Professional Documents
Culture Documents
Quantum Cryptography Seminar
Quantum Cryptography Seminar
Communications Department
4
th
year, SEMINAR
Submitted by: Fadi Akil
Scientific Supervisor: Dr. Oumayma Al-Dakkak
Linguistic Supervisor: Mr. Fahmi Ammareen
Seminar Coordinator: Dr. Nizar Zarka
March 8
th
, 2012
i
Abstract
Unlike classical (conventional) cryptographic systems which are based on mathematics (mostly
number theory), quantum cryptography is based on the physics of quantum mechanics, and it is
extremely secure. In this paper we shall recall classical cryptographic protocols (symmetric &
asymmetric). As well, standard examples of each type are introduced and their insufficiency is
discussed. Afterward, we encounter the basic concepts of quantum computation and quantum
information theory.
In the context of quantum cryptography, two parties (given access to an insecure quantum and
classical channel) can securely establish a secret key without making any assumptions about the
capabilities of an eavesdropper who might be present. This is because the principles of quantum
mechanics ensure that no eavesdropper can successfully measure the quantum state being
transmitted without disturbing the state in some detectable way. This seminar briefly describes
those underlying principles of quantum cryptography and provides an overview of the simplest
quantum key distribution (QKD) protocol present in the literature, namely BB84 protocol.
ii
Contents
Abstract ............................................................................................................................................ i
Contents .......................................................................................................................................... ii
List of Figures................................................................................................................................ iii
1. Introduction ................................................................................................................................. 1
2. Classical Cryptographic Communication Systems ..................................................................... 1
2.1 Generalities & Terminology ................................................................................................................ 1
2.2 Cryptographic Protocols (Symmetric vs. Asymmetric) ...................................................................... 3
3. A Glance at Quantum Computation Theory ............................................................................... 9
3.1 Quantum Bits or Qubits .................................................................................................................... 9
3.2 The road to a Quantum Computer ................................................................................................... 11
4. Quantum Cryptographic Communication Systems .................................................................. 13
4.1 Quantum Key Distribution (QKD) ...................................................................................................... 13
4.2 The BB84 Quantum Cryptographic Protocol without noise ............................................................. 14
5. Conclusion ................................................................................................................................ 19
List of Acronyms .......................................................................................................................... 20
References ..................................................................................................................................... 21
iii
List of Figures
Fig. 1 - Classiacl Cryptographic Communication System .............................................................................. 2
Fig. 2 - Private Key Cryptography. ................................................................................................................. 3
Fig. 3 - Vernam Cipher (One-time pad) ......................................................................................................... 4
Fig. 4 - Claude E. Shannon ............................................................................................................................. 4
Fig. 5 - Public Key Cryptography ................................................................................................................... 5
Fig. 6 - W. Diffie, M. Hellman, R. Rivest, A. Shamir & L. Adleman ................................................................ 6
Fig. 7 - Classical Bit vs. Quantum Bit ........................................................................................................... 10
Fig. 8 - Measurement of a Qubit ................................................................................................................. 11
Fig. 9 - Classical computer vs. Quantum Computer Performance .............................................................. 11
Fig. 10 - Peter Shor ...................................................................................................................................... 12
Fig. 11 - C. Bennet & G. Brassard ................................................................................................................ 14
Fig. 12 - Alphabets of rectilinear & diagonal polarization bases ................................................................ 14
Fig. 13 - Quantum Cryptographic Communication System ........................................................................ 15
Fig. 14 - A brief description of BB84 protocol ............................................................................................. 18
Fig. 15 - First implementation of BB84 ....................................................................................................... 19
1
1. Introduction
Cryptography literally means The art & science of secret writing & sending a message between
two parties in such a way that its contents cannot be understood by someone other than the
intended recipient. Human desire to communicate secretly is at least as old as writing itself and
goes back to the beginnings of our civilization. Cryptography is a key technology in
telecommunication systems. It is used to keep data secret, digitally sign documents, manage
access, and so forth. Users therefore should not only know how its techniques work, but they
must also be able to estimate their efficiency and security.
For ages, mathematicians have searched for a system that would allow two parties to exchange
messages in absolute secrecy. The modern cryptography which we may call mathematical
cryptography was born together with computer science. Modern cryptography follows a strong
scientific approach and designs cryptographic algorithms around computational hardness
assumptions, making such algorithms hard to break by an adversary. It is theoretically possible to
break such a system but it is infeasible to do so by any practical means. These schemes are
therefore computationally secure. There exist information-theoretically secure schemes that
provably cannot be brokenan example is the one-time padbut these schemes are more
difficult to implement than the theoretically breakable (but computationally secure) mechanisms.
Quantum mechanics has now joined forces with cryptology to achieve a major step in that
direction giving birth to what is called Quantum Cryptography. In contrast to Classical
cryptography which depends upon Mathematics, Quantum Cryptography utilizes the concepts of
Quantum Physics which provides us with ultimate security against the cleverest eavesdroppers of
the present age. Quantum cryptography has the potential to guarantee perfectly secure
communications, but until now all prototype systems have been point-to-point links rather than
networks that share connections. Furthermore, Quantum Cryptography eliminates completely the
possibility of eavesdropping.
2. Classical Cryptographic Communication Systems
2.1 Generalities & Terminology
Broadly Speaking, cryptography is the problem of doing communication or computation
involving two or more parties who may not trust one another. The best known cryptographic
problem is the transmission of secret messages. For example, you may wish to give your credit
2
card to a merchant in exchange for goods, hopefully without any harmful third party intercepting
your credit card number. The way this is done is to use a cryptographic protocol. The most
important distinction is between private key cryptosystems and public key cryptosystems.
Let us first illustrate a brief description of a classical cryptographic system in Figure 1:
Fig. 1 - classical cryptographic system
A message, called plaintext P, is encrypted via a secret key K into ciphertext C, sent over a
non-secure communication channel, and finally decrypted via a secret key K` back into readable
plaintext P. Following the conventions of the cryptographic literature, we shall refer to the
transmitter as Alice, to the receiver as Bob, and to an adversarial eavesdropper as Eve.
3
2.2 Cryptographic Protocols (Symmetric vs. Asymmetric)
The way a private key cryptosystem works is that two parties, Alice & Bob, wish to
communicate by sharing a private key, which they only know. The exact form of the key doesnt
matter at this point think of a string of zeros and ones. The point is that this key is used by
Alice to encrypt the information she wishes to send to Bob. After Alice encrypts the message she
sends the encrypted information to Bob who must now recover the original information. How
Alice exactly encrypts the message depends upon the private key, so that to recover the original
message Bob needs to know the private key, in order to undo the transformation Alice applied.
Fig.2 Private-Key Cryptography
Unfortunately, private key cryptosystems have some severe problems in many contexts. The
most fundamental problem is how to distribute the keys? In many ways, the key distribution
problem is just as difficult as the original problem of secret communication an opponent third
party may be eavesdropping on the key distribution, and then uses the intercepted key to decrypt
some of the message transmission [2].
A simple, yet highly effective private key cryptosystem is Vernam Cipher, sometimes called
a one-time pad. Alice and Bob begin with n-bit secret key strings, which are identical. Alice
encodes her n-bit message by adding the message and key together, and Bob decodes by
subtracting to invert the encoding, as illustrated in Figure 3.
4
Fig. 3 Vernam Cipher
The great feature of this system is that as long as the key strings are truly secret, it is provably
secure. That is, when the protocol used by Alice and Bob succeeds, it does so with arbitrarily
high probability: an eavesdropper Eve can always jam the communication channel, but Alice and
Bob will never use the same key to encrypt any other texts. So all the plaintexts having the same
lengths are candidates for decryption and hence the exact text is unknown!!
Ultimately, the security of a cryptogram depends on the length of the key. In the 1940s, Claude
E. Shannon, the father of information theory, showed that if the key is shorter than the message
being encrypted, some information about the message can be inferred from the cryptogram by a
sufficiently powerful adversary. This leakage of information occurs regardless of how
complicated the encryption process may be. In contrast, the message can be completely and
unconditionally hidden from the eavesdropper by cryptosystems such as the Vernam Cipher, in
which the key is as long as the message is purely random and is used only once.
Fig. 4 Claude E. Shannon
5
The major difficulty of private key cryptosystems, as weve seen, is secure distribution of key
bits. In particular, the Vernam cipher is secure only as long as the number of key bits is at least
as large as the size of the message being encoded, and key bits cannot be reused! Thus, the large
amount of key bits needed makes such schemes impractical for general use. Furthermore, key
bits must be delivered in advance, guarded assiduously until used, then destroyed afterwards;
otherwise, in principle, such classical information can be copied without disturbing the originals,
thus compromising the security of the whole protocol. Despite these drawbacks, private key
cryptosystems such as the Vernam cipher continue to be used because of their provable security,
with key material delivered by clandestine meetings, trusted couriers, or private secured
communications links.
The second major type of cryptosystem is the public key cryptosystems. Public key
cryptosystems dont rely on Alice and Bob sharing a secret key in advance. Instead, Bob simply
publishes a public key, which is made available to the general public, such as in a diary. Alice
can make use of this public key to encrypt a message which she sends to Bob. What is interesting
is that a third party cannot use Bobs public key to decrypt the message! Strictly speaking, we
shouldnt say cannot. Rather, the encryption transformation is chosen in a very clever and non-
trivial way so that it is extremely difficult (though not impossible, at least theoretically) to invert,
given only the knowledge of the public key. To make inversion easy, Bob has a secret key
matched to his public key, which together enable him to easily perform the decryption. This
secret key is not known to anybody other than Bob, who can therefore be confident that he only
can read the contents of Alices transmission, to the extent it is unlikely that anybody else has the
computational power to invert the encryption algorithm, given only the public key. Public key
cryptosystems solve the key distribution problem by making it unnecessary for Alice and Bob to
share a private key before communicating [1].
Fig.5 Public-Key Cryptography
6
Rather remarkably public key cryptography did not achieve widespread use until the mid-1970s,
when it was proposed independently by Whitfield Diffie and Martin Hellman, and by Ralph
Merkle, revolutionizing the field of cryptography. Soon Afterward, Ronald Rivest, Adi Shamir
and Leonard Adleman developed the RSA cryptosystems, which at the time of writing is the
most widely deployed public key cryptosystems, believed to offer a fine balance security and
practical usability. In 1997 it was disclosed that these ideas public-key cryptography, the
Diffie-Hellman and RSA cryptosystems were actually invented in the late 1960s and early
1970s by researchers working at the British intelligence agency GCHQ.
(a) (b)
Fig.6 (a) W. Diffie & M. Hellman, authors of the first published paper on public-key cryptography
(b) R. Rivest, A. Shamir & L. Adleman, the developers of the RSA Cryptosystem
The key to the security of public key cryptosystems is that it should be difficult to invert the
encryption stage if only the public key is available. For example, it turns out that inverting the
encryption stage of RSA is a problem closely related to factorization. Much of the presumed
security of RSA comes from the belief that factoring is a problem hard to solve on a classical
computer. However, Shors fast algorithm for factoring on a quantum computer could be used to
break RSA! Similarly, there are other public key cryptosystems which can be broken if a fast
algorithm for solving the discrete logarithm problem like Shors quantum algorithm for
discrete logarithm were known. This practical application of quantum computers to break
cryptographic codes has excited much of the interest in quantum computation and quantum
information theory.
7
The Rivest-Shamir-Adleman (RSA) Cryptosystem:
Here we focus on the most popular public-key cryptosystem namely the RSA. This is a public-
key cryptosystem whose security is based on the belief that there is no fast way of factoring
numbers that are the product of two large primes.
Suppose that Alice wants to send an RSA encrypted message to Bob, The RSA encryption-
decryption procedure works as follows [1]:
Key generation: Bob picks randomly two distinct and large prime numbers and
define and . Then, Bob picks a random integer that is
relatively prime to and computes the unique integer in the range from
the formula . This computation can be achieved efficiently using for
instance the extended Euclidean algorithm for the greatest common divisor (GCD).
Bobs private key is , and his public key is .
Encryption: Alice obtains Bobs public key from some sort of yellow pages or
an RSA public key directory. Alice then writes her message as a sequence of numbers (for
example she can replace each letter with a number, which represents the location of that letter
in the alphabet). Alice encrypts the message into a cryptogram by the rule:
And sends the resulting cryptogram to Bob.
Decryption: Receiving the cryptogram , Bob decrypts it by the formula:
8
The obvious method of cracking the RSA scheme:
In order to recover plaintext from cryptogram, an outsider, who knows , would
have to solve the congruence
.
Solving such equation is believed to be a hard computational task for classical computers. So far,
no classical algorithm that computes the solution efficiently when n is large integer (say 200
decimal digits long or more) has been found. However, if we know the prime decomposition of
it is a piece of cake to figure out our private key: we simply follow the key generation procedure
and solve the congruence .This can be done efficiently even when p and q are
very large. Thus, in principle, anybody who knows can find by factoring : The security of
RSA therefore relies among others on the assumption that factoring large numbers is
computationally difficult. In the context of classical computation, such a difficulty has never
been proven. Worse still there is a quantum algorithm that factors large numbers efficiently. This
means that the security of the RSA cryptosystem will be completely compromised if large-scale
quantum computation becomes one day practical.
In 1978 Rivest, Shamir and Adleman conjectured that any general method of breaking their
scheme yields an efficient algorithm for factorization. This would establish the point that any
method of cracking the RSA scheme was as difficult as factorization. As yet, this conjecture is
unproven rigorously.
~ Example:
The following example is taken from Rivest, Shamir, and Adleman (1978)
[2]. Suppose we take 47 59 as our pair of primes, So that
2773
Using a variant of the Euclidean algorithm: 7. Then with 2773 and
encoding the alphabet in the form
SPACE=00, A=01, B=02, C=03, . , Z=26
The message: ITS ALL GREEK TO ME is represented as
M= 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500
Thus we will encipher the message as 10 blocks of 4 digits. The first block
1
920 will be enciphered by
1
920
17
948 2773
And the whole message is enciphered as
C= 0948 2342 1084 1444 2663 2390 0778 0774 0219 1655
The reader may check that deciphering works, for example
948
157
920 2773 etc.
9
3. A Glance at Quantum Computation Theory
3.1 Quantum Bits or Qubits
QUANTUM INFORMATION science begins by generalizing the fundamental resource of
classical information bits to quantum bits, or QUBITs. Just as bits are ideal objects abstracted
from the principles of classical physics, qubits are ideal quantum objects abstracted from the
principles of quantum mechanics. Bits can be represented by magnetic regions on disks, voltages
in circuitry, or graphite marks made by a pencil on paper. The functioning of these classical
physical states as bits does not depend on the details of how they are realized. Similarly, the
properties of a qubit are independent of its specific physical representation as the spin of an
atomic nucleus, say, or the polarization of a photon of light. A bit is described by its state, 0 or 1.
Likewise, a qubit is described by its quantum state. Two possible quantum states for a qubit
correspond to the 0 and 1 of a classical bit. In quantum mechanics, however, any object that has
two different states necessarily has a range of other possible states, called superpositions, which
entail both states to varying degrees. The allowed states of a qubit are precisely all those states
that must be available, in principle, to a classical bit that is transplanted into a quantum world.
Qubit states correspond to points on the surface of a sphere (Blochs Sphere), with the 0 and 1
being the south and north poles. The continuum of states between 0 and 1 fosters many of the
extraordinary properties of quantum information [3].
Were going to describe qubits as mathematical objects with certain specific properties. But
hang on, you may say, I thought qubits were physical objects. Its true that qubits, like bits, are
realized as actual physical systems. However, we shall treat qubits as abstract mathematical
objects. The beauty of treating qubits as abstract entities is that this kind of treatment gives us
freedom to construct a general theory of quantum computation and quantum information which
does not depend upon a specific system for its realization.
As a classical bit has a state either 0 or 1 A qubit also has a state. Two possible states for a
qubit are the states |0and |, which as you might guess correspond to the states 0 and 1 for a
classical bit. Notation like | is called Dirac notation for states in quantum mechanics. The
difference between bits and qubits is that a qubit can be in a state other than |0 or |. It is also
possible to form linear combinations of those states, often called superposition:
| |0 |
The numbers and are complex numbers, although for many purposes not much lost by
thinking of them as real numbers. In other words, the state of a qubit is a vector in a two-
dimensional vector space, namely Hilbert space. The special states |0 | are known as
computational basis states, and form an orthonormal basis for this vector space.
10
We can examine a bit to determine whether it is in the state 0 or 1. For example, computers do
this all the time when they retrieve the contents of their memory. Rather remarkably, we cannot
examine a qubit to determine its quantum state, that is, the values of and . Instead, quantum
mechanics tells us that we can only acquire much more restricted information about the quantum
state. When we measure a qubit we get either the result 0, with probability ||
, or the result 1,
with probability ||
. Naturally, ||
||
Vector Bit
| 1
| 0
diagonal polarization quantum
Alphabet
Vector Bit
| 1
| 0
Fig. 12 Alphabets of the rectilinear & diagonal polarization bases
15
Bennet and Brassard note that, if Alice were to use only one specific orthogonal quantum
alphabet for her communication to Bob, then Eves eavesdropping could go undetected. For Eve
could intercept Alices transmission with 100% accuracy, and then imitate Alice using only the
orthogonal quantum alphabet
or
. Since no measurement
operator of
or
and
3
4
For each bit transmitted by Alice, we assume that Eve performs one of two actions, opaque
eavesdropping with probability 0 , or no eavesdropping with probability . Thus,
if , Eve is Eavesdropping on each transmitted bit; and if 0 , Eve is not Eavesdropping
at all.
Because Bobs and Eves choice of measurement operator are randomly independent of each
other and Alices choice of Alphabet, Eves eavesdropping has an immediate and detectable
impact on Bobs received bits. Eves eavesdropping causes Bobs error rate to jump from 0.25 to
4
3
8
8
Thus, if Eve eavesdrops on every bit (i.e. ) then Bobs error rate jumps from
1
to
(a 50%
increase).
Stage Communication over a public channel
In stage 2, Alice and Bob communicate in two phases over a public channel to check for Eves
presence by analyzing Bobs error rate.
17
Phase 1 of Stage : Extraction of raw key
This phase is dedicated to eliminate the bit locations (and hence the bits at these locations) at
which error could have occurred without Eves eavesdropping. Bob begins by publicly
communicating with Alice and telling her which measurement operators he used for each of the
received bit. Alice then in turn publicly communicates to Bob and tells him which of his
measurement operator choices were correct. After this two-way communication, Alice and Bob
delete the bits corresponding to the incompatible measurement choices to produce shorter
sequences of bits which we call respectively Alices raw key and Bobs raw key.
If there is no intrusion, then Alices and Bobs raw keys will be in total agreement. However, if
Eve has been at work, then corresponding bits of Alices and Bobs raw keys will not agree with
probability
0
4
Phase 2 of Stage : Detection of Eves intrusion via error detection
Alice and Bob now initiate a two way conversation over the public channel to test for Eves
presence.
In the absence of noise, any discrepancy between Alices and Bobs raw keys is a proof of Eves
intrusion. So to detect Eve, Alice and Bob select a publicly agreed upon random subset of m bit
locations in the raw key, and publicly compare corresponding bits, making sure to discard from
raw key each bit as it is revealed.
One comparison, at least, should reveal inconsistency, then Eves eavesdropping has been
detected. In this case, Alice and Bob return to stage 1 and start over. On the other hand, if
inconsistencies are uncovered, then the probability that Eve escapes detection is [8]:
4
)
For example, if (i.e. Eve eavesdrops on every bit) and 200, then
(
3
4
)
0
5
Thus, if
is sufficiently small, Alice and Bob agree that Eve has not eavesdropped, and
accordingly adopt the remaining raw key as their final secret key.
18
Fig. 14 A brief description of BB84 Protocol [7]
19
Fig. 15 The first implementation of quantum cryptography by Bennet & Brassard in 1988:
communication over 30 cm [6]
All the quantum cryptographic systems we discuss in this paper can be implemented by
transmissions of individual photons over an optical fibre, each photon with a single bit encoded
in its quantum mechanical state space. We describe all of these systems in terms of the
polarization states of a single photon. It should be noted that they could equally well be
described in terms of any two-state quantum system. Examples of such a system include a
spin
1