Principles of Quantum Cryptography

11/01/2018
Auteurs : undefined
OAI : oai:www.see.asso.fr:20797:22295
DOI :

Résumé

Principles of Quantum Cryptography

Métriques

3
0
31.72 Mo
 application/pdf
bitcache://c2086d76dc87a26b884cb11cdcac3c500f8f6ba7

Licence

Creative Commons Aucune (Tous droits réservés)

Sponsors

Organisateurs

f2s_logo.jpg

Partenaires

logo_see.gif
logo_sfo.jpg
logo_sfp.jpeg
sfv_logo.png
<resource  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns="http://datacite.org/schema/kernel-4"
                xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4/metadata.xsd">
        <identifier identifierType="DOI">10.23723/20797/22295</identifier><creators><creator><creatorName>undefined</creatorName></creator></creators><titles>
            <title>Principles of Quantum Cryptography</title></titles>
        <publisher>SEE</publisher>
        <publicationYear>2018</publicationYear>
        <resourceType resourceTypeGeneral="Text">Text</resourceType><dates>
	    <date dateType="Created">Mon 12 Feb 2018</date>
	    <date dateType="Updated">Mon 12 Feb 2018</date>
            <date dateType="Submitted">Wed 19 Sep 2018</date>
	</dates>
        <alternateIdentifiers>
	    <alternateIdentifier alternateIdentifierType="bitstream">c2086d76dc87a26b884cb11cdcac3c500f8f6ba7</alternateIdentifier>
	</alternateIdentifiers>
        <formats>
	    <format>application/pdf</format>
	</formats>
	<version>36911</version>
        <descriptions>
            <description descriptionType="Abstract"></description>
        </descriptions>
    </resource>
.

Principles of Quantum Cryptography 1 Sébastien Tanzilli, sebastien.tanzilli@inphyni.cnrs.fr Team “Quantum Photonics & Information” UMR 7010 http://inphyni.cnrs.fr Journée Science et Progrès de la F2S Les technologies quantiques : en route vers les applications jeudi 11 janvier 2018, ENS Paris Outline 2 1. Definition, wording, and some historical examples 2. Basics of classical cipher methods, RSA & one-time-pad 3. Incompatible quantum basis 4. The Bennett & Brassard (BB84) protocol with single photons 5. Basic eavesdropping strategies 6. Conclusion 1.1 Definition of Cryptography • Science dedicated to hiding, or keeping secret, the content of a message from third parties 3 • When did cryptography start ? very ancient times • Today ? an entire societal issue ‣ Need for secure links everywhere • Internet (e-mails, private navigation, paiements, etc.) • Wired and unwired Com (calls, SMS, MMS, etc.) • Cash withdrawers (credit card) • ... • Encryption / Decryption ➜ Cipher / Decipher ‣ Ciphertext / Plaintext (clear) 4 1.1 Wording related to Cryptography • The usual suspects • The friend parties :Alice & Bob • The Adversary : Eve (Eavesdropper) ‣ Unlimited war… 1.2 Historical examples 5 • The Sparta scytale, 5th BC S T N B . . . ➡ Security is very weak… try and retry • Shifted alphabets, 4th century BC up to year ~1000 Random shift Alpha. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Alphabet shifted to E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D ➡ Efficient cracking : analysis of letters redundancy (9th century AC) Al-Kindi (Irak), 1st known cryptanalyst 1.2 Useful Tools around year 1500 6 Vigenère Square Alberti Disk shift letter 1.2 The mechanisation of Cryptography
 The ENIGMA machine ‣ Today: a simple computer ➜ cracks ENIGMA in a minute 7 • Between WW1 & WW2 ➜ further needs in crypto ‣ ENIGMA ➜ glory days during WW2 Mechanical rotors
 to adjust the keywords Keyboard to type
 messages to be ciphered
 or unciphered Lights stating the results of cipher and uncipher actions Electrical wiring for
 augmenting the complexity 2.Today’s employed cryptography methods • Public key: today’s most used • Private key: case of ancient methods 8 2.2 Public key Cryptography, the RSA cipher (1977) 9 • RSA patented in 1983 by MIT (expired in 2001) • Arithmetic cipher method using large prime numbers • The key is not secret at all, it is public Definition of Prime numbers: Natural integer that admits exactly 2 distinct dividers, integer and positive, i.e. the number 1 and the number itself [0 and 1 are excluded] 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, etc. Ronald RIVEST - Adi SHAMIR - Leonard ADLEMAN 2.2 RSA - simplified principle 10 Bob chooses N=PQ generates C,D Alice chooses A (clear message) cipher B=AC mod N N,C B decipher BD mod N = A keeps P, Q, D secret C has no common divider with (P-1).(Q-1) Bob calculates D, inverse of C, such that CD = 1 mod (P-1).(Q-1) Eve, who possesses N, C and B cannot infer A, as she doesn’t have P nor Q public channel 2.2 What about RSA security ? • If P and Q are discovered, C and D also, so is A ! ‣ Why does it work ? computing time and power… 11 ➡ Security based on the complexity to factorize very large numbers in their prime numbers, in this case N in its primes P and Q ‣ factorization is a time consuming operation (iterative algorithm) ‣ computation time = Exp[size of N] ‣ N of ~800 bits are cracked, 2024 bits are recommended ➡ Where is the problem ? ‣ no math proof stating that current algorithm is the most efficient… ➡ What about Quantum Computers ? ‣ efficient factoring algorithm (P. Shor) ‣ need performant hardware (thousands of Qbits) 2.2 Secret key Cryptography The historical examples (scytale, substitution, etc.) - Are based on secret keys - An acknowledgement between the parties is required - A good computer/algorithm is enough to crack them - Uncipher computing times are therefore very short 12 • Still based on secret sharing (key) between the 2 parties, BUT… • Key [k] = Random (!!) sequence of classical bits - [k] as long as the message [m] to avoid redundancies - Modulo 2 addition (XOR) [k] ⊕ [m] ➜ random ! - [k] has to be used only once !!!! • Protocol : - Alice and Bob share a random key [k] - On her side,Alice computes : [m]⊕[k]=[c] - Alice sends [c] to Bob - On his side, Bob computes : [c]⊕[k]=[m] (see next slide) 13 2.2 One-time pad (OTP) method GilbertVernam (1917) - patented by Bell Labs (1919) Mathematical proof, Shannon in 1948 - If [k] is random [c] = [m]⊕[k] is random too - Even with infinite computational power ! - Randomness = max of entropy 2.2 OTP - Example and more thoughts • [k] is random, so [c] is : no redundancy, nor correlations... • To avoid redundancies, [k] has to be - used only once - of the same length of [m] to avoid applying several times [k] on several portions of [m] 14 Alice [m] 0 1 1 0 0 1 1 0 0 0 1 0 1 1 0 0 Alice & Bob [k] 1 0 0 1 1 0 0 1 1 0 1 0 1 0 0 1 Alice computes [c]=[m]⊕[k] 1 1 1 1 1 1 1 1 1 0 0 0 0 1 0 1 Alice sends [c] Bob computes [c]⊕[k] 0 1 1 0 0 1 1 0 0 0 1 0 1 1 0 0 2.2 OTP - real situation 15 Message “ILOVEYOU” KEY “JBKXIPS” ⊕ ➔ Cipher text “PREOAZB” Public channel Cipher text “PREOAZB” KEY “JBKXIPS” ➔ Message “ILOVEYOU” ⊕ Eve can extract no information as she doesn’t know the key 2.2 Where are the problems ? 1. Randomness of [k] ! 2. [k] has to be secret, only known by the two parties
 ➜ A & B need to have an agreement before or to establish their [k]s at remote locations • Solutions : ๏ Alice (Geneva) & B (Nice) meet every morning in Lyon to exchange wallets of secret keys :-( ๏ Alternative : use quantum physics via a quantum channel 16 3.1 Single photons & complementary (incompatible) basis 17 2 complementary basis : a complete test of information détecteurs polariseur V, H, D,A SPS V H PBS V H Deterministic results as creation basis = analysis basis If PBS is rotated at 45°, the creation and analysis basis are complementary probabilistic results with p=1/2 up and down D A {H,V} {D,A} 0 0 1 1 H = horizontal,V = vertical, D = diagonal,A = antidiagonal, 0 & 1 = logical bit values For polarized single photons 45° 4.1 The Bennett (IBM) & Brassard (Poly. Montreal) (1984)
 BB84 Q-key distribution protocole 18 Basis comparison
 “SIFTING” ➜ identical bits Randomness has to be everywhere ➜ Choice of Alice’s states and Bob’s analysis basis 0 0 0 0 Alice’s basis 4.2 Important Remarks • Quantum cryptography : - Quantum (secret) key distribution - Cipher/decipher actions are done afterwards, via the OTP method (classical operation based on the XOR) • If Eve attacks the key ‣ Any type of measurement perturbs the protocole, cloning as well ‣ Alice & Bob can detect her presence !! ‣ Define Quantum Bit Error Rate (QBER) ‣ Intercept/resend attack : QBER = 25% • Importance of generating & manipulating single photons - Huge impact on the security !! - A lot of research labs are in the field 19 4.3 From Raw to Net Secret Keys 20 Transmission ➜ Bob (losses): N’ Sifting (Alice & Bob): N’/2 Check errors (10%): 0.9xN’/2 Preparation (Alice): N Error correction (10%): (0.9)2xN’/2 Privacy amplification (10%): (0.9)3xN’/2 N n< | a,bi = 1 p 2 (|0ia|0ib + |1ia|1ib) 6= | ai ⌦ | bi (i) It cannot be factorized ! ‣ “a” and “b” cannot be considered as a “single” quantum system (ii) If it could… ‣ “a” and “b” would be two independent quantum systems | a,bi = | ai ⌦ | bi = (↵a|0ia + a|1ia) ⌦ (↵b|0ib + b|1ib) H = Ha ⌦ Hb dH = dHa ⇥ dHb = 4 From correlations to secret keys • Consider the Source and the emitted state 28 • Measurements in the {|0>,|1>} basis EPPS b a Alice Bob |0i |1i |0i |1i The creation and analysis basis are the same ! Qbit pair numb Alice measures Bob gets 1 0 0 2 1 1 3 1 1 4 0 0 5 0 0 6 0 0 7 1 1 8 0 0 9 1 1 10 1 1 The results are perfectly correlated ! • Measurements in the {|0>+|1>, |0>-|1>} basis | a,bi = 1 p 2 (|0ia|0ib + |1ia|1ib) Entanglement is invariant by rotation ! The results are perfectly correlated !