63 research outputs found
QKD in Standard Optical Telecommunications Networks
To perform Quantum Key Distribution, the mastering of the extremely weak
signals carried by the quantum channel is required. Transporting these signals
without disturbance is customarily done by isolating the quantum channel from
any noise sources using a dedicated physical channel. However, to really profit
from this technology, a full integration with conventional network technologies
would be highly desirable. Trying to use single photon signals with others that
carry an average power many orders of magnitude bigger while sharing as much
infrastructure with a conventional network as possible brings obvious problems.
The purpose of the present paper is to report our efforts in researching the
limits of the integration of QKD in modern optical networks scenarios. We have
built a full metropolitan area network testbed comprising a backbone and an
access network. The emphasis is put in using as much as possible the same
industrial grade technology that is actually used in already installed
networks, in order to understand the throughput, limits and cost of deploying
QKD in a real network
Security of the Bennett 1992 quantum-key distribution against individual attack over a realistic channel
The security of two-state quantum key distribution against individual attack
is estimated when the channel has losses and noises. We assume that Alice and
Bob use two nonorthogonal single-photon polarization states. To make our
analysis simple, we propose a modified B92 protocol in which Alice and Bob make
use of inconclusive results and Bob performs a kind of symmetrization of
received states. Using this protocol, Alice and Bob can estimate Eve's
information gain as a function of a few parameters which reflect the
imperfections of devices or Eve's disturbance. In some parameter regions, Eve's
maximum information gain shows counter-intuitive behavior, namely, it decreases
as the amount of disturbances increases. For a small noise rate Eve can extract
perfect information in the case where the angle between Alice's two states is
small or large, while she cannot extract perfect information for intermediate
angles. We also estimate the secret key gain which is the net growth of the
secret key per one pulse. We show the region where the modified B92 protocol
over a realistic channel is secure against individual attack.Comment: 16 pages, 15 figure
The Case for Quantum Key Distribution
Quantum key distribution (QKD) promises secure key agreement by using quantum
mechanical systems. We argue that QKD will be an important part of future
cryptographic infrastructures. It can provide long-term confidentiality for
encrypted information without reliance on computational assumptions. Although
QKD still requires authentication to prevent man-in-the-middle attacks, it can
make use of either information-theoretically secure symmetric key
authentication or computationally secure public key authentication: even when
using public key authentication, we argue that QKD still offers stronger
security than classical key agreement.Comment: 12 pages, 1 figure; to appear in proceedings of QuantumComm 2009
Workshop on Quantum and Classical Information Security; version 2 minor
content revision
Stronger security bounds for Wegman-Carter-Shoup authenticators
Abstract. Shoup proved that various message-authentication codes of the form (n, m) ↦ → h(m) + f(n) are secure against all attacks that see at most � 1/ɛ authenticated messages. Here m is a message; n is a nonce chosen from a public group G; f is a secret uniform random permutation of G; h is a secret random function; and ɛ is a differential probability associated with h. Shoup’s result implies that if AES is secure then various state-of-the-art message-authentication codes of the form (n, m) ↦ → h(m) + AESk(n) are secure up to � 1/ɛ authenticated messages. Unfortunately, � 1/ɛ is only about 2 50 for some state-of-the-art systems, so Shoup’s result provides no guarantees for long-term keys. This paper proves that security of the same systems is retained up to √ #G authenticated messages. In a typical state-of-the-art system, √ #G is 2 64. The heart of the paper is a very general “one-sided ” security theorem: (n, m) ↦ → h(m) + f(n) is secure if there are small upper bounds on differential probabilities for h and on interpolation probabilities for f. Keywords: mode of operation, authentication, MAC, Wegman-Carter, provable securit
- …