Quantum Cryptography

Submitted To: Computer Engineering Department, University College of Engineering, Kota

Submitted By: Shashank Kumar Jain (08/181) B.Tech Final Year

2 Quantum Cryptography


This is to certify that Mr. Shashank Kumar Jain, College Roll No. 08/181 and University Roll No 08EUCCS031, has submitted the seminar report entitled “Quantum Cryptography’’ in partial fulfilment for the award of the degree of Bachelor of Technology in Computer Engineering B.Tech Final year for the academic Session 2011–2012. The report has been prepared as per the prescribed format and is approved for submission and presentation.

Seminar Guide:
Mr. R. S. Sharma Associate Professor Computer Engineering Department University College of Engineering, Kota(Raj.)

Submitted by :
Shashank Kumar Jain College Roll No. – 08/181

3 Quantum Cryptography


The satisfaction and elation of successfully completing a task would be incomplete without acknowledging the people who are involved with us in it, with their constant guidance, encouragement and efforts. This seminar was under taken as a requirement for the completion of Bachelor of Technology degree. It is not only a technical endeavour but also the initiation of a fresher into the world of information technology. I am thankful to Mr. R. S. Sharma for lending us the opportunity to work under his guidance. Also, I am very much grateful to him for his inspiration and constructive suggestions which helped us in the preparation and completion of the seminar. I would also like to thank Mrs. Nirmala Sharma for acting as lead mentor for the seminar lab and helping us in guiding to prepare seminar topic. Shashank Kumar Jain

and the real-world application implementation of this technology. unknown quantum states.e. Well-known examples of quantum cryptography are the use of quantum communication to securely exchange a key (quantum key distribution) and the (hypothetical) use of quantum computers that would allow the breaking of various popular public-key encryption and signature schemes (e. This presentation summarizes the current state of quantum cryptography. The security of these transmissions is based on the laws of quantum mechanics.g. and how this technology contributes to the network security. an eavesdropper cannot copy unknown qubits i. it is not possible to measure the quantum state of any system without distributing that system. This presentation concentrates on the theory of quantum cryptography. due to no-cloning theorem. The principle of photon polarization states that. . The Heisenberg Uncertainty principle states that. The quantum cryptography relies on two important elements of quantum mechanics 1.4 Quantum Cryptography Abstract Quantum cryptography is an emerging technology in which two parties can secure network communications by applying the phenomena of quantum physics. The Heisenberg Uncertainty principle and the principle of photon polarization. RSA and ElGamal). 2.. and finally the future direction in which the quantum cryptography is headed forwards.

7 Receiver’s Information Gain 23 23 24 25 26 28 28 4.1 Introduction 1.6 Sender’s Control 3.1 Introduction 2.2 Photon Polarization 2. Cryptography 1. Quantum Cryptography 2. Fully Distrustful Protocol 3.5 Quantum Cryptography TABLE OF CONTENTS 1.3 Bit Commitment Protocol 3.1 Device Independent Protocol 3. 5.2 Distrustful Protocol 3.5 Fully Distrustful Cryptography 3.3 Quantum Cryptography Procedure 15 16 19 3.3 Limitations of Classical Cryptography 6 9 13 2. Conclusion References .2 Classical Cryptography 1.4 Device Independence Formulation 3.

and hash functions. such as block ciphers. Thereafter. The next major step in this evolutionary process may be at hand. The input to an encryption process is commonly called the plaintext. in which case they’re called public key or asymmetric. Cryptography is where security engineering meets mathematics. or have separate keys for encryption and decryption. while cryptology. Although the field of cryptography is ancient. There are a number of cryptographic primitives—basic building blocks. The purpose of cryptography is to transmit information such that only the intended recipient receives it. in which case they’re called shared key (also secret key or symmetric). Cryptanalysis to the science and art of breaking them. often shortened to just crypto.1 Introduction Cryptography is the art of encoding and decoding messages and has existed as long as people have distrusted each other and sought forms of secure communication. stream ciphers. . with the code-makers working to stay ahead of the codebreakers. things get somewhat more complicated. it is not static. and the output the cipher text. Cryptography has often been used to protect the wrong things. It is probably the key enabling technology for protecting distributed systems. Cryptographic techniques have evolved over the centuries. Block ciphers may either have one key for both encryption and decryption.6 Quantum Cryptography Cryptography 1. A digital signature scheme is a special type of asymmetric crypto primitive. The basic terminology is that cryptography refers to the science and art of designing ciphers. It provides us with the tools that underlie most modern security protocols. yet it is surprisingly hard to do right. or used to protect them in the wrong way. is the study of both.

So a more realistic goal of cryptography is to make obtaining the information too work-intensive to be worth it to the attacker. which is called cipher text. desire. neither human nor machine can properly process it . When data is stored on a computer. and resources.  Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Encryption is a method of transforming original data. called plaintext. is to hide information from unauthorized individuals. both of which are notoriously weak. and the mechanisms that make it up. into a form that appears to be random and unreadable.7 Quantum Cryptography Within the context of any application-to-application communication. When this same sensitive information is sent over a network. including:  Authentication: The process of proving one's identity. Plaintext is either in a form that can be understood by a person (a document) or by a computer (executable code). Although the ultimate goal of cryptography. most algorithms can be broken and the information can be revealed if the attacker has enough time. there are some specific security requirements. it can no longer take these controls for granted. Once it is transformed into cipher text. (The primary forms of hostto-host authentication on the Internet today are name-based or address-based. and the information is in a much more vulnerable state.  Non-repudiation: A mechanism to prove that the sender really sent this message. it is usually protected by logical and physical access controls.)  Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.

Key Algorithm Message Cipher Text In above figure the key is inserted into the mathematical algorithm and the result is applied to the message. Most encryption methods use a secret value called a key (usually a long string of bits). without the key. Even if this attacker knows the algorithm that the two people are using to encrypt and decrypt their information. . The cryptosystem uses an encryption algorithm. which works with the algorithm to encrypt and decrypt the text. This enables the transmission of confidential information over insecure channels without unauthorized disclosure. she can view the message. If an eavesdropper captures a message as it passes between two people. Plain Text Encryption Cipher Text Decryption Plain Text The process of encryption transforms plaintext into cipher text and the process of decryption transforms cipher text into plaintext A system that provides encryption and decryption is referred to as a cryptosystem and can be created through hardware components or program code in an application. this information remains useless to the eavesdropper.8 Quantum Cryptography until it is decrypted. which ends up in cipher text. but it appears in its encrypted form and is therefore unusable. which determines how simple or complex.

Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. Assuming that brute force. The algorithms are very complex. which is a long string of randomly-chosen bits. Mainly two classical algorithms are defined.2 Classical Cryptography There are several ways of classifying cryptographic algorithms. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.9 Quantum Cryptography 1. Suppose that a key of 128 bits is used. They will be categorized based on the number of keys that are employed for encryption and decryption. Secret Key Cryptography: Secret-key encryption requires that two users first develop and securely share a secret key. 1. . is employed. 1. the encrypted message should be safe: a billion computers doing a billion operations per second would require a trillion years to decrypt it. The users then use the secret key along with public algorithms to encrypt and decrypt messages. 2. and can be designed such that every bit of output is dependent on every bit of input. Secret Key Cryptography: Uses a single key for both encryption and decryption. Public Key Cryptography: Uses one key for encryption and another for decryption. along with some parallelism. and further defined by their application and use.

Because both users use the same key to encrypt and decrypt messages. There is no way to prove who actually sent a message if two people are using the exact same key. In general. When using symmetric algorithms. the sender and receiver use the same key for encryption and decryption functions. . but they cannot provide authentication or nonrepudiation.10 Quantum Cryptography A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. The security of the symmetric encryption method is completely dependent on how well users protect the key. the same plaintext block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher. symmetric cryptosystems can provide confidentiality.

anyone can send a message since the public key is used to encrypt messages. Using this method. . and RC6. Public Key Cryptography: Public-key encryption is based on the idea of a safe with two keys: a public key to lock the safe and a private key to open it.11 Quantum Cryptography The following are examples of symmetric key cryptography algorithms and will be explained in the “Stream and Block Ciphers” section:      Data Encryption Standard (DES) Triple DES (3DES) Blowfish IDEA RC4. The public and private keys are mathematically related. but only someone with the private key can decrypt the messages. but cannot be derived from each other. 2. This means that if one gets a copy of Bob’s public key. RC5. Since the encrypting and decrypting keys are different. The security of public-key encryption depends on the assumed difficulty of certain mathematical operations. such as factoring extremely large prime numbers. it is not necessary to securely distribute a key. it does not mean he can now use some mathematical magic and find out Bob’s private key.

she would encrypt the file with the receiver’s public key. If the sender encrypted the message with the receiver’s public key. . This is called a secure message format because it can only be decrypted by the person who has the corresponding private key. then she would encrypt the message with her private key. If authentication is the most important security service to the sender. This provides assurance to the receiver that the only person who could have encrypted the message is the individual who has possession of that private key.12 Quantum Cryptography Public Key cryptosystem If confidentiality is the most important security service to a sender. authentication is not provided because this public key is available to anyone.

If data is encrypted with a public key. If data is encrypted with a private key. so do not get confused and think the public key is only for encryption and the private key is only for decryption. it cannot be decrypted with a private key. confidentiality is not ensured. it must be decrypted with the corresponding private key. it must be decrypted with the corresponding public key.  Limited security: nonrepudiation. Secret Key Cryptography: Following are the limitations of secret key cryptography:   Key distribution: It requires a secure mechanism to deliver keys properly.13 Quantum Cryptography Encrypting a message with the sender’s private key is called an open message format because anyone with a copy of the corresponding public key can decrypt the message. It can provide confidentiality. However.3 Limitations of Classical Cryptography 1. but not authenticity or . They both have the capability to encrypt and decrypt data. so the number of keys grows exponentially. For a message to be in a secure and signed format. Thus. Each key type can be used to encrypt and decrypt. if data is encrypted with a private key. the sender would encrypt the message with her private key and then encrypt it again with the receiver’s public key. Scalability: Each pair of users needs a unique pair of keys. This provides confidentiality and authentication for that delivered message. 1. The receiver would then need to decrypt the message with his own private key and then decrypt it again with the sender’s public key.

. not proven. Users must either agree on the secret key when they are together in the same location or when they are in different locations. however. The drawbacks to developing the key when they are in the same location are that it is not always practical for the users to meet. The theoretical ability of quantum computers to essentially process large amounts of information in parallel would remove the time barrier to factoring large numbers. and such storage is not secure. The second problem is the threat of quantum computers. it sometimes becomes easier to decrypt the message. especially for the encryption of financial information sent over the internet. Thus. The second problem is securely distributing the secret key in the first place. The first problem is that the difficulty of the mathematical problems is assumed. This problem can be somewhat offset by increasing the length of the key. All security will vanish if efficient factoring algorithms are discovered. This is the wellknown “key-distribution problem”. 2. The drawback to developing a key when the users are in different locations is that all classical methods of transmitting the key are subject to eavesdropping that cannot be detected by the users. though secure at the moment. faces a serious threat as quantum computing comes closer to reality. this method is still widely used. a large database would be needed to store the predetermined keys. Currently. Public Key Cryptography: Weakness of Public key cryptography is  Works much slower than symmetric systems There are two problems with basing security on the assumed difficulty of mathematical problems.14 Quantum Cryptography There are two main problems with secret-key encryption. The first problem is that by analyzing the publicly-known encrypting algorithm. public-key encryption.

that is. But already quantum cryptography has been developed which promises more secure communication than any existing technique and cannot be compromised by quantum computers. Quantum cryptography accomplishes these remarkable feats by exploiting the properties of microscopic objects such as photons. In addition.1 Introduction Today’s most common encryption methods are threatened by the potential creation of the quantum computer. it is not threatened by the development of quantum computers. Quantum cryptography uses our current knowledge of physics to develop a cryptosystem that is not able to be defeated . which can be classified as either “public-key” or “secret-key” methods. Quantum cryptography solves the problems of secret-key cryptography by providing a way for two users who are in different locations to securely establish a secret key and to detect if eavesdropping has occurred. Quantum cryptography takes advantage of the unique and unusual behavior of microscopic objects to enable users to securely develop secret keys as well as to detect eavesdropping. since quantum cryptography does not depend on difficult mathematical problems for its security.15 Quantum Cryptography Quantum Cryptography 2. . one that is completely secure against being compromised without knowledge of the sender or the receiver of the messages. The word quantum itself refers to the most fundamental behaviour of the smallest particles of matter and energy: quantum theory explains everything that exists and nothing can be in violation of it. The development of quantum cryptography was motivated by the short-comings of classical cryptographic methods.

but photons offer all the necessary qualities needed. it is important to first understand their properties. and the type of measurement impacts the property that you find the object to have.2 Photon Polarization Photon polarization measurements form the foundation for the most common quantum cryptographic techniques.essentially because it is impossible to measure the quantum state of any system without disturbing that system. are quantum objects. and in the quantum world an object can be considered to have a property only after you have measured it. This implies that a photon can only be considered to have a particular polarization after you measure it. and Diagonal (45° or 135°) Although there are three bases. and . quantum cryptography is based on the usage of individual particles/waves of light (photon) and their intrinsic quantum properties to develop an unbreakable cryptosystem . Photons can be measured to determine their orientation relative to one of these bases of polarization at a time. 2. only two bases are used in any given protocol for quantum cryptography. however. It is theoretically possible that other particles could be used. the most promising medium for extremely high-bandwidth communications. The three chosen bases of polarization and the possible results of a measurement according to the bases are:    Rectilinear (horizontal or vertical). one would expect the photon to have a certain polarization. which can be measured but which is not changed by the measurement.16 Quantum Cryptography Essentially. Classically. Circular (left-circular or right-circular). their behaviour is comparatively well-understood. Photons. and they are the information carriers in optical fibre cables.

and you will find that the photon is 45 ° polarized or 135° polarized – there are only two possibilities. The fact that a horizontally-oriented photon may subsequently be measured to have a 45° polarization occurs because the state of horizontal polarization is actually a superposition of the two diagonal polarization states.17 Quantum Cryptography that the basis you choose for the measurement will have an impact on the polarization that you find the photon to have. “How is the photon oriented relative to a rectilinear coordinate system?” You will find the photon is either vertically polarized or horizontally polarized -. As a result it is impossible to determine a photon’s rectilinear and diagonal polarizations at the same time. Next you send this same photon through an apparatus to measure its orientation relative to a diagonal coordinate system. Now you are asking the question. Suppose you measure this photon as horizontally polarized. For example. if you send a photon through an apparatus to measure its orientation relative to a rectilinear coordinate system. The behavior of photons sent through a series of polarizer is illustrated below: LEGEND + = an apparatus that measures rectilinear polarization V = vertical polarization .there are only two possibilities. This is in surprising contrast to the classical situation where something that is horizontally oriented would be expected to have a component in the diagonal direction. all information about the previous “property” of horizontal polarization of the photon vanished. All polarization states are actually superposition of other polarization states. More information about one results in less information about the other. The type of measurement does indeed have an impact on what property you find. you are asking the question. This is analogous to the impossibility of specifying a particle’s position and momentum at the same time. It is important to note that once the diagonal measurement was made. “How is the photon oriented relative to a diagonal coordinate system?”.

18 Quantum Cryptography H = horizontal polarization O = an apparatus that measures circular polarization L = left-circular polarization R = right-circular polarization 1. with equal probability. V O L OR V O R 4. A photon is sent through a rectilinear (+) measurement apparatus. Photon 1 + V + V + V Photon 2 + H + H + H 3. A photon that is repeatedly sent through the same measurement apparatus will always give the same answer. The photon will come out either left-circular polarized OR right-circular polarized. A photon that was measured to be vertically polarized is sent through an apparatus to measure its circular polarization. Analogous results would occur if a circularly-polarized photon was sent through a rectilinear measurement apparatus. The photon has equal probability of being vertically or horizontally oriented. Photon 1 Photon 2 + + V V 2. .

Alice and Bob each throw out the data from measurements that were not of the correct type. and convert the remaining data to a string of bits using a convention such as: left-circular = 0. using the standard convention that Alice is the sender. Alice records the polarization of each photon and then sends it to Bob. A correct measurement is the correct type of Bob used the same basis for measurement as Alice did for preparation. right-circular = 1 horizontal = 0. Alice publicly tells Bob which measurements were of the correct type. vertical = 1 . Bob receives each photon and randomly measures its polarization according to the rectilinear or circular basis. but not the results of his measurements.19 Quantum Cryptography 2. Bob is the receiver. and Eve is the eavesdropper. He records the measurement type (basis used) and the resulting polarization measured. Alice prepares photons randomly with either rectilinear or circular polarizations.3 Quantum Cryptography Procedure The steps of the protocol are explained below. Bob publicly tells Alice what the measurement types were. (It is important to remember that the polarization sent by Alice may not be the same polarization Bob finds if he does not use the same basis as Alice.

Although this was a serious problem in previous modern cryptographic methods. The discussions between Alice and Bob about the types of measurements made occur on a classical channel. This string of bits forms the secret key. The string of bits now owned by Alice and Bob is: 1 0 0 1 0 1 0 1. Eve can intercept information transmitted on the classical channel without being detected. such as telephone or email.20 Quantum Cryptography The following example data was generated assuming that Alice sends 12 photons and the detector never fails. the number of photons sent and the resulting length of the string of bits. This is because in quantum cryptography protocols the only information Bob and Alice exchange on a classical channel is the type of measurements . In practice. it is not a problem in quantum cryptography. The photon transmissions are quantum in nature and occur on what will be called a quantum channel. such as optical fiber. it is important to note that transmissions between Alice and Bob take place on two different types of channels. The properties of these two channels are very different. But what if Eve has been eavesdropping on Alice and Bob’s transmissions? To understand why eavesdropping does not compromise the security of keys developed using quantum cryptography.

and has an equal probability of finding it to be right-circularly polarized and left-circularly polarized. consider the following scenario. but since Bob did not choose the correct basis. Alice sends a right-circularly polarized photon. As you can see. measure them. Suppose Eve listens on the quantum channel. and then send them on to Bob. For example. which tells Eve nothing about the results of the measurement. Bob measures it according to the circular basis.21 Quantum Cryptography they made. It is clear that this will introduce errors into Bob’s final string of bits. When she chooses a different basis for measurement than Alice had used for preparation. Here Eve would know the polarization that Alice sent. finds it to be vertically polarized. One way she may do this is by skimming some photons from the burst sent from Alice to Bob. she doesn’t know what their result was. some of which are received by Eve and Bob. Eve decided to use the rectilinear basis for measurement. causing Bob to receive a photon that does not have the same polarization as that sent by Alice. For example. and Bob decides to use the circular basis. Alice and Bob can detect these errors when they run . she will change the photon’s polarization through the act of measurement. Another method Eve could use to eavesdrop on the quantum channel is to intercept the photons. Therefore. Alice and Bob would throw the results out. but she has to randomly choose her own measurement type since she doesn’t know what measurement type Bob is going to use. about half the time she will choose a different basis than Bob for measurement. Now suppose instead that Eve had decided to measure it according to the circular basis. which is intercepted by Eve. and therefore nothing about the key that was developed. Eve measures it according to the rectilinear basis. but since Eve used the wrong basis. suppose Alice sends a burst of circularly polarized photons. Now Eve has photons that are identical in polarization to those received by Bob. Eve will not end up with anything resembling the string of bits that Alice and Bob create. and sends it on to Bob. but Bob decided to measure it according to the rectilinear basis. Alice and Bob keep the resulting data since they both used the same basis.

Each time a comparison is performed. One approach is to compare a large random subset of their string of bits. assuming that if these match up. Another technique was developed. . although Eve could obtain some correct bits of the final key by intercepting photons. If an oddnumber of errors exist. errors can be eliminated. Thus it is important for Alice and Bob to perform a “key validity check” to confirm that they have the same string of bits. Thus. All of these factors can cause Bob to end up with a different string of bits than Alice. Alice and Bob will know that the security of their key has been compromised. the parity calculated by Alice and Bob will be different. and Alice and Bob can be sure that they have the same string of bits for use as the key. and Eve could be eavesdropping. This technique is useful for detecting eavesdropping. In this way. Alice and Bob discard the last bit in the block. Using this technique. Alice and Bob check many overlapping blocks.22 Quantum Cryptography “key validity check”. They cannot compare the whole string of bits over a classical channel since this would compromise the security of their key. detectors fail some of the time. since this information was shared over a public channel and could have been intercepted. In reality. The bits that they have compared are discarded. and make smaller and smaller block sizes to find the errors. then the others that they are not comparing also match up and can be used as the key. Alice and Bob agree on certain blocks of bits of their key and calculate and compare the parity of each block. there is noise in the channel. since any activity by Eve would introduce a large number of errors.

independent approach can be extended to cover cryptographic problems with distrustful parties. this setting presents us with a novel challenge: Whereas in device-independent quantum keydistribution Alice and Bob will cooperate to estimate the amount of non. so to ensure reliability.23 Quantum Cryptography Fully distrustful Protocol 3.2 Distrustful Protocol A protocol in which two parties do not trust each other. In particular. and the selftesting of quantum computers. 3. device.independent protocols have been proposed for quantum key-distribution. random number generation. honest parties can rely only on themselves. It is not a priori clear. a device-independent protocol.1 Device Independent Protocol A quantum protocol is said to be device.locality present. In many everyday scenarios (e. the use of credit cards on the internet. The key idea is that the certification of a sufficient amount of nonlocality ensures that the underlying systems are quantum and entangled. remains secure even if the devices were fabricated by an adversary. in principle. So far. digital signatures). for protocols in the distrustful cryptography model. Anyone may try to cheat. state estimation. secure identification. we need to ensure security not only against an .g. In fact.independent if the reliability of its implementation can be guaranteed without making any assumptions regarding the internal workings of the underlying apparatus. whether the scope of the device. other party must be able to detect cheating.

when Alice and Bob do not trust each other. arbitrarily concealing and binding quantum bit-commitment is impossible. However. on the one hand. 3. A bit-commitment protocol consists of two phases. possibly followed by some test that each party carries out to ensure that the other party has not cheated. Many important results in quantum cryptography are related to the fundamental primitives in this setting: While. In the time between the two phases.commitment has been shown to be possible with trusted devices.  Reveal phase In the reveal phase.   Commit Phase Reveal phase  Commit Phase In the commit phase. Alice reveals the value of the bit. The security of a protocol is always analyzed under the assumption that one of the parties is honest. quantum weak coin flipping with arbitrarily small bias is possible.e. which may be of any duration. . less secure but non-trivial bit . Alice interacts with Bob in order to commit to a bit.24 Quantum Cryptography eavesdropper. but crucially against malicious parties partaking in the protocol. no actions are taken. i.3 Bit commitment Protocol It is a distrustful protocol.

We make the assumption that the probabilities of the ( ). while a protocol with is called arbitrarily concealing. Each box allows for a classical input (the index . In contrast. = 1/2. we allow a dishonest party to choose . in any classical protocol either Alice or Bob can cheat perfectly 3.25 Quantum Cryptography We designate by = Probability that Alice reveals wrong bit value without being caught cheating = Probability that Bob knows value of bit before Reveal Phase The quantities Alice’s Control = Bob’s Information Gain = A protocol with arbitrarily small arbitrarily small is called arbitrarily binding. Quantum mechanics does not allow for a protocol to be both arbitrarily binding and concealing at the same time. = . in the sense that The best known protocol gives = 1/4. In fact. outputs given the inputs for an honest party can be expressed as where inputting is some joint quantum state and in box and obtaining the outcome is a POVM element corresponding to . and produces a classical output designates the box). Apart from this constraint we impose no restrictions on the boxes’ behavior.4 Device Independence Formulation In our device-independent formulation. for a ‘fair’ protocol. we assume that each honest party has one or several devices which are viewed as ‘black boxes’. In particular.

and C with binary inputs. In a ‘fully’ distrustful setting. and . The GHZ paradox consists of the fact that if the inputs satisfy . The above assumption amounts to the most general modeling of boxes that I. the fact that we do not rely on space-like measurements makes the conceptual implications of our work clearer and the quantum origin of the security evident. and .5 Fully Distrustful Cryptography Our protocol is based on the Greenberger-Horne-Zeilinger (GHZ) paradox. 3. and outputs . these conditions can be satisfied by shielding the boxes. . respectively. the boxes cannot communicate with one another. i. where the devices too cannot be trusted. and Are such that the physical process yielding the output the input in box depends solely on . In particular. It is also implicit in our analysis that no unwanted information can enter or exit an honest party’s laboratory.e. II.26 Quantum Cryptography the state (which she can entangle with her system) and the POVM elements for the other party’s boxes. This observation is important because relativistic causality is by itself sufficient for perfect bit-commitment and coin flipping. as in fundamental tests of non-locality. We consider three boxes A. satisfy the laws of quantum theory. Hence. B. it is not necessary to carry out measurements in space-like separated locations to guarantee II.

If a = 0. and to ensure that a dishonest party always has a non-zero probability of being caught cheating. The protocol runs as follows. This relation can be guaranteed if the three boxes implement measurements on a three qubit GHZ state √ where = 0 (1) corresponds to measuring . The nonlocal and pseudo-telepathic nature of the GHZ paradox – the non-occurrence of certain input-output pairs that would necessarily occur in any local theory – are key. both to ensure that when both parties are honest the protocol does not abort. and Bob has a pair of boxes. and . A. we initialized the constant values of the network via relation . Commit phase: Alice inputs into her box the value of the bit she wishes to commit to. To solve TSP.27 Quantum Cryptography We can always have the outputs satisfy . she sends Bob a classical bit Reveal phase: Alice sends Bob or as her commitment. for local boxes this relation can only be satisfied with probability at most. Also. Alice has a box. we had n neurons (based on the number of cities). In contrast. He then randomly chooses a pair of inputs . first we defined the structure of Hopfield network. If any of these tests fails then he aborts. In this network. Denote the input and output of her box by uniformly at random. she sends Bob a classical bit If a = 1. B and C. She then selects a classical bit a . If the parties are honest (and the boxes satisfy the GHZ paradox). then the protocol never aborts. The three boxes are supposed to satisfy the GHZ paradox. satisfying or and . Bob first checks whether and =1 inputs them into his two boxes and checks that the GHZ paradox is satisfied.

no value of c is preferable. suppose that Alice wishes to reveal 1.e. → 1. and we assume that she sends c = 0. i. since Alice’s winning probability is invariant under the relabeling. and hence. We denote Bob’s binary input and output by where = 0( and . She will then carry out to be sent. possibly entangled with her own ancillary systems. = 1) corresponds to the measurement he carries out when Alice sends . → 1. c → c 1. for a choice On the other hand.28 Quantum Cryptography 3. without receiving any information from Bob. 3. whether inputs such that = . (since Bob knows that in this case = 0 or may take on any value 1 = 0). Since the commit phase consists of Alice sending a classical bit c as a token of her commitment. Bob carries out one of a pair of two-outcome measurements on his system. with no loss of generality we may assume that Alice decides on the value of c beforehand.1 Receiver’s Information Gain Bob’s most general strategy consists of sending Alice a box entangled with some ancillary system in his possession.e. she sends = 0). some operation on her systems in order to decide the value of check whether = 0 or = 0. Bob finds that the GHZ paradox is satisfied whenever of inputs such that . and accordingly prepares Bob’s boxes to maximize her control. Suppose now that Alice wishes to reveal 0 (i. wherein (dishonest) Alice prepares (honest) Bob’s boxes in any state she wants. Furthermore. Then. Depending on the value of c he receives from Alice (which is uniformly random since Alice is honest). and since = 0 it follows that Alice must send Subsequently. Bob will first = 0.6 Sender’s Control We consider the worst-case scenario. the only relevant test is = 1 for a choice of the satisfaction of the GHZ paradox.

29 Quantum Cryptography c = 0 (c = 1). and =0( = 1) corresponds to his guessing that Alice has committed to 0 (1). Bob’s information gain is ∑ ( ) .

30 Quantum Cryptography Conclusion We can conclude that: 1. Because it is not threatened by quantum computing. intrusion detection makes it reliable. key exchange can be securely made. without threat of key being compromised during initial key exchange. . Also. it is safe from fast brute-force attacks of fast computers of future. 3. 2. Quantum Cryptography provides an efficient cryptography technique that is future proof and reliable. As quantum cryptography allows detection of any eavesdropper. Fully distrustful Quantum cryptography can be used to exchange keys between parties that do not trust each other and neither their apparatus.

Denis (1993).5086v2] 2. Christian (2005). Claude. S.. 362–371. 3. Crépeau. I. Buchmann. Brassard. Pironio. eds. and S.31 Quantum Cryptography References 1. Post-quantum cryptography. A. Dahmen. Springer. pp. FOCS 1993. Silman. Schaffner. Ivan. . IEEE. Kerenidis. 4. Massar. ISBN 978-3-540-88701-0. Johannes. Serge. Bernstein. N. Daniel J. Damgård. "Cryptography In the Bounded Quantum-Storage Model". IEEE. FOCS 2005. Gilles. pp. (2009). January 2011 [arXiv:1101. Louis. Salvail. Fehr. Jozsa. Aharon. Chailloux. Langlois. Richard. 449–458. J. Erik. Fully Distrustful Quantum Cryptography. "A Quantum Bit Commitment Scheme Provably Unbreakable by both Parties".

Sign up to vote on this title
UsefulNot useful