly allow breaking classical algorithms like Diffie-Hellman, El Gamal, RSA and others within a practical amount of time is broadly assumed in literature. Although our survey suggests that practical quantum computers appear to be by far less advanced as actually required to break state-of-the-art key negotiation algorithms, it is of high scientific interest to develop fundamentally immune key negotiation methods. A novel polymorphic algorithm based on permutable functions and defined over the field of real numbers is proposed. The proposed key exchange can operate with at least four different strategies. The cryptosystem itself is highly variable and, due to the fact that rounding operations are inevitable and mandatory on a traditional computer system, decoherence of the quantum computer system would lead to a premature end of the computation on quantum systems.

Cryptography and Security

Marta Irene García Cid,Laura Ortiz Martín,David Domingo Martín,Rodrigo Martín Sánchez-Ledesma,Juan Pedro Brito Méndez,Vicente Martín Ayuso

2023-03-02

Abstract:Currently used digital signatures based on asymmetric cryptography will be vulnerable to quantum computers running Shor's algorithm. In this work, we propose a new quantum-assisted digital signature protocol based on symmetric keys generated by QKD, that allows signing and verifying messages in a simple way implementing an integration of currently available classical and quantum technologies. The protocol is described for a three-user scenario composed of one sender and two receivers. In contrast to previous schemes, it is independent of the message length. The security of the protocol has been analyzed, as well as its integrity, authenticity and non-repudiation properties.

Quantum Physics,Cryptography and Security

Jie Lin,Hoi-Kwong Lo,Jacob Johannsson,Mattia Montagna,Manfred von Willich

2024-07-31

Abstract:Pre-shared keys (PSK) have been widely used in network security. Nonetheless, existing PSK solutions are not scalable. Moreover, whenever a new user joins a network, PSK requires an existing user to get a new key before they are able to communicate with the new user. The key issue is how to distribute the PSK between different users. Here, we solve this problem by proposing a new protocol called Distributed Symmetric Key Establishment (DSKE). DSKE has the advantage of being scalable. Unlike standard public key infrastructure (PKI) which relies on computational assumptions, DSKE provides information-theoretic security in a universally composable security framework. Specifically, we prove the security (correctness and confidentiality) and robustness of this protocol against a computationally unbounded adversary, who additionally may have fully compromised a bounded number of the intermediaries and can eavesdrop on all communication. DSKE also achieves distributed trust through secret sharing. We present several implementations of DSKE in real environments, such as providing client services to link encryptors, network encryptors, and mobile phones, as well as the implementation of intermediaries, called Security Hubs, and associated test data as evidence for its versatility. As DSKE is highly scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe cryptographic solution to the network security threat presented by quantum computers.

Cryptography and Security,Quantum Physics

Cheng-An Yen,Shi-Jinn Horng,Hsi-Sheng Goan,Tzong-Wann Kao,Yao-Hsin Chou

DOI: https://doi.org/10.48550/arXiv.0903.3444

2009-03-20

Abstract:In this paper, we first point out that some recently proposed quantum direct communication (QDC) protocols with authentication are vulnerable under some specific attacks, and the secrete message will leak out to the authenticator who is introduced to authenticate users participating in the communication. We then propose a new protocol that is capable of achieving secure QDC with authentication as long as the authenticator would do the authentication job faithfully. Our quantum protocol introduces a mutual authentication procedure, uses the quantum Bell states, and applies unitary transformations in the authentication process. Then it exploits and utilizes the entanglement swapping and local unitary operations in the communication processes. Thus, after the authentication process, the client users are left alone to communicate with each other, and the authenticator has no access to the secrete message. In addition, our protocol does not require a direct quantum link between any two users, who want to communicate with each other. This may also be an appealing advantage in the implementation of a practical quantum communication network.

Quantum Physics

Giulio Malavolta,Michael Walter

2024-01-02

Abstract:Quantum key distribution (QKD) allows Alice and Bob to agree on a shared secret key, while communicating over a public (untrusted) quantum channel. Compared to classical key exchange, it has two main advantages: (i) The key is unconditionally hidden to the eyes of any attacker, and (ii) its security assumes only the existence of authenticated classical channels which, in practice, can be realized using Minicrypt assumptions, such as the existence of digital signatures. On the flip side, QKD protocols typically require multiple rounds of interactions, whereas classical key exchange can be realized with the minimal amount of two messages using public-key encryption. A long-standing open question is whether QKD requires more rounds of interaction than classical key exchange. In this work, we propose a two-message QKD protocol that satisfies everlasting security, assuming only the existence of quantum-secure one-way functions. That is, the shared key is unconditionally hidden, provided computational assumptions hold during the protocol execution. Our result follows from a new construction of quantum public-key encryption (QPKE) whose security, much like its classical counterpart, only relies on authenticated classical channels.

Quantum Physics,Cryptography and Security

K. Longmate,E.M. Ball,E. Dable-Heath,R.J. Young

DOI: https://doi.org/10.48550/arXiv.2009.12118

2020-09-25

Abstract:Signatures are primarily used as a mark of authenticity, to demonstrate that the sender of a message is who they claim to be. In the current digital age, signatures underpin trust in the vast majority of information that we exchange, particularly on public networks such as the internet. However, schemes for signing digital information which are based on assumptions of computational complexity are facing challenges from advances in mathematics, the capability of computers, and the advent of the quantum era. Here we present a review of digital signature schemes, looking at their origins and where they are under threat. Next, we introduce post-quantum digital schemes, which are being developed with the specific intent of mitigating against threats from quantum algorithms whilst still relying on digital processes and infrastructure. Finally, we review schemes for signing information carried on quantum channels, which promise provable security metrics. Signatures were invented as a practical means of authenticating communications and it is important that the practicality of novel signature schemes is considered carefully, which is kept as a common theme of interest throughout this review.

Cryptography and Security,Quantum Physics

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Davide Li Calsi,Sumit Chaudhary,JinHyeock Choi,Marc Geitz,Janis Nötzel

2024-11-27

Abstract:Quantum Key Distribution (QKD) systems are infamously known for their high demand on hardware, their extremely low key generation rates and their lack of security resulting from a need for trusted nodes which is implied by the absence of quantum repeaters. While they theoretically offer unlimited security, they are therefore practically limited in several regards. In this work we focus on the lack of options to guarantee an end-to-end security service with the currently available technology and infrastructure and propose a novel protocol. We find that one of the stumbling stones on the path towards an end-to-end security service guaranteed by quantum key distribution may be removed by using this protocol. Our proposal combines several parallel instances of twinfield QKD followed by classical postprocessing and communication to allow Alice and Bob to share a secret key. This hybrid approach improves the key rate and range w.r.t. to previous QKD approaches at a contained cost in security. We show that a coalition of intermediary nodes between Alice and Bob is needed to break the new scheme, sharply outperforming the trusted node approach in terms of security. Furthermore, the protocols do not require complex quantum measurements on Alice and Bob's sides, thus being truly end-to-end.

Quantum Physics,Cryptography and Security

Yu-Shuo Lu,Xiao-Yu Cao,Chen-Xun Weng,Jie Gu,Yuan-Mei Xie,Min-Gang Zhou,Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.1364/OE.420667

IF: 3.8

2021-01-01

Optics Express

Abstract:Quantum digital signatures (QDS) exploit quantum laws to guarantee non-repudiation, unforgeability and transferability of messages with information-theoretic security. Current QDS protocols face two major restrictions, including the requirement of the symmetrization step with additional secure classical channels and the quadratic scaling of the signature rate with the probability of detection events. Here, we present an efficient QDS protocol to overcome these issues by utilizing the classical post-processing operation called post-matching method. Our protocol does not need the symmetrization step, and the signature rate scales linearly with the probability of detection events. Simulation results show that the signature rate is three orders of magnitude higher than the original protocol in a 100-km-long fiber. This protocol is compatible with existing quantum communication infrastructure, therefore we anticipate that it will play a significant role in providing digital signatures with unconditional security. (C) 2021 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

Michele Mosca,Douglas Stebila,Berkant Ustaoğlu

DOI: https://doi.org/10.1007/978-3-642-38616-9_9

2013-01-01

Abstract:Key establishment is a crucial primitive for building secure channels in a multi-party setting. Without quantum mechanics, key establishment can only be done under the assumption that some computational problem is hard. Since digital communication can be easily eavesdropped and recorded, it is important to consider the secrecy of information anticipating future algorithmic and computational discoveries which could break the secrecy of past keys, violating the secrecy of the confidential channel.Quantum key distribution (QKD) can be used generate secret keys that are secure against any future algorithmic or computational improvements. QKD protocols still require authentication of classical communication, although existing security proofs of QKD typically assume idealized authentication. It is generally considered folklore that QKD when used with computationally secure authentication is still secure against an unbounded adversary, provided the adversary did not break the authentication during the run of the protocol.We describe a security model for quantum key distribution extending classical authenticated key exchange (AKE) security models. Using our model, we characterize the long-term security of the BB84 QKD protocol with computationally secure authentication against an eventually unbounded adversary. By basing our model on traditional AKE models, we can more readily compare the relative merits of various forms of QKD and existing classical AKE protocols. This comparison illustrates in which types of adversarial environments different quantum and classical key agreement protocols can be secure.

Juan Miguel Arrazola,Petros Wallden,Erika Andersson

DOI: https://doi.org/10.26421/QIC16.5-6-3

2015-05-28

Abstract:Digital signatures are widely used in electronic communications to secure important tasks such as financial transactions, software updates, and legal contracts. The signature schemes that are in use today are based on public-key cryptography and derive their security from computational assumptions. However, it is possible to construct unconditionally secure signature protocols. In particular, using quantum communication, it is possible to construct signature schemes with security based on fundamental principles of quantum mechanics. Several quantum signature protocols have been proposed, but none of them has been explicitly generalized to more than three participants, and their security goals have not been formally defined. Here, we first extend the security definitions of Swanson and Stinson (2011) so that they can apply also to the quantum case, and introduce a formal definition of transferability based on different verification levels. We then prove several properties that multiparty signature protocols with information-theoretic security -- quantum or classical -- must satisfy in order to achieve their security goals. We also express two existing quantum signature protocols with three parties in the security framework we have introduced. Finally, we generalize a quantum signature protocol given in Wallden-Dunjko-Kent-Andersson (2015) to the multiparty case, proving its security against forging, repudiation and non-transferability. Notably, this protocol can be implemented using any point-to-point quantum key distribution network and therefore is ready to be experimentally demonstrated.

Quantum Physics,Cryptography and Security

Bing-Hong Li,Yuan-Mei Xie,Xiao-Yu Cao,Chen-Long Li,Yao Fu,Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.1103/PhysRevApplied.20.044011

2023-10-05

Abstract:Quantum digital signatures (QDS), generating correlated bit strings among three remote parties for signatures through quantum law, can guarantee non-repudiation, authenticity, and integrity of messages. Recently, one-time universal hashing QDS framework, exploiting the quantum asymmetric encryption and universal hash functions, has been proposed to significantly improve the signature rate and ensure unconditional security by directly signing the hash value of long messages. However, similar to quantum key distribution, this framework utilizes keys with perfect secrecy by performing privacy amplification that introduces cumbersome matrix operations, thereby consuming large computational resources, causing delays and increasing failure probability. Here, we prove that, different from private communication, imperfect quantum keys with limited information leakage can be used for digital signatures and authentication without compromising the security while having eight orders of magnitude improvement on signature rate for signing a megabit message compared with conventional single-bit schemes. This study significantly reduces the delay for data postprocessing and is compatible with any quantum key generation protocols. In our simulation, taking two-photon twin-field key generation protocol as an example, QDS can be practically implemented over a fiber distance of 650 km between the signer and receiver. For the first time, this study offers a cryptographic application of quantum keys with imperfect secrecy and paves a way for the practical and agile implementation of digital signatures in a future quantum network.

Quantum Physics,Cryptography and Security

Chen-Xun Weng,Yu-Shuo Lu,Rui-Qi Gao,Yuan-Mei Xie,Jie Gu,Chen-Long Li,Bing-Hong Li,Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.1364/oe.433656

IF: 3.8

2021-01-01

Optics Express

Abstract:Quantum digital signatures (QDSs) promise information-theoretic security against repudiation and forgery of messages. Compared with currently existing three-party QDS protocols, multiparty protocols have unique advantages in the practical case of more than two receivers when sending a mass message. However, complex security analysis, numerous quantum channels and low data utilization efficiency make it intractable to expand three-party to multiparty scenario. Here, based on six-state non-orthogonal encoding protocol, we propose an effective multiparty QDS framework to overcome these difficulties. The number of quantum channels in our protocol only linearly depends on the number of users. The post-matching method is introduced to enhance data utilization efficiency and make it linearly scale with the probability of detection events even for five-party scenario. Our work compensates for the absence of practical multiparty protocols, which paves the way for future QDS networks.

Mathieu Bozzio,Claude Crépeau,Petros Wallden,Philip Walther

2024-11-14

Abstract:Due to its fundamental principles, quantum theory holds the promise to enhance the security of modern cryptography, from message encryption to anonymous communication, digital signatures, online banking, leader election, one-time passwords and delegated computation. While quantum key distribution (QKD) has already enabled secure key exchange over hundreds of kilometers, a myriad of other quantum-cryptographic primitives are being developed to secure future applications against quantum adversaries. This article surveys the theoretical and experimental developments in quantum cryptography beyond QKD over the past decades, along with advances in secure quantum computation. It provides an intuitive classification of the main quantum primitives and their security levels, summarizes their possibilities and limits, and discusses their implementation with current photonic technology.

Quantum Physics

Marcel Kempf,Nikolas Gauder,Benedikt Jaeger,Johannes Zirngibl,Georg Carle

2024-05-15

Abstract:QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the security goals, QUIC enforces the usage of TLS 1.3. It uses authenticated encryption with additional data (AEAD) algorithms to not only protect the payload but also parts of the header. The handshake relies on asymmetric cryptography, which will be broken with the introduction of powerful quantum computers, making the use of post-quantum cryptography inevitable. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance. The high-performance QUIC implementations LSQUIC, quiche, and MsQuic are evaluated under different aspects. We break symmetric cryptography down to the different security features. To be able to isolate the impact of cryptography, we implemented a NOOP AEAD algorithm which leaves plaintext unaltered. We show that QUIC performance increases by 10 to 20% when removing packet protection. The header protection has negligible impact on performance, especially for AES ciphers. We integrate post-quantum cryptographic algorithms into QUIC, demonstrating its feasibility without major changes to the QUIC libraries by using a TLS library that implements post-quantum algorithms. Kyber, Dilithium, and FALCON are promising candidates for post-quantum secure QUIC, as they have a low impact on the handshake duration. Algorithms like SPHINCS+ with larger key sizes or more complex calculations significantly impact the handshake duration and cause additional issues in our measurements.

Networking and Internet Architecture,Cryptography and Security

Joseph M. Renes,Markus Grassl

DOI: https://doi.org/10.1103/PhysRevA.74.022317

2006-08-29

Abstract:Prepare and measure quantum key distribution protocols can be decomposed into two basic steps: delivery of the signals over a quantum channel and distillation of a secret key from the signal and measurement records by classical processing and public communication. Here we formalize the distillation process for a general protocol in a purely quantum-mechanical framework and demonstrate that it can be viewed as creating an ``effective'' quantum channel between the legitimate users Alice and Bob. The process of secret key generation can then be viewed as entanglement distribution using this channel, which enables application of entanglement-based security proofs to essentially any prepare and measure protocol. To ensure secrecy of the key, Alice and Bob must be able to estimate the channel noise from errors in the key, and we further show how symmetries of the distillation process simplify this task. Applying this method, we prove the security of several key distribution protocols based on equiangular spherical codes.

Quantum Physics

Ali Sellami

DOI: https://doi.org/10.1080/01468030.2024.2370007

2024-06-21

Fiber & Integrated Optics

Abstract:The quantum key distribution (QKD) method allows for the safe creation of encryption keys between trusted entities for secure communication. The suggested system is designed to enable secure communication between multiple parties (a single sender, Alice, and multiple receivers, Bobs) connected via a public channel susceptible to interception. It enables Alice to privately share encryption keys with each Bob over dedicated quantum channels, which can then be used to decrypt messages sent over the public network. The procedure involves Alice generating optical signals with randomly assigned properties such as intensity, phase, polarization, and frequencies. Alice randomly sends either signal states carrying information or decoy states with different frequencies to the receivers (Bobs) over the quantum channels. She also sends a synchronization signal for timing alignment with the quantum signals over the optical links. At the receiving end, the synchronization pulse timestamps the incoming quantum signals. Each Bob then randomly alters the frequencies of the received quantum signals and randomly measures their phase or polarization. The key is created from the frequency, phase, or polarization information of the quantum signals, resulting in longer keys. Key management agents manage the securely QKD-generated keys to encrypt information before sending it to the intended receivers. Essentially, this framework establishes authenticated, private communication by using QKD over dedicated ultra-secure quantum links to distribute decryption keys, ensuring that only intended users can access the content. The approach is designed to ensure end-to-end secure communication across the network.

optics

Neha Sharma,Vikas Saxena

2024-01-17

Abstract:Quantum cryptography is the study of delivering secret communications across a quantum channel. Recently, Quantum Key Distribution (QKD) has been recognized as the most important breakthrough in quantum cryptography. This process facilitates two distant parties to share secure communications based on physical laws. The BB84 protocol was developed in 1984 and remains the most widely used among BB92, Ekert91, COW, and SARG04 protocols. However the practical security of QKD with imperfect devices have been widely discussed, and there are many ways to guarantee that generated key by QKD still provides unconditional security. This paper proposed a novel method that allows users to communicate while generating the secure keys as well as securing the transmission without any leakage of the data. In this approach sender will never reveal her basis, hence neither the receiver nor the intruder will get knowledge of the fundamental basis.Further to detect Eve, polynomial interpolation is also used as a key verification technique. In order to fully utilize the quantum computing capabilities provided by IBM quantum computers, the protocol is executed using the Qiskit backend for 45 qubits. This article discusses a plot of % error against alpha (strength of eavesdropping). As a result, different types of noise have been included, and the success probability of the desired key bits has been determined. Furthermore, the success probability under depolarizing noise is explained for different qubit counts.Last but not least, even when the applied noise is increased to maximum capacity, a 50% probability of successful key generation is still observed in an experiment.

Quantum Physics,Cryptography and Security

Hoi-Kwong Lo,Mattia Montagna,Manfred von Willich

2024-07-30

Abstract:We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system. The system, called Distributed Symmetric Key Establishment (DSKE), relies on pre-shared random numbers between DSKE clients and a group of Security Hubs. Any group of DSKE clients can use the DSKE protocol to distill from the pre-shared numbers a secret key. The clients are protected from Security Hub compromise via a secret sharing scheme that allows the creation of the final key without the need to trust individual Security Hubs. Precisely, if the number of compromised Security Hubs does not exceed a certain threshold, confidentiality is guaranteed to DSKE clients and, at the same time, robustness against denial-of-service (DoS) attacks. The DSKE system can be used for quantum-secure communication, can be easily integrated into existing network infrastructures, and can support arbitrary groups of communication parties that have access to a key. We discuss the high-level protocol, analyze its security, including its robustness against disruption. A proof-of-principle demonstration of secure communication between two distant clients with a DSKE-based VPN using Security Hubs on Amazon Web Server (AWS) nodes thousands of kilometres away from them was performed, demonstrating the feasibility of DSKE-enabled secret sharing one-time-pad encryption with a data rate above 50 Mbit/s and a latency below 70 ms.

Quantum Physics,Cryptography and Security