270 likes | 399 Vues
Applications of Quantum Cryptography – QKD. CS551/851 CR yptography A pplications B istro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “ Quantum Cryptography in Practice ”. Outline. Basics of QKD History of QKD Protocols for QKD BB84 Protocol
E N D
Applications of Quantum Cryptography – QKD CS551/851CRyptographyApplicationsBistro Mike McNett 6 April 2004 Paper: Chip Elliott, David Pearson, and Gregory Troxel. “Quantum Cryptography in Practice”
Outline • Basics of QKD • History of QKD • Protocols for QKD • BB84 Protocol • DARPA / BBN Implementation • Other Implementations • Pro’s & Con’s • Conclusion
Quantum Cryptography • Better Name – Quantum Key Distribution (QKD) – It’s NOT a new crypto algorithm! • Two physically separated parties can create and share random secret keys. • Allows them to verify that the key has not been intercepted.
History of QKD • Stephen Wiesner – early 1970s wrote paper "Conjugate Coding” • Paper by Charles Bennett and Gilles Brassard in 1984 is the basis for QKD protocol BB84. Prototype developed in 1991. • Another QKD protocol was invented independently by Artur Ekert in 1991.
Two Protocols for QKD • BB84 (and DARPA Project) – uses polarization of photons to encode the bits of information – relies on “uncertainty” to keep Eve from learning the secret key. • Ekert – uses entangled photon states to encode the bits – relies on the fact that the information defining the key only "comes into being" after measurements performed by Alice and Bob.
BB84 • Original Paper: Bennett: “Quantum cryptography using any two nonorthogonal states”, Physical Review Letters, Vol. 68, No. 21, 25 May 1992, pp 3121-3124
BB84 • Alice transmits a polarized beam in short bursts. The polarization in each burst is randomly modulated to one of four states (horizontal, vertical, left-circular, or right-circular). • Bob measures photon polarizations in a random sequence of bases (rectilinear or circular). • Bob tells the sender publicly what sequence of bases were used. • Alice tells the receiver publicly which bases were correctly chosen. • Alice and Bob discard all observations not from these correctly-chosen bases. • The observations are interpreted using a binary scheme: left-circular or horizontal is 0, and right-circular or vertical is 1.
BB84 • representing the types of photon measurements: + rectilinear O circular • representing the polarizations themselves: < left-circular > right-circular | vertical − horizontal • Probability that Bob's detector fails to detect the photon at all = 0.5. Reference: http://monet.mercersburg.edu/henle/bb84/demo.php
BB84 – No Eavesdropping • A B: |<−−−<<−−<>>−<>||−−< • Bob randomly decides detector: ++++O+O+OO+O+++++O+O • For each measurement, P(failure to detect photon) = 0.5 • The results of Bob's measurements are: − >− −<< ||| • B A: types of detectors used and successfully made (but not the measurements themselves): + O+ +OO +++ • Alice tells Bob which measurements were of the correct type: . . .. (key = 0 0 0 1) • Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. In fact, this time there were 4 usable digits generated.
BB84 – With Eavesdropping • A B:<|<−>−<<|<><−<|<−|−< • Eavesdropping occurs. To detect eavesdropping: • Bob only makes the same kind of measurement as Alice about half the time. Given that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared digits to remain. • A B: reveals 50% (randomly) of the shared digits. • B A: reveals his corresponding check digits. • If > 25% of the check digits are wrong, Alice and Bob know that somebody (Eve) was listening to their exchange. • NOTE – 20 photons doesn’t provide good guarantees of detection.
DARPA Project Overview • Combined Effort – BBN, Harvard, Boston University • DARPA Project • Provides “high speed” QKD. Keys are used by a VPN. • Tests against eavesdropping attacks
DARPA Project Overview • QKD Network – Requires a set of trusted network relays • Uses Phase Shifting instead of Polarization • Uses a VPN – Uses QKD to generate VPN keys • Fully compatible with conventional hosts, routers, firewalls, etc. • Quantum Channel also used for timing and framing • Eve is very capable – just can’t violate Quantum Physics
QKD Attributes • Key Confidentiality • Authentication – Not directly provided by QKD – need alternative methods • “Sufficiently” Rapid Key Delivery • Robustness • Distance (and Location) Independence • Resistant to Traffic Analysis
Measures Phase & Value Randomly selects Phase and Value Timing and Framing Randomly chooses Phase Basis
1’s and 0’s • Unbalanced Interferometers • Provides different delays • Must be “identical at Sender and Receiver
1’s and 0’s • Photon follows both paths • Long path lags behind short path • Travels as two distinct pulses • Bob receives • Pulses again take long & short paths
1’s and 0’s • Waves are Summed • Center Peak – Provides the Bases
1’s and 0’s • 1’s and 0’s represented by adjusting the relative phases of the two waves (SALB and LASB). This is the Δ value.
QKD Protocols • Sifting –Unmatched Bases; “stray” or “lost” qubits • Error Correction – Noise & Eaves-dropping detected – Uses “cascade” protocol – Reveals information to Eve so need to track this. • Privacy Amplification – reduces Eve’s knowledge obtained by previous EC • Authentication – Continuous to avoid man-in-middle attacks – not required to initiate using shared keys – Not well explained in Paper.
IPSEC • “Continually” uses new keys obtained from QKD • Used in IPSEC Phase 2 hash to update AES keys about once / minute • Can support: • Rapid reseeding, or • One-time pad • Supports multiple tunnels, each uniquely configured
Issues • Time outs (due to insufficient bits available) • Noise affects on key establishment. This can’t be detected by IKE.
Other Implementations • Two Other Implementations of Quantum Key Distribution: • D Stucki, N Gisin, O Guinnard, G Ribordy, and H Zbinden. Quantum key distribution over 67 km with a plug&play system. New Journal of Physics 4 (2002) 41.1–41.8. • ID Quantine: http://www.idquantique.com/files/introduction.pdf • MagiQ. Whitepaper: http://www.magiqtech.com/registration/MagiQWhitePaper.pdf • Satellite-based QKD: http://ej.iop.org/links/q68/BKUvFWVrm756,uxc76lU,Q/nj2182.pdf
Pros & Cons • Nearly Impossible to steal • Detect if someone is listening • “Secure” • Distance Limitations • Availability • vulnerable to DOS • keys can’t keep up with plaintext
Questions? • Back to Richard!