GB2580167A - Improved cryptographic method and system - Google Patents

Improved cryptographic method and system Download PDF

Info

Publication number
GB2580167A
GB2580167A GB1821135.9A GB201821135A GB2580167A GB 2580167 A GB2580167 A GB 2580167A GB 201821135 A GB201821135 A GB 201821135A GB 2580167 A GB2580167 A GB 2580167A
Authority
GB
United Kingdom
Prior art keywords
quantum
party
basis
key
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1821135.9A
Other versions
GB201821135D0 (en
Inventor
Salih Hatim
Hance Jonte
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dotquantum Holdings Ltd
Original Assignee
Dotquantum Holdings Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dotquantum Holdings Ltd filed Critical Dotquantum Holdings Ltd
Priority to GB1821135.9A priority Critical patent/GB2580167A/en
Publication of GB201821135D0 publication Critical patent/GB201821135D0/en
Publication of GB2580167A publication Critical patent/GB2580167A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

A method comprises : generating, by first party 2, two or more quantum particles; party 2 preparing the quantum state of the two or more quantum particles, each quantum state being represented as one of two or more different bases agreed with second party 4, each basis defining two or more different orthogonal quantum states; transmitting, over a quantum channel 6, to party 4, at least some of the generated quantum particles; transmitting, over a classical communication channel 8, to party 4, tag information encrypted with a public cryptographic key and representing the bases to be used in the transmission of the quantum particles, such that party 4 can determine which basis to use to measure the state of each transmitted particle by decrypting the information using a private key corresponding to the public key; party 4 measuring the state of each quantum particle received from party 2 over the quantum channel, using the determined bases; and establishing a shared cryptographic key in dependence on the measured states of the transmitted quantum particles. The basis information is sent prior to transmission of the quantum particles.

Description

IMPROVED CRYPTOGRAPHIC METHOD AND SYSTEM
BACKGROUND
* Introduction to QKD
Quantum Key Distribution, or QKD, involves two parties, Alice and Bob, exchanging a randomly generated key using quantum bits (qubits). To do this, these qubits (typically photons), are sent through a quantum channel, and further information to allow each party to interpret these qubits is sent through a separate classical channel (e.g. via an Ethernet cable). The aim of Alice and Bob is to avoid their key being intercepted by an eavesdropper, Eve, while also maximizing their keyrate (the amount of secure keys they produce per second). These protocols are either based on entanglement of qubits sent, or (more commonly), on the effects of measurement changing a qubit ('Prepareand-Measure protocols).
The most commonly applied protocol for QKD is based on the protocol disclosed in Charles H Bennett and Gilles Brassard's seminal paper entitled "Quantum Cryptography: Public key distribution and coin tossing" in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, volume 175, page 8, New York 1984. This protocol is more commonly referred to as BB84, and is based on the qubit being sent being in the state of either 0 or 1 in one of two basis choices, chosen to be mutually unbiased to one another (e.g. rectilinear and diagonal). In practice this means that the two bases choices differ from each other by a rotation of 7/4 (i.e. 45°). This means, attempting to measure the qubit in the wrong basis gives a 50:50 chance of giving either 0 or 1 as a response. However, once all the qubits have been sent to Bob, Alice sends him an unencrypted list of all the bases she sent the bits in to him, via the classical channel.
On average, because of the mutually unbiased criteria with which the two bases are selected, Bob discards half of the received qubits, informs Alice which qubits were measured in the correct basis, and subsequently both Alice and Bob generate an encryption key using the remaining qubits. In this regard the efficiency of the BB84 protocol is typically said to be 50%, since only 50% of the transmitted qubits (i.e. photons) contribute to the establishment of the cryptographic key.
An augmentation to BB84, and which is discussed heavily herein has been recently created by Price et al., [1] which proposes increasing the efficiency of BB84 by introducing the step of Alice's privately communicating the basis in which she has prepared each qubit to Bob, using symmetric key cryptography, prior to the transmission of the prepared qubits to Bob.
CURRENT ISSUES WITH KEY-BASED CRYPTOGRAPHY
* Problems with Public-Key Cryptography In Public Key cryptography one of the parties to a communication (here, Bob), uses an asymmetric cryptographic algorithm to generate a public and a private key. The public key is sent out to Alice, safe in the knowledge that, once something has been encrypted with it, only Bob's private key can break that encryption. However, the dawn of quantum computing has introduced several quantum algorithms, such as Shor's algorithm, that dramatically increase the ease with which this type of algorithm can be broken. While some post-quantum (unbreakable by these algorithms) encryption standards exist, they are young and still relatively unproven. As classical communication is not subject to the no-cloning theorem, Eve can intercept and record classical communications without disturbing them, and can spend an unlimited amount of time attempting to break their encryption, leaving them potentially vulnerable to classical as well as future quantum computer attacks. This is particularly problematic for public key cryptography other than post-quantum.
* Problems with QKD Authentication All current Prepare-&-Measure' QKD Protocols rely on Alice and Bob having an initial shared secret, to allow them to authenticate each other. This limits them to only being able to continue, rather than start, communication, and having to keep a section of their key from any QKD protocol to be used as that initial shared secret for the next round.
Classical Channel For BB84, as Bob must signal his authenticated receipt of qubits to Alice to ensure their qubit lists match up, the QKD protocol is limited to only being as fast as information may be exchanged on the classical channel. Further, Price et al.'s protocol, despite using 100% rather than 50%, of the qubits to generate the secret key, actually ends up having a far lower key rate on current quantum communications devices (such as idQuanfique's Clay's) than standard BB84, due to the introduction of the classically sent basis information tags before transmission of each prepared qubit, meaning 384 bits now have to be sent per qubit rather than the standard 128 bits (from BB84's qubit receipt messages sent by Bob). This means, for a quantum network with a potential quantum channel photon rate of more than 50 MHz (such as Clavis3's 1.25GHz) [2], Price et al.'s protocol has only 2/3 the key rate of standard BB84.
Limited Basis Choice Nas Current BB84 relies on the use of two mutually unbiased basis sets for non-decoy-state 'Prepare-and-Measure' protocols. This means that, even if Eve doesn't know which basis Alice prepared the qubit in, she has a 50% chance of guessing the right one. However, on the Bloch Sphere, three of these unbiased (give no preferred response to any other basis choice) basis choices exist, so it makes little sense to limit to two. Further, with expansion from base-2 qubits to base-d qudits, access to d+1 mutually-unbiased basis sets is gained, further reducing both Eve's chance of guessing the right basis choice, and of getting the right bit if she chooses to measure in the wrong basis.
It is an object of the present invention to provide a cryptographic method that addresses at least some of the shortcomings of the prior art.
SUMMARY OF INVENTION
In accordance with an aspect of the invention there is provided a method of establishing a shared cryptographic key between a first party A and a second party B, using quantum states of particles, the first party A and the second party B being in operative communication via a quantum communication channel and a classical communication channel. The method may comprise: generating, by the first party A, two or more quantum particles; preparing, by the first party A, the quantum state of the two or more quantum particles, each quantum state being represented in a Hilbert Space with respect to one of two or more different bases agreed with the second party B, each basis defining two or more different orthogonal quantum states, and each quantum particle being prepared with respect to one of the two or more different bases; transmitting, over a quantum channel, to the second party B, at least some of the generated quantum particles; transmitting, over a classical communication channel, to the second party B, confidential information encrypted with a public cryptographic key having an associated private key, the confidential information enabling the second party B to determine the basis with respect to which the quantum state of each transmitted quantum particle has been prepared; recovering, by the second party B, the confidential information received over the classical communication channel using the confidential private key, and determining the basis with respect to which the quantum state of each transmitted quantum particle has been prepared; measuring, by the second party B, the state of each quantum particle received from the first party A over the quantum channel, using the determined basis; and establishing the shared cryptographic key in dependence on the quantum states of the transmitted quantum particles. Transmitting the confidential information encrypted with a public cryptographic key to the second party B, ensures that the second party B is able to measure received quantum particles in the correct basis in which they were initially prepared by the first party A. This ensures a basis reconciliation efficiency of 100%. Furthermore, the advantage of using an asynchronous cryptographic key (i.e. public cryptographic key) to encrypt the basis information in place of a symmetric key, is that it improves the key rate of the method, and avoids having to reuse any previously generated session keys as the encryption key for encrypting the basis information. It is also advantageous that the bases are selected to be mutually unbiased. This improves the security of the protocol and prevents any information being learned by an eavesdropper from repeated observation of transactions between the first and second party.
In certain embodiments the method may comprise: generating, by the first party A, entangled pairs of the two or more quantum particles; transmitting, over the quantum channel, to the second party B, one quantum particle comprised in each generated entangled pair; and preparing, by the first party A, the quantum state of the quantum particle retained by the first party A comprised in each generated entangled pair, after transmitting the other quantum particle comprised in each generated entangled pair, over the quantum channel to the second party B. In this way the present method may be adapted for use in combination with entanglement based quantum cryptographic protocols, revealing the same increased efficiency and improved key rate as when applied to conventional quantum cryptographic protocols.
Alternatively, the method may comprise: preparing, by the first party A, the quantum state of the two or more quantum particles; and subsequently transmitting, over the quantum channel, to the second party B, each quantum particle prepared by the first party A. In certain embodiments a predetermined binary number may be associated with each orthogonal quantum state defined in each basis. The method may comprise: determining the binary number associated with the quantum state of each transmitted quantum particle; and establishing the shared cryptographic key in dependence on the determined binary numbers. In this way, the quantum states of the transmitted quantum particles define a binary string, which may be used to define the shared cryptographic key. In the absence of an eavesdropper, both parties to the method will share the same binary string, since the second party B measures each received quantum particle in the same basis as prepared by the first party A. The shared binary string may then be used as the shared cryptographic key for use in encrypting a message requiring transmission between the two parties.
The method may comprise: selecting a subset of the transmitted quantum particles; determining a quantum error bit rate "OBER" in dependence on the number of quantum particles comprised in the subset, where the first party A and the second party B do not agree on the binary number associated with the quantum state of the quantum particle as measured respectively by the first party A and the second party B; and terminating the method if the QBER is greater than a predetermined threshold value. Since the second party B measures the received quantum particles in the basis in which they were prepared by the first party A, any discrepancy in the measured quantum state between the first and second parties is as a result of noise on the quantum channel and/or the presence of an intercepting eavesdropper. Accordingly, the presence of an active eavesdropper reveals itself to the first party A and the second party B in the form of an increased QBER. If the QBER is larger than an agreed threshold value, then the present method may be terminated to avoid the security of the cryptographic key being compromised.
In certain embodiments preparing, by the first party A, the quantum state of the two or more quantum particles, may comprise: randomly preparing the two or more quantum particles in the two or more different bases shared with the second party B; and wherein the confidential information comprises information identifying the random basis used by the first party A to prepare each transmitted quantum particle. The use of randomness in preparing the quantum particles improves security, and ensures that an eavesdropper is unable to acquire any information from repeated observation of communication exchanges between the first and second party.
The method may comprise generating a random sequence of numbers; and selecting, by the first party A, the basis for preparing each quantum particle using the generated random sequence of numbers. The use of a random sequence of numbers provides a convenient practical means for randomly selecting the basis in which to prepare each quantum particle. In certain embodiments, each basis may be associated with a different number, ensuring that there is an association between each generated number and basis.
The method may comprise: transmitting, over the classical communication channel, to the second party B, the confidential information encrypted with the public cryptographic key, prior to transmitting, over the quantum channel, each quantum particle. This ensures that the second party B is in possession of the basis information upon receipt of the transmitted quantum particles, and can therefore measure each quantum particle in the correct basis upon receipt, improving the efficiency of the method.
In certain embodiments the confidential information may comprise information identifying the random basis used by the first party A to prepare each transmitted quantum particle, and the method may comprise: transmitting, over the classical communication channel, to the second party B, the information identifying each random basis used to prepare each quantum particle encrypted with the public cryptographic key, in discrete sequentially ordered separate data packets, after each quantum particle is prepared by the first party A. This ensures that the second party B is in possession of the basis information that a transmitted particle has been prepared in prior to receipt of the quantum particle. In such embodiments it is envisaged that the basis information is transmitted to the second party B prior to transmission of the associated quantum particle, and that this iterative process of first transmitting basis information associated with a quantum particle ready for transmission to the second party B over the classical channel, followed by transmission of the quantum particle, is repeated for each prepared quantum particle.
In certain embodiments the confidential information may comprise information identifying the random basis used by the first party A to prepare each quantum particle, and the method comprises: concatenating the information identifying each random basis used by the first party A to prepare each quantum particle; and transmitting, over the classical communication channel, to the second party B, the concatenated information encrypted with the public cryptographic key.
The method may comprise: preparing the quantum state of the two or more quantum particles with respect to one of n-different bases, wherein each basis defines m different orthogonal quantum states, and wherein n is any positive integer and m is any positive integer prime power equal to the number of different states that the particle may be in. In certain embodiments n is equal to m+1. For example, n=3 and m=2, and the method may comprise preparing the quantum state of the two or more quantum particles with respect to one of three different bases, and each particle represents one qubit of information. Similarly, in some embodiments n=2 and m=2, and the method may comprise: preparing the quantum state of the two or more quantum particles with respect to one of the two different bases, and each particle represents one qubit of information. For higher dimensional systems, the improved efficiency of the present method increases when compared to conventional QKD, such as BB84 (Bennet and Brassards QKD protocol proposed in 1984). In conventional QKD the percentage of transmitted quantum particles that are retained for key generation following basis reconciliation is inversely proportional to the number of different mutually unbiased bases used to prepare the particles. For example, where two different mutually unbiased bases are used, the efficiency is 50% (i.e. a maximum of 50% of the transmitted particles are retained for key generation). Where three different mutually unbiased bases are used, the efficiency is 33% and so forth. However, in accordance with the present method, irrespective of the number of different mutually unbiased bases used, the basis reconciliation efficiency is always 100%. Accordingly, the present method is particularly advantageous for use in QKD protocols employing large numbers of different mutually unbiased bases.
In certain embodiments the method may comprise: generating, at the second party B, an encrypted first authentication message using the private key; and transmitting the encrypted first authentication message to the first party A over the classical communication channel, the first authentication message comprising information confirming receipt of the confidential information by the second party B. In this way, the first party A knows that the second party B has received the confidential information enabling the second party B to determine the basis with respect to which the quantum state of each transmitted quantum particle has been prepared. Therefore, in the absence of an eavesdropper, the states of the received quantum particles, as measured by the second party B, should be consistent with the states prepared by the first party A. Any discrepancy in the states as prepared by the first party A and as measured by the second party B is indicated of a QBER due to quantum noise in the quantum channel, or to the presence of an eavesdropper. In certain embodiments the authentication message may simply relate to a message confirming receipt of the bases information, and does not reveal any information that could be used to glean the subsequently established shared cryptographic key. However, it is important that the message is encrypted with the second party's private key, as this confirms to the first party A that the message has originated from the second party B, and in this sense authenticates the message.
Similarly, in certain embodiments the method may comprise: generating, at the second party B, an encrypted second authentication message using the private key; and transmitting the encrypted second authentication message to the first party A over the classical communication channel, after receipt, by the second party B, of each transmitted quantum particle, the second authentication message comprising information confirming receipt of a quantum particle. The use of a second authentication message helps to ensure that the first and second party share the same set of quantum particles. By sending a second authentication message encrypted with the private key to the first party A, the first party A is able to verify that the second party B has received each transmitted quantum particle. Where a transmitted quantum particle has not been successfully received by the second party B, for example due to quantum noise, then the first party A knows to omit this particle from use in generating the shared cryptographic key. In certain embodiments, the content of the second authentication message may simply comprise a confirmation of receipt of the associated quantum particle, revealing no information that could compromise the confidentiality of the subsequently generated shared cryptographic key. Using the private key to encrypt the second authentication message confirms the origin of the second authentication message to the first party A. In certain embodiments the public cryptographic key may be generated using a post-quantum asymmetric cryptographic protocol. The method may comprise: encrypting the confidential information with the public cryptographic key generated using the post-quantum asymmetric cryptographic protocol. Within the present context a post-quantum cryptographic protocol relates to a cryptographic protocol that cannot be cracked using a quantum computer. For example, lattice cryptography is one example of a post-quantum cryptographic protocol.
In certain embodiments the public and private keys may be pre-generated, and may be generated in accordance with any known classical asymmetric cryptographic protocol, such as RSA, El Gamal or the like. In accordance with embodiments of the invention, it is important that the public key is of a sufficient length such that it cannot be cracked during the duration of the present method. In certain embodiments the length of the public key is selected such that a quantum computer would require more than 30 minutes to crack the key. For example, key lengths of 1024 bits may suffice. In alternative embodiments the key length may be 2048 bits, which would take on the order of several days to break, whilst key length of 4096 bits would take on the order of weeks to break using a quantum computer.
In accordance with another aspect of the invention, there is provided a system for establishing a shared cryptographic key between a first party A and a second party B, using quantum states of particles. The system may comprise: means for generating two or more quantum particles; means for preparing the quantum state of the two or more quantum particles, each quantum state being represented in a Hilbert Space with respect to one of two or more different bases agreed with the second party B, each basis defining two or more different orthogonal quantum states, and each quantum particle being prepared with respect to one of the two or more different bases; a first transmitter, operatively connected to a quantum communication channel, arranged in use to transmit to the second party B, at least some of the generated quantum particles on the quantum communication channel; a second transmitter, operatively connected to a classical communication channel, arranged in use to transmit, to the second party B, confidential information encrypted with a public cryptographic key having an associated private key on the classical communication channel, the confidential information enabling the second party B to determine the basis with respect to which the quantum state of each transmitted quantum particle has been prepared; and a processor for establishing the shared cryptographic key in dependence on the quantum states of the transmitted particles. The means for preparing the quantum state of two or more quantum particles may comprise any one of a particle generator, a single photon generator, or a coherent laser pulse generator.
The present system is able to implement the aforementioned method, and therefore it and its embodiments benefit from the same advantages as mentioned previously in relation to the previous aspect of the invention and its embodiments.
In certain embodiments, the means for generating the two or more quantum particles may be configured in use to generate two or more entangled pairs of the two or more quantum particles. The first transmitter may be arranged in use to transmit to the second party B, one quantum particle comprised in each generated entangled pair; and the means for preparing the quantum state of the two or more quantum particles may be arranged in use to prepare the quantum state of the quantum particle retained by the first party A comprised in each generated entangled pair, after the first transmitter has transmitted the one quantum particle comprised in each generated entangled pair. (Note that, by what is known in the literature as the principle of defend measurement, the order in which parties A and B carry out their measurements in this case does not matter.) Alternatively, the first transmitter may be arranged in use to transmit to the second party B, each prepared quantum particle.
In certain embodiments the means for generating the two or more quantum particles may comprise a particle generator, which in certain embodiments may relate to a single photon generator, or alternatively to a small coherent laser pulse generator. The means for preparing the quantum state of the two or more quantum particles may comprise one or more measurement devices. For example, where the quantum particle relates to a photon, then the means for preparing the quantum state of the two or more quantum particles may comprise one or more optical devices, such as optical polarisers.
The system may comprise: an encryption module arranged in use to encrypt the confidential information with the public cryptographic key. The encryption module may be operatively connected with the second transmitter, in order to encrypt the output confidential information.
The processor may be arranged in use to: determine a predetermined binary number associated with the quantum state of each prepared quantum particle; and establish the shared cryptographic key in dependence on the determined binary numbers.
The means for preparing the quantum state of the two or more quantum particles may comprise: one or more optical devices arranged in use to randomly prepare the two or more quantum particles in the two or more different bases shared with the second party B; and the encryption module may be arranged in use to encrypt information identifying the random basis in which each one of the two or more quantum particles was randomly prepared. For example, where the quantum particles relate to photons, the means for preparing the quantum state of the two or more quantum particles may also comprise an optical circuit comprising one or more polarizers, configured to randomly polarize the photons with different polarization states.
The system may also comprise a random number generator arranged in use to generate a random sequence of numbers; and wherein the one or more optical devices may be arranged in use to prepare each quantum particle using one of the two or more different bases, the basis being selected in dependence on the randomly generated sequence of numbers. In this way, the random output of the random number generator is used by the optical device to prepare the basis in which each quantum particle is prepared.
The second transmitter may be arranged in use to transmit the confidential information on the classical communication channel prior to the first transmitter transmitting the prepared quantum particles on the quantum communication channel.
The confidential information may comprise information identifying the random basis used to prepare each quantum particle; and the second transmitter may be arranged in use to transmit the information, encrypted with the public cryptographic key, identifying the random basis each quantum particle has been prepared in, in discrete sequentially ordered separate data packets, after the quantum state of each quantum particle is prepared.
The confidential information may comprise information identifying the random basis used to prepare each quantum particle; the processor may be arranged in use to concatenate the information identifying each random basis used to prepare the quantum states of the two or more quantum particles; and the second transmitter may be arranged in use to transmit the concatenated information encrypted with the public cryptographic key over the classical communication channel.
In certain embodiments, the means for preparing the quantum state may be arranged in use to prepare the quantum state of the two or more quantum particles with respect to one of n-different bases, and each basis defines m different orthogonal quantum states, where n is any positive integer and m is any positive integer prime power equal to the number of different states that the particle may be in. Optionally, the bases may be mutually unbiased. For example, in certain embodiments, n=2 and m=2, and the means for preparing the quantum state may be arranged in use to prepare the quantum state of the two or more quantum particles with respect to one of two different bases, and each particle represents one qubit of information. Similarly, in certain embodiments, n=3 and m=2, and the means for preparing the quantum state may be arranged in use to prepare the quantum state of the two or more quantum particles with respect to one of three bases, and again, each particle represents one qubit of information.
In yet further embodiments, each basis may be associated with three or more orthogonal states. Where each basis is associated with three different orthogonal states, then each quantum particle represent one qutrit of information.
In accordance with yet a further aspect of the invention, there is provided apparatus arranged in use to carry out the previously recited method.
According to a further aspect of the invention, there is provided a non-transitory storage device comprising computer executable instructions for carrying out the previously recited method.
Within the scope of this application it is expressly intended that the various aspects, embodiments, examples and alternatives set out in the preceding paragraphs, in the claims and/or in the following description and drawings, and in particular the individual features thereof, may be taken independently or in any combination. That is, all embodiments and/or features of any embodiment can be combined in any way and/or combination, unless such features are incompatible. The applicant reserves the right to change any originally filed claim or file any new claim accordingly, including the right to amend any originally filed claim to depend from and/or incorporate any feature of any other claim although not originally claimed in that manner.
BRIEF DESCRIPTION OF THE DRAWINGS
One or more embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 is a schematic of a system for implementing methods in accordance with embodiments of the present invention; Figure 2 is a graph showing how key rate varies as a function of distance for two different embodiments of the present invention (respectively denoted SH18 D4M5, and SH18 D2M3) compared to the existing BB84 protocol, using weak laser pulses with an average photon number of 1, and assuming that an eavesdropper Eve's memory is much shorter than the time require to crack the Public Key encryption; Figure 3 is a graph showing how key rate varies as a function of distance for the two different embodiments shown in Figure 2, but without the assumption that Eve's memory is much shorter than the time to crack the Public Key encryption; Figure 4 is a graph showing the allowed QKD key rate for given classical channel data limits.
DETAILED DESCRIPTION
Aspects of the present invention relate to a protocol which may be implemented with all existing Prepae-&-Measure' Quantum Key Distribution protocols, where Bob has to guess the basis used by Alice in preparing the quantum particles. This step is commonly referred to as 'basis reconciliation', in which Bob discards all the quantum particles received from Alice in which he selected the incorrect basis for measurement. This ensures that the retained quantum particles were measured by Bob in the correct basis, and therefore, in the absence of an eavesdropper, he will have correctly measured the state of the quantum particle. Aspects of the present invention relate to combining a Quantum Key Distribution protocol with an initial authentication via Public Key cryptography. This serves to mitigate issues with both Quantum and Public Key Cryptography, by removing the reliance on an initial shared secret between Alice & Bob, and by removing the unlimited time left for Eve to break the encryption of a given communication of the latter. Furthermore, aspects of the invention result in a dramatic increase in the key rate, compared to standard QKD protocols.
Specifically, aspects of the present invention comprise replacing the step present in conventional QKD, in which information regarding the basis used to measure the qubits is exchanged, with a pre-communication comprising information regarding the basis in which all the qubits will be sent. This pre-communication is encrypted. In certain embodiments the encryption may be via a public-key protocol. This enables Bob to pick the basis in which to measure the qubits sent by Alice with a 100%, rather than 50%, accuracy. In addition, the protocol in accordance with the present invention is resistant to a variety of attacks typically deployed against 'Prepare-and-Measure' based protocols, but further includes a number of crucial inventive steps, to both almost entirely reduce memory use on Bob's side, while using memory concerns cited by Price et al. to instead reduce the likelihood of Eve being able to break the protocol.
The protocol includes the ability to increase beyond two the number of basis choices available to Alice while not necessary for the protocol to work, this adds the potential to double the key rate over and above the gains we already make, and adds increased security to the protocol (discussed below, in Basis Choice Expansion).
With reference to Figure 1, a first party A, henceforth referred to as Alice 2 and a second party, henceforth referred to as Bob 4, share between them a quantum communication channel 6, and a classical communication channel 8. An eavesdropper Eve 10 may interfere and listen in on either communication channel. An embodiment of how the present method may be carried out is described using apparatus functionally arranged in accordance with Figure 1.
* E.g.1 -PKA (Public Key Authentication)-BB84 1. Public Key Setup: (a) Alice obtains Bob's Public Key, either directly or through a trusted third party.
2. Authorization Tags: (a) Alice generates N cryptographically secure random numbers (ideally from a quantum random number generator), used to select bases b, to b,v, for b,+1 E {X, Z}, I E {0, ..., N-1}. Here, we decide to use two possible basis pairs, {X, Z}, for b1+1, but this could be extended to include a third possible basis pair choice (e.g. circular polarizations), as will be discussed below.
(b) Alice then computes TA = PKC(bi PKC(x) is the encryption of x by Bob's Public Key, and (hill. )) is the concatenationof the h-terms from hi to hN * I IbAr), for 3. Key Exchange: (a) Alice prepares qubits Qi to QN by generating N more cryptographically secure random numbers, B1 to BN, for Bi+, E {0, 1}, and then encoding Br+i in their relevant bi+i basis, respectively.
(b) Alice sends TA to Bob via the classical channel, followed by all the qubits from Q1 to QN.
(c) After receiving TA on the classical channel, Bob sends a first authenticated response to Alice to confirm receipt of it. Bob then uses his private key, corresponding to the public key Alice used earlier, to decrypt TA into the list of bases, hi to bN. The first authenticated response may simply comprise a message confirming receipt of TA encrypted with Bob's private key. Use of Bob's private key to encrypt the response provides confirmation to Alice that the message has originated from Bob.
(d) Bob announces whether or not each qubit arrived, by means of a second authenticated response. For each value of 1, he then uses the corresponding 131+1 to pick the basis in which to interpret Qi+i, returning the values Bi+i, which generate Alice and Bob's new key, (B1 RN), possessed by Bob with an accuracy rate of (i00% -q), where q is the quantum bit error rate. As with the first authenticated response message, the second authenticated response may simply comprise a confirmation of receipt of each received qubit encrypted with Bob's private key.
It is important to note that the first and second authenticated messages do not reveal any information that may compromise the security of the protocol. The content of each authenticated message is simply a confirmation of receipt.
Post-Processing: (a) Error correction and privacy amplification occur, as per standard BB84.
N.B. Ideally, Bob's Public Key Protocol, used to generate his Public and Private Key, will be Post-Quantum, such as lattice cryptography, but, as will be shown below, even a number of Pre-Quantum asymmetric key protocols remain usable here, given Eve's time constraints.
Extension to Higher-d Qudits As mentioned above, standard BB84-based protocols make use of two choices of basis. However, given that the current protocol automatically gives Bob a 100% chance of choosing the correct basis; it makes sense that whatever measures can be implemented to minimize the chance of Eve guessing correctly should be put in place.
To that end, we can alter the above protocol to increase the number of basis options available to Alice to choose from -here, the limiting factor on this is the number of mutually unbiased basis choices available. For instance, with photon polarization, we can increase the basis choices from 2 to 3, by adding in the circular polarization option (clockwise/anticlockwise (LJR) polarized).
As before, if Eve attempts to measure this in either the rectilinear or diagonal bases, it will give a random bit. This means Eve goes from having a 1/2 chance of guessing the right basis, and 1/2 chance of getting the right bit if she chooses the wrong basis (3/4 chance of accurately getting the right bit), to having a 1/3 chance of guessing the right basis, and a 1/2 chance of getting the right bit if she guesses the wrong basis (2/3 chance of accurately getting the right bit). Further, if Eve attempts to measure the qubit, she goes from having a 1/4 chance of alerting Bob to her interference (1/2 chance of wrong basis multiplied by 1/2 chance of Bob getting wrong bit out when measured in original basis, now is transferred to new basis), to a 1/3 chance.
Sadly, this limiting factor allows up to 641 mutually unbiased basis groups for a based qudit. For instance, a binary qudit (qubit) is of base-2, so allows us to use up to three mutually unbiased basis groups; a qutrit, being base-3, allows 4 to be used, and so on.
Extrapolating for n basis choices, this allows us to reduce Eve's probability of guessing the right bit to (1, n+(n-i)./dn), which, using all available basis groups for a given base, simplifies to 2(c/+1). At the limit of a base n-system, this therefore reduces Eve's probability of guessing to 0, giving us theoretically perfect security. However, of course, the practicality of such a system would be limited. A more realistic proposal is that using a qutrit, whereby Eve's probability of guessing goes down to 1/2 -twice the probability of Eve failing to guess than a standard guess from Eve in BB84. This then allows us to reduce the amount of key rate lost to privacy amplification substantially.
Alongside this, by increasing the number of basis choices, this protocol also helps mitigate even further against Photon Number Splitting attacks. While, unlike BB84, Alice doesn't even announce her basis choice unencrypted, Eve can still attempt to take additional photons from multi-photon-pulses, and guess in which basis they are encoded. While this method would take her two extra photons in the pulse, captured by Eve, for her to definitely know she had measured one of the photons in the right basis if a choice of two bases was used, this number increases linearly with the number of basis choices available, both increasing dramatically the difficulty of Eve pulling off this attack, and exponentially reducing the chance of the bit identified from these photons all agreeing, making it far less likely she can know with certainty from such an attack the bit Alice originally sent.
Therefore, the extension of the basis choice, coupled with the 100% probability of Bob choosing bases correctly given by the current protocol, allows us to dramatically lower Eve's chance of guessing the correct basis, and to detect her attempts to randomly measure the qubit, allowing us increased security over normal, 2-basis protocols if desired. Also, as seen, it integrates seamlessly with the protocol, making it yet another ideal way to increase security and reduce the amount of key lost to privacy amplification.
To that end, we simulated two forms of our protocol (referred to as SH18), one using a qubit (base-2) with 3 mutually unbiased basis choices denoted SH18 D2M3 in Figures 2 and 3; and the other using a base-4 qudit, with 5 mutually-unbiased basis choices denoted SH18 D4M5 in Figures 2 and 3. Both SH18 D2M3 and SH18 D4M5 are compared in Figures 2 and 3 to standard BB84. It's also important to appreciate that COW (Coherent One-Way protocol adopted in the prior art by idQuantique) has the exact same key rate profile as BB84 in Figures 2 and 3. in both Figures 2 and 3 the key rate has been worked out using the raw unsifted rate from a system that can send supporting data via a classical channel at toChit/s, Privacy Amplification loss using the formula for Min-Entropy, and then distance-based losses using the typical attenuation loss of 0.2dB/km. Also, for this, the typical varying of QBER over distance was used in the model, and, given the similarity of their key-rate, COW and BB84 share the same line on the graphs illustrated in Figures 2 and 3.
As can be seen, SH18 of base-2, with 3 mutually unbiased basis choices provides over double the key-rate of COW and BB84, and Sli18 of base-4 and 5 mutually unbiased bases (MU) choices gives well over 4 times the initial key-rate, showing the substantial advantage our protocol generates. Further, even without the assumption above that Eve's quantum memory lasts a far shorter period of time than it would take for her to crack the encryption on any qudits she was able to split off, this key-rate gain still holds, as can be seen below.
Further, given the work on higher-dimension qudit systems of Sheridan and Scarani [3], we can conclusively call our protocol provably secure.
BENEFITS OF PROTOCOL
I -No requirement for a previously-established shared secret between Alice and Bob: By using a public key protocol, rather than requiring a pre-existing symmetric key existing between Alice and Bob, they don't need any prior connection for Alice to be able to authenticate that Bob is the only one receiving her messages. All that is required is either the public key to have been transferred by a trusted medium between the two, or to have been passed on by a trusted third party. This is a significant advantage over current QKD protocols, which all rely on an initial shared secret for use as a private key, at the very least in order to provide a means of authentication.
-Eve's time to be able to decode messages sent becomes limited: By sending secret-key information in the quantum channel, using qubits, Eve cannot clone the information sent by Alice to Bob, and so has only a limited amount of time to break the tag, TA, in order to possibly get access to the final key. This time limitation means, given a typical overall QKD communication time of time he order of minutes, or seconds for near-market systems, even conventional Pre-Quantum Public Key Algorithms (such as RSA, which the National Institute of Standards and Technology recommends should use a 15360-bit key) are safe against Eve (requiring 153602 operations under Shor for Eve to break an encryption, which, at a fastest feasible quantum computer clock rate of i MHz, takes on the order of at least weeks, possibly months or even years) [5], further increasing the flexibility of the protocol.
Ill -Bob's accuracy for receiving Alice's key is ((ino% -q), rather than BB84's (5o% -q): By allowing Bob access to Alice's basis choice information before he has to decide which basis to measure the qubits in, he loses possibility of picking the wrong basis, doubling the efficiency of the protocol, and enabling the inclusion of other basis choices (leading to a 2 basis-choice) system becoming possible without his corresponding probability of correct choice tending to Ono. of basis choices).
IV -Higher key rate than current basis-choice QKD protocols: As the protocol makes use of Public Key, not symmetric, encryption algorithms, no preexisting key is used up encrypting messages. This means all the key taken up by symmetric encryption of messages between Alice and Bob is unused in this protocol, giving us a higher key rate than Price et al.'s protocol, and a far higher rate (given our 100% qubit use rather than BB84's 50%) than other QKD protocols currently in existence. To quantify this, idouantiqueTM define the secret key rate K. as the product of R and r, where R is the sifted bit rate (the rate per second of bits Alice and Bob know that they both know), and r is the fraction of this shared key that can be used for the secret key (i.e. the fraction not lost to privacy amplification or authentication/encryption using symmetric key protocols).
Above standard BB84, assuming the same photon (or pulse) rate through the quantum channel, the R-value achieved by the present protocol is twice as high (due to the above l00% q, rather than 50% q sifted bit rate) as those of BB84. Even for prior art protocols that share the same R-value as the present protocol, given that the present protocol uses a public key for encryption and authentication rather than a symmetric key means our r-value is higher than theirs. An example of this is that given by Price et al., which, while having a R-value of also l00%-q, requires an initial shared secret between Alice and Bob of length lk bits, which has to include 256 bits for use with AES, and an additional number to form a hash key (for VMAC, roughly 128 bits). This, compared to the rough key output from a round of QKD (105 bits), may only be a loss of 0.5% of the produced key if one assumes q to be 0, but can be far higher depending on other losses.
Due to Classical Channel Limits: Further, this underpinning assumption that the photon rate through the quantum channel is the same for us and the case given by Price et al. is false. Given our use of authenticated receipts from Bob to signal photon arrival means we are limited to the same ratio of quantum-to-classical channel speed (1/128 qubits/bit, given each qubit has to be responded to by a 128-bit reply), acting, for a fixed classical channel speed maximum of around 10Gbit/s, as an effective qubit rate limit of 75MHz. However, Price et al.'s protocol also makes use of 256-bit tags sent before each qubit, decreasing that ratio to 1/384 qubits/bit, and so setting an effective qubit rate limit of 25MHz, a third of the speed of ours. This, effectively, reduces their secret key rate to a third of the relative value calculated above, a substantial net benefit of our protocol over theirs.
Given current hardware (idQuantique's (7/avisrim) can operate at a quantum channel photon rate of 1.25GHz, this slowing from Price et al.'s protocol would already have a significant effect.
By reducing losses to Privacy Amplification: Privacy amplification works by using a protocol to remove a proportion of the bits in the key given by II,",",, the min-entropy of the system. This is derived from the negative logarithm in base-2 of the best possible guess strategy probability Eve can derive. Ergo, the lower the best probability per bit Eve has of guessing the key, the higher H,7"",, and so the less key lost to Privacy Amplification. This then means, as the proportion r would be higher, that the overall key-rate would be higher too. Through our protocol removing the strength of a number of typical attacks against BB84 (as shown below), Eve's best Pg"", is smaller than that standard for BB84, so our losses to Privacy Amplification are much lower.
V -Ability of Eve to deploy standard anti-BB84 attacks (e.g. PNS, MIM) are mitigated against: By encrypting the basis choice information before sending it, as opposed to BB84, when the information is sent freely after the exchange of qubits, Photon Number Splitting attacks are mitigated against, as even if the data on split multi-photon qubits is kept by Eve in a perfect Quantum Memory, the tag TA still needs to be broken before it is of any use above that of a standard qubit Eve intercepts. Further, given all current and hypothetical quantum memories have a maximum storage time before decoherence much shorter than the time it would take even Shor's algorithm to break a standard Public Key encryption, this measure ensures permanent security of data.
Alongside this, given the use of a previously-disclosed/separately authenticated Public Key, Man-In-the-Middle attacks from Eve are also mitigated against, given the encryption of the basis announcements, forcing Eve to guess bases to measure the qubits in, and so allowing her attack to be detected and mitigated against through Information Reconciliation and Error Correction.
VI -For high-N cases, all additions given by this protocol have a high level of security strength against Eve, especially over the limited-timescale this protocol forces: The one issue this protocol introduces is the risk of Eve attempting to work out Alice's basis choice information by computing all possible basis choice combinations encrypted using Bob's Public Key, storing them in a look-up table, and comparing them to TA.. However, this attack involves, for the two-basis-choice set-up described, Eve calculating 2N different possible values of TA, and comparing them all to the real TA.. For a chain of 256 qubits, this involves creating and comparing 0(1077) possibilities -even if it takes her a femtosecond to create and compare each possibility, that still means the overall process would take 0(iD57) seconds (around 1049 years, a ludicrously long amount of time) -reducing her likelihood of breaking the encryption in this manner to effectively 0%.
This processing time and memory usage, a distinct negative to Price et al.'s protocol (where Bob is the one computing all the options), here becomes one of the greatest strengths of this new protocol -confirming a clear advantage of using public key, rather than symmetric, algorithms (such as Price et al.'s AES) for this protocol.
VII -Better key rate than Decoy State-based QKD: The main competitor with basis choice (6684-style) protocols for QKD are those based on Decoy States. These involve the sending of a number of pulses, rather than single photons, at different levels of intensity -only after the entire exchange has been completed does Alice state which intensity level was the real qubit, and which were 'decoys', for each bit sent. Typical Decoy State protocols involve an average of three pulses being sent per bit -the real bit, and two decoys. Given Bob has to signal receipt for all three pulses, this triples the amount of time the protocol takes -giving us 3 times the key rate of such a decoy state protocol, just from the decrease in R this causes.
Further, combined with the fact that our protocol, by not forcing Bob to guess which basis to measure the qubits in gains another 2 times the key-rate, and that, with the addition of additional basis choices (see below) our key rate increases further (1.5 times for two extra basis, approaching 2 times as the number of basis choices approaches infinity), we can feasibly get a key rate multiple times that deliverable by a 6684-based decoy state protocol. Further, our protocol (by using encryption and additional bases) is at least as adept for mitigating PNS attacks (the main reason for the decoy state protocol), and, by not having to use pulses with less than one photon, should be even more resistant to loss (say, caused by channel distance) -showing our protocol as superior.
VII -Longer Possible QKD Distances than Current Protocols: Given the lack of commercially-viable single-photon sources, most protocols actually use weak pulsed laser sources -which are vulnerable to Photon Number Splitting, given the fact they produce a Poisson Distribution of photons per pulse centered around a set mean, rather than a fixed rate of one per pulse. Further, to avoid these PNSbased attacks, this mean is often set below 1 for practical implementations of 131384-style -QKD, which, coupled with loss through channels and at detector, further can substantially reduce key rate.
However, due to our protocol's resistance against PNS-style attacks, we can use a far higher mean photon number per pulse without fear of such attacks, and so can send qubits over far longer distances than can tradition-ally be done.
PUBLIC-KEY ALGORITHM CHOICE
While the protocol of the present invention was originally conceived to be used to integrate post-quantum public key cryptography with quantum cryptography together in a single protocol; given the limitation on how much time Eve has in order to break TA using realistic future quantum computers, it would be both feasible and safe to still use a pre-quantum public key algorithm, such as (I-1F En, as mentioned above.
ALTERNATIVES
The herein described methods may also be implemented in an entanglement based QKD protocol, in which Alice prepares entangled quantum particle pairs. In such protocols Alice forwards one of the quantum particles comprised in each prepared entangled pair, whilst retaining the other. Alice subsequently measures the retained quantum particle in a bases of her choosing. As a result of the entangled nature of the quantum particle pairs, Alice's act of measurement causes Bob's quantum particle to collapse into a specific quantum state. Alice forwards information regarding the basis used to measure her retained quantum particle to Bob encrypted using a public key cryptographic protocol, in the same manner as described previously. The method of Alice sharing measurement bases with Bob by means of public-key cryptography is similarly applicable to continuous variables QKD, non-entanglement-and entanglement-based alike, where, again, secret key bits can only be read reliably if such quantum states are measured in the correct bases.
HARDWARE
Embodiments of the present protocol may be implemented using existing hardware currently employed in conventional QKD protocols. In particular, the present protocols may be implemented using idQuantique's Clavis system, using polarised photons as the quantum particles. Furthermore, where available, Alice may implement the present protocol using a single photon generator or small coherent laser pulse generator, one or more polarisers to prepare the photons in the different quantum states, and a quantum channel operatively connected to Bob. In practice the quantum channel may relate to a fibre optic cable. Furthermore, in order to assist with the selection of the random bases in which to prepare the photons, a quantum random number generator may be used. Additionally, Alice may have a computer processor connected to the classical communication channel shared with Bob, arranged to encrypt the bases information prior to transmission to Bob. Similarly, Bob may comprise a polarization detector operatively connected to the quantum channel, enabling Bob to measure the polarization state of a received photon. Similarly, Bob may also be provided with a computer arranged to encrypt required authentication messages with his private key, and to generate the shared cryptographic key once the transmitted photons have been received from Alice.
References: [1] Alasdair B Price, John G Rarity, and Chris Erven. A quantum key distribution protocol for rapid denial of service detection. arXiv preprint arXiv:1707.03331, 2017.
[2] idQuantique. Clavis 3 brochure. Brochure, 2015.
[3] Lana Sheridan and Valerio Scarani. Security proof for quantum key distribution using qudit systems. Physical Review A, 82(3):030301, 2010.
[4] XF Mo, ltzel Lucio-Martinez, Philip Chan, Chris Healey, Steve Hosier, and W Tittel. Time-cost analysis of a quantum key distribution system clocked at 100 mhz. Optics express, 19(18):17729-17737, 2011.
[5] Joe O'Gorman and Earl T Campbell. Quantum computation with realistic magic-state factories. Physical Review A, 95(3):032338, 2017.
GB1821135.9A 2018-12-21 2018-12-21 Improved cryptographic method and system Withdrawn GB2580167A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1821135.9A GB2580167A (en) 2018-12-21 2018-12-21 Improved cryptographic method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1821135.9A GB2580167A (en) 2018-12-21 2018-12-21 Improved cryptographic method and system

Publications (2)

Publication Number Publication Date
GB201821135D0 GB201821135D0 (en) 2019-02-06
GB2580167A true GB2580167A (en) 2020-07-15

Family

ID=65364391

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1821135.9A Withdrawn GB2580167A (en) 2018-12-21 2018-12-21 Improved cryptographic method and system

Country Status (1)

Country Link
GB (1) GB2580167A (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111669270A (en) * 2020-04-24 2020-09-15 江苏航天神禾科技有限公司 Quantum encryption transmission method and device based on label switching

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"A quantum key distribution protocol for rapid denial of service detection", Price A. et al, 15.11.2017, arXiv:1707.03331.2017 *
Physical Review Letters, vol.67, no.6, 05.08.1991, pub. American Physical Society, US, pp. 661- 663, Ekert A., "Quantum cryptography based on Bell's Theorem" *
Science China : Physics, Mechanics and Astronomy, pub. SP Science in China Press, China, vol.55, no. 9, Sep.2012, pp. 1618-1629, Liang Min et al, "Public-key encryption and authentication of quantum information" *
Theoretical Computer Science, vol.560, 04/12/2014, pub. Elsevier B.V., NL, pp. 7-11, Bennett C. et al, "Quantum cryptography: public key distribution and coin tossing" *

Also Published As

Publication number Publication date
GB201821135D0 (en) 2019-02-06

Similar Documents

Publication Publication Date Title
US7430295B1 (en) Simple untrusted network for quantum cryptography
EP2647155B1 (en) Quantum key distribution
US7787628B2 (en) Double phase encoding quantum key distribution
US8082443B2 (en) Pedigrees for quantum cryptography
US8964989B2 (en) Method for adding nodes to a quantum key distribution system
US9160529B2 (en) Secret communication system and method for generating shared secret information
WO2021213631A1 (en) Improved cryptographic method and system
Korchenko et al. Modern quantum technologies of information security against cyber‐terrorist attacks
US20220294618A1 (en) Improvements to qkd methods
Charjan et al. Quantum key distribution by exploitation public key cryptography (ECC) in resource constrained devices
Thangavel et al. Performance of integrated quantum and classical cryptographic model for password authentication
Parmar et al. A Comparative Evaluation of Algorithms in the Implementation of an Ultra‐Secure Router‐to‐Router Key Exchange System
WO2010011127A2 (en) Quantum network relay
GB2580167A (en) Improved cryptographic method and system
GB2586235A (en) Improvements to QKD methods
WO2023078639A1 (en) Quantum-secured communication
Lütkenhaus Quantum key distribution: theory for application
Parakh et al. Improving efficiency of quantum key distribution with probabilistic measurements
Parakh et al. Improving the efficiency of entanglement based quantum key exchange
Zeng et al. Quantum key distribution with authentication
Marchsreiter et al. A PQC and QKD Hybridization for Quantum-Secure Communications
Venkatramulu et al. Secure communication using two party authenticated quantum key distribution protocols
Zohair et al. Multiparty Quantum Cryptography with Block Cipher RC6 (B-MQKD)
Jayaraman et al. Quantum Cryptography And Quantum Key Distribution
Nandal et al. Comparison of Some of the Most Prominent QKD Protocols: A Review.

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)