#### Transcript Lecture 22: Photons

Phun with Photons 28 April 2005 CS588 Spring 2005 David Evans http://www.cs.virginia.edu/evans Menu • Visual Cryptography • Quantum Cryptography • Quantum Computing (very briefly) • Cryptographic Hashing Attacks – Boyd and Isabelle CS588 Lecture 22 2 Visual Cryptography • Can we quickly do a lot of XORs without a computer? • Yes: Key Ciphertext Key Ciphertext 0: 1: .5 probability CS588 Lecture 22 .5 probability 3 Key + Ciphertext Key Ciphertext Key Ciphertext + + + + =0 =1 CS588 Lecture 22 4 Perfect Cipher? Plaintext 0 Key Ciphertext Key Ciphertext 1 .5 probability CS588 Lecture 22 .5 probability 5 Perfect Cipher Plaintext 0 Key Ciphertext Key Ciphertext 1 .5 probability .5 probability P (C = P (C = | M = 0) = .5 = | M = 1) = .5 P (C = P (C = | M = 0) = .5 = | M = 1) = .5 CS588 Lecture 22 6 Yes! Authentication for remote voting Nathanael Paul, David Evans, Avi Rubin and Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. 6 April 2003 http://www.cs.virginia.edu/evans/pubs/remote-voting.html • Remote voting offers convenience – 69% votes cast by mail in 2001 in state of Washington • Electronic voting is cheaper and faster – More secure? – New problems: virus, worm, spoofing, denial of service • Mutual authentication – Voter authenticated to server – Server authenticated to voter CS588 Lecture 22 7 Doing Encryption without Computers • Can’t trust voters to have trustworthy computers – Viruses can tamper with their software • Need to do authentication in a way that doesn’t depend on correctness of user’s software • Lorenz cipher: use XOR to encrypt – Is there a way to do lots of XOR’s without a computer? CS588 Lecture 22 8 Remote Voting System STEP 1 Each voter is sent a key, ki keys Ek (k1) S Ek(k2) … ki = … Ek(kn) STEP 2 Key: AQEGSDFASDF ki STEP 3 – if ki valid… STEP 4 ki = “AQEGSDFASDF” S CS588 Lecture 22 client machine 9 client machine Authentication by Transparency CS588 Lecture 22 10 Quantum Cryptography CS588 Lecture 22 11 Quantum Physics for Dummies • Light behaves like both a wave and a particle at the same time • A single photon is in many states at once • Can’t observe its state without forcing it into one state • Schrödinger’s Cat – Put a live cat in a box with cyanide vial that opens depending on quantum state – Cat is both dead and alive at the same time until you open the box CS588 Lecture 22 12 Heisenberg’s Uncertainty Principle “We cannot know, as a matter of principle, the present in all its details.” Werner Heisenberg, 1920s If you can’t know all the details about something you can’t copy it. Bits are easy to copy; photons are impossible to copy. CS588 Lecture 22 13 Quantum Cash Stephen Wiesner, late 60s: “I didn’t get any support from my thesis advisor – he showed no interest in it at all. I showed it to several other people, and they all pulled a strange face, and went straight back to what they were already doing.” (Quoted in Singh, The Code Book) CS588 Lecture 22 14 Photon Polarity Photons have “spin”: V H +45º -45º Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons Horizontal filter: 100% of H photons 50% of +45º photons (become H photons) 50% of -45º photons (become H photons) 0% of V photons CS588 Lecture 22 15 Photon Stream Can’t tell difference between V and +45º and –45º photons Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons CS588 Lecture 22 16 Quantum Cash $10000 Uncertainty Principal Bank $10000 Spinning Photons Unique ID 258309274917392 Richard Feynman Safecracker, Father of Quantum Computing $10000 CS588 Lecture 22 In Dice We Trust 17 $10000 Bank Verifies Bill Unique ID 258309274917392 Spinning Photons Uncertainty Principal ID … Amount Photons … … 258309274917392 … $10000 … V-45H+45+45V … Bank aligns filters according to expected values. If photons on bill all pass through filters, the bill is valid. CS588 Lecture 22 18 Counterfeiting Quantum Cash • To copy a bill, need to know the photons. • Counterfeiter can guess, but loses information. Physics says there is no way to measure the spins without knowing them! CS588 Lecture 22 19 Perfect Security? • Bill photons: V (¼), +45 (¼), -45 (¼), H (¼) • Guess V-filter: passes 100% of V photons, ½ of +45 and ½ of -45 – p (M = V | passes V filter) = .25 / (.25 + (.5 * .25) + (.5 * .25)) = .25/.5 = .5 If photon passes, counterfeiter can guess it is a V photon, right ½ of the time. If photon doesn’t pass, guess it’s a H photon, right ½ of the time. – p (M = +45 | passes V filter) = .25 • Actually a bit more complicated – can guess some photons wrong, and 50% chance bank won’t notice. CS588 Lecture 22 20 Guessing One +45º Photon • Passes through V-filter (.5) – Counterfeiter guesses V-photon – Passes through Banks +45 filter (.5) – .25 chance of getting it right • Doesn’t passes through V-filter (.5) – Counterfeiter guesses H-photon – Passes through Banks +45 filter (.5) – .25 chance of getting it right • Probability of not getting caught = .5 • Forge bill with 6 photons = 1/26; use more photons for more valuable bills. CS588 Lecture 22 21 Quantum Key Distribution CS588 Lecture 22 22 Quantum Key Distribution • Charles Bennett (1980s) • Use quantum physics to transmit a key with perfect secrecy • Alice sends a stream of random photons • Bob selects random filters to try and guess photons • After, they communicate over insecure channel to figure out which bits were transmitted correctly CS588 Lecture 22 23 Quantum Key Distribution 1. Alice generates a random sequence. Transmits: 0: or (Randomly pick H or –45) 1: or (Randomly pick V or +45) 2. Bob randomly guesses filter: Rectilinear detector: recognizes H and V photons with 100% accuracy, randomly misrecognizes diagonal photons. Diagonal detector: recognizes -45 and +45 photons with 100% accuracy, randomly misrecognizes H and V photons. CS588 Lecture 22 24 Detecting Photons • Bob picks the right detector: – 100% chance of correctly recognizing bit • Bob picks the wrong detector: – 50% chance of “guessing” bit • Bob can’t tell the difference • But, Alice can (since she picked the photon encoding) CS588 Lecture 22 25 Finding Correct Guesses 3. Alice calls Bob over an insecure line, and tell him rectangular/diagonal for each bit. Bob tells Alice if he guessed right. They use the bits he guessed right on as the key. 4. Alice and Bob do some error checking (e.g., use a checksum) to make sure they have the same key. CS588 Lecture 22 26 What about Eve? • Eve can intercept the photon stream, and guess filters. • If she guesses right, she can resend the same photon. • If she guesses wrong, 50% chance she will send the wrong photon. • 50% chance Bob will guess the right filter on this photon, so 25% chance of error CS588 Lecture 22 27 Eve is Caught • When Alice and Bob agree on which bits to use, Eve will have the wrong ones since she guesses different polarities. • Eve cannot eavesdrop without Alice and Bob noticing an unusually high error rate! CS588 Lecture 22 28 Is this practical? CS588 Lecture 22 29 http://www.idquantique.com/ (Geneva, Switzerland) CS588 Lecture 22 30 Movie Teaser What’s in the “Sneakers” Black Box? A Quantum Computer CS588 Lecture 22 32 Quantum Computing • Feynman, 1982 • Quantum particles are in all possible states • Can try lots of possible computations at once with the same particles • In theory, can test all possible factorizations/keys/paths/etc. and get the right one! • In practice, major advances required before we can build it (unless the NSA knows something we don’t…): 7-qubit computer – Adding another qubit is more than twice as hard CS588 Lecture 22 33 Cryptographic Hashing Attacks CS588 Lecture 22 34 Charge • Tuesday: – Project presentations • Order will be determined pseudorandomly – Reports due • Sneakers: send me email before Monday if you are coming CS588 Lecture 22 35