INTRODUCTION
Better Name – Quantum Key Distribution (QKD) – It’s
NOT a new crypto algorithm!
Two physically separated parties can create and share
random secret keys.
Allows them to verify that the key has not been
intercepted.
1
�Quantum Key Distribution
Requires two channels
one quantum channel (subject to adversary and/or noises)
one public channel (authentic, unjammable, subject to eavesdropping)
2
� BB84 QKD protocol
This protocol uses polarization of photons to
encode the bits of information – relies on
“uncertainty” to keep Eve from learning the
secret key.
3
�Properties of Quantum Information
Quantum “no-cloning” theorem: an unknown quantum
state cannot be cloned.
Measurement generally disturbs a quantum state
one can set up a rectilinear measurement or a circular
(diagonal) measurement
a circular (diagonal) measurement disturbs the states of those
diagonal photons having 0/90
4
�Properties of Quantum Information
10/7/2017 5
� BB84
Alice transmits short bursts. The polarization in each burst
is randomly modulated to one of four states (horizontal,
vertical, left-circular, or right-circular).
Bob measures photon polarizations in a random sequence
of bases (rectilinear or diagonal).
Bob tells the sender publicly what sequence of bases were
used.
Alice tells the receiver publicly which bases were
correctly chosen.
Alice and Bob discard all observations not from these
correctly-chosen bases.
The observations are interpreted using a binary scheme:
left-circular or horizontal is 0, and right-circular or vertical
is 1.
10/7/2017 6
�BB84 – No Eavesdropping
A B: |<−−−<<−−<>>−<>||−−<
Bob randomly decides detector:
++++O+O+OO+O+++++O+O
For each measurement, P(failure to detect photon) = 0.5
The results of Bob's measurements are:
− >− −<< |||
B A: types of detectors used and successfully made (but not the measurements
themselves):
+ O+ +OO +++
Alice tells Bob which measurements were of the correct type:
. .. .
− −< | (key = 0 0 0 1)
Bob only makes the same kind of measurement as Alice about half the time. Given
that the P(B detector fails) = 0.5, you would expect about 5 out of 20 usable shared
digits to remain. In fact, this time there were 4 usable digits generated.
7
�BB84 – With Eavesdropping
A B: <|<−>−<<|<><−<|<−|−<
Eavesdropping occurs.
To detect eavesdropping:
Bob only makes the same kind of measurement as Alice about
half the time. Given that the P(B detector fails) = 0.5, you
would expect about 5 out of 20 usable shared digits to remain.
A B: reveals 50% (randomly) of the shared digits.
B A: reveals his corresponding check digits.
If > 25% of the check digits are wrong, Alice and Bob know
that somebody (Eve) was listening to their exchange.
NOTE – 20 photons doesn’t provide good guarantees of
detection.
10/7/2017 8
�Pros & Cons
Nearly Impossible to steal
Detect if someone is listening
“Secure”
Distance Limitations
Availability
Vulnerable to DOS
Keys can’t keep up with plaintext
10/7/2017 9
�Key distribution
Alice and Bob first agree on two representations for ones
and zeroes
One for each basis used, {,}
and {, }.
This agreement can be done in public
Define
1= 0=
1= 0=
10/7/2017 10
�Key distribution - BB84
1. Alice sends a sequence of photons to Bob.
Each photon in a state with polarization corresponding to
1 or 0, but with randomly chosen basis.
2. Bob measures the state of the photons he receives, with
each state measured with respect to randomly chosen
basis.
3. Alice and Bob communicates via an open channel. For
each photon, they reveal which basis was used for
encoding and decoding respectively. All photons which
has been encoded and decoded with the same basis are
kept, while all those where the basis don't agree are
discarded.
10/7/2017 11
�Eavesdropping
Eve has to randomly select basis for her measurement
Her basis will be wrong in 50% of the time.
Whatever basis Eve chose she will measure 1 or 0
When Eve picks the wrong basis, there is 50% chance
that she'll measure the right value of the bit
E.g. Alice sends a photon with state corresponding to
1 in the {,} basis. Eve picks the {, } basis for
her measurement which this time happens to give a 1
as result, which is correct.
10/7/2017 12
�Detecting eavesdropping
When Alice and Bob need to test for eavesdropping
By randomly selecting a number of bits from the key and
compute its error rate
Error rate < Emax assume no eavesdropping
Error rate > Emax assume eavesdropping
(or the channel is unexpectedly noisy)
Alice and Bob should then discard the whole key and start over
10/7/2017 13
�Summary
The ability to detect eavesdropping ensures secure
exchange of the key
The use of one-time-pads ensures security
Equipment can only be used over short distances
Equipment is complex and expensive
10/7/2017 14
�THANK YOU
15
