Attacks on quantum key distribution protocols that employ non-ITS authentication

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols. In this paper, we prove that the set of messages that collide with any given message under this authentication code contains with high probability a message that has small Hamming distance to any other given message. Based on this fact we present extended MITM attacks against different versions of BB84 QKD protocols using the addressed authentication code; for three protocols we describe every single action taken by the adversary. For all protocols the adversary can obtain complete knowledge of the key, and for most protocols her success probability in doing so approaches unity. Since the attacks work against all authentication methods which allow to calculate colliding messages, the underlying building blocks of the presented attacks expose the potential pitfalls arising as a consequence of non-ITS authentication in QKD-postprocessing. We propose countermeasures, increasing the eavesdroppers demand for computational power, and also prove necessary and sufficient conditions for upgrading the discussed authentication code to the ITS level.Comment: 34 page

New intensity and visibility aspects of a double loop neutron interferometer

Various phase shifters and absorbers can be put into the arms of a double loop neutron interferometer. The mean intensity levels of the forward and diffracted beams behind an empty four plate interferometer of this type have been calculated. It is shown that the intensities in the forward and diffracted direction can be made equal using certain absorbers. In this case the interferometer can be regarded as a 50/50 beam splitter. Furthermore the visibilities of single and double loop interferometers are compared to each other by varying the transmission in the first loop using different absorbers. It can be shown that the visibility becomes exactly 1 using a phase shifter in the second loop. In this case the phase shifter in the second loop must be strongly correlated to the transmission coefficient of the absorber in the first loop. Using such a device homodyne-like measurements of very weak signals should become possible.Comment: 12 pages, 9 figures, accepted for publication in the Journal of Optics B - Quantum and Semiclassical Optic

Improvement of continuous-variable quantum key distribution systems by using optical preamplifiers

Continuous-variable quantum key distribution protocols, based on Gaussian modulation of the quadratures of coherent states, have been implemented in recent experiments. A present limitation of such systems is the finite efficiency of the detectors, which can in principle be compensated for by the use of classical optical preamplifiers. Here we study this possibility in detail, by deriving the modified secret key generation rates when an optical parametric amplifier is placed at the output of the quantum channel. After presenting a general set of security proofs, we show that the use of preamplifiers does compensate for all the imperfections of the detectors when the amplifier is optimal in terms of gain and noise. Imperfect amplifiers can also enhance the system performance, under conditions which are generally satisfied in practice.Comment: 11 pages, 7 figures, submitted to J. Phys. B (special issue on Few Atoms Optics

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

High rate, long-distance quantum key distribution over 250km of ultra low loss fibres

We present a fully automated quantum key distribution prototype running at 625 MHz clock rate. Taking advantage of ultra low loss fibres and low-noise superconducting detectors, we can distribute 6,000 secret bits per second over 100 km and 15 bits per second over 250km

Quantum Forbidden-Interval Theorems for Stochastic Resonance

We extend the classical forbidden-interval theorems for a stochastic-resonance noise benefit in a nonlinear system to a quantum-optical communication model and a continuous-variable quantum key distribution model. Each quantum forbidden-interval theorem gives a necessary and sufficient condition that determines whether stochastic resonance occurs in quantum communication of classical messages. The quantum theorems apply to any quantum noise source that has finite variance or that comes from the family of infinite-variance alpha-stable probability densities. Simulations show the noise benefits for the basic quantum communication model and the continuous-variable quantum key distribution model.Comment: 13 pages, 2 figure

Triplet-like correlation symmetry of continuous variable entangled states

We report on a continuous variable analogue of the triplet two-qubit Bell states. We theoretically and experimentally demonstrate a remarkable similarity of two-mode continuous variable entangled states with triplet Bell states with respect to their correlation patterns. Borrowing from the two qubit language, we call these correlations triplet-like.Comment: 7 pages, 5 figures. Comments are welcom

Topological optimization of quantum key distribution networks

A Quantum Key Distribution (QKD) network is an infrastructure that allows the realization of the key distribution cryptographic primitive over long distances and at high rates with information-theoretic security. In this work, we consider QKD networks based on trusted repeaters from a topology viewpoint, and present a set of analytical models that can be used to optimize the spatial distribution of QKD devices and nodes in specific network configurations in order to guarantee a certain level of service to network users, at a minimum cost. We give details on new methods and original results regarding such cost minimization arguments applied to QKD networks. These results are likely to become of high importance when the deployment of QKD networks will be addressed by future quantum telecommunication operators. They will therefore have a strong impact on the design and requirements of the next generation of QKD devices.Comment: 25 pages, 4 figure

Field test of a continuous-variable quantum key distribution prototype

We have designed and realized a prototype that implements a continuous-variable quantum key distribution protocol based on coherent states and reverse reconciliation. The system uses time and polarization multiplexing for optimal transmission and detection of the signal and phase reference, and employs sophisticated error-correction codes for reconciliation. The security of the system is guaranteed against general coherent eavesdropping attacks. The performance of the prototype was tested over preinstalled optical fibres as part of a quantum cryptography network combining different quantum key distribution technologies. The stable and automatic operation of the prototype over 57 hours yielded an average secret key distribution rate of 8 kbit/s over a 3 dB loss optical fibre, including the key extraction process and all quantum and classical communication. This system is therefore ideal for securing communications in metropolitan size networks with high speed requirements.Comment: 15 pages, 6 figures, submitted to New Journal of Physics (Special issue on Quantum Cryptography

Feasibility of free space quantum key distribution with coherent polarization states

We demonstrate for the first time the feasibility of free space quantum key distribution with continuous variables under real atmospheric conditions. More specifically, we transmit coherent polarization states over a 100m free space channel on the roof of our institute's building. In our scheme, signal and local oscillator are combined in a single spatial mode which auto-compensates atmospheric fluctuations and results in an excellent interference. Furthermore, the local oscillator acts as spatial and spectral filter thus allowing unrestrained daylight operation.Comment: 12 pages, 8 figures, extensions in sections 2, 3.1, 3.2 and 4. This is an author-created, un-copyedited version of an article accepted for publication in New Journal of Physics (Special Issue on Quantum Cryptography: Theory and Practice). IOP Publishing Ltd is not responsible for any errors or omissions in this version of the manuscript or any version derived from i