4,048 research outputs found
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Quantifying pervasive authentication: the case of the Hancke-Kuhn protocol
As mobile devices pervade physical space, the familiar authentication
patterns are becoming insufficient: besides entity authentication, many
applications require, e.g., location authentication. Many interesting protocols
have been proposed and implemented to provide such strengthened forms of
authentication, but there are very few proofs that such protocols satisfy the
required security properties. The logical formalisms, devised for reasoning
about security protocols on standard computer networks, turn out to be
difficult to adapt for reasoning about hybrid protocols, used in pervasive and
heterogenous networks.
We refine the Dolev-Yao-style algebraic method for protocol analysis by a
probabilistic model of guessing, needed to analyze protocols that mix weak
cryptography with physical properties of nonstandard communication channels.
Applying this model, we provide a precise security proof for a proximity
authentication protocol, due to Hancke and Kuhn, that uses a subtle form of
probabilistic reasoning to achieve its goals.Comment: 31 pages, 2 figures; short version of this paper appeared in the
Proceedings of MFPS 201
Information-theoretic Physical Layer Security for Satellite Channels
Shannon introduced the classic model of a cryptosystem in 1949, where Eve has
access to an identical copy of the cyphertext that Alice sends to Bob. Shannon
defined perfect secrecy to be the case when the mutual information between the
plaintext and the cyphertext is zero. Perfect secrecy is motivated by
error-free transmission and requires that Bob and Alice share a secret key.
Wyner in 1975 and later I.~Csisz\'ar and J.~K\"orner in 1978 modified the
Shannon model assuming that the channels are noisy and proved that secrecy can
be achieved without sharing a secret key. This model is called wiretap channel
model and secrecy capacity is known when Eve's channel is noisier than Bob's
channel.
In this paper we review the concept of wiretap coding from the satellite
channel viewpoint. We also review subsequently introduced stronger secrecy
levels which can be numerically quantified and are keyless unconditionally
secure under certain assumptions. We introduce the general construction of
wiretap coding and analyse its applicability for a typical satellite channel.
From our analysis we discuss the potential of keyless information theoretic
physical layer security for satellite channels based on wiretap coding. We also
identify system design implications for enabling simultaneous operation with
additional information theoretic security protocols
Cryptographic security of quantum key distribution
This work is intended as an introduction to cryptographic security and a
motivation for the widely used Quantum Key Distribution (QKD) security
definition. We review the notion of security necessary for a protocol to be
usable in a larger cryptographic context, i.e., for it to remain secure when
composed with other secure protocols. We then derive the corresponding security
criterion for QKD. We provide several examples of QKD composed in sequence and
parallel with different cryptographic schemes to illustrate how the error of a
composed protocol is the sum of the errors of the individual protocols. We also
discuss the operational interpretations of the distance metric used to quantify
these errors.Comment: 31+23 pages. 28 figures. Comments and questions welcom
Implementation vulnerabilities in general quantum cryptography
Quantum cryptography is information-theoretically secure owing to its solid
basis in quantum mechanics. However, generally, initial implementations with
practical imperfections might open loopholes, allowing an eavesdropper to
compromise the security of a quantum cryptographic system. This has been shown
to happen for quantum key distribution (QKD). Here we apply experience from
implementation security of QKD to several other quantum cryptographic
primitives. We survey quantum digital signatures, quantum secret sharing,
source-independent quantum random number generation, quantum secure direct
communication, and blind quantum computing. We propose how the eavesdropper
could in principle exploit the loopholes to violate assumptions in these
protocols, breaking their security properties. Applicable countermeasures are
also discussed. It is important to consider potential implementation security
issues early in protocol design, to shorten the path to future applications.Comment: 13 pages, 8 figure
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
- …