9,651 research outputs found
Linking Classical and Quantum Key Agreement: Is There "Bound Information"?
After carrying out a protocol for quantum key agreement over a noisy quantum
channel, the parties Alice and Bob must process the raw key in order to end up
with identical keys about which the adversary has virtually no information. In
principle, both classical and quantum protocols can be used for this
processing. It is a natural question which type of protocols is more powerful.
We prove for general states but under the assumption of incoherent
eavesdropping that Alice and Bob share some so-called intrinsic information in
their classical random variables, resulting from optimal measurements, if and
only if the parties' quantum systems are entangled. In addition, we provide
evidence that the potentials of classical and of quantum protocols are equal in
every situation. Consequently, many techniques and results from quantum
information theory directly apply to problems in classical information theory,
and vice versa. For instance, it was previously believed that two parties can
carry out unconditionally secure key agreement as long as they share some
intrinsic information in the adversary's view. The analysis of this purely
classical problem from the quantum information-theoretic viewpoint shows that
this is true in the binary case, but false in general. More explicitly, bound
entanglement, i.e., entanglement that cannot be purified by any quantum
protocol, has a classical counterpart. This "bound intrinsic information"
cannot be distilled to a secret key by any classical protocol. As another
application we propose a measure for entanglement based on classical
information-theoretic quantities.Comment: Accepted for Crypto 2000. 17 page
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
The Case for Quantum Key Distribution
Quantum key distribution (QKD) promises secure key agreement by using quantum
mechanical systems. We argue that QKD will be an important part of future
cryptographic infrastructures. It can provide long-term confidentiality for
encrypted information without reliance on computational assumptions. Although
QKD still requires authentication to prevent man-in-the-middle attacks, it can
make use of either information-theoretically secure symmetric key
authentication or computationally secure public key authentication: even when
using public key authentication, we argue that QKD still offers stronger
security than classical key agreement.Comment: 12 pages, 1 figure; to appear in proceedings of QuantumComm 2009
Workshop on Quantum and Classical Information Security; version 2 minor
content revision
Unconditionally secure quantum key distribution over 50km of standard telecom fibre
We demonstrate a weak pulse quantum key distribution system using the BB84
protocol which is secure against all individual attacks, including photon
number splitting. By carefully controlling the weak pulse intensity we
demonstrate the maximum secure bit rate as a function of the fibre length.
Unconditionally secure keys can be formed for standard telecom fibres exceeding
50 km in length.Comment: 9 pages 2 figure
Noise properties in the ideal Kirchhoff-Law-Johnson-Noise secure communication system
In this paper we determine the noise properties needed for unconditional
security for the ideal Kirchhoff-Law-Johnson-Noise (KLJN) secure key
distribution system using simple statistical analysis. It has already been
shown using physical laws that resistors and Johnson-like noise sources provide
unconditional security. However real implementations use artificial noise
generators, therefore it is a question if other kind of noise sources and
resistor values could be used as well. We answer this question and in the same
time we provide a theoretical basis to analyze real systems as well
What kind of noise guarantees security for the Kirchhoff-Loop-Johnson-Noise key exchange?
This article is a supplement to our recent one about the analysis of the
noise properties in the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange
system [Gingl and Mingesz, PLOS ONE 9 (2014) e96109,
doi:10.1371/journal.pone.0096109]. Here we use purely mathematical statistical
derivations to prove that only normal distribution with special scaling can
guarantee security. Our results are in agreement with earlier physical
assumptions [Kish, Phys. Lett. A 352 (2006) 178-182, doi:
10.1016/j.physleta.2005.11.062]. Furthermore, we have carried out numerical
simulations to show that the communication is clearly unsecure for improper
selection of the noise properties. Protection against attacks using time and
correlation analysis is not considered in this paper
- …