2110413 Computer Security

Krerk Piromsopa, Ph.D.

Department of Computer Engineering Chulalongkorn University

Lecture 9 Quantum Key Distribution

Outline

• ^Motivation

• About Quantum

• ^Algorithm

• Why does it secure?

Detailed Walkthrough

0

Alice Bob

Message

Alice Bob

0 0

Alice Bob

Eve

0

Alice Bob

Eve

0

Message

Private communication

Alice and Bob share a one-time pad (secret random key).

But where do Alice and Bob get the key?

Quantum

!

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

!"#$%"&'()*+#$,*-

./)&)$%-'01'2"#$%"&',$103&#%,0$4'

%56,*#//5'6+0%0$-4'#3)'6"%',$'#'6#3%,*"/#3' -%#%)'75'%+)'-)$8)3'#$8'%+)$'07-)39)8' 75'%+)'3)*),9)3:

;)*#"-)'01'%+)'<$*)3%#,$%5'=3,$*,6/)'

*)3%#,$'2"#$%"&',$103&#%,0$'0**"3-'#-'

!"#$%&'()*

%+#%'*#$$0%'7)'&)#-"3)8' -,&"/%#$)0"-/5:

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

!"#$%"&'()*+#$,*-

=0/#3,>#%,0$'01'6+0%0$-'*#$'7)')?63)--)8' ,$'#$5'01'%+3))'8,11)3)$%'7#-)-@

3)*%,/,$)#34'*,3*"/#34'#$8'8,#A0$#/

7"%'07-)39,$A',$'0$)'7#-,-'3#$80&,>)-'

%+)'*0$B"A#%)-:

C1'%+)'-)$8)3'#$8'3)*),9)3'#3)'$0%'"-,$A'

%+)'-#&)'7#-)4'3)#8,$A'%+)',$103&#%,0$' )11)*%,9)/5'8)-%305-',%'D3#$80&,>)-',%E' F,%+0"%'5,)/8,$A'"-)1"/',$103&#%,0$:

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

G <$60/#3,>)8 /,A+%')$%)3-'#'9)3%,*#//5'#/,A$)8'1,/%)34' F+,*+'#7-037-'-0&)'01'%+)'/,A+%'#$8'60/#3,>)-'%+)' 3)&#,$8)3',$'%+)'9)3%,*#/'8,3)*%,0$:'H'-)*0$8'1,/%)3'

%,/%)8'#%'-0&)'#$A/)'+#7-037-'-0&)'01'%+)'60/#3,>)8' /,A+%'#$8'%3#$-&,%-'%+)'3)-%4'A,9,$A',%'#'$)F'

60/#3,>#%,0$

G C1'1,3-%'1,/%)3',-'#'I'#$8'%+)'-)*0$8',-'#$'J4'&#%*+)8' 60/#3,>#%,0$'6#--)-'%+30"A+4'&,-&#%*+)-'6#--' 3#$80&/5

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

H'2"#$%"&'*356%0A3#6+5'-5-%)&'#//0F-'%F0'6)06/)4' -#5'H/,*)'#$8';074'%0')?*+#$A)'#'-)*3)%'K)5:' H/,*)'"-)-'#'%3#$-&,%%)3'%0'-)$8'6+0%0$-'

,$'0$)'01'10"3'60/#3,>#%,0$-@'L4'MN4'OL'03'PQN'8)A3))-:'

;07'"-)-'#'3)*),9)3'%0'&)#-"3)')#*+'60/#3,>#%,0$',$' ),%+)3'%+)'3)*%,/,$)#3'7#-,-'DL'#$8'OLE'

03'%+)'8,#A0$#/'7#-,-'DMN'#$8'PQNER'

#**038,$A'%0'%+)'/#F-'01'2"#$%"&'&)*+#$,*-'+)'

*#$$0%'-,&"/%#$)0"-/5'&#K)'70%+'&)#-"3)&)$%-:'

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

H/,*)'-)$8-'6+0%0$-'F,%+'0$)'01'%+)'10"3'60/#3,>#%,0$-4'*+0-)$'#%'3#$80&:

S03')#*+'6+0%0$4';07'*+00-)-'#%'3#$80&'%+)'%56)'01'&)#-"3)&)$%@'I'03'J

;07'3)*038-'%+)'3)-"/%'01'+,-'&)#-"3)&)$%-4'7"%'K))6-',%'#'-)*3)%:

;07'%)//-'H/,*)'%+)'&)#-"3)&)$%'%56)-'"-)8'D7"%'$0%'3)-"/%-E',$'13))-6#*):' H/,*)'%)//-'+,&'F+,*+'F)3)'*033)*%:'

H/,*)'#$8';07'K))6'*033)*%'*#-)-'#$8'%3#$-/#%)'%0'LT-'#$8'PT-'

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

U+)*K

H-'#'*+)*K4'H/,*)'#$8';07'*+00-)'-0&)'7,%-'#%' 3#$80&'%0'3)9)#/:'

C1'%+)5'#A3))4'%+)5'*#$'"-)'%+)'3)&#,$,$A'7,%-' F,%+'#--"3#$*)'%+#%'%+)5'+#9)'$0%'7))$' ,$%)3*)6%)8:'

;"%',1'%+)5'1,$8'#'-"7-%#$%,#/'$"&7)3'01' 8,-*3)6#$*,)-4',%',$8,*#%)-'"$#90,8#7/)'

%#&6)3,$A'8")'%0')#9)-83066,$A4'#$8'%+)5' -+0"/8'-%#3%'09)3'%0'%3#$-&,%'#$0%+)3'K)5:

Qubits: Two-state quantum systems

Photon

Photon polarization

0 1

How does it work? “Two-bit” device rr 0 s

1 0

Rules

1. An interlock mechanism permits only one box at a time to be opened.

2. When a box is opened, the interlock also causes a random bit to be placed in the other box.

Information capacity = 1 bit

X Y

If you try to send 2 bits encoded in which box and what’s in that box, you end up sending only half a bit.

Alice Bob

X

0 r 0

Alice Bob

X

0 t s

X Y

s 0

Alice Bob

Secret key distribution

X

0 r 0

Alice Bob

Secret key distribution

X

0 s r

X Y

t

s

Alice Bob

Secret key distribution

X X Y X Y Y Y X Y Y

1 0 1 0 0 1 0 0 0 1

Y Y X X X Y X X Y X

r r r 0 r 1 r 0 0 r

Alice and Bob announce their box sequences publicly and keep the bits only when the boxes agree. This process, called sifting, yields a shared secret key, in

this case 0100

The key generation rate is 50% (1/2 bit per try).

Alice Bob

X X Y X Y Y Y X Y Y

1 0 1 0 0 1 0 0 0 1

Y Y X X X Y X X Y X

r r r 0 r s r s 0 r

Eve

Y Y X X Y X Y Y Y X

r r r 0 0 r 0 r 0 r

1. Alice and Bob’s sifted keys have an error rate of 25%. By sacrificing some key bits, they can detect Eve’s presence

through the error rate.

2. Eve knows 50% of each of their sifted keys.

Error correction and privacy amplification allow

Alice and Bob to extract a secret key provided the error rate does not exceed

17.1%.

Flaw: If Eve can deactivate the interlock, she can open both boxes and determine the sifted

key without introducing errors.

Heh, heh, heh.

Alice Bob

Secret key distribution

Quantum mechanics to the rescue!

For quantum systems, the two rules are consequences of the laws of quantum mechanics: there is no hidden interlock

mechanism to be de-activated.

Eve

Rats!

Foiled again. I hate those quantum

mechanicians.

!

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

!"#$%"&'()*+#$,*-

./)&)$%-'01'2"#$%"&',$103&#%,0$4'

%56,*#//5'6+0%0$-4'#3)'6"%',$'#'6#3%,*"/#3' -%#%)'75'%+)'-)$8)3'#$8'%+)$'07-)39)8' 75'%+)'3)*),9)3:

;)*#"-)'01'%+)'<$*)3%#,$%5'=3,$*,6/)'

*)3%#,$'2"#$%"&',$103&#%,0$'0**"3-'#-'

!"#$%&'()*%+#%'*#$$0%'7)'&)#-"3)8' -,&"/%#$)0"-/5:

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

!"#$%"&'()*+#$,*-

=0/#3,>#%,0$'01'6+0%0$-'*#$'7)')?63)--)8' ,$'#$5'01'%+3))'8,11)3)$%'7#-)-@

3)*%,/,$)#34'*,3*"/#34'#$8'8,#A0$#/

7"%'07-)39,$A',$'0$)'7#-,-'3#$80&,>)-'

%+)'*0$B"A#%)-:

C1'%+)'-)$8)3'#$8'3)*),9)3'#3)'$0%'"-,$A'

%+)'-#&)'7#-)4'3)#8,$A'%+)',$103&#%,0$' )11)*%,9)/5'8)-%305-',%'D3#$80&,>)-',%E' F,%+0"%'5,)/8,$A'"-)1"/',$103&#%,0$:

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

G <$60/#3,>)8 /,A+%')$%)3-'#'9)3%,*#//5'#/,A$)8'1,/%)34' F+,*+'#7-037-'-0&)'01'%+)'/,A+%'#$8'60/#3,>)-'%+)' 3)&#,$8)3',$'%+)'9)3%,*#/'8,3)*%,0$:'H'-)*0$8'1,/%)3'

%,/%)8'#%'-0&)'#$A/)'+#7-037-'-0&)'01'%+)'60/#3,>)8' /,A+%'#$8'%3#$-&,%-'%+)'3)-%4'A,9,$A',%'#'$)F'

60/#3,>#%,0$

G C1'1,3-%'1,/%)3',-'#'I'#$8'%+)'-)*0$8',-'#$'J4'&#%*+)8' 60/#3,>#%,0$'6#--)-'%+30"A+4'&,-&#%*+)-'6#--' 3#$80&/5

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

H'2"#$%"&'*356%0A3#6+5'-5-%)&'#//0F-'%F0'6)06/)4' -#5'H/,*)'#$8';074'%0')?*+#$A)'#'-)*3)%'K)5:' H/,*)'"-)-'#'%3#$-&,%%)3'%0'-)$8'6+0%0$-'

,$'0$)'01'10"3'60/#3,>#%,0$-@'L4'MN4'OL'03'PQN'8)A3))-:'

;07'"-)-'#'3)*),9)3'%0'&)#-"3)')#*+'60/#3,>#%,0$',$' ),%+)3'%+)'3)*%,/,$)#3'7#-,-'DL'#$8'OLE'

03'%+)'8,#A0$#/'7#-,-'DMN'#$8'PQNER'

#**038,$A'%0'%+)'/#F-'01'2"#$%"&'&)*+#$,*-'+)'

*#$$0%'-,&"/%#$)0"-/5'&#K)'70%+'&)#-"3)&)$%-:'

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

H/,*)'-)$8-'6+0%0$-'F,%+'0$)'01'%+)'10"3'60/#3,>#%,0$-4'*+0-)$'#%'3#$80&:

S03')#*+'6+0%0$4';07'*+00-)-'#%'3#$80&'%+)'%56)'01'&)#-"3)&)$%@'I'03'J

;07'3)*038-'%+)'3)-"/%'01'+,-'&)#-"3)&)$%-4'7"%'K))6-',%'#'-)*3)%:

;07'%)//-'H/,*)'%+)'&)#-"3)&)$%'%56)-'"-)8'D7"%'$0%'3)-"/%-E',$'13))-6#*):' H/,*)'%)//-'+,&'F+,*+'F)3)'*033)*%:'

H/,*)'#$8';07'K))6'*033)*%'*#-)-'#$8'%3#$-/#%)'%0'LT-'#$8'PT-'

!"#$"%&'()*&*+(,'"-+./"*0 12345*+.()#"+'#+(&'6(7'%"'++."'%

U+)*K

H-'#'*+)*K4'H/,*)'#$8';07'*+00-)'-0&)'7,%-'#%' 3#$80&'%0'3)9)#/:'

C1'%+)5'#A3))4'%+)5'*#$'"-)'%+)'3)&#,$,$A'7,%-' F,%+'#--"3#$*)'%+#%'%+)5'+#9)'$0%'7))$' ,$%)3*)6%)8:'

;"%',1'%+)5'1,$8'#'-"7-%#$%,#/'$"&7)3'01' 8,-*3)6#$*,)-4',%',$8,*#%)-'"$#90,8#7/)'

%#&6)3,$A'8")'%0')#9)-83066,$A4'#$8'%+)5' -+0"/8'-%#3%'09)3'%0'%3#$-&,%'#$0%+)3'K)5:

Why is quantum key distribution secure?

An unopened box has no bit value waiting to be discovered. Alice and Bob create the key

by opening their boxes. Before that, there is no key for Eve to steal.

Essential ingredient: Entanglement between qubits

“There is no there there.”

Gertrude Stein damning her native Oakland and inadvertently describing quantum systems.