Showing papers on "Quantum cryptography published in 1997"
TL;DR: It is shown that the claim that quantum cryptography can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space, or technology available to the cheaters, does not hold for any quantum bit commitment protocol.
Abstract: The claim of quantum cryptography has always been that it can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space, or technology available to the cheaters. We show that this claim does not hold for any quantum bit commitment protocol. Since many cryptographic tasks use bit commitment as a basic primitive, this result implies a severe setback for quantum cryptography. The model used encompasses all reasonable implementations of quantum bit commitment protocols in which the participants have not met before, including those that make use of the theory of special relativity.
812 citations
TL;DR: At the heart of such optimism has been the widespread belief that unconditionally secure quantum bit commitment (QBC) schemes exist, which is put into very serious doubt by showing.
Abstract: We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen--type of attack and delaying her measurement until she opens her commitment.
625 citations
TL;DR: This work shows that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure, and constructs a class of functions that cannot be computed securely in any two-sidedTwo-party computation.
Abstract: It had been widely claimed that quantum mechanics can protect private information during public decision in, for example, the so-called two-party secure computation. If this were the case, quantum smart-cards, storing confidential information accessible only to a proper reader, could prevent fake teller machines from learning the PIN (personal identification number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any two-sided two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.
448 citations
TL;DR: It is shown that both bounds can be attained simultaneously by an optimal eavesdropping probe, and an upper bound to the accessible information in one basis, for a given error rate in the conjugate basis is derived.
Abstract: We consider the Bennett-Brassard cryptographic scheme, which uses two conjugate quantum bases. An eavesdropper who attempts to obtain information on qubits sent in one of the bases causes a disturbance to qubits sent in the other basis. We derive an upper bound to the accessible information in one basis, for a given error rate in the conjugate basis. Independently fixing the error rates in the conjugate bases, we show that both bounds can be attained simultaneously by an optimal eavesdropping probe. The probe interaction and its subsequent measurement are described explicitly. These results are combined to give an expression for the optimal information an eavesdropper can obtain for a given average disturbance when her interaction and measurements are performed signal by signal. Finally, the relation between quantum cryptography and violations of Bell's inequalities is discussed.
401 citations
TL;DR: In this article, a time-multiplexed interferometer based on Faraday mirrors was proposed for quantum key distribution, which achieved a fringe visibility of 09984 for a 23 km-long interferer, based on installed telecom fibers.
Abstract: We present a time-multiplexed interferometer based on Faraday mirrors, and apply it to quantum key distribution The interfering pulses follow exactly the same spatial path, ensuring very high stability and self balancing The use of Faraday mirrors compensates automatically any birefringence effects and polarization dependent losses in the transmitting fiber First experimental results show a fringe visibility of 09984 for a 23-km-long interferometer, based on installed telecom fibers
348 citations
TL;DR: A practical scheme for multi-user quantum cryptography is introduced, and its operation on an optical fibre network is demonstrated, which enables a single controller on the network to establish, and regularly update, a distinct secret key with each network user.
Abstract: To establish a secure communication channel, it is necessary to distribute between two users a key which allows safe encryption and decryption of messages. But because decryption is a simple task for any key holder, it is crucial that the key remains secret during distribution. Secrecy cannot be guaranteed if distribution occurs on the basis of classical physical mechanisms, as it is impossible to know whether the key has been intercepted during transmission. Quantum cryptography1–3 provides a fundamental solution to this problem. When quantum-mechanical processes are used to establish the key, any eavesdropping during transmission leads to an unavoidable and detectable disturbance in the received key information. Quantum cryptography has been demonstrated using standard telecommunication fibres linking single pairs of users4–8, but practical implementations will require communication networks with many users9. Here I introduce a practical scheme for multi-user quantum cryptography, and demonstrate its operation on an optical fibre network. The scheme enables a single controller on the network to establish, and regularly update, a distinct secret key with each network user. These keys can then be used to securely encrypt conventional data transmissions that are broadcast on the network.
250 citations
TL;DR: Borders on the reduction of the Rényi entropy of a random variable induced by side-information are presented, showing that, except with negligible probability, each bit of side- information reduces the size of the key that can be safely distilled by at most two bits.
Abstract: Information reconciliation allows two parties knowing correlated random variables, such as a noisy version of the partner's random bit string, to agree on a shared string. Privacy amplification allows two parties sharing a partially secret string about which an opponent has some partial information, to distill a shorter but almost completely secret key by communicating only over an insecure channel, as long as an upper bound on the opponent's knowledge about the string is known. The relation between these two techniques has not been well understood. In particular, it is important to understand the effect of side-information, obtained by the opponent through an initial reconciliation step, on the size of the secret key that can be distilled safely by subsequent privacy amplification. The purpose of this paper is to provide the missing link between these techniques by presenting bounds on the reduction of the Renyi entropy of a random variable induced by side-information. We show that, except with negligible probability, each bit of side-information reduces the size of the key that can be safely distilled by at most two bits. Moreover, in the important special case of side-information and raw key data generated by many independent repetitions of a random experiment, each bit of side-information reduces the size of the secret key by only about one bit. The results have applications in unconditionally secure key agreement protocols and in quantum cryptography.
154 citations
Posted Content•
TL;DR: This paper surveys four measures of distinguishability for quantum-mechanical states from the point of view of the cryptographer with a particular eye on applications in quantum cryptography, and obtains several inequalities that relate the quantum distinguishability measures to each other.
Abstract: This paper, mostly expository in nature, surveys four measures of distinguishability for quantum-mechanical states. This is done from the point of view of the cryptographer with a particular eye on applications in quantum cryptography. Each of the measures considered is rooted in an analogous classical measure of distinguishability for probability distributions: namely, the probability of an identification error, the Kolmogorov distance, the Bhattacharyya coefficient, and the Shannon distinguishability (as defined through mutual information). These measures have a long history of use in statistical pattern recognition and classical cryptography. We obtain several inequalities that relate the quantum distinguishability measures to each other, one of which may be crucial for proving the security of quantum cryptographic key distribution. In another vein, these measures and their connecting inequalities are used to define a single notion of cryptographic exponential indistinguishability for two families of quantum states. This is a tool that may prove useful in the analysis of various quantum cryptographic protocols.
133 citations
TL;DR: In this paper, a simple quantum cryptographic scheme involving truly two orthogonal states is proposed, where the security of the protocol is based on splitting the transfer of one-bit information into two steps, ensuring that only a fraction of the bit information is transmitted at a time.
Abstract: We propose a simple quantum cryptographic scheme involving truly two orthogonal states. The security of the protocol is based on splitting the transfer of one-bit information into two steps, ensuring that only a fraction of the bit information is transmitted at a time. A particular implementation with an asymmetric interferometer is presented, which does not require the random timing of the packet sending as was used by Goldenberg and Vaidman [Phys. Rev. Lett. 75, 1239 (1995)].
129 citations
TL;DR: Strong attacks against quantum key distribution schemes which use quantum memories and quantum gates to attack directly the final key are presented and security against any attack allowed by the rules of quantum mechanics is discussed.
Abstract: We present strong attacks against quantum key distribution schemes which use quantum memories and quantum gates to attack directly the final key. We analyze a specific attack of this type, for which we find the density matrices available to the eavesdropper and the optimal information which can be extracted from them. We prove security against this attack and discuss security against any attack allowed by the rules of quantum mechanics.
126 citations
Patent•
15 Aug 1997TL;DR: In this article, an interferometric system for quantum cryptography is described. But the system does not need alignment or balancing between the arms of the interferometers. And it does not support plug-and-play stations.
Abstract: System and method of communicating a key between two stations (1, 2) using an interferometric system for quantum cryptography. The method comprises the step of sending at least two light pulses over a quantum channel (3) and detecting the interference created by said pulses in one station (Bob). The interfering pulses run over the same arms of said interferometer, but in another sequence, so that they are delayed when they run over said quantum channel. The pulses are reflected by at least Faraday mirrors (14, 16, 22) at the ends of said quantum channel, so as to cancel polarization effects. Advantages: the system does not need alignment or balancing between the arms of the interferometers. Plug and play stations (1, 2).
11 May 1997
TL;DR: The goal of this paper is to investigate information-theoretic security even against active adversaries with complete control over the communication channel connecting the two parties who want to agree on a secret key.
Abstract: All information-theoretically secure key agreement protocols (e.g. based on quantum cryptography or on noisy channels) described in the literature are secure only against passive adversaries in the sense that they assume the existence of an authenticated public channel. The goal of this paper is to investigate information-theoretic security even against active adversaries with complete control over the communication channel connecting the two parties who want to agree on a secret key. Several impossibility results are proved and some scenarios are characterized in which secret-key agreement secure against active adversaries is possible. In particular, when each of the parties, including the adversary, can observe a sequence of random variables that are correlated between the parties, the rate at which key agreement against active adversaries is possible is characterized completely: it is either 0 or equal to the rate achievable against passive adversaries, and the condition for distinguishing between the two cases is given.
TL;DR: In this article, a secret key of 20 kbit length with an error rate of 1.35% for 0.1 photon per pulse was produced over 23 km of installed telecommunications fiber using a novel interferometer with Faraday mirrors.
Abstract: Quantum cryptography over 23 km of installed telecommunications fibre using a novel interferometer with Faraday mirrors is presented. The interferometer needs no alignment nor polarisation control and features 99.8% fringe visibility. A secret key of 20 kbit length with an error rate of 1.35% for 0.1 photon per pulse was produced.
Posted Content•
TL;DR: In this article, a secret key of 20kbit length with an error rate of 1.35% for 0.1 photon per pulse was produced over 23km of installed Telecom fiber using a novel interferometer with Faraday mirrors.
Abstract: Quantum Cryptography over 23km of installed Telecom fiber using a novel interferometer with Faraday mirrors is presented. The interferometer needs no alignment nor polarization control and features 99.8% fringe visibility. A secret key of 20kbit length with a error rate of 1.35% for 0.1 photon per pulse was produced.
Posted Content•
TL;DR: The Bennett-Brassard cryptographic scheme, which uses two conjugate quantum bases, is considered, and an upper bound to the accessible information in one basis is derived, for a given error rate in the conjugates.
Abstract: We consider the Bennett-Brassard cryptographic scheme, which uses two conjugate quantum bases. An eavesdropper who attempts to obtain information on qubits sent in one of the bases causes a disturbance to qubits sent in the other basis. We derive an upper bound to the accessible information in one basis, for a given error rate in the conjugate basis. Independently fixing the error rate in the conjugate bases, we show that both bounds can be attained simultaneously by an optimal eavesdropping probe, consisting of two qubits. The qubits' interaction and their subsequent measurement are described explicitly. These results are combined to give an expression for the optimal information an eavesdropper can obtain for a given average disturbance when her interaction and measurements are performed signal by signal. Finally, the relation between quantum cryptography and violations of Bell's inequalities is discussed.
TL;DR: An elementary derivation of best eavesdropping strategies for the four state BB84 quantum cryptography protocol is presented, for both incoherent and two-qubit coherent attacks.
TL;DR: In this article, properties of quantum mixed states are used to find bounds on various measures of their distinguishability, which are used for analyzing strong joint attacks against quantum key distribution which use quantum probes, quantum memories, and quantum gates to attack directly the final key.
Abstract: In this paper we use properties of quantum mixed states to find bounds on various measures of their distinguishability. These bounds are used for analyzing strong joint attacks against quantum key distribution which use quantum probes, quantum memories, and quantum gates to attack directly the final key. We present a wide class of joint attacks, and we prove security against them.
TL;DR: The optimal strategy for an eavesdropper restricted to a two-dimensional probe, interacting on-line with each transmitted signal is presented, and the link between safety of the transmission and the violation of Bell's inequality is discussed.
TL;DR: In this paper, an elementary derivation of best eavesdropping strategies for the 4 state BB84 quantum cryptography protocol is presented, for both incoherent and two-qubit coherent attacks.
Abstract: An elementary derivation of best eavesdropping strategies for the 4 state BB84 quantum cryptography protocol is presented, for both incoherent and two--qubit coherent attacks. While coherent attacks do not help Eve to obtain more information, they are more powerful to reveal the whole message sent by Alice. Our results are based on symmetric eavesdropping strategies, which we show to be sufficient to analyze these kind of problems.
Patent•
23 May 1997TL;DR: In this article, an all-optical realization of the POVM is presented, which includes a Wollaston prism, a mirror, two beam splitters, a polarization rotator, and three photodetectors.
Abstract: Quantum key distribution (QKD) employs non-orthogonal quantum states to distribute a random bit sequence between two users for use as a provably secure key for encryption and authentication. The key generation procedure involves the transmission, interception, and reception of two nonorthogonal photon polarization states. At the receiving end, a positive-operator-valued measure (POVM) is employed in the measurement process. The invention is a receiver that is an all-optical realization of the POVM and includes a Wollaston prism, a mirror, two beam splitters, a polarization rotator, and three photodetectors.
Posted Content•
TL;DR: A brief review on quantum bit commitment which focuses on the general impossibility theorem and on recent attempts to bypass this result is provided.
Abstract: The desire to obtain an unconditionally secure bit commitment protocol in quantum cryptography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit commitment protocol was proposed together with a security proof. However, a basic flaw in the protocol was discovered by Mayers in 1995 and subsequently by Lo and Chau. Later the result was generalized by Mayers who showed that unconditionally secure bit commitment is impossible. A brief review on quantum bit commitment which focuses on the general impossibility theorem and on recent attempts to bypass this result is provided.
Patent•
19 May 1997
TL;DR: In this paper, a single-photon signal is phase-modulated and transmitted over a pair of time-multiplexed transmission paths, and the outputs of the two paths are combined interferometrically.
Abstract: A communication system uses quantum cryptography for the secure distribution of a key. A single-photon signal is phase-modulated and transmitted over a pair of time-multiplexed transmission paths. With each original single-photon signal in a given one of the transmission paths, a duplicate signal is transmitted. The duplicate is identically modulated and orthogonally polarized. At the receiver, the outputs of the two paths are combined interferometrically. A single polarization-insensitive measurement is derived from the combined contributions of the orthogonally polarized signals.
TL;DR: In this article, a mathematical analysis of entangled translucent eavesdropping in quantum cryptography is presented, based on the recent work of Ekert, Huttner, Palma, and Peres.
Abstract: We present a mathematical physics analysis of entangled translucent eavesdropping in quantum cryptography, based on the recent work of Ekert, Huttner, Palma, and Peres @Phys. Rev. A 50, 1047 ~1994!#. The key generation procedure involves the transmission, interception, and reception of two nonorthogonal photon polarization states. At the receiving end, a positive operator valued measure ~POVM! is employed in the measurement process. The eavesdropping involves an information-maximizing von Neumann‐type projective measurement. We propose a design for a receiver that is an all-optical realization of the POVM, using a Wollaston prism, a mirror, two beam splitters, a polarization rotator, and three photodetectors. We present a quantitative analysis of the receiver. We obtain closed-form algebraic expressions for the error rates and mutual information, expressed in terms of the POVM-receiver error rate and the angle between the carrier polarization states. We also prove a significant result, namely, that in the entangled translucent eavesdropping approach, the unsafe error rate based on standard mutual information comparisons is equivalent to the maximum allowable error rate based on perfect mutual information for the eavesdropper. In this case, the above unsafe error rate is in fact not overly conservative. @S1050-2947~97!01212-2#
TL;DR: It is shown that the optimum strategy of the eavesdropper can be expressed in terms of a quantum circuit in a way which makes it obvious why certain parameters take on particular values.
Abstract: It is shown that the optimum strategy of the eavesdropper described in the preceding paper can be expressed in terms of a quantum circuit in a way which makes it obvious why certain parameters take on particular values, and why obtaining information in one basis gives rise to noise in the conjugate basis.
22 Sep 1997
TL;DR: Experimental results from a polarization-encoded system utilizing a state-of-the-art silicon SPAD are reported, demonstrating the potential for secure quantum key distribution at Mb/spl middot/s/sup 1/ rates over fiber LANs also carrying conventional high-speed data channels at a wavelength of 1.3 /spl mu/m.
Abstract: We investigate the performance limits for quantum cryptography systems operating in the first telecommunications window using a prototype polarisation-encoded system operating at 830 nm. The potential for secure quantum key distribution at Mbit/s rates over fibre carrying a conventional high-speed (Gbit/s) data channel at 1300 nm is demonstrated.
01 Jul 1997
TL;DR: In this article, a quantum key distribution system for free-space, line-of-sight transmission using single-photon polarization states is presented, based on the transmission of non-orthogonal singlephoton states to generate shared key material over multi-kilometer optical fiber paths.
Abstract: The secure distribution of the secret random bit sequences known as {open_quotes}key{close_quotes} material, is an essential precursor to their use for the encryption and decryption of confidential communications. Quantum cryptography is an emerging technology for secure key distribution with single-photon transmissions, nor evade detection (eavesdropping raises the key error rate above a threshold value). We have developed experimental quantum cryptography systems based on the transmission of non-orthogonal single-photon states to generate shared key material over multi-kilometer optical fiber paths and over line-of-sight links. In both cases, key material is built up using the transmission of a single-photon per bit of an initial secret random sequence. A quantum-mechanically random subset of this sequence is identified, becoming the key material after a data reconciliation stage with the sender. In our optical fiber experiment we have performed quantum key distribution over 24-km of underground optical fiber using single-photon interference states, demonstrating that secure, real-time key generation over {open_quotes}open{close_quotes} multi-km node-to-node optical fiber communications links is possible. We have also constructed a quantum key distribution system for free-space, line-of-sight transmission using single-photon polarization states, which is currently undergoing laboratory testing. 7 figs.
Patent•
19 May 1997
TL;DR: In this article, a single-photon signal is phase-modulated and transmitted over a pair of time-multiplexed transmission paths, and the outputs of the two paths are combined interferometrically.
Abstract: A communication system uses quantum cryptography for the secure distribution of a key. A single-photon signal is phase-modulated and transmitted over a pair of time-multiplexed transmission paths. With each original single-photon signal in a given one of the transmission paths, a duplicate signal is transmitted. The duplicate is identically modulated and orthogonally polarised. At the receiver, the outputs of the two paths are combined interferometrically. A single polarisation-insensitive measurement is derived from the combined contributions of the orthogonally polarised signals.
01 Jan 1997
TL;DR: In this paper, it was shown that for the one-round communication model and three parties, G can be computed with n+1 bits of communication when the parties share prior entanglement and if no entangled particles are provided, then the communication complexity of F is roughly k*log(k).
Abstract: Quantum entanglement cannot be used to achieve direct communication between remote parties, but it can reduce the communication needed for some problems. Let each of k parties hold some partial input data to some fixed k-variable function f. The communication complexity of f is the minimum number of classical bits required to be broadcasted for every party to know the value of f on their inputs.
We construct a function G such that for the one-round communication model and three parties, G can be computed with n+1 bits of communication when the parties share prior entanglement. We then show that without entangled particles, the one-round communication complexity of G is (3/2)n + 1. Next we generalize this function to a function F. We show that if the parties share prior quantum entanglement, then the communication complexity of F is exactly k. We also show that if no entangled particles are provided, then the communication complexity of F is roughly k*log(k).
These two results prove for the first time communication complexity separations better than a constant number of bits.
Journal Article•
TL;DR: These two quantities, the fidelity and the entanglement fidelity, are calculated for different kinds of state which are transmitted in noisy channels and a general equation is obtained.
Abstract: The fidelity and the entanglement fidelity are two important quantities in describing the transmission of quantum information through (possibly noisy) quantum channels. In this paper these two quantities are calculated for different kinds of state which are transmitted in noisy channels. A general equation is obtained for these fidelities. Some examples are given to illustrate the general result and possible applications of these results to quantum cryptography and teleportation via noisy channels are discussed.
TL;DR: A different quantum cryptography key distribution way based on the orthogonal states is presented in the system, instead of using two sources, only one source and one channel are needed to produce two orthogonic states by modulating phase.
Abstract: A different quantum cryptography key distribution way based on the orthogonal states is presented in the system, instead of using two sources [Phys. Rev. Lett. 75 (1995) 1239], only one source and one channel are needed to produce two orthogonal states by modulating phase. It is very easy to realize this method in practice.