34,017 research outputs found
A note on quantum related-key attacks
In a basic related-key attack against a block cipher, the adversary has access to encryptions under keys that differ from the target key by bit-flips. In this short note we show that for a quantum adversary such attacks are quite powerful: if the secret key is (i) uniquely determined by a small number of plaintext-ciphertext pairs, (ii) the block cipher can be evaluated efficiently, and (iii) a superposition of related keys can be queried, then the key can be extracted efficiently
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Detecting brute-force attacks on cryptocurrency wallets
Blockchain is a distributed ledger, which is protected against malicious
modifications by means of cryptographic tools, e.g. digital signatures and hash
functions. One of the most prominent applications of blockchains is
cryptocurrencies, such as Bitcoin. In this work, we consider a particular
attack on wallets for collecting assets in a cryptocurrency network based on
brute-force search attacks. Using Bitcoin as an example, we demonstrate that if
the attack is implemented successfully, a legitimate user is able to prove that
fact of this attack with a high probability. We also consider two options for
modification of existing cryptocurrency protocols for dealing with this type of
attacks. First, we discuss a modification that requires introducing changes in
the Bitcoin protocol and allows diminishing the motivation to attack wallets.
Second, an alternative option is the construction of special smart-contracts,
which reward the users for providing evidence of the brute-force attack. The
execution of this smart-contract can work as an automatic alarm that the
employed cryptographic mechanisms, and (particularly) hash functions, have an
evident vulnerability.Comment: 10 pages, 2 figures; published versio
Some Physics And System Issues In The Security Analysis Of Quantum Key Distribution Protocols
In this paper we review a number of issues on the security of quantum key
distribution (QKD) protocols that bear directly on the relevant physics or
mathematical representation of the QKD cryptosystem. It is shown that the
cryptosystem representation itself may miss out many possible attacks which are
not accounted for in the security analysis and proofs. Hence the final security
claims drawn from such analysis are not reliable, apart from foundational
issues about the security criteria that are discussed elsewhere. The cases of
continuous-variable QKD and multi-photon sources are elaborated upon
The Security of Practical Quantum Key Distribution
Quantum key distribution (QKD) is the first quantum information task to reach
the level of mature technology, already fit for commercialization. It aims at
the creation of a secret key between authorized partners connected by a quantum
channel and a classical authenticated channel. The security of the key can in
principle be guaranteed without putting any restriction on the eavesdropper's
power.
The first two sections provide a concise up-to-date review of QKD, biased
toward the practical side. The rest of the paper presents the essential
theoretical tools that have been developed to assess the security of the main
experimental platforms (discrete variables, continuous variables and
distributed-phase-reference protocols).Comment: Identical to the published version, up to cosmetic editorial change
Composable security proof for continuous-variable quantum key distribution with coherent states
We give the first composable security proof for continuous-variable quantum
key distribution with coherent states against collective attacks. Crucially, in
the limit of large blocks the secret key rate converges to the usual value
computed from the Holevo bound. Combining our proof with either the de Finetti
theorem or the Postselection technique then shows the security of the protocol
against general attacks, thereby confirming the long-standing conjecture that
Gaussian attacks are optimal asymptotically in the composable security
framework.
We expect that our parameter estimation procedure, which does not rely on any
assumption, will find applications elsewhere, for instance for the reliable
quantification of continuous-variable entanglement in finite-size settings.Comment: 27 pages, 1 figure. v2: added a version of the AEP valid for
conditional state
Security proof of quantum key distribution with detection efficiency mismatch
In theory, quantum key distribution (QKD) offers unconditional security based
on the laws of physics. However, as demonstrated in recent quantum hacking
theory and experimental papers, detection efficiency loophole can be fatal to
the security of practical QKD systems. Here, we describe the physical origin of
detection efficiency mismatch in various domains including spatial, spectral,
and time domains and in various experimental set-ups. More importantly, we
prove the unconditional security of QKD even with detection efficiency
mismatch. We explicitly show how the key generation rate is characterized by
the maximal detection efficiency ratio between the two detectors. Furthermore,
we prove that by randomly switching the bit assignments of the detectors, the
effect of detection efficiency mismatch can be completely eliminated.Comment: 35 pages, 7 figure
Robustness of the BB84 quantum key distribution protocol against general coherent attacks
It is demonstrated that for the entanglement-based version of the
Bennett-Brassard (BB84) quantum key distribution protocol, Alice and Bob share
provable entanglement if and only if the estimated qubit error rate is below
25% or above 75%. In view of the intimate relation between entanglement and
security, this result sheds also new light on the unconditional security of the
BB84 protocol in its original prepare-and-measure form. In particular, it
indicates that for small qubit error rates 25% is the ultimate upper security
bound for any prepare-and-measure BB84-type QKD protocol. On the contrary, for
qubit error rates between 25% and 75% we demonstrate that the correlations
shared between Alice and Bob can always be explained by separable states and
thus, no secret key can be distilled in this regime.Comment: New improved version. A minor mistake has been eliminate
On the optimality of individual entangling-probe attacks against BB84 quantum key distribution
It is shown that an existing method to study ideal individual attacks on the
BB84 QKD protocol using error discard can be adapted to reconciliation with
error correction, and that an optimal attack can be explicitly found. Moreover,
this attack fills Luetkenhaus bound, independently of whether error positions
are leaked to Eve, proving that it is tight. In addition, we clarify why the
existence of such optimal attacks is not in contradiction with the established
``old-style'' theory of BB84 individual attacks, as incorrectly suggested
recently in a news feature.Comment: 12 pages, 3 figure
- …