On the Security of Y-00 under Fast Correlation and Other Attacks on the Key

The potential weakness of the Y-00 direct encryption protocol when the encryption box ENC in Y-00 is not chosen properly is demonstrated in a fast correlation attack by S. Donnet et al in Phys. Lett. A 35, 6 (2006) 406-410. In this paper, we show how this weakness can be eliminated with a proper design of ENC. In particular, we present a Y-00 configuration that is more secure than AES under known-plaintext attack. It is also shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any ENC when proper deliberate signal randomization is employed

Quantum-noise--randomized data-encryption for WDM fiber-optic networks

We demonstrate high-rate randomized data-encryption through optical fibers using the inherent quantum-measurement noise of coherent states of light. Specifically, we demonstrate 650Mbps data encryption through a 10Gbps data-bearing, in-line amplified 200km-long line. In our protocol, legitimate users (who share a short secret-key) communicate using an M-ry signal set while an attacker (who does not share the secret key) is forced to contend with the fundamental and irreducible quantum-measurement noise of coherent states. Implementations of our protocol using both polarization-encoded signal sets as well as polarization-insensitive phase-keyed signal sets are experimentally and theoretically evaluated. Different from the performance criteria for the cryptographic objective of key generation (quantum key-generation), one possible set of performance criteria for the cryptographic objective of data encryption is established and carefully considered.Comment: Version 2: Some errors have been corrected and arguments refined. To appear in Physical Review A. Version 3: Minor corrections to version

Barbosa et al. Reply to ``Comment on 'Secure Communication using mesoscopic coherent states', Barbosa et al, Phys Rev Lett 90, 227901", Yuan and Shields, Phys. Rev. Lett. 94, 048901(2005)

Yuan and Shields claim that our data-encryption protocol is entirely equivalent to a classical stream cipher utilizing no quantum phenomena. Their claim is, indeed, false. Yuan and Shields also claim that schemes similar to the one presented in Phys. Rev. Lett. 90, 227901 are not suitable for key generation. This claim is also refuted. In any event, we welcome the opportunity to clarify the situation for a wider audience.Comment: This is the co-published Reply to the Comment made by Z.L. Yuan and A.J. Shields published in Physical Review Letters, 94 (2005

Quantum Noise Randomized Ciphers

We review the notion of a classical random cipher and its advantages. We sharpen the usual description of random ciphers to a particular mathematical characterization suggested by the salient feature responsible for their increased security. We describe a concrete system known as AlphaEta and show that it is equivalent to a random cipher in which the required randomization is effected by coherent-state quantum noise. We describe the currently known security features of AlphaEta and similar systems, including lower bounds on the unicity distances against ciphertext-only and known-plaintext attacks. We show how AlphaEta used in conjunction with any standard stream cipher such as AES (Advanced Encryption Standard) provides an additional, qualitatively different layer of security from physical encryption against known-plaintext attacks on the key. We refute some claims in the literature that AlphaEta is equivalent to a non-random stream cipher.Comment: Accepted for publication in Phys. Rev. A; Discussion augmented and re-organized; Section 5 contains a detailed response to 'T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, H. Imai: Phys. Lett. A 327 (2004) 28-32 /quant-ph/0310168' & 'T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, H. Imai: Phys. Lett. A 346 (2005) 7

Exposed-key weakness of αη\alpha \eta

The $\alpha \eta$ protocol given by Barbosa \emph{et al.}, PRL 90, 227901 (2003) claims to be a secure way of encrypting messages using mesoscopic coherent states. We show that transmission under $\alpha \eta$ exposes information about the secret key to an eavesdropper, and we estimate the rate at which an eavesdropper can learn about the key. We also consider the consequences of using further randomization to protect the key and how our analysis applies to this case. We conclude that $\alpha \eta$ is not informationally secure.Comment: 6 pg. Was originally written in May 2006 and has languished in getting-approved-land for 7 months, but we've tried to keep current with papers published since then. This version changed for publicatio