A note on quantum related-key attacks

In a basic related-key attack against a block cipher, the adversary has access to encryptions under keys that differ from the target key by bit-flips. In this short note we show that for a quantum adversary such attacks are quite powerful: if the secret key is (i) uniquely determined by a small number of plaintext-ciphertext pairs, (ii) the block cipher can be evaluated efficiently, and (iii) a superposition of related keys can be queried, then the key can be extracted efficiently

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

Detecting brute-force attacks on cryptocurrency wallets

Blockchain is a distributed ledger, which is protected against malicious modifications by means of cryptographic tools, e.g. digital signatures and hash functions. One of the most prominent applications of blockchains is cryptocurrencies, such as Bitcoin. In this work, we consider a particular attack on wallets for collecting assets in a cryptocurrency network based on brute-force search attacks. Using Bitcoin as an example, we demonstrate that if the attack is implemented successfully, a legitimate user is able to prove that fact of this attack with a high probability. We also consider two options for modification of existing cryptocurrency protocols for dealing with this type of attacks. First, we discuss a modification that requires introducing changes in the Bitcoin protocol and allows diminishing the motivation to attack wallets. Second, an alternative option is the construction of special smart-contracts, which reward the users for providing evidence of the brute-force attack. The execution of this smart-contract can work as an automatic alarm that the employed cryptographic mechanisms, and (particularly) hash functions, have an evident vulnerability.Comment: 10 pages, 2 figures; published versio

Some Physics And System Issues In The Security Analysis Of Quantum Key Distribution Protocols

In this paper we review a number of issues on the security of quantum key distribution (QKD) protocols that bear directly on the relevant physics or mathematical representation of the QKD cryptosystem. It is shown that the cryptosystem representation itself may miss out many possible attacks which are not accounted for in the security analysis and proofs. Hence the final security claims drawn from such analysis are not reliable, apart from foundational issues about the security criteria that are discussed elsewhere. The cases of continuous-variable QKD and multi-photon sources are elaborated upon

The Security of Practical Quantum Key Distribution

Quantum key distribution (QKD) is the first quantum information task to reach the level of mature technology, already fit for commercialization. It aims at the creation of a secret key between authorized partners connected by a quantum channel and a classical authenticated channel. The security of the key can in principle be guaranteed without putting any restriction on the eavesdropper's power. The first two sections provide a concise up-to-date review of QKD, biased toward the practical side. The rest of the paper presents the essential theoretical tools that have been developed to assess the security of the main experimental platforms (discrete variables, continuous variables and distributed-phase-reference protocols).Comment: Identical to the published version, up to cosmetic editorial change

Composable security proof for continuous-variable quantum key distribution with coherent states

We give the first composable security proof for continuous-variable quantum key distribution with coherent states against collective attacks. Crucially, in the limit of large blocks the secret key rate converges to the usual value computed from the Holevo bound. Combining our proof with either the de Finetti theorem or the Postselection technique then shows the security of the protocol against general attacks, thereby confirming the long-standing conjecture that Gaussian attacks are optimal asymptotically in the composable security framework. We expect that our parameter estimation procedure, which does not rely on any assumption, will find applications elsewhere, for instance for the reliable quantification of continuous-variable entanglement in finite-size settings.Comment: 27 pages, 1 figure. v2: added a version of the AEP valid for conditional state

Security proof of quantum key distribution with detection efficiency mismatch

In theory, quantum key distribution (QKD) offers unconditional security based on the laws of physics. However, as demonstrated in recent quantum hacking theory and experimental papers, detection efficiency loophole can be fatal to the security of practical QKD systems. Here, we describe the physical origin of detection efficiency mismatch in various domains including spatial, spectral, and time domains and in various experimental set-ups. More importantly, we prove the unconditional security of QKD even with detection efficiency mismatch. We explicitly show how the key generation rate is characterized by the maximal detection efficiency ratio between the two detectors. Furthermore, we prove that by randomly switching the bit assignments of the detectors, the effect of detection efficiency mismatch can be completely eliminated.Comment: 35 pages, 7 figure

Robustness of the BB84 quantum key distribution protocol against general coherent attacks

It is demonstrated that for the entanglement-based version of the Bennett-Brassard (BB84) quantum key distribution protocol, Alice and Bob share provable entanglement if and only if the estimated qubit error rate is below 25% or above 75%. In view of the intimate relation between entanglement and security, this result sheds also new light on the unconditional security of the BB84 protocol in its original prepare-and-measure form. In particular, it indicates that for small qubit error rates 25% is the ultimate upper security bound for any prepare-and-measure BB84-type QKD protocol. On the contrary, for qubit error rates between 25% and 75% we demonstrate that the correlations shared between Alice and Bob can always be explained by separable states and thus, no secret key can be distilled in this regime.Comment: New improved version. A minor mistake has been eliminate

On the optimality of individual entangling-probe attacks against BB84 quantum key distribution

It is shown that an existing method to study ideal individual attacks on the BB84 QKD protocol using error discard can be adapted to reconciliation with error correction, and that an optimal attack can be explicitly found. Moreover, this attack fills Luetkenhaus bound, independently of whether error positions are leaked to Eve, proving that it is tight. In addition, we clarify why the existence of such optimal attacks is not in contradiction with the established ``old-style'' theory of BB84 individual attacks, as incorrectly suggested recently in a news feature.Comment: 12 pages, 3 figure