ES2431465B1 - QUANTIC PASSWORD AUTHENTICATION PROCEDURE AND EQUIPMENT - Google Patents

Abstract

Procedure and quantum password authentication equipment # The invention consists of a procedure and a user equipment that allow to verify that two users share a c-bit password without revealing any information about that password. For this, the XOR function of that password c is coded with a random sequence a in the quantum state of a single photon. In the equipment of each user, a locally generated quantum state is compared by means of the Hong-Ou-Mandel effect with a state provided by the other user. After n checking phases, users can determine that the other user knows the password. The procedure and the user equipment include techniques for detecting dishonest participants. # The invention describes the equipment that implements the procedure and includes two coding techniques in quantum systems, one based on a temporary coding and the other based on a coding at the time. angular orbital of a photon.

Description

DESCRIPTION

Quantum password authentication procedure and equipment

OBJECT OF THE INVENTION

The present invention relates to a procedure for the purpose of authenticating passwords encoded in quantum systems without jeopardizing their privacy even in the case of 5 dishonest participants.

 The procedure is based on the coding of a password in a quantum system of a dimension such that it is not possible to retrieve any part of the password but that allows comparing in a user equipment the states received with states generated in the equipment itself to determine if They are equal.

 In addition, the invention relates to a device that implements the procedure for performing authentication 10 by means of the comparison indicated.

In general, the invention is applicable in the information technology sector. In particular, it is an application of quantum physics to security and privacy computer systems such as electronic commerce systems, banking, access to shared computer resources or national identification systems (such as the national identity document, DNI) . fifteen

BACKGROUND OF THE INVENTION

In complex systems with a large number of users who do not know each other, it is necessary to have efficient identification and authentication mechanisms for users and their equipment.

Users may have the right to access part of the information but not the rest. An example is Internet banking applications. Each user must be able to operate with their bank account with the guarantee 20 that no other user can use it.

 In this context, it is necessary to prove that certain private information, such as a password, is known only to the legitimate user. The verification of this password presents security problems: the privacy of the password can be jeopardized if there are dishonest users who impersonate the recipient of the information or if the channel is intervened by spies that record the transmitted information. 25

To solve this type of problem, the zero-knowledge or ZKP (Zero-Knowledge Proofs) tests are used, whereby a user can convince another that he knows certain information without revealing any part of that information (S. Goldwasser, S. Micali and C. Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on Computing, 18: 186, 1989). A restricted case of zero knowledge testing is the zero knowledge password verification protocols or ZKPP (Zero-30 Knowledge Password Proofs), whereby two users who share a password can make sure that the other user knows it without having to make it public (SM Bellovin and M. Merritt, Encrypted key exchange: Password-based protocols secure against dictionary attacks, IEEE Symposium on Security and Privacy, 72, 1992). In addition, if one of the participants does not know the password, he cannot obtain any information about it or, at most, an exponentially small amount. 35

The existing ZKPP protocols are based on the computational complexity of certain mathematical problems such as factorization or discrete logarithm that appear in schemes very similar to those used in public key cryptography systems such as RSA (Rivest, Shamir, Adleman), described in the US Patent 4,405,829. In the chosen problems there is a simple direct problem and an inverse problem difficult to solve with current computers. An example is factorization-based systems, such as the RSA protocol, in which the direct problem is to multiply two numbers, while the inverse is to find the prime factors of a number.

A specific example of the ZKPP protocol is the SPEKE (Simple Password Exponential Key Exchange) protocol based on modular exponentiation (DP Jablon, Strong password-only authenticated key exchange, SIGCOMM Computer Communication Review, 26: 5–26, 1996) or protocols of standard P1363.2 of the IEEE 45 (Institute of Electrical and Electronics Engineers). These protocols are used in different commercial systems, such as those described in US 7,010,692, US 6,539,479 or US 324,508.

Although these protocols are capable of guaranteeing a certain level of security, they are based on the unproven assumption that there are no efficient methods to solve the mathematical problems chosen. The methods based on computational complexity, in addition, make assumptions about the calculation capacity of a possible attacker. It is not taken into account that systems considered safe in the past may be vulnerable to the computers of the future. A transmission that is captured and stored in the present could be compromised in the future if the calculation capacity improves.

 The laws of quantum mechanics offer an alternative to security based on computational complexity. An example is quantum cryptography systems (CH Bennett and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE international Conference on Computers, Systems and Signal Processing, Bangalore, India, p. 175, 1984), (AK Ekert, Quantum cryptography based on Bell's theorem, Physical Review Letters, 67 (6): 661-663, 1991) in which quantum key distribution procedures (Quantum Key Distribution or QKD) are applied. The quantum distribution of keys bases its security on the laws of physics, which prevent copying an unknown quantum state (WK Wootters and WH Zurek, A single quantum cannot be cloned, Nature, 299 (5886): 802–803, 1982) or measure it without altering it. At the end of a quantum key distribution process, two users have a random sequence of bits that no spy can know. Any attempt to listen to the channel can be detected and corrected. 10

In this regard, quantum cryptography patent documents with optical technology can be cited, such as EP 97940111.4, EP 93307120, EP 93307121, WO GB 93/0275, WO GB 93/02637, WO / 2011/036322, PCT / ES2007 / 000323 or Spanish Patent with publication number 2168204.

Quantum security systems provide two fundamental advantages over methods based on computational complexity. On the one hand, they provide a security based on the laws of physics 15 that does not depend on any hypothesis about the difficulty of certain problems. On the other hand, it is a security independent of the technology, since the security comes from physical limitations independent of the device used by the attacker, which guarantees present and future security against attacks with any type of calculation resource, although it improves the technology.

The above documents are limited to the field of information encryption, but it is desirable to extend the 20 advantages of quantum security to other systems. The invention is an application of quantum security to zero knowledge password verification systems and consists of a new password verification method and equipment that implements it using photonic technologies.

DESCRIPTION OF THE INVENTION

In order to achieve the objectives and solve the aforementioned drawbacks, the invention includes a new quantum password authentication procedure and equipment based on the encryption of a password c constituted by a sequence of p bits in a quantum state of a dimension too small as in order to recover the password value. The procedure comprises a previous phase in which the password c of p bits is stored in the user equipment that performs the authentication.

In addition, the use of a random sequence is foreseen, also of p bits, that users share and that allows to avoid certain attacks on the system and to reinforce their security.

 The method of the invention is applied in user equipment consisting of an optical module and an electronic module, both formed by conventional elements. The procedure consists of a stage of comparison of states with five phases that is repeated a number of times n, n being a safety parameter chosen by the users. A fundamental feature of the procedure is the distribution of functions: a user equipment 35 that wishes to identify acts as an applicant S and another user equipment acts as a verifier V. At the end of the n steps of the procedure, a verifying equipment that knows the password can determine that the applicant knows it and a verifier who does not know the password cannot deduce it from the data that the applicant has given him.

 Each of the n stages is divided into five phases: 40

- In the first phase S and V use their equipment to generate and store a random to shared sequence of p bits that both users store in the memories of the electronic part of their respective user equipment. The shared sequence can be made public.

- In the second phase, the S and V devices calculate the logical XOR bit by bit function of the password c and the shared sequence a to generate a new password c ′ = ca. If both users know the password c, the sequence of bits c ′ generated by the equipment S and V are identical.

- In the third phase the equipment S and V encode the sequence c ′ in the quantum state of a system with possible states, choosing in the preferred embodiment a value of d less than 0.71 times the number of bits p of the password . For that value of d <0.71p it is impossible to extract from the quantum state the bits of c ′ with a better probability than to guess them randomly (A. Ben-Aroya, O. Regev and R. de Wolf, A hypercontractive inequality for matrix-valued functions with applications to quantum computing and LDCs, Annual IEEE Symposium on Foundations of Computer Science, 477–486, 2008). In the preferred embodiment c ′ will be coded in symmetric states that are a superposition of base states of the form i

, ieDDiiCjcp102'2'1

where is the decimal value of the bit sequence c ′. Depending on the coding chosen, the base states can be chosen among states with photons located in the time window or states with angular orbital moment. If both S and V know the password, they generate the same status. 'CiiTiT'c

- In the fourth phase the requesting team delivers its copy of the status to the verification team. In the verifying equipment 5, the status that V generated in the previous phase is compared with the status that the requesting equipment has delivered to it. To do this, use the optical comparator of your user equipment.

- In the fifth phase the verifying team checks the result of the comparator. If the result is positive, the procedure is continued until the n repetitions are reached. If at any time the comparison is negative, the authentication procedure is aborted and it follows that the applicant does not know the password. The random sequence that is generated in the first phase must be different at each repetition of the check. The number of repetitions is set in advance and is a function of the security that is desired in authentication. The higher n, the greater authentication security will be obtained.

By means of the method and the equipment of the invention, although the laws of physics prevent reading the information, it is possible to compare two states in a single attempt that detects different states with a good probability. In this way, it is possible to detect illegitimate users who impersonate the information receiver and gain security against spies who listen to the communication channel.

In the preferred embodiment of the invention it is anticipated that both users need to prove their identity. In this case, the n repetitions of the first to fifth phases of the comparison stage will not be followed but 20 stages will be alternated in which the functions of the requesting and verifying equipment are exchanged between the users and their equipment. In this way an illegitimate user can be detected prematurely.

In the preferred embodiment of the invention, the random to shared sequence is established through a public channel. The invention includes a method for users to jointly generate the random sequence a through their requestor and verifier user equipment and which will be explained later. 25

The safety of the procedure is based on the choice of the parameters p, n and d. The invention provides that, as noted, d is less than 0.71p, so that the probability of recovering k from the p bits of the password tends to. This probability is the same as guessing the bits of the random password. Therefore, with the coding chosen, a spy who captures the quantum state is unable to extract a single bit of information. In addition, the XOR operation with the random sequence avoids a repeat attack in which the adversary intercepts states of a legitimate user and then uses them to impersonate him, since the quantum states used at each stage are different. .

Furthermore, in order for the process of the invention to be safer, it is envisioned that the maximum value of stages n is chosen such that nd <0.71p. With this choice, a spy who captures all the states without being detected could not find out the password either, since the space of n dimension states has 35 dimensions. While nd is less than 0.71p, no encoding and decoding process allows you to recover k bits more than with a probability of. dD2dn2

The fundamental part of the procedure is the coding of the c ′ sequence in a quantum state. In the user equipment of the invention, the coding is performed on the quantum state of a single photon. The coding of c ′ can be done either by means of a temporary coding that modulates the waveform of a single photon generating different phase shifts in predefined time windows (HP Specht, J. Bochmann, M. Mücke, B. Weber, E Figueroa, DL Moehring and G. Rempe, Phase shaping of single-photon wave packets, Nature Photonics, 3 (8): 469–472, 2009), or by coding at the angular orbital moment of a single photon (G Molina-Terriza, JP Torres and L. Torner, Management of the angular momentum of light: Preparation of photons in multidimensional vector states of angular momentum, Physical Review Letters, 88 (1): 013601, Dec 2001). These two coding methods are detailed in the description of the preferred implementation.

The invention also relates to the user equipment that implements the described procedure. The equipment, as indicated, includes two parts: an electronic module and an optical module. The electronic module consists of a memory and a processor. The memory stores the sequences with the password c and the random sequence a. The processor is responsible for directing the authentication procedure. Their tasks include the analysis of the data that arrives from the detectors connected to the comparator to decide if the procedure is continued or not and calculate the logical function XOR bit by bit of c and a to generate the c ′ chain that determines a control signal

which is applied to a quantum state generator of the optical module. The optical module comprises a quantum state comparator, a quantum state generator and a detector block located at the output of the comparator that are connected to the electronic module. The detector block comprises at least two detection elements.

 The quantum state comparator is an optical device with two inputs and two outputs. The inputs include an external connection through which the photon of the requesting equipment arrives with the state that encodes its 5 ′ sequence and an internal connection to the quantum state generator. Each output port of the comparator is connected to a detector element, which, in turn, is connected to the processor. If the states are equal, it follows that the sequences coincide. The comparator works in a probabilistic way. Two different states can be classified as equal, but always with a probability less than one. Two equal states always pass the check. Following the process of the invention, this partial comparison 10 can be used to provide a reliable testing system as desired.

According to the described procedure, it is envisioned that the comparator may be constituted by a beam splitter or by a fiber optic coupler. In either case, said comparators are configured to produce an optical interference between the paths of the two photons applied at their input. The comparison is made using the Hong-Ou-Mandel effect (CK Hong, ZY Ou and L. Mandel, 15 Measurement of subpicosecond time intervals between two photons by interference, Physical Review Letters, 59 (18): 2044–2046, Nov 1987 ) so that, if the two states are equal, the interference between paths causes the two photons to take the same output. If the photons at the input of the comparator have different states, it is possible to find the photons at different outputs.

The detectors of the user equipment are individual photon detectors which can be, for example, 20 conventional avalanche photodiodes (APD). The detectors are placed in the two output ports of the comparator. This configuration of the detectors indicates to the processor if the output paths of the two photons coincide or not. The processor is configured to stop the authentication when the output ports are different and to generate a new state when the two photons activate the same detector, repeating the comparison stage with new states up to a number of times n, as previously mentioned. 25 'c'c

The quantum state generator comprises a control block, a laser, a modulator, an attenuator and a switch. The control block receives the control signal generated by the processor and directs the action of the modulator and the switch. The laser generates low intensity states that pass to the modulator. The modulator is governed by the control block and is responsible for coding the c ′ sequence in the states generated by the laser. The invention provides that the modulator can be an optical modulator that acts on the phase or a modulator with angular orbital moment, in accordance with the procedure described. After the modulator is an attenuator with an attenuation factor chosen so that at its output the average number of photons is less than or equal to one. In this way, the output state will have a photon or less. A switch is included at the end of the generator. The switch directs the photon to two possible outputs depending on the control signal. Choice 35 of the switch output allows the same equipment to be used for the user who acts as the applicant and the user who acts as the verifier. One of the planned outputs carries the quantum state coding c ′ to the comparator. In this case the equipment works as a verifier. The locally generated status is compared with the status from the applicant. The second output is connected to the outside so that the state encoding c ′ can be delivered to an external verifying user equipment in which the comparison described in the procedure would be performed. 40

In the preferred embodiment of the invention, the optical modulator for temporal coding is an optical fiber modulator configured to introduce different offsets in predefined periods of time. The angular orbital moment modulator comprises a state generation block with a hologram and a Dove prism. The hologram can be generated with conventional photographic techniques so that it generates an initial state, which is a superposition of states with an angular orbital moment. The state that leaves the hologram is directed to a conventional Dove prism rotated at an angle. The rotation is controlled by the control block to generate a symmetric state 1001DDpC2'2

as described. , 1102'2'DCjcpeD

In the process of the invention, it was indicated that the random sequence could be generated in the user equipment itself. In that case, the random sequence is generated by the state generator, the comparator, the detector and the processor, in a conventional manner, as described in greater detail in the embodiment of the invention.

According to the description given, it is possible to suffer an attack in which the attacker does not introduce any photon. Although the attacker cannot discover the password c, having only one photon in one of the comparator outputs activates a single detector and the verifier can interpret that the attacker knows the password c.

To avoid this inconvenience, the invention includes a block that counts the present photons. 5 This way you can detect when an attack has occurred due to the absence of photons. For this, a plurality of stages with comparators are used, the last stage of which is connected to a plurality of detector elements. The number of comparators is doubled at each stage. Each of the outputs of the first comparator is connected to a comparator, whose outputs in turn are connected to two other comparators and so on until the last stage of comparators, which have a detector in each of its outputs. The number of detection elements 10 is twice the number of comparators of the last stage. To realize the account without errors, the free entry of the additional comparators is blocked. The processor is configured to stop the authentication by detecting a sum of photons different from two or zero in a single branch, each branch being understood as each of the two outputs of the first comparator and the different ramifications that each of the stages entails. In case the processor detects a correct sum of photons, it performs the authentication. This prevents an attack 15 due to lack of photons. If the requesting team does not send any photons, the sum of photons in all branches will be one instead of two.

 Next, in order to facilitate a better understanding of this specification, and being an integral part thereof, a series of figures are attached in which the object of the invention has been shown as an illustrative and non-limiting nature. twenty

BRIEF STATEMENT OF THE FIGURES

Figure 1.- Shows a functional block diagram of a possible embodiment of a user equipment for performing the password check according to the invention.

Figure 2.- Shows a possible embodiment of the quantum state generator of the previous figure in which an optical modulator for optical fiber is used. 25

Figure 3.- Shows another possible embodiment of the modulator of the invention of Figure 1. In this case the modulator is a modulator with angular orbital moment.

Figure 4.- Shows a schematic representation of an embodiment of the invention in which a plurality of comparators and detectors are incorporated to avoid an attack due to lack of photons. Neither the processor memory nor the photon generator has been represented to simplify the figure. 30

DESCRIPTION OF THE PREFERRED EMBODIMENT

Below is a description of the invention based on the figures mentioned above.

The method of the invention is described by assuming two users with their corresponding equipment 1, a requesting user with their requesting equipment S and a verification user with their verification equipment V. It starts from a previous phase in which the user equipment 1 stores the password c consisting of a sequence of p 35 bits that it is desired to check in a memory 6a of a processor 6 of the respective user equipment 1, as shown in Figure 1.

The procedure of the invention is detailed for the case in which the requesting equipment S is identified before the verifying equipment V. The requesting equipment S is the one who must demonstrate that it has the same sequence of bits c as the verifying equipment V. All phases they are the same for the opposite case by exchanging the functions of S and V. If both users must convince the other that they have the password, it is preferable to establish shifts with interleaved identification rounds to detect a possible dishonest user early. The procedure consists in the repetition of five phases:

- In the first phase, S and V jointly generate a random sequence a of p bits, as will be described later, so that both store it in their respective memories 6a. In the exemplary embodiment, sequence a is a public sequence.

- Then, in the second phase, S and V calculate the logical function XOR bit by bit of the password c and the random sequence a by generating a new key c ′ = ca. 

- In the third phase, S and V encode c ′ in the states and of a quantum system with states. In the preferred implementation these states correspond to individual photon states. If the two 50 computers know the password, they generate identical states. You must choose a much smaller d than p to protect the password. A possible coding is the one that assigns each sequence of the key c ′ to a state 'cS'cVdD2'c

symmetrical of the form, where is the number that has as a binary representation the sequence of the c ’key. 102'2'1DiiCjcieDp

- In the fourth phase, the requesting user equipment S delivers its status to the verification device V.

- In the fifth phase the device V makes a comparison between the received state and the locally generated state in the third phase, by means of a quantum comparator 3. In this way, if the result of the comparison is positive, the procedure of authentication and, if negative, it is aborted and it is considered that S does not have the password c.

The verification procedure, with all the mentioned phases, is repeated n times choosing a new random sequence a. The value of n is estimated based on the desired security.

This procedure is implemented by user equipment 1 with an input 2 through which the 10 states of the applicant S reach a quantum state comparator 3 where it interferes with the local state from a quantum state generator 8. The state comparator 3 It is connected to a detection block 4 with two detectors 5 which indicate to the processor 6 whether the photon output paths coincide or not. The processor 6 contains the memory 6a that stores the sequences a and c and, from them, is able to calculate the sequence c ’described in the procedure. Taking that sequence c ′ as a reference, the processor 6 generates 15 a control signal 7 that directs the operation of the quantum state generator 8. The quantum state generator 8 has two outputs, 9 and 10. The output 9 is connected to the comparator 3 and the output 10 is connected to the outside 11, which is the output of the user equipment 1 for the scenarios in which the user and his team act as the applicant and deliver their status to the verifying user equipment.

The quantum state generator 8 encodes the sequence c ′ in individual photons according to 20 different encodings with the schemes shown in figures 2 and 3. Thus in figure 2 a configuration of the quantum state generator 8 is shown in the that the modulation is based on the modification of the waveform of a photon in different moments (temporal coding). In the example of Figure 3 the quantum state generator 8 is based on an angular orbital moment coding of a single photon. These generators will be described in greater detail below. 25

The comparison between the states occurs in the comparator 3 which has as inputs the state, generated locally in the state generation block 8, and the state that is received from an applicant abroad and that enters the user equipment 1 through input 2. The detector block 4 consists of two APD 5 avalanche photodiodes, both connected to the processor 6. The processor 6, depending on whether the two detectors 5 are activated at the same time or not, decides whether to Stop the procedure or continue with it. The local state is generated according to the contents a and c of the memory 6a. 'cV'cS'cV

The operation of the comparator 3 is based on the Hong-Ou-Mandel effect, which occurs when the paths of two photons interfere with an optical device, such as a beam splitter or a fiber coupler. Only two photons that have the same state have maximum interference. An example is shown in Figure 1 in which the comparison is made by means of a fiber optic comparator in which the interference between 35 photons takes place in a fiber optic coupler. In the coding with angular orbital moment the interference occurs in a beam splitter (beamsplitter) with a transmissivity of 50%.

The probability that the two input photons leave through the same output port is 100% for identical states. For a large number of possible quantum states, the probability that photons from two randomly chosen states will exit through different ports is 50%. The avalanche diodes 5 of detection of 40 photons distinguish these two cases when they are placed in the outputs of the comparator 3. The processor 6 interprets the data and is configured to direct the authentication procedure. If the two detectors 5 find a photon, the states are different and the processor 6 ends the verification process. On the contrary, if only one of the detectors 5 is activated, the checking is continued using a new random sequence value a. After n checks, the probability that the device S does not have the password is exponentially small, of the order of. n2

As discussed, for the quantum state generator 8 two possible embodiments are suggested in Figures 2 and 3.

In the exemplary embodiment of Figure 2, the quantum state generator 8 comprises a control block 12 in which the control sequence 7 from the processor 6 is received to govern the operation of an optical modulator 14. The optical modulator 14 is a fiber optic modulator that introduces different lags in predefined time windows and acts on the signal of a laser 13 that generates a signal

low power optics that after modulation carries the information of the c ’sequence. After the optical modulator 14, the encoded state passes through an attenuator 15 adjusted so that the state at the output of the quantum state generator 8 has, on average, a photon or less. Using a switch 16, the photon with the final state is directed to the output 9 or 10 depending on the control information 7. The output 9 is taken when the comparator 3 is used to check passwords of an external user. Output 10 is chosen when the local user generates 5 photons for an external user to check.

Figure 3 shows another possible embodiment of the state generator 8 that has a configuration similar to that of Figure 2, but, in this case, with a modulator with orbital moment 14a that encodes the information at the angular orbital moment of a photon. The modulator 14a is constituted by two stages. In the first stage a uniform overlap of base states with an angular orbital moment 10 is created. In this sense it should be noted that there are different techniques to generate these states in a conventional way (G. Molina-Terriza, JP Torres and L. Torner, Management of the angular momentum of light: Preparation of photons in multidimensional vector states of angular momentum, Physical Review Letters, 88 (1): 013601, Dec 2001), (S. Slussarenko, E. Karimi, B. Piccirillo, L. Marrucci and E. Santamato, Efficient generation and control of different-order orbital angular momentum states for communication links , Journal of the Optical Society 15 of America A, 28 (1): 61–65, Jan 2011). An example is proposed in Figure 3 in which a state generation block with a hologram 17 is used that can be generated with conventional photographic techniques. In the second part of the modulation, the superposition of states is directed to a conventional Dove prism 18 rotated by an angle. The angle of rotation is adjusted according to the indications of the control signal 7 generated by the processor 6. After the Dove prism 18 and the attenuator 15, the symmetrical state of a photon is generated. 1001DDpC2'2102'2'1DCjcpeD

As mentioned, the invention provides that user equipment 1 jointly generate a new random sequence for each of the different comparisons to be made. The sequence a must be different in each check to avoid a repeat attack in which a dishonest user who does not know the password captures and stores a valid state of a user who does know the password and subsequently uses it to impersonate him . To establish the common sequence a, users in turn generate 1 bit of sequence a and communicate it to the other participant. It is enough that one of the users is honest so that the sequence is not repeated in different rounds and, therefore, a repetition attack cannot be used. S and V can use different random number generators. User equipment 1 is configured to generate quantum random numbers as known in the state of the art. The generation of quantum random numbers is based on the intrinsically probabilistic nature of quantum measurement and can be implemented with optical equipment as described in US Patent Documents 6249009, WO 2007124089, JP 2033-36188 A, EP 2013706B1 and US 6393448.

Thus, with the equipment represented in Figure 1, each user can generate a photon locally with the state generator 8 and close the input 2 so that the probability of detecting the photon in each of the 35 detectors 5 is 50% . For each generated photon a random bit is produced depending on the detector 5 that is activated, so that the processor 6 assigns a 0 if the upper detector is activated and a 1 if the lower one is activated.

The described basic configuration of the invention is vulnerable to an attack in which the user of a device S does not introduce any photon. Although you cannot discover the password c, having only one photon will never activate the two detectors 5 and V may come to believe that S knows the password c. If detectors 5 can count the number of photons present, this attack can be detected. To prevent attack, the invention provides for the use of a plurality of comparator stages 3 and a plurality of detectors 5 so that the number of outputs is multiplied by 2 with each stage of 3, as shown in Figure 4. Each Comparator 3 output is connected to an additional comparator. The new comparators, in turn, have their outputs connected to a new stage of comparators. This branching of the outputs can be repeated several times. All additional comparators 45 have one of their inputs locked, so that they only receive the photons that come from the first comparator 3. The probability that two photons end up at the same output port can be made as small as desired by adding several stages of comparators 3. If a detector is placed at each output of the comparators 3 of the last stage, it can be estimated how many photons have exited the upper and lower branches of the first comparator 3. The processor 6 analyzes the results and, if the sum of Photons detected in each of the 50 two branches of the first comparator 3 is 2 or 0, continue with the authentication procedure. If the detectors 5 corresponding to one of the two branches find a number of photons other than 2 or 0, it is considered that the user S does not know the password and the procedure is aborted. This requirement can be relaxed if there is a high probability that during the measurement some photon is lost either by losses in the system or because coherent states are generated with much less than one photon on average. This configuration capable of estimating the number of photons allows, therefore, to avoid an attack due to the absence of photons.

Claims (13)

1.- QUANTIC PASSWORD AUTHENTICATION PROCEDURE comprising: - a previous phase of storing a password c constituted by a sequence of p bits in user equipment where the authentication procedure is carried out; characterized in that it also comprises repeated stages of comparison with the following phases: - a first phase of generation and storage in the user equipments of a random sequence to shared p bits; - a second phase in which each user equipment calculates the logical function XOR bit by bit corresponding to the password c and the random sequence a and generates a new sequence c ′ = ca;  - a third phase in which each user equipment encodes c ′ in quantum states of a space 10 of dimension, where d is less than 0.71p; 'cdD2 - a fourth phase in which a team of a requesting user who wishes to identify himself delivers the quantum status encoding the password c ’to a verifying user team that must authenticate the password; - a fifth phase in which the verifying user equipment that must authenticate the password compares the quantum state received with that generated in the third phase by said verifying user equipment and, if the comparative quantum states do not coincide, the process is aborted of authentication and, if said quantum states compared, said authentication process is continued; - in case of continuing the authentication process the previous first to fifth phases are repeated a preset number of times n with a new random sequence considering that the password is valid if the n comparisons are positive. twenty 2.- QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that the user equipment that acts as the applicant and verifier changes their functions in each of the n repetitions of the first to fifth phases, so that both users can confirm that the other user knows the password. 3.- QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that the random to shared sequence is public. 4.- QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that nd is less than 0.71p. 5. AUTHENTICATION PROCEDURE FOR QUANTIC PASSWORDS, according to claim 1, characterized in that the coding of c 'in a quantum state is selected from a time coding 30 of the waveform of a single photon by generating different phase shifts in windows of predefined time and an angular orbital moment coding of a single photon by creating a uniform superposition of states and the subsequent generation of a symmetric state, where is the decimal value of the sequence of bits c ′ and the base states of photons with angular orbital moment. 35 1001DD102'2'1DCjcpeD 6. AUTHENTICATION EQUIPMENT FOR QUANTIC PASSWORDS according to the procedure of claims 1 to 6, comprising means for storing a password c consisting of a sequence of p bits and at least one random sequence a of p bits sharing the equipment to be authenticated, characterized in that it comprises: - a processor (6) configured to calculate the logic function XOR bit by bit of the password c and the random sequence a and generate a control signal (7) corresponding to the calculation c ′ = ac performed that is applied to  - a quantum state generator (8) that encodes the sequence c ′ in the quantum state of a photon, which is directed to - a quantum state comparator (3) comparing a state from a requesting user equipment 45 that wishes to be identified and the state encoding c ′ and that comes from the state generator quantum (8) of the verifying user equipment itself that must authenticate the password, - a detector block (4) configured to indicate when the two photons input to the comparator (3) exit through the same output port of said comparator (3) and when they exit through different ports, and - the processor (6) being also configured to stop the authentication when the output ports of the comparator (3) through which the two photons leave are different and to generate a new state c '5 when the two photons exit through the same port, generating said new states c 'up to a number of times n, previously established, to perform the authentication. 7. QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the comparator (3) is selected between a beam splitter and a fiber optic coupler configured to produce an optical interference between the paths of two photons applied in their inputs and perform the comparison according to the Hong-Ou-Mandel effect, where when the states are equal, the two photons leave through the same output port of the comparator (3) with a probability of 100% and where when the states are different the probability that two photons leave through the same output port are close to 50%. 8. QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the detector block (4) comprises individual photon detector elements (5) connected to each of the comparator output ports (3) that are activated when a photon is detected to indicate to the processor (6) when photons are detected simultaneously in both comparator output ports (3) and when they are detected in only one of the comparator output ports (3).  9.- QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the quantum state generator (8) comprises: - a control block (12) that receives the control signal (7) from the processor (6), - a low power laser (13) connected to - a modulator selected between an optical modulator (14) and a modulator with angular orbital moment (14a), - an attenuator (15) presenting quantum states at its output with an average number of photons less than 25 or equal to one, - a switch (16) configured to direct the photon to an output selected between a first output (9) and a second output (10) depending on the control signal (7), selecting the first output (9) when the equipment The user function acts as a verifier and the generated status must be applied to the comparator (3) to compare it with the status provided by a requesting user equipment and 30 selecting the second output (10) when the user equipment functions as the requestor and the generated status must surrender to a verifying user team. 10.- QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 10, characterized in that the optical modulator (14) is a fiber optic modulator configured to introduce different lags in predefined periods of time. 35 11.- QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 10, characterized in that the modulator with angular orbital moment (14a) comprises a state generation block with a hologram (17) to generate initial states and a Dove prism (18 ) rotated an angle governed by the control block (12) to generate the symmetrical state. 1001DDpC2'2102'2'1DCjcpeD 12.- QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the random sequence a is generated by the quantum state generator (8), the comparator (3), the detector block (4) and the processor ( 6) in a conventional way. 13.- QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 9, characterized in that it comprises a plurality of comparator stages (3), wherein the last stage is connected to a detection block (4) provided with a plurality of detector elements ( 5), the comparator stages (3) 45 being configured in successive stages in which each of the outputs of the previous stage is connected to a new comparator (3) with its second input blocked, doubling the number of outputs of each comparator stage (3); where the number of detection elements (5) is twice the number of comparators (3) of the last stage so that, when the photons reach the detectors (5), they indicate to the processor (6) the number of photons that have output from each of the output ports of the first comparator (3), the processor (6) being 50 configured to stop the authentication procedure when detecting a number of photons in one of the output ports of the first comparator (3) other than zero or two.