Showing papers on "BB84 published in 2001"
[...]
TL;DR: The author revealed that quantum teleportation as “Quantum one-time-pad” had changed from a “classical teleportation” to an “optical amplification, privacy amplification and quantum secret growing” situation.
Abstract: Quantum cryptography could well be the first application of quantum mechanics at the individual quanta level. The very fast progress in both theory and experiments over the recent years are reviewed, with emphasis on open questions and technological issues.
6,949 citations
TL;DR: In this article, basic techniques to prove the unconditional security of quantum crypto graphy are applied to a quantum key distribution protocol proposed by Bennett and Brassard [1984] and considered a practical variation on the protocol in which the channel is noisy and photos may be lost during the transmission.
Abstract: Basic techniques to prove the unconditional security of quantum crypto graphy are described. They are applied to a quantum key distribution protocol proposed by Bennett and Brassard [1984]. The proof considers a practical variation on the protocol in which the channel is noisy and photos may be lost during the transmission. Each individual signal sent into the channel must contain a single photon or any two-dimensional system in the exact state described in the protocol. No restriction is imposed on the detector used at the receiving side of the channel, except that whether or not the received system is detected must be independent of the basis used to measure this system.
858 citations
TL;DR: In this article, the unconditional security of the standard six-state scheme for quantum key distribution (QKD) was shown by allowing only one-way classical communications in the error correction/privacy amplification procedure between Alice and Bob.
Abstract: We prove the unconditional security of the standard six-state scheme for quantum key distribution (QKD). We demonstrate its unconditional security up to a bit error rate of 12.7 percents, by allowing only one-way classical communications in the error correction/privacy amplification procedure between Alice and Bob. This shows a clear advantage of the six-state scheme over another standard scheme--BB84, which has been proven to be secure up to only about 11 percents, if only one-way classical communications are allowed. Our proof technique is a generalization of that of Shor-Preskill's proof of security of BB84. We show that a advantage of the six-state scheme lies in the Alice and Bob's ability to establish rigorously from their test sample the non-trivial mutual information between the bit-flip and phase error patterns. A modified version of the degenerate quantum codes studied by DiVincenzo, Shor and Smolin is employed in our proof.
132 citations
TL;DR: A quantum key distribution protocol based on quantum encryption is presented in this Brief Report, where the previously shared Einstein-Podolsky-Rosen pairs act as the quantum key to encode and decode the classical cryptography key.
Abstract: A quantum key distribution protocol based on quantum encryption is presented in this Brief Report. In this protocol, the previously shared Einstein-Podolsky-Rosen pairs act as the quantum key to encode and decode the classical cryptography key. The quantum key is reusable and the eavesdropper cannot elicit any information from the particle Alice sends to Bob. The concept of quantum encryption is also discussed.
63 citations
TL;DR: It is shown that under certain assumptions of symmetry the effectiveness of this strategy for incoherent eavesdropping in Ekert's entanglement-based quantum key distribution protocol reduces to that of the original single-qubit protocol of Bennett and Brassard.
Abstract: We investigate a new strategy for incoherent eavesdropping in Ekert's entanglement-based quantum key distribution protocol. We show that under certain assumptions of symmetry the effectiveness of this strategy reduces to that of the original single-qubit protocol of Bennett and Brassard.
46 citations
TL;DR: In this paper, the authors present a complete protocol for BB84 quantum key distribution for a realistic setting (noise, loss, multi-photon signals of the source) that covers many of todays experimental implementations.
Abstract: We present a complete protocol for BB84 quantum key distribution for a realistic setting (noise, loss, multi-photon signals of the source) that covers many of todays experimental implementations. The security of this protocol is shown against an eavesdropper having unrestricted power to manipulate the signals coherently on their path from sender to receiver. The protocol and the security proof take into account the effects concerning the finite size of the generated key.
30 citations
TL;DR: A new quantum cryptography protocol with continuous variables for the construction of secret quantum keys based on pairs of Einstein-Podolsky-Rosen entangled quadratures is studied.
Abstract: We study a new quantum cryptography protocol with continuous variables for the construction of secret quantum keys. The protocol is based on pairs of Einstein-Podolsky-Rosen entangled quadratures o...
29 citations
Proceedings Article•
01 Nov 2001
TL;DR: A non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m+s qubits, where the error probability decreases exponentially in the security parameter s, and a lower bound of 2m key bits for authenticating m qubits is given, which makes the protocol asymptotically optimal.
Abstract: Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.
26 citations
Posted Content•
TL;DR: In this paper, the authors studied the BB84 bit commitment protocol and provided a tight upper bound on Alice's probability of successfully unveiling a bit in the protocol proposed by Aharonov et al. They also showed how the problem of optimizing Alice's cheating strategy for a fixed submitted state can be mapped onto a problem of state estimation.
Abstract: It is well known that no quantum bit commitment protocol is unconditionally secure. Nonetheless, there can be non-trivial upper bounds on both Bob's probability of correctly estimating Alice's commitment and Alice's probability of successfully unveiling whatever bit she desires. In this paper, we seek to determine these bounds for generalizations of the BB84 bit commitment protocol. In such protocols, an honest Alice commits to a bit by randomly choosing a state from a specified set and submitting this to Bob, and later unveils the bit to Bob by announcing the chosen state, at which point Bob measures the projector onto the state. Bob's optimal cheating strategy can be easily deduced from well known results in the theory of quantum state estimation. We show how to understand Alice's most general cheating strategy, (which involves her submitting to Bob one half of an entangled state) in terms of a theorem of Hughston, Jozsa and Wootters. We also show how the problem of optimizing Alice's cheating strategy for a fixed submitted state can be mapped onto a problem of state estimation. Finally, using the Bloch ball representation of qubit states, we identify the optimal coherent attack for a class of protocols that can be implemented with just a single qubit. These results provide a tight upper bound on Alice's probability of successfully unveiling whatever bit she desires in the protocol proposed by Aharonov et al., and lead us to identify a qubit protocol with even greater security.
26 citations
Posted Content•
TL;DR: This investigation suggests that two-way entanglement purification is a useful tool in the study of advantage distillation, error correction, and privacy amplification protocols.
Abstract: Shor and Preskill have provided a simple proof of security of the standard quantum key distribution scheme by Bennett and Brassard (BB84) by demonstrating a connection between key distribution and entanglement purification protocols with one-way communications. Here we provide proofs of security of standard quantum key distribution schemes, BB84 and the six-state scheme, against the most general attack, by using the techniques of *two*-way entanglement purification. We demonstrate clearly the advantage of classical post-processing with two-way classical communications over classical post-processing with only one-way classical communications in QKD. This is done by the explicit construction of a new protocol for (the error correction/detection and privacy amplification of) BB84 that can tolerate a bit error rate of up to 18.9%, which is higher than what any BB84 scheme with only one-way classical communications can possibly tolerate. Moreover, we demonstrate the advantage of the six-state scheme over BB84 by showing that the six-state scheme can strictly tolerate a higher bit error rate than BB84. In particular, our six-state protocol can tolerate a bit error rate of 26.4%, which is higher than the upper bound of 25% bit error rate for any secure BB84 protocol. Consequently, our protocols may allow higher key generation rate and remain secure over longer distances than previous protocols. Our investigation suggests that two-way entanglement purification is a useful tool in the study of advantage distillation, error correction, and privacy amplification protocols.
22 citations
Posted Content•
TL;DR: The old truth of cryptography still holds: you have to trust the manufacturer of your cryptographic device, even when you do violate the Bell inequality.
Abstract: Quantum Cryptography, or more accurately, Quantum Key Distribution (QKD) is based on using an unconditionally secure ``quantum channel'' to share a secret key among two users. A manufacturer of QKD devices could, intentionally or not, use a (semi-)classical channel instead of the quantum channel, which would remove the supposedly unconditional security. One example is the BB84 protocol, where the quantum channel can be implemented in polarization of single photons. Here, use of several photons instead of one to encode each bit of the key provides a similar but insecure system. For protocols based on violation of a Bell inequality (e.g., the Ekert protocol) the situation is somewhat different. While the possibility is mentioned by some authors, it is generally thought that an implementation of a (semi-)classical channel will differ significantly from that of a quantum channel. Here, a counterexample will be given using an identical physical setup as is used in photon-polarization Ekert QKD. Since the physical implementation is identical, a manufacturer may include this modification as a Trojan Horse in manufactured systems, to be activated at will by an eavesdropper. Thus, the old truth of cryptography still holds: you have to trust the manufacturer of your cryptographic device. Even when you do violate the Bell inequality.
TL;DR: A new transmission that can be used for quantum key distribution is reported that is formed by two integrated unbalanced Mach-Zehnder interferometers and is based on interference between phase-modulated sidebands in the spectral domain.
Abstract: We report a new transmission that can be used for quantum key distribution. The system uses single-sideband-modulated light in an implementation of the BB84 quantum cryptography protocol. The system is formed by two integrated unbalanced Mach–Zehnder interferometers and is based on interference between phase-modulated sidebands in the spectral domain. Experiments show that high interference visibility can be obtained.
TL;DR: In this paper, a simpler version of the protocol using four qubits is introduced. But the security against this attack can be attained with a simple modification. But it is vulnerable to eavesdropping attacks.
Abstract: Recently, Zhang, Li, and Guo have proposed a particular eavesdropping attack [Phys. Rev. A 63, 036301 (2001)] that shows that my quantum key distribution protocol based on entanglement swapping [Phys. Rev. A 61, 052312 (2000)] is insecure. However, security against this attack can be attained with a simple modification. In addition, a simpler version of the protocol using four qubits is introduced.
TL;DR: In this paper, the eavesdropper's optimal information on raw bits in BB84 QKD and six-state scheme in coherent attacks, using a formula by Lo and Chau (Science 283 (1999) 2050) with single photon assumption.
Posted Content•
TL;DR: A hybrid cryptographic protocol, using quantum and classical resources, for authentication and authorization in a network that avoids the requirement for timestamps used in classical protocols, guarantees that the trusted server cannot know the authentication key, can provide resistance to multiple photon splitting attacks and can be used with BB84 or other quantum key distribution protocols.
Abstract: This paper presents a hybrid cryptographic protocol, using quantum and classical resources, for authentication and authorization in a network. One or more trusted servers distribute streams of entangled photons to individual resources that seek to communicate. It is assumed that each resource shares a previously distributed secret key with the trusted server, and that resources can communicate with the server using both classical and quantum channels. Resources do not share secret keys with each other, so that the key distribution problem for the network is reduced from O(n^2) to O(n). Some advantages of the protocol are that it avoids the requirement for timestamps used in classical protocols, guarantees that the trusted server cannot know the authentication key, can provide resistance to multiple photon splitting attacks and can be used with BB84 or other quantum key distribution protocols.
Posted Content•
TL;DR: Lectures on classical and quantum cryptography, including elements of number theory, public key cryptography and RSA cryptosystem, and security proofs.
Abstract: Lectures on classical and quantum cryptography. Contents: Private key cryptosystems. Elements of number theory. Public key cryptography and RSA cryptosystem. Shannon‘s entropy and mutual information. Entropic uncertainty relations. The no cloning theorem. The BB84 quantum cryptographic protocol. Security proofs. Bell‘s theorem. The EPRBE quantum cryptographic protocol.
Posted Content•
TL;DR: It is shown that a advantage of the six-state scheme lies in the Alice and Bob's ability to establish rigorously from their test sample the non-trivial mutual information between the bit-flip and phase error patterns.
Abstract: We prove the unconditional security of the standard six-state scheme for quantum key distribution (QKD). We demonstrate its unconditional security up to a bit error rate of 12.7 percents, by allowing only one-way classical communications in the error correction/privacy amplification procedure between Alice and Bob. This shows a clear advantage of the six-state scheme over another standard scheme---BB84, which has been proven to be secure up to only about 11 percents, if only one-way classical communications are allowed. Our proof technique is a generalization of that of Shor-Preskill's proof of security of BB84. We show that a advantage of the six-state scheme lies in the Alice and Bob's ability to establish rigorously from their test sample the non-trivial mutual information between the bit-flip and phase error patterns. A modified version of the degenerate quantum codes studied by DiVincenzo, Shor and Smolin is employed in our proof.
TL;DR: In this article, a 1.1km long all-fiber quantum key distribution experimental setup has been realized for the first time at 850nm, which employs the BB84 protocol to establish a secret key between two parties.
Abstract: A 1.1km long all-fiber quantum key distribution experimental setup has been realized for the first time at 850nm. The system employs the BB84 protocol to establish a secret key between two parties, the security of which is guaranteed by Heisenberg's uncertainty relationship and the quantum noncloning principle. Phase modulated single photons are used to carry the key. The effective transmission rate is 3 bit/s, with a bit error rate of 9%.
TL;DR: In this paper, the authors proposed a method of encoding quantum states of two-state systems (qubits) for sending them in secrecy without entangled qubits shared by two legitimate users (Alice and Bob).
Abstract: In this paper, we propose a method of enciphering quantum states of two-state systems (qubits) for sending them in secrecy without entangled qubits shared by two legitimate users (Alice and Bob). This method has the following two properties. First, even if an eavesdropper (Eve) steals qubits, she can extract information from them with only a certain probability at most. Second, Alice and Bob can confirm that the qubits are transmitted between them correctly by measuring a signature. If Eve measures m qubits one by one from n enciphered qubits and sends alternative ones (the intercept/resend attack), the probability that Alice and Bob do not notice Eve's action is equal to (3/4)m or less. Passwords for decryption and the signature are given by classical binary strings and they are disclosed through a public channel. Enciphering classical information by this method is equivalent to the one-time pad method with distributing a classical key (random binary string) by the BB84 protocol. If Eve takes away qubits, Alice and Bob lose the original quantum information. If we apply our method to a state in iteration, Eve's success probability decreases exponentially. We cannot examine security against the case that Eve makes an attack using entanglement. This remains to be solved in the future.
TL;DR: In this paper, the authors presented a simulation of the BB84 protocol, using the continuum coherent states, in a fibre interferometer commonly used in quantum cryptography, and observed the fluctuations of the mean photon number in the pulses that arrive at Bob, introduced by the statistical property of the simulation.
Abstract: The continuum states formalism is suitable for field quantization in optical fibre; however, they are harder to use than discrete states. On the other hand, a Hermitian phase operator can be defined only in a finite dimensional space. We approximated a coherent continuum state by a finite tensor product of coherent states, each one defined in a finite dimensional space. Using this, in the correct limit, we were able to obtain some statistical properties of the photon number and phase of the continuum coherent states from the probability density functions of the individual, finite dimensional, coherent states. Then, we performed a simulation of the BB84 protocol, using the continuum coherent states, in a fibre interferometer commonly used in quantum cryptography. We observed the fluctuations of the mean photon number in the pulses that arrive at Bob, which occurs in the practical system, introduced by the statistical property of the simulation.
Posted Content•
TL;DR: The paper has been withdrawn by the author since the protocol is not new, it is just the oldest version of BB84, and it is not necessary to change the protocol.
Abstract: The paper has been withdrawn by the author since the protocol is not new. It is just the oldest version of BB84.
Posted Content•
TL;DR: In this article, the role of coherent attacks for the strategy of maxmizing the information given the disturbance is discussed. But the authors do not consider the case where all the transmitted bits from Alice are independent and only the individual disturbances to each qubits are examined by Alice and Bob.
Abstract: We consider a strategic problem of the Evesdropping to quantum key distribution. Evesdropper hopes to obtain the maxium information given the disturbance to the qubits is often For this strategy, the optimized individual attack have been extensively constructed under various conditions. However, it seems a difficult task in the case of coherent attack, i.e., Eve may treat a number of intercepted qubits collectively, including the collective unitary transformations and the measurements. It was conjectured by Cirac and Gisin that no coherent attack can be more powerful for this strategy for BB84 protocol. In this paper we give a general conclusion on the role of coherent attacks for the strategy of maxmizing the information given the disturbance. Suppose in a quantum key distribution(QKD) protocol, all the transmitted bits from Alice are independent and only the individual disturbances to each qubits are examined by Alice and Bob. For this type of protocols(so far almost all QKD protocols belong to this type), in principle no coherent attack is more powerful than the product of optimized individual attack to each individual qubits. All coherent attacks to the above QKD protocols can be disregarded for the strategy above.
TL;DR: It is shown that a relativistic quantum cryptosystem proposed in this paper is ultimately secure against any eavesdropping attempts, and the application of relativists causality makes it possible to simply prove the security of the cryptos system.
Abstract: The problem of unconditional security of quantum cryptography (ie the security which is guaranteed by the fundamental laws of nature rather than by technical limitations) is one of the central points in quantum information theory We propose a relativistic quantum cryptosystem and prove its unconditional security against any eavesdropping attempts Relativistic causality arguments allow to demonstrate the security of the system in a simple way Since the proposed protocol does not employ collective measurements and quantum codes, the cryptosystem can be experimentally realized with the present state-of-art in fiber optics technologies The proposed cryptosystem employs only the individual measurements and classical codes and, in addition, the key distribution problem allows to postpone the choice of the state encoding scheme until after the states are already received instead of choosing it before sending the states into the communication channel (ie to employ a sort of ``antedate'' coding)
TL;DR: An estimate for the key secrecy with respect to the “translucent” eavesdropping method is given in the form of a lower bound on the cardinality of the set of admissible key values.
Abstract: In lProbl. Peredachi Inf., 1999, vol. 35, no. 1, pp. 100–109r, an algorithm based on error-correcting codes was proposed for generating a common key in information transmission through a quantum communication channel. In the present paper, we study the application of this algorithm in a quantum cryptography system where bits of key information are encoded by two nonorthogonal photon polarizations. An estimate for the key secrecy with respect to the “translucent” eavesdropping method is given in the form of a lower bound on the cardinality of the set of admissible key values.
Posted Content•
TL;DR: This is the first analysis of the secrecy of a practical implementation of the BB84 protocol that simultaneously takes into account and presents the full set of analytical expressions for effects due to the presence of pulses containing multiple photons in the attenuated output of the laser.
Abstract: Quantum cryptography has attracted much recent attention due to its potential for providing secret communications that cannot be decrypted by any amount of computational effort. This is the first analysis of the secrecy of a practical implementation of the BB84 protocol that simultaneously takes into account and presents the {\it full} set of complete analytical expressions for effects due to the presence of pulses containing multiple photons in the attenuated output of the laser, the finite length of individual blocks of key material, losses due to error correction, privacy amplification, continuous authentication, errors in polarization detection, the efficiency of the detectors, and attenuation processes in the transmission medium. The analysis addresses eavesdropping attacks on individual photons rather than collective attacks in general. Of particular importance is the first derivation of the necessary and sufficient amount of privacy amplification compression to ensure secrecy against the loss of key material which occurs when an eavesdropper makes optimized individual attacks on pulses containing multiple photons. It is shown that only a fraction of the information in the multiple photon pulses is actually lost to the eavesdropper.
TL;DR: A new quantum identification protocol based on restrictions on the quantum memory available to the parties involved is introduced, which is proved for the no memory case (singles measurements) and for collective attacks in the general case.