Security in Computing Chapter 12, Cryptography Explained Part 7 Summary created by Kirk Scott 1
This set of overheads corresponds to section 12.4 in the book The overheads for Chapter 12 roughly track the topics in the chapter Keep this in mind though: On some topics I simply go over the book’s material On other topics I expand on the book’s material in a significant way You are responsible not just for what’s in the book, but also what’s in the overheads that’s not in the book 2
Quantum Cryptography What the book is describing appears to be a protocol named BB84. It was developed by Charles Bennett and Gilles Brassard in The information in this set of overheads is essentially a summary of the article on quantum key distribution in Wikipedia. I found that explanation easier to adapt than the book’s. 3
Recall that a method of secure distribution of symmetric keys is necessary. RSA will eventually succumb or become unwieldy due to advances in hardware or software. BB84 has characteristics that would make it a desirable alternative. Not all of the practical implementation kinks have been worked out yet. 4
Building Blocks for BB84 For the purposes of discussion you have a Sender, a Receiver, and an Eavesdropper. You have a quantum communication channel. For example, this may consist of a fiber optic line and a photon gun that can release one polarized photon at a time. You also have an open (not necessarily even encrypted) communication channel such as the Internet. 5
About the Channels Ultimately, the information that needs to be secure (secret) will be transmitted over the quantum channel. It will be possible to “talk about” the quantum transmission over the open channel. An Eavesdropper is part of the discussion because for both channels it’s assumed that eavesdropping or other attacks might occur. 6
There are two critical points: It will be possible to tell whether eavesdropping has occurred on the quantum channel. In that case you can discard what has been sent and immediately start over so that a compromised key is never used. 7
No System is Perfect A denial of service attack on such a system would be possible. All that would be necessary is continuous eavesdropping. This system is still subject to this question: How do you know the person on the other end of the line is really the person you think you’re talking to? 8
Technical Background The scheme depends on 2 bases each with 2 pairs of states. Let one basis be known as X with states 0 and 1—notation: X(0, 1). Let the other basis be Y(0, 1). The scheme also depends on two filters, X and Y. 9
Filter X allows you to generate one of the two states X(0, 1). Filter X also allows you to correctly read a bit that was sent using filter X. Filter Y is analogous. 10
This is a critical element of the scheme: If you use filter X on states Y(0, 1) the result will be a random 0 or 1—tranformed to X filtering rather than Y filtering. Likewise for filter Y. Once the wrong filter has been applied on reading there are no do-overs. 11
Having once read with the wrong filter, you can’t recover the original X or Y basis and determine the correct state. You’re stuck with random garbage. It is important to the scheme that you can read X with Y or Y with X and some result comes out. It’s not a situation where “no output” tells you that the wrong filter was used. 12
All of these little considerations are necessary to thwart the wicked desires of an eavesdropper. 13
The Process The process goes in rounds. 1. Quantum Transmission from sender to receiver. 2. Broadcast message from sender to receiver. 3. Broadcast message from receiver to sender. 4. On average it will turn out that half of the quantum bits will be wasted, so more than one round will be needed to successfully send a complete secure message. 14
The Quantum Transmission The sender prepares bit string. The sender transmits the bits, randomly encoding them using either filter X or filter Y, i.e., either as one of X(0, 1) or one of Y(0, 1). 15
The Quantum Reception The receiver doesn’t know the filters that were used to send the message. On reception the receiver randomly chooses filter X or filter Y to decode each bit. On average half of the receiver’s filter choices will be wrong. Half of the received message will have to be thrown out. 16
The Broadcast Messages The sender sends the receiver a list, in order, of the filters used to encode each bit, respectively. This allows the receiver to determine which bits were correctly read. The rest can be thrown out. 17
The receiver also transmits to the sender the filters used on reception. This way the sender knows which bits were successfully read and which were not. With this information the sender can prepare what still needs to be sent in the next quantum transmission round. 18
What about Eavesdropping? In theory, an eavesdropper would have half a chance of randomly picking the same correct filter as the intended receiver for any intercepted bit. This would put approximately a quarter of the message at risk. However, it’s possible to tell if eavesdropping has occurred. 19
At the end of all the transmissions there will be n bits successfully transmitted. At this point, the sender transmits q% of the correct message in the clear. This q% has to be a reasonably small subset of the total so that the whole message isn’t compromised. 20
The receiver compares that q% in the clear with the corresponding bits in the decoded quantum transmission. If there is a significant difference between the two, that can’t be the result of random error. 21
The conclusion you reach is that someone has eavesdropped and the message or key that was being sent has been compromised. You need to throw it out and try again. Presumably if the quantum channel is eavesdropped compromised, in order to try again you would have to have another channel that you would try again on. 22
How This Works with Photons It seemed easiest to explain this with the pseudo-mathematical notation for the bases and states, X(0, 1) and Y(0, 1). This can be implemented using polarized photons. One basis would be X(horizontal, vertical). Another would be Y(upper-left lower-right, lower-left upper right). 23
You arbitrarily assign the value 0 to H, UL-LR and 1 to V, LL-UR, for example. The hardware to do this kind of thing is “almost there”. Fiber optics and polarizing photon guns and receptors exist. Test systems have been created, but they are limited in distance and reliability. 24
Test Topics Ch. 1, Basics, 44 overheads, 6.5%, (3/50) Ch. 2, Simple Cryptography, 130 overheads, 19.1%, (10/50) Ch. 12, part 1, Hard Problems, 54 overheads, 7.9%, (4, 50) Ch. 12, part 2, Math for Cryptography, 118 overheads, 17.3%, (9/50) Ch. 12, part 3, Fermat’s Little Theorem, 95 overheads, 13.9%, (7/50) 25
Ch. 12, part 4, Euler’s Theorem and RSA, 122 overheads, 17.9%, (9/50) Ch. 12, part 5, Merkle-Hellman, 44 overheads, 6.5%, (3,50) Ch. 12, part 6, DES and AES, 48 overheads, 7%, (3, 50) Ch. 12, part 7, Quantum Cryptography, 27 overheads, 4%, (2/50) Total: 682 overheads The reality will be fewer than 50 questions 26
The End 27