Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS4600/5600 Biometrics and Cryptography UTC/CSE

Published byTabitha Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "CS4600/5600 Biometrics and Cryptography UTC/CSE"— Presentation transcript:

1 CS4600/5600 Biometrics and Cryptography UTC/CSE
Quantum cryptography CS4600/5600 Biometrics and Cryptography UTC/CSE

2 Introduction Light waves are propagated as discrete particles known as photons. Polarization of the light is carried by the direction of the angular momentum, or spin of the photons. Spawned during the twentieth century quantum physics is the theory that describes properties and interaction between matter at small distance scales. Here I provide a brief glance of the quantum physics necessary to understand the fundamentals of its use in cryptography. The quantum state of a system is determined by positions, velocities, polarizations, spins and other properties of the particles involved. When taking the quantum world into the computational area, we need to exploit this quantum state to represent binary digits. This can be done using arbitrary attribute from above. One could for example use the spin of a particle and let UP-spin to be zero and DOWN-spin to be one. In this presentation I describe the use of spin properties for photons, polarization, as quantum bits, or qubits, as the are referred to. Quantum physics can be quite puzzling and often lead to non-intuitive results. This does not mean scientists don't understand the quantum world. On a mathematical level the models used to describe the mechanics is very successful in predicting the experimental results. However, on the philosophical level there exists several interpretations of what these models and results imply Among the most wide spread are the Copenhagen Interpretation (Bohr, Heisenberg) and the Many Wolds Interpretation (Everett, DeWitt). Still, for the mathematical models, the philosophical interpretations has no effect and will not change the behavior of the quantum cryptology presented here. Therefore this presentation gives no attention to the philosophical interpretations of the result.

3 Polarized photons Polarization can be modeled as a linear combination of basis vectors vertical () and horizontal () A quantum state of a photon is described as a vector quantum cryptography often uses photons in 1 of 4 polarizations (in degrees): 0, 45, 90, 135 ψ b a Any polarization can be modeled as a linear combination two orthogonal basis vectors. Since we're only interested in the polarization direction (not the magnitude), the linear combination a + b# will result in a unit vector such that a2 + b2 = 1, where a and b are complex numbers (their imaginary coefficients correspond to circular polarization which I'll not discuss here).

4 Properties of Quantum Information
Heisenberg Uncertainty Principle (HUP) If there is a particle, such as an electron, moving through space, it is impossible to measure both its position and momentum precisely.

5 A polarization filter A polarization filter is a material that allows only light of a specified polarization direction to pass. A photon will either pass or not pass through a polorization filter, but if it emerges it will be aligned with the filter regardless of its initial state. There are no partial photons.

6 Polarization by a Filter
Unpolarized light Vertical aligned filter Vertically polarized light Filter tilted at angle q Unpolarized light enters a vertically aligned filter, some light is absorbed and the remainder is polarized in the vertical direction. A second filter tilted at some angle q absorbs some of the polarized light and transmits the rest, giving it a new polarization.

7 Polarization by a Filter
Unpolarized light Vertical aligned filter Vertically polarized light Filter tilted at angle q If the first one is the generator from Alice, a vertical polarized light is generated. There is a certain probability that the photon will pass through the second filter. The probability depends on the angle q. The angle increases from 0 to 90 degree, and the probability decreases from 1 to 0. When q is 45 degree, the probability is precisely 50%.

8 Polarization by a Filter
Transmitting light polarization and measurements determine the polarization of the outgoing light. Transmitting Measurement Outgoing Alice transmits 1 (+45 degree) Bob Measures with -45 degree filter Photos are always blocked Bob Measures with 90 degree filter 50% photons blocked 50% photons pass Bob transmit 0 (0 degree) Perpendicular  blocked; Otherwise  some pass

9 More examples  

10 Quantum Cryptography

11 Quantum Cryptography Better Name – Quantum Key Distribution (QKD) – It’s NOT a new crypto algorithm! Two physically separated parties can create and share random secret keys. Allows them to verify that the key has not been intercepted.

12 Quantum Key Distribution
Requires two channels one quantum channel (subject to adversary and/or noises) one public channel (authentic, unjammable, subject to eavesdropping)

13 BB84 QKD protocol uses polarization of photons to encode the bits of information – relies on “uncertainty” to keep Eve from learning the secret key. Bennett: “Quantum cryptography using any two nonorthogonal states”, Physical Review Letters, Vol. 68, No. 21, 25 May 1992, pp Charles H. Bennett an IBM Fellow at IBM Research Gilles Brassard Canada Research Chair in Quantum Information processing

14 Properties of Quantum Information
Quantum “no-cloning” theorem: an unknown quantum state cannot be cloned. Measurement generally disturbs a quantum state one can set up a rectilinear measurement or a circular (diagonal ) measurement a circular (diagonal) measurement disturbs the states of those diagonal photons having 0/90

15 Properties of Quantum Information

16 BB84 Alice transmits short bursts. The polarization in each burst is randomly modulated to one of four states (horizontal, vertical, left-circular, or right-circular). Bob measures photon polarizations in a random sequence of bases (rectilinear or diagonal). Bob tells the sender publicly what sequence of bases were used. Alice tells the receiver publicly which bases were correctly chosen. Alice and Bob discard all observations not from these correctly-chosen bases. The observations are interpreted using a binary scheme: left-circular or horizontal is 0, and right-circular or vertical is 1.

17 BB84 representing the types of photon measurements: + rectilinear
O circular representing the polarizations themselves: < left-circular > right-circular | vertical − horizontal Probability that Bob's detector fails to detect the photon at all = 0.5. Reference:

18 BB84 – No Eavesdropping A  B: |<−−−<<−−<>>−<>||−−< Bob randomly decides detector: ++++O+O+OO+O+++++O+O (20) For each measurement, P (failure to detect photon) = 0.5 The results of Bob's measurements are: − >− −<< ||| (9) B  A: types of detectors used and successfully made (but not the measurements themselves): + O+ +OO +++ Alice tells Bob which measurements were of the correct type: − − < | (key = ) Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. In fact, this time there were 4 usable digits generated.

19 BB84 – With Eavesdropping
A  B: <|<−>−<<|<><−<|<−|−< Eavesdropping occurs. To detect eavesdropping: Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. A  B: reveals 50% (randomly) of the shared digits. B  A: reveals his corresponding check digits. If > 25% of the check digits are wrong, Alice and Bob know that somebody (Eve) was listening to their exchange. NOTE – 20 photons doesn’t provide good guarantees of detection.

20 DARPA Quantum Network

21 Eavesdropping Eve has to randomly select basis for her measurement
Her basis will be wrong in 50% of the time. Whatever basis Eve chose she will measure 1 or 0 When Eve picks the wrong basis, there is 50% chance that she'll measure the right value of the bit E.g. Alice sends a photon with state corresponding to 1 in the {,} basis. Eve picks the {, } basis for her measurement which this time happens to give a 1 as result, which is correct. What happens if Eve is hooked up on the quantum channel and measures the photons sent by Alice? Eve has to randomly select basis for her measurement, since she don't know which of the two Alice used at transmission. Her basis will be wrong in 50% of the time. Whatever basis she chose she will measure 1 or 0. However, even in those cases when Eve picks the wrong basis, there is 50% chance that she'll measure the right value of the bit. E.g. Alice sends a photon with state corresponding to 1 in the {,} basis. Eve picks the {, } basis for her measurement which this time happens to give a 1 as result, which is correct.

22 Eves problem Eve has to re-send all the photons to Bob
Will introduce an error, since Eve don't know the correct basis used by Alice Bob will detect an increased error rate Still possible for Eve to eavesdrop just a few photons, and hope that this will not increase the error to an alarming rate. If so, Eve would have at least partial knowledge of the key. Eve then has to re-send all the photons to Bob. By doing so she will introduce an error, since Eve don't know the correct basis used by Alice, and has to pick her basis randomly. This error will show up as an increased error which can easily be detected by Bob. Needless to say, the possibility to detect eavesdropping, is one of the major advantages with quantum cryptography over conventional cryptography. It is still possible for Eve to eavesdrop just a few photons, and hope that this will not increase the error to an alarming rate. If so, Eve would have at least partial knowledge of the key. Counter-actions against this kind of attack is described below.

23 Detecting eavesdropping
When Alice and Bob need to test for eavesdropping By randomly selecting a number of bits from the key and compute its error rate Error rate < Emax  assume no eavesdropping Error rate > Emax  assume eavesdropping (or the channel is unexpectedly noisy) Alice and Bob should then discard the whole key and start over When Alice and Bob has agreed on the key to use they need to test for eavesdropping. This is done by randomly selecting a specific number (n) of bits from the key and compute its error rate. I.e. Alice and Bob compare the n bits over an, possible, open channel and then discard these bits. If the error rate is below a tolerable error rate Emax, they can assume no eavesdropping has been done. On the other hand, if the error rate is larger than Emax, someone has monitored their communication or the channel is unexpectedly noisy. Alice and Bob should then discard the whole key and start over.

24 Noise Noise might introduce errors
A detector might detect a photon even though there are no photons Solution: send the photons according to a time schedule. then Bob knows when to expect a photon, and can discard those that doesn't fit into the scheme's time window. There also has to be some kind of error correction in the over all process. Even though Alice and Bob has used the same basis when measuring the photons in the resulting key, there might be differences in the key due to various reasons. Noise is one of them. A detector used for measuring the polarized photons might detect a photon even though there are no photons. One solution to this is to send the photons according to a predefined time schedule. Then Bob knows when to expect a photon to arrive, and can discard those photons that doesn't fit into the scheme's time window. There also has to be some kind of error correction in the over all process.

25 Error correction Suggested by Hoi-Kwong Lo. (Shortened version)
Alice and Bob agree on a random permutation of the bits in the key They split the key into blocks of length k Compare the parity of each block. If they compute the same parity, the block is considered correct. If their parity is different, they look for the erroneous bit, using a binary search in the block. Alice and Bob discard the last bit of each block whose parity has been announced This is repeated with different permutations and block size, until Alice and Bob fail to find any disagreement in many subsequent comparisons Hoi-Kwong Lo suggests a simple (though not optimal) algorithm for error correction, which is performed over an open channel. This is a shortened version. Alice and Bob agree on a random permutation of the bits in the key. This prevents an eavesdropper from knowing which bits in the key that is best to measure. They split the key into blocks of length k, such that each block is unlikely to contain more than one error (remember that the over all error rate was computed before). Next thing to do is to compare the parity of each block. If they compute the same parity, the block is considered correct (note that this might not be true if more than one error exists in the block). If their parity is different, they look for the erroneous bit, using a binary search in the block. This will reveal (to anyone listening to the open channel) log2 k bits for each sub-block before the erroneous bit is found and corrected. To prevent Eve from getting information from the parities exchanged, Alice and Bob discard the last bit of each block, or sub-block, whose parity has been announced. To prevent the case when two or more errors occur in the same block and thus give a correct parity value for the block, this algorithm is repeated with different permutations and block size. This iterative process is repeated until Alice and Bob fail to find any disagreement in many subsequent comparisons. At this point it is highly unlikely that Alice and Bob don't have the same key.

26 Pros & Cons Nearly Impossible to steal Detect if someone is listening
“Secure” Distance Limitations: photons cannot travel long distances without being absorbed Availability quantum cryptography machine vulnerable to noise and DOS keys can’t keep up with plaintext

27 Summary The ability to detect eavesdropping ensures secure exchange of the key The use of one-time-pads ensures security Equipment can only be used over short distances Equipment is complex and expensive

Download ppt "CS4600/5600 Biometrics and Cryptography UTC/CSE"

Similar presentations

Quantum Cryptography http://www.dcs.warwick.ac.uk/~esvbb Nick Papanikolaou Third Year CSE Student npapanikolaou@iee.org http://www.dcs.warwick.ac.uk/~esvbb.

Quantum Cryptography Nick Papanikolaou Third Year CSE Student
Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou

Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou
Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.

Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc 8230. Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.

QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.
Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK

Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.

QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.
Quantum Key Distribution Yet another method of generating a key.

Quantum Key Distribution Yet another method of generating a key.
Introduction to Quantum Cryptography Dr. Janusz Kowalik IEEE talk Seattle, February 9,2005.

Introduction to Quantum Cryptography Dr. Janusz Kowalik IEEE talk Seattle, February 9,2005.
CNS2009handout 21 :: quantum cryptography1 ELEC5616 computer and network security matt barrie

CNS2009handout 21 :: quantum cryptography1 ELEC5616 computer and network security matt barrie
Quantum Cryptography Marshall Roth March 9, 2007.

Quantum Cryptography Marshall Roth March 9, 2007.
Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.

Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
Single Photon Quantum Encryption Rob Grove April 25, 2005.

Single Photon Quantum Encryption Rob Grove April 25, 2005.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.

Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.
CRYPTOGRAPHY Lecture 10 Quantum Cryptography. Quantum Computers for Cryptanalysis Nobody understands quantum theory. - Richard Feynman, Nobel prize-winning.

CRYPTOGRAPHY Lecture 10 Quantum Cryptography. Quantum Computers for Cryptanalysis Nobody understands quantum theory. - Richard Feynman, Nobel prize-winning.

Similar presentations

Ads by Google