Transcript Quantum Cryptography Algorithms
Intro to Quantum Cryptography Algorithms
Andrew Hamel EECS 598 Quantum Computing FALL 2001
References
Ekert, A. “From quantum code-making to quantum code-breaking”, 1997 Brassard, et al. “A Quantum Bit Commitment Scheme Provably Unbreakable by both Parties”, 1993
Outline
Classical Cryptography overview Problems with classical cryptography Quantum Algorithms Quantum Bit Commitment Quantum Key Distribution Introduction Conclusions
Classical Cryptography
Simple Methods Transposition Arrange the “plaintext” in a special permutation Substitution Replace letters of the “plaintext” with other letters or symbols in a certain way Caesar’s Cipher COLD -> FROG
Classical Cryptography
Problem with simple methods Security depends on the secrecy of the entire encrypting/decrypting process Need a way to ensure secrecy even if the encryption process is compromised
Classical Cryptography
Key-based Cryptography Private Key Secret key locks and unlocks data Encrypt – E Pri (P) = C Decrypt – D Pri (C) = P Public Key Separate keys to lock and unlock data Encrypt – E Pub (P) = C Decrypt – D Pri (C) = P
Classical Cryptography
Problem with private-key encryption Depends entirely on the secrecy of the key Requires two parties who initially share no secret information to exchange a secret key An eavesdropper can passively snoop secret key as it’s being exchanged
Classical Cryptography
Problems with Public-key encryption No key distribution problem However, security relies on unproven mathematical assumptions such as the difficulty of factoring large integers Shor has already shown that the assumption wont hold up against quantum computation
What can be done?
Private key is vulnerable to classical attacks, Public key is vulnerable to quantum attacks Solution: Augment private key encryption with quantum key distribution
A Slightly Different Problem
Before worrying about eavesdroppers, let’s consider at simple bit-commitment scenario: Alice and Bob (who are mutually untrustworthy) wish to play a multiplayer game over a network Each player takes one action per round In order to prevent a player from waiting for the other’s move before deciding, each player commits themselves to an action by first transmitting an encrypted move (hash) Upon receiving the actual move, each player can encrypt it and compare to the previously received hash
Quantum Bit Commitment
Why is bit commitment useful?
Allows Alice to commit to a certain action without revealing that action to Bob Alice gives Bob a “hint” about what her action will be Later, if Alice wishes to reveal that action to Bob, the hint allows Bob to be certain that Alice has not changed the action
Quantum Bit Commitment
Obvious problem with classical bit commitment Problem similar to the public-key encryption problem Hard for Alice to give Bob evidence that will both lock in her action AND prevent Bob for interpreting her action from the hint If we give Bob unlimited computational power (or a quantum computer) he could decrypt the hash and gain an advantage over Alice
Quantum Bit Commitment
Solution: We need a hash that is not based on a shared algorithm that Bob could reverse Add a quantum channel in parallel to the classical communication channel Utilize quantum channel for transmission of “hint” to Bob
Quantum Bit Commitment
Alice wants to commit a bit v to Bob Alice calls a function commit(v) that uses the quantum channel to transmit a “hint” to Bob Later, Alice calls unveil(v) to reveal v Bob can use his hint to ensure that Alice has not changed v
Quantum Bit Commitment
Notation Rectilinear Base {|0>,|1>} = ‘+’ Diagonal Base { (|0>+|1>)/sqrt(2), (|0>-|1>)/sqrt(2) } = ‘X’ Vectors |0> = ‘|’ |1> = ‘-’ (|0>+|1>) = ‘/’ (|0>- |1>) = ‘\’
Quantum Bit Commitment
Algorithm commit(v) Bob supplies Alice with a matrix G that generates code words that differ by at least 10εn bits Alice chooses a random n-bit string(r) Alice uses matrix G to generate a codeword(c) such that r•c = v Alice announces r to Bob Alice chooses another n-bit random string(b) Alice sends c to Bob on the quantum channel encoded according to: b i =0 -> + b i =1 -> x 0 = | 0 = / 1 = 1 = \
Quantum Bit Commitment
Algorithm commit(v) Bob chooses his own random string of bases (b’) Bob uses b’ to measure the incoming values which gives Bob string c’ Bob now has a “quantum hint” of what Alice’s codeword is However, Bob cannot get any information out of the codeword since he doesn’t know what transmission bases Alice used Statistically Bob will only guess 50% of the bases correctly – 50% of the codeword bits are effectively random
Quantum Bit Commitment
Algorithm unveil(v) Alice sends c,b,v to Bob Bob calculates a compare-summation on code words c and c’ for all bits in which Bob correctly guessed the transmission basis.
= (b i = b’ i ) (c i xor c’ i ) / (n/2)
Quantum Bit Commitment
Algorithm unveil(v) If r•c = v (Alice’s original setup) And c is a valid codeword of matrix G And < 1.4ε Bob accepts v Otherwise Bob rejects v
Quantum Bit Commitment
Example: Alice obtains a c = 10110110 Generates random base: B = {++X+XX+X} Encodes c in base B: { - | \ - / \ - / } Transmits quantum string to Bob
Quantum Bit Commitment
Example cont… Bob receives encoded string Chooses own random base and measures the quantum transmission B’ = {X+++X+XX} Obtains result c’ = { * 0 * 1 0 * * 0 } * = random result
Quantum Bit Commitment
Example cont… Alice sends b, c to Bob Bob compares b to b’ b b’ = {++X+XX+X} = {X+++X+XX} Bob compares c and c’ for bits corresponding to matches in b an b’ c c’ = {10110110} = {*0*10**0}
Can Either Player Cheat?
Alice In order to fool Bob, would have to alter her codeword so that r•c new = ~v However, she also has to ensure that c valid codeword of generating matrix G new is a This means Alice will have to flip at least 10εn bits to reach a new, valid codeword Also, to avoid detection, all Alice’s bit flips would have to be done on bits in which Bob chose a different measurement base than Alice did
Can Either Player Cheat?
Alice’s Chances: The Probability that a given base differs: Prob (b != b’) = 0.5
Prob (success) = (0.5) 10εn So for: N = 1000, ε = 1% P(success) = 7.9 * 10 -31
Can Either Player Cheat?
Favorable conditions for Alice If there is no noise on the channel when Alice transmits Bob can attribute some of the differences to noise Alice could afford to incorrectly flip X bits where x must be: 0.7εn > X = 7 bits in our previous example Improves her chances to 1 * 10 -28 Does not help when n is large enough Flipping bases in conjunction with bits can also help
Can Either Player Cheat?
Bob Until Alice reveals b, Bob knows nothing about c since c’ is nothing but random data until the bases are known.
The information hidden in c’ “comes into being” only when Alice reveals her quantum transmission bases.
Since no information exists prior to Alice’s transmission, it’s impossible for Bob to draw information out of c’
Can Either Player Cheat?
Bob does an exhaustive key search Restricting Alice’s codeword choices could help Bob Bob finds all possible code words from matrix G that differ by 0.25n bit flips from the measured codeword However code words themselves only differ by 10εn which would produce an large enough set to negate Bob’s efforts
Can Either Player Cheat?
Bob uses a non-standard base: Uses base halfway between diagonal and rectilinear Still only gives Bob 75% bit accuracy Also negates Bob’s ability to check Alice’s moves
Conclusions
With a significantly large n and a reasonable ε, a cheat-proof Bit commitment algorithm can be implemented Using a Quantum channel allows a sender to “create” information after it has been transmitted Bob’s random data contains no information until Alice announces her transmission bases Will be a useful property for Quantum Key Distribution The “bothersome” properties of quantum mechanics ensure that the algorithm works If measurement did not destroy quantum information, Bob could continue to measure the bits received until he was probabilistically certain of the correct value Likewise if Bob could clone quantum states