Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applications of Quantum Cryptography – QKD CS551/851CRyptographyApplicationsBistro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory.

Published byMagdalen Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "Applications of Quantum Cryptography – QKD CS551/851CRyptographyApplicationsBistro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory."— Presentation transcript:

1 Applications of Quantum Cryptography – QKD CS551/851CRyptographyApplicationsBistro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “Quantum Cryptography in Practice”Quantum Cryptography in Practice

2 Outline Basics of QKD History of QKD Protocols for QKD BB84 Protocol DARPA / BBN Implementation Other Implementations Pro’s & Con’s Conclusion

3 Quantum Cryptography Better Name – Quantum Key Distribution (QKD) – It’s NOT a new crypto algorithm! Two physically separated parties can create and share random secret keys. Allows them to verify that the key has not been intercepted.

4 Basic Idea

5 History of QKD Stephen Wiesner – early 1970s wrote paper "Conjugate Coding” Paper by Charles Bennett and Gilles Brassard in 1984 is the basis for QKD protocol BB84. Prototype developed in 1991. Another QKD protocol was invented independently by Artur Ekert in 1991.

6 Two Protocols for QKD BB84 (and DARPA Project) – uses polarization of photons to encode the bits of information – relies on “uncertainty” to keep Eve from learning the secret key. Ekert – uses entangled photon states to encode the bits – relies on the fact that the information defining the key only "comes into being" after measurements performed by Alice and Bob.

7 BB84 Original Paper: Bennett: “Quantum cryptography using any two nonorthogonal states”, Physical Review Letters, Vol. 68, No. 21, 25 May 1992, pp 3121-3124

8 BB84 Alice transmits a polarized beam in short bursts. The polarization in each burst is randomly modulated to one of four states (horizontal, vertical, left-circular, or right-circular). Bob measures photon polarizations in a random sequence of bases (rectilinear or circular). Bob tells the sender publicly what sequence of bases were used. Alice tells the receiver publicly which bases were correctly chosen. Alice and Bob discard all observations not from these correctly-chosen bases. The observations are interpreted using a binary scheme: left- circular or horizontal is 0, and right-circular or vertical is 1.

9 BB84 representing the types of photon measurements: + rectilinear O circular representing the polarizations themselves: < left-circular > right-circular | vertical − horizontal Probability that Bob's detector fails to detect the photon at all = 0.5. Reference: http://monet.mercersburg.edu/henle/bb84/demo.phphttp://monet.mercersburg.edu/henle/bb84/demo.php

10 BB84 – No Eavesdropping A  B: | >−<>||−−< Bob randomly decides detector: ++++O+O+OO+O+++++O+O For each measurement, P(failure to detect photon) = 0.5 The results of Bob's measurements are: − >− −<< ||| B  A: types of detectors used and successfully made (but not the measurements themselves): + O+ +OO +++ Alice tells Bob which measurements were of the correct type:.... ( key = 0 0 0 1) Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. In fact, this time there were 4 usable digits generated.

11 BB84 – With Eavesdropping A  B: − <−<|<−|−< Eavesdropping occurs. To detect eavesdropping: Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. A  B: reveals 50% (randomly) of the shared digits. B  A: reveals his corresponding check digits. If > 25% of the check digits are wrong, Alice and Bob know that somebody (Eve) was listening to their exchange. NOTE – 20 photons doesn’t provide good guarantees of detection.

12 DARPA Project

13 DARPA Project Overview Combined Effort – BBN, Harvard, Boston University DARPA Project Provides “high speed” QKD. Keys are used by a VPN. Tests against eavesdropping attacks

14 DARPA Project Overview QKD Network – Requires a set of trusted network relays Uses Phase Shifting instead of Polarization Uses a VPN – Uses QKD to generate VPN keys Fully compatible with conventional hosts, routers, firewalls, etc. Quantum Channel also used for timing and framing Eve is very capable – just can’t violate Quantum Physics

15 QKD Attributes Key Confidentiality Authentication – Not directly provided by QKD – need alternative methods “Sufficiently” Rapid Key Delivery Robustness Distance (and Location) Independence Resistant to Traffic Analysis

16 DARPA Quantum Network

17 Randomly selects Phase and Value Randomly chooses Phase Basis Measures Phase & Value Timing and Framing

18 1’s and 0’s Unbalanced Interferometers Provides different delays Must be “identical at Sender and Receiver

19 1’s and 0’s Photon follows both paths Long path lags behind short path Travels as two distinct pulses Bob receives Pulses again take long & short paths

20 1’s and 0’s Waves are Summed Center Peak – Provides the Bases

21 1’s and 0’s 1’s and 0’s represented by adjusting the relative phases of the two waves (S A L B and L A S B ). This is the Δ value.

22 1’s and 0’s 1’s and 0’s represented by adjusting the phase Δ value. Encodes 1 or 0 value in either of two randomly selected nonorthogonal bases. 0 = phase shift of 0 (basis 0) or phase shift π/2 (basis 1) 1 = phase shift of π (basis 0) or phase shift 3π/2 (basis 1) Randomly applies one of four phase shifts to encode four different (basis, value) pairs If Δ = 0 or π, then compatible bases If Δ = π/2 or 3π/2, then incompatible bases Heavily dependent on correct timing – Alice provides

23 QKD Protocols Sifting –Unmatched Bases; “stray” or “lost” qubits Error Correction – Noise & Eaves- dropping detected – Uses “cascade” protocol – Reveals information to Eve so need to track this. Privacy Amplification – reduces Eve’s knowledge obtained by previous EC Authentication – Continuous to avoid man-in-middle attacks – not required to initiate using shared keys – Not well explained in Paper.

24 IPSEC “Continually” uses new keys obtained from QKD Used in IPSEC Phase 2 hash to update AES keys about once / minute Can support: –Rapid reseeding, or –One-time pad Supports multiple tunnels, each uniquely configured

25 Key Lifetime and Key Size QKD Extensions Can support: -Rapid reseeding, or -One-time pad

26 Issues Time outs (due to insufficient bits available) Noise affects on key establishment. This can’t be detected by IKE.

27 Other Implementations Two Other Implementations of Quantum Key Distribution: –D Stucki, N Gisin, O Guinnard, G Ribordy, and H Zbinden. Quantum key distribution over 67 km with a plug&play system. New Journal of Physics 4 (2002) 41.1–41.8. Quantum key distribution over 67 km with a plug&play system –ID Quantine: http://www.idquantique.com/files/introduction.pdfhttp://www.idquantique.com/files/introduction.pdf MagiQ. Whitepaper: http://www.magiqtech.com/registration/MagiQWhitePape r.pdf http://www.magiqtech.com/registration/MagiQWhitePape r.pdf Satellite-based QKD: http://ej.iop.org/links/q68/BKUvFWVrm756,uxc76lU,Q/nj 2182.pdf http://ej.iop.org/links/q68/BKUvFWVrm756,uxc76lU,Q/nj 2182.pdf

28 Pros & Cons Nearly Impossible to steal Detect if someone is listening “Secure” Distance Limitations Availability –vulnerable to DOS –keys can’t keep up with plaintext

29 Questions? Back to Richard!

Download ppt "Applications of Quantum Cryptography – QKD CS551/851CRyptographyApplicationsBistro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory."

Similar presentations

Quantum Cryptography Post Tenebras Lux!

Quantum Cryptography Post Tenebras Lux!
Quantum Cryptography http://www.dcs.warwick.ac.uk/~esvbb Nick Papanikolaou Third Year CSE Student npapanikolaou@iee.org http://www.dcs.warwick.ac.uk/~esvbb.

Quantum Cryptography Nick Papanikolaou Third Year CSE Student
Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou

Slide 1 Introduction to Quantum Cryptography Nick Papanikolaou
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.

Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.
QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc 8230. Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.

QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.
Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK

Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.

QUANTUM CRYPTOGRAPHY Narayana D Kashyap Security through Uncertainty CS 265 Spring 2003.
Quantum Key Distribution Yet another method of generating a key.

Quantum Key Distribution Yet another method of generating a key.
Introduction to Quantum Cryptography Dr. Janusz Kowalik IEEE talk Seattle, February 9,2005.

Introduction to Quantum Cryptography Dr. Janusz Kowalik IEEE talk Seattle, February 9,2005.
CNS2009handout 21 :: quantum cryptography1 ELEC5616 computer and network security matt barrie

CNS2009handout 21 :: quantum cryptography1 ELEC5616 computer and network security matt barrie
Rita Pizzi Department of Information Technology Università degli Studi di Milano.

Rita Pizzi Department of Information Technology Università degli Studi di Milano.
Quantum Cryptography Marshall Roth March 9, 2007.

Quantum Cryptography Marshall Roth March 9, 2007.
Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.

Quantum Key Establishment Wade Trappe. Talk Overview Quantum Demo Quantum Key Establishment.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Similar presentations

Ads by Google