Cryptography for Communication Security;
Research on the border
between Quantum Cryptography and State-of-the-art Classical
Cryptography
Project within CENIIT, the Center for Industrial Information Technology
Jan-Åke Larsson, Information Coding, ISY
Overview
Quantum Cryptography (QC) is an emerging technology in communication security which is attracting much attention presently. It combines cutting-edge quantum technology with classical cryptographic techniques to make communication systems unconditionally secure. It was first conceived in the early eighties but the present interest is much dependent on recent technological developments that enable its usage outside the laboratory. The benefit of using QC is that the security of the system is based on laws of nature rather than computational complexity, as is the case in so-called Public Key Cryptography. The advances in technology has resulted in a few commercial products, from idQuantique and MagiQ Technologies. Another less successful attempt was SmartQuantum which recently (2010) went out of business. There are a number of other companies that are doing research and product development on QC including Hitachi, NEC, and Siemens, and a number of these have prototypes ready. Recently the SECOQC backbone was started in Vienna as the endpoint of an Integrated Project within the Sixth Framework Programme of the European Union. Another example is the Swiss Quantum network connecting CERN, the University of Geneva, and the University of Applied Sciences Western Switzerland, which is used to secure data from the Large Hadron Collider. In general, the focus of the field is tending towards practical devices for deployment in existing networks, and their security. This project is intended to do theoretical but directly applicable research, specifically to establish security of practical (even commercial) systems.
In QC, the users transmit (or generate) a cryptographic key on a quantum channel, but also need to communicate on a regular (classical) channel to establish the key. Changes to the quantum transmission can be detected by looking at the noise level. Changes to the classical transmission cannot; authentication is needed. QC is supposed to be information-theoretically secure, and such an authentication protocol needs cryptographic key to work, which means that the system will consume some of its own generated key. Naturally, authentication protocols that consume less key is better, because the net key production of the system increase, and the produced key can be used for other purposes. Therefore, we are looking at authentication protocols proposed for QC that consume less key than the initially proposed Wegman-Carter authentication. Our main aims are to a) review existing authentication proposals and their use in QC, b) quantify the extent of any problems with each proposal, and c) devise secure procedures for its use in QC.
As it turns out, Wegman-Carter authentication itself has an unexpected property when used with QC-generated key. Some care needs to be taken when using it in a QC system, see the paper by J. Cederlöf and myself [IEEE Trans. Inf. Theory, 54:1735, 2008]. At the time this paper was published, the general belief was that using Wegman-Carter authentication meant that the security of the system was constant over time. This is not true; the chance of breaking the system increases over time, something which is more well-understood presently. This problem arises at the borderline between the quantum and the classical parts of the system. In the referenced paper, we also propose a simple solution that mitigates the problem, and does not degrade the performance of the system. My PhD student A. Abidin and I have extended this analysis, and also analysed proposals to lessen the key consumption; see below.
Another project which is just starting is intended to study one particular encoding technique known as energy-time entanglement, which is very different to its nature from, e.g., polarization entanglement. Entanglement is a property that is only present in truly quantum-mechanical systems, and this can be tested via a "Bell inequality", a statistical bound for the results of certain measurements. A violation of the bound ensures that the system truly is quantum-mechanical, from which it can be inferred that the intended QC system truly is secure. However, energy-time entanglement has been found to need stronger tests than the standard Bell inequality. This project aims to evaluate effects of these more restrictive security tests. Questions concerning issues like the size of the security margin, noise tolerance, range, and key output rate will be addressed in this project. The ultimate goal of this project is to strengthen the security, and to improve the performance of energy-time-entanglement-based QC. This will be achieved by using more suitable inequalities as tests of security, made available by recent developments in research on Bell inequalities and their properties. Another intent is to go to higher-dimensional systems, where each photon encodes a number ranging from 0 up to some chosen N>1. This is relatively easy in the energy-time setup as compared with polarization-based QC, and enables both a higher rate in bits per photon, and better security tests in terms of a stronger violation. There are also other extensions such as the behaviour of quantum repeaters using this coding, quantum secret sharing systems, and so on.
Current status
Aysajan Abidin has been working with me on authentication within QC. While analyzing one particular proposal to decrease key consumption we found a weakness, published as [International Journal of Quantum Information, 7:1047-1052, 2009]. We contacted the people behind the proposal at the Austrian Institute of Technology and Universität Wien and the Institut für Quantenoptik und Quanteninformation, to work out how to strengthen the system [Proceedings of SPIE, 8189:16, 2011], and a more complete analysis including how to restore information-theoretic security can be found in [arxiv.org/abs/1209.0365, submitted]. Another recent result is the construction of a new family of Universal Hash functions suitable for efficient QC [Proceedings of WEWoRC 2011, LNCS 7242:99-108, 2012]. We also contributed to QCRYPT at ETH Zürich, September 2011, the contribution had the title "Security of Authentication with a Fixed Key in Quantum Key Distribution". This caused quite some discussion, and the curious can find more information in a preprint [arxiv.org/abs/1109.5168], and [Proceedings of ICICS 2012, LNCS 7618:303-310, 2012]. More recently, we have extended the analysis of this within the theoretical framework of "Universal Composability", showing that the schemes are UC even with QC-generated key, but that the security bound is substantially higher than previously thought [paper in manuscript]. The analysis has also been applied to standard Wegman-Carter authentication, giving a direct proof of security to that protocol [arxiv.org/abs/1303.0210, to appear in Quantum Information Processing, 2013]
Aysajan Abidin defended his PhD thesis "Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions" on May 17th 2013. Opponent was Joseph Renes, ETH Zürich in Geneva. We're mentioned in the fall 2010 issue of the Quantum Times, the newsletter of the APS topical group of Quantum Information.
Finally, some basic questions of energy-time entanglement has been answered in arxiv.org/abs/1103.6131, but there are several open problems.
Industrial relevance
There are a number of other companies that are doing research and product development on QC including Hitachi, NEC, and Siemens, and a number of these have prototypes ready. As mentioned, the advances in technology has resulted in a few commercial products, from idQuantique and MagiQ Technologies (a third from SmartQuantum is not in production anymore). The present project has the best contacts with idQuantique; we have reviewed the authentication system that they use and provided advice on how to choose parameters for strict security. Contact persons at idQuantique are Gregoire Ribordy (CEO) and Matthieu Legré.
Within Sweden there is not so much industrial activity. There is a substantial academic interest in Sweden centered around optical equipment, most notably at KTH, and SU. The Linneaus center for advanced optics and photonics at KTH are very interested in the output of my group since they are actively investigating the quantum-optical side of QC. I have particularly good contacts with Mohamed Bourennane's group in quantum optics at Fysikum, Stockholm.
Also, the Vinnova project "All-optical overlay networks" (joint between KTH, LiU, and Handelshögskolan) has shown interest, since QC is one product that demands access to the optical network. The project is a cooperation between the division of information coding at ISY, Linköping; KTH (School of Information and Communication Technology); Stockholm School of Economics and Net Insight AB. The project is financed by Vinnova and Net Insight AB.
Jan-Åke Larsson
Kontakt:
Institutionen för Systemteknik
Linköpings Universitet
+46(0)13 281468
< >
Project papers
Journal papers
Conference papers
Theses
Student theses
Informationsansvarig: Jan-Åke Larsson
Senast uppdaterad: 2013-10-24