One-time ID를 이용한 인증된 양자 키 분배 프로토콜

Download Report

Transcript One-time ID를 이용한 인증된 양자 키 분배 프로토콜 

Authenticated QKD protocol using onetime ID
GSIS / CIST
Hwa Yean Lee
2005. 2. 21
Contents
1.
2.
3.
4.
5.
Introduction
Authentication with one-time ID
Quantum Key distribution
Security proof
Conclusion
GSIS/ CIST
1. Introduction
 QKD (Quantum Key Distribution) protocols
 Advantage
: Unconditional security
 Disadvantage
: Vulnerability to the Man-in-the middle attack
GSIS/ CIST
1. Introduction(2)
 Miloslav Dusek, Ondrej Haderka, Martin Hendrych, and
Robert Myska, PRA, 60, 149-156 (1999)
 Bao-Sen Shi, Jian Li, Jin-Ming Liu, Xiao-Feng Fan,
Guang-Can Guo, Physics Letters A 281 83-87 (2001)
 Guihua Zeng and Weiping Zhan, PRA, 61, 022303 (2000)
 Daniel Ljunggren, Mohamed Bourennane, and Anders
Karlsson, PRA, 62, 022305 (2000)
 Takashi Mihara, PRA, 65, 052326 (2002)
GSIS/ CIST
2. Authentication with one-time ID
 Preparation
 Each user register him to the arbitrator
: secret user ID and one-way function f
 One-way authentication key of a user, Alice is
f  IDA , c  where c is a count.
• If f  IDA , c i is 1, then the Hadamard operator H is
applied, else the identity operator I is applied to the ith
qubit.
• If f  IDA , c  does not have enough length to encode the
qubits, then f  IDA , c can be used, where c  c  1 .
GSIS/ CIST
2. Authentication with one-time ID (2)
 Procedure of the authentication
1. Alice request a secure communication with Bob to
the arbitrator.
2. The arbitrator prepares N GHZ tripartite states.
1
 
000 AaB  111 AaB 

2
3. He encodes Alice’s and Bob’s particles of GHZ
states with f  IDA , c1 and g  IDB , c2 , respectively.
where f  IDA , c1  is Alice’s authentication key
and g  IDB , c2  is Bob’s.
GSIS/ CIST
2. Authentication with one-time ID (3)
 Procedure of the authentication(2)
4. The arbitrator sends the encoded qubits to Alice
and Bob respectively.
5. Alice and Bob decode their qubits with their
authentication key and selects some bits.
6. Alice and Bob measure the bits and compare the
results.
7. If the results are same, they can authenticate each
other and do the following key distribution
procedure. Otherwise they abort the protocol.
GSIS/ CIST
2. Authentication with one-time ID (4)
 Transformation of the GHZ states
1
i 1 
000

2
i
i
2
3
AaB
 111
AaB

 1  f ( IDA , c1 ) I  f ( IDA , c1 ) H A
 1  g ( IDB , c2 ) I  g ( IDB , c2 ) H B  i
1
 1  f ( IDA , c1 )  I  f ( IDA , c1 ) H  A
 1  g ( IDB , c2 )  I  g ( IDB , c2 ) H B  i
= i
2
1
GSIS/ CIST
3. Quantum Key distribution
 Procedure of the key distribution
1. Using the remaining particles after authentication,
Alice and Bob randomly make an operation either I
or  x on each particles, respectively.
2. Alice sends her particles to the arbitrator and Bob
sends his to Alice.
3. The arbitrator perform C-NOT operation, where the
control qubit is his and the target qubits is from Alice.
4. The arbitrator measures each qubits(Alice’s and
his) and announces the measurement outcomes
are same(O) or not(X).
GSIS/ CIST
3. Quantum Key distribution (2)
 Procedure of the key distribution (2)
5. Alice measures the GHZ particles received from
Bob.
6. Using the information published by the arbitrator,
Alice can find Bob’s sequence of the operations.
7. The Bob’s sequence of the operations can be
used as a raw secret key.
GSIS/ CIST
3. Quantum Key distribution (3)
Operation
Alice Bob
Transformation
of GHZ states
1
000

2
 111
AaB
I
B

B
x
1
001

2
 110
AaB

A
x
I
B
1
100

2
 011
AaB

A
x

B
x
I
A
I
A
1
 101
2
AaB
 010
C-NOT
operation
AaB
 1  000
2
AaB
 1  001
2
AaB
AaB
 011
AaB
AaB
 010

1
100

2
 111
AaB

1
101

2
 110
AaB
Opened
MO of
Bob’s qubit
info.

O
X
0
1
AaB

O
X
1
0
AaB

O
X
1
0
AaB

O
X
0
1
AaB
GSIS/ CIST
4. Security proof
 Man-in-the middle attack
1. In the authentication process
 Eve introduces errors
with probability ¼
for each check bit
in the authentication
procedure.
• On knowing
the hash function, Alice
Eve can estimate only
some bits of hashed value.
The Arbitrator
Bob
Eve
GSIS/ CIST
4. Security proof (2)
 Intercept-resend attack

Intercepts both the qubits heading to Alice or Bob
in the authentication and the qubits heading to
Alice or the authentication in the key distribution.



When Eve intercepts one-side in the key distribution,
the probability of detection is 3/8.
When Eve intercepts both-side in the key distribution,
the probability of detection is 7/16.
But she cannot be aware of the exact key since Alice
and Bob’s information of operations are not exposed to
Eve.
GSIS/ CIST
4. Security proof (3)
 Intercept-resend attack (2)
 Intercept only the qubits transmitted in the key
distribution
• Eve only can know Alice and Bob use same operation or
not.
n
1
• The probability of inferring correct key is   .
2
GSIS/ CIST
4. Security proof (4)
• Eve Eavesdrops Alice’s (Bob’s) qubits transmitted to the
arbitrator (Alice) after Alice and Bob make operations on
decoded GHZ states
Operation
Alice Bob
Transmitted
GHZ states
B
1
000

2
 xB
1
001

2
 xA I B
1
100

2
I
A
I
A
I
 xA  xB
1
 101
2
AaB
AaB
AaB
 111
 110
 011
 010
AaB
Eve’ Changed
MO
state
CNOT
op.
Opend
info
AaB

0(0)
1(1)
000 AaB
111 AaB
000 AaB
011 AaB
O
X
AaB

0(1)
1(0)
001 AaB
110 AaB
001 AaB
010 AaB
O
X
AaB

0(1)
1(0)
011 AaB
100 AaB
111 AaB
100 AaB
O
X
AaB

0(0)
1(1)
010 AaB
101 AaB
110 AaB
101 AaB
O
X
GSIS/ CIST
5. Conclusion
 QKD with authentication using one-time ID is proposed.
 Authentication with one-time ID can be used on the
various fields of quantum cryptography.
 The neutrality of the arbitrator is important for the
security of the proposed scheme.
 More research on this problem are needed.
GSIS/ CIST