NL2032162B1 - Segmented error correction for QKD post-processing - Google Patents

Segmented error correction for QKD post-processing Download PDF

Info

Publication number
NL2032162B1
NL2032162B1 NL2032162A NL2032162A NL2032162B1 NL 2032162 B1 NL2032162 B1 NL 2032162B1 NL 2032162 A NL2032162 A NL 2032162A NL 2032162 A NL2032162 A NL 2032162A NL 2032162 B1 NL2032162 B1 NL 2032162B1
Authority
NL
Netherlands
Prior art keywords
party
key
information
channel
words
Prior art date
Application number
NL2032162A
Other languages
Dutch (nl)
Inventor
Elkouss Coronas David
Original Assignee
Univ Delft Tech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Delft Tech filed Critical Univ Delft Tech
Priority to NL2032162A priority Critical patent/NL2032162B1/en
Priority to PCT/NL2023/050326 priority patent/WO2023244105A1/en
Application granted granted Critical
Publication of NL2032162B1 publication Critical patent/NL2032162B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Abstract

The invention provides a method for communicating data through a public classical channel, which data is protected using a secure key that is shared between at least a first and second party, the method comprising quantum key distribution (QKD) for distributing the secure key of length N which due to noise is received as a raw key.

Description

P100726NL00
Segmented error correction for QKD post-processing
Field of the invention
The invention relates to a method, device and software for communicating data, comprising quantum key distribution (QKD) for distributing a secure key.
Background of the invention
Quantum key distribution (QKD) allows to distribute a secret code (key) between two distant parties using the quantum mechanical properties of photons. QKD enables inherently safe communication, as an intrusion is detected. This is advantageous compared to classical communication, which is not inherently safe.
US2004109564 (Cert, van Assche) in its abstract discloses: “One aspect of the present invention is related to a quantum cryptographic scheme comprising at least one sending unit including a physical means of encoding and distributing a raw key in the quadrature components of quantum coherent states that are continuously modulated in phase and amplitude, at least one receiving unit containing a physical means of performing homodyne detection of the quantum coherent states in order to measure the quadrature components of the states, a quantum channel for connecting the sending unit to the receiving unit, a two-way authenticated public channel for transmitting non-secret messages between the sending unit and the receiving unit, a quantum key distribution protocol ensuring that the information tapped by a potential eavesdropper can be estimated from the quantum channel parameters, and a direct or reverse reconciliation protocol that converts the raw continuous data into a common binary key.”
US2015312035 in its abstract discloses: “A permutation method for reconciling bit errors in a quantum key reconciliation protocol performing an iterative reconciliation process, includes: obtaining a bit string through a previous reconciliation step; and permuting bits in athe [..] bit string obtained from athe [..] previous reconciliation step before a subsequent reconciliation step by performing a linear modulo operation based on a length of the bit string and a length of a block for the subsequent reconciliation step.”
WO2009056871 in its abstract discloses: “A processing arrangement of a data communication apparatus in a Quantum Key Distribution System is arranged to derive an ordered plurality of modulo-2 summations of respective selections of data bits of a binary data set. The data communication apparatus may either be transmitting apparatus with the processing arrangement serving to determine a target syndrome for subsequent use in error correction, or receiving apparatus with the data processing arrangement being arranged to effect error correction of received data. The processing arrangement effects its selections of bits from the binary data set in accordance with the interconnection of nodes in a logical network of nodes and edges that together define at least a continuum of cells covering a finite toroid. The structuring provided to bit selection by this continuum can be offset by randomness provided by other structures of the network and by the random association of bits of the binary data set with the nodes of the continuum. The logical network of nodes and edges represents a graph of a LDPC code used for error correction in said Quantum Key Distribution System.“
WO2020211954 in its abstract discloses: ,,A device for performing information reconciliation in a Quantum Key Distribution (QKD) system is proposed. The device obtains QKD data. The device further obtains an initial error correction codeword; determines, based on a Signal to Noise Ratio (SNR) and/or Bit Error Rate (BER) of the
QKD data, a number of punctures N > 0 to be performed on the initial error correction codeword; and generates an output error correction codeword by puncturing the initial error correction codeword at N positions. Data in the QKD can thus be smoothly processed even under SNR variations.
In Reconciliation of a quantum-distributed Gaussian key, G. van Assche, J.
Cardinal, N.J. Cerf, IEEE Trans. Info. Theory 50, 394, 204, in its summary states: “In
QKD using continuous variables, the continuous variables are discretized in bits, for instance 3 bits for each continuous variable. Error correction is then performed, using a binary error correction algorithm, starting with the least significant bit of each variable, then next bit, up to the most significant bit.” This is in fact known as ‘sliced reconciliation’. A segmentation is done on continuous variables, i.e., real numbers.
Furthermore, error correction on bits or different significance is not independent.
Summary of the invention
It is an aspect of the invention to provide an alternative communication method and/or device. A problem was found to lay in imperfections in QKD hardware. For instance, in optical implementations, photon losses or detector dark counts were found to occur. These lead to errors in the “raw” key. These errors need to be corrected to arrive at an error-free key. This process is known as information reconciliation or error correction.
There 1s provided a method for communicating data through a public classical channel which data is protected using a secure key, the method comprising quantum key distribution (QKD) for distributing a raw key of length N between at least a first and a second party, the method comprising the second party: - receiving the raw key through a quantum channel; - receiving from the first party through the public classical channel N/n transmissions, each comprising encoded information including N/n small words of length n from the raw key of the second party; - dividing said raw key into N/n small words of length n; - processing the small words using an error correction code based upon the small words of length n; - identifying incorrectly corrected small words using the information from the N/n transmissions from the first party through the public classical channel; -transmitting to the first party at least one selected from the incorrectly corrected small words, information relating to the incorrectly corrected small words, and a combination thereof; - receiving from the first party information comprising at least one selected from the correct version of the incorrectly corrected small words, information relating to the correct version of the incorrectly corrected small words, and a combination thereof, and - constructing the secure key using the information from the first party.
There is further provided a device for communicating data, in particular according to the method of any one of the preceding method claims, comprising a circuit for transmitting data through a data transmission channel that is a public channel, a circuit for receiving data using a quantum channel for transmitting and/or receiving a raw key of length N as a version of the secure key of length N, the device further comprising an integrated circuit, for instance an FPGA implemented circuit, for splitting the raw key of length N up into words of length n, applying an error correction code to a series of n/N words of length n, and constructing the secure key of length N from the series of words of length n.
It was found that the method and devices improve the error correction (decoding) performance in the following ways. The division into small words coupled with the small word retransmission lowers the decoding error rate. It is therefore a robust error correction method. Furthermore or alternatively, for high complexity decoders (that provide a low error rate) the duration of the decoding of words increases superlinearly with the length of the words. Thus, for large messages the decoding becomes a bottleneck in communication speed. The division of the words into small words avoids this bottleneck, and therefore facilitates QKD with long keys.
In particular, the current method and system is more robust as it lowers the decoding error rate. It allows large messages and longer keys,
Smaller amounts of information need to be shared. It requires only a single round of interaction between parties. It allows the use of longer keys and provides a larger key generation speed.
Furthermore, it allows implementation in relative simple devices, in fact allowing implementation through hardware devices, for instance implemented in a field- programmable gate array (FPGA) in e flexible and dedicated manner.
In the current invention, a key is transmitted or distributed using a quantum channel. Quantum channels that can be used include one or more fiber optical channels, free space communications which can be ground based, ground-satellite, satellite- satellite.
Furthermore, reconciliation used public channels. Public channel that can be used include all channels that we use for transmitting classical information, like fiber optical channel, twisted pair, free space, and at a higher abstraction level any classical communication channel or network.
The current invention used error correction code. In particular, linear error- correcting codes can be used. Examples of suitable error correction codes include for example polar codes, low-density parity check codes (LDPC), turbo codes, and other similar error correction codes known to a skilled person.
In an embodiment, the second party also receives a version of the raw key from a third party. In an embodiment, the third party distributed the raw key to a series of parties for establishing a secure network of parties.
In an embodiment, the second party receives the raw key from the first party.
In an embodiment, the first party sends the raw key via the quantum channel to a third party and the third party sends the raw key via the quantum channel to the second party. 5 In an embodiment, the raw key is obtained from a discrete variable QKD protocol.
In an embodiment, the raw key corresponds with the quantization of real variables produced by a continuous variable QKD protocol.
In an embodiment, the error-correction post-processing is applied on said raw key using an error-correction code with length n for generating or reconstructing an error- corrected secure key.
In an embodiment, the method further comprises establishing a private quantum communication channel and a public communication channel between at least the first party and the second party, and sharing said secure key of length N between at least the first party and the second party via said private quantum communication channel.
In an embodiment, the correction code wherein n <N, 10*n<N, more in particular 100*n<N, in an embodiment N is at least 10%%6 and n is smaller than 10°4.
In an embodiment, additional information is transmitted from one selected form the first and second party to one of the second and first party as receiving party, allowing receiving party to correct the words that initially could not be corrected.
In an embodiment, a segmentation is used in combination with a low complexity decoder such as min-sum.
FPGA implementations, most of them use a "low-complexity" decoder such as min-sum and have n between 103 and 10%4. For min-sum decoder, see P. Hailes, L.
Xu, R. G. Maunder, B. M. Al-Hashimi and L. Hanzo, "A Survey of FPGA-Based LDPC
Decoders," in IEEE Communications Surveys & Tutorials, vol. 18, no. 2, p, 1098-1122,
Secondquarter 2016, doi: 10.1109/COMST.2015.2510381. This reference is incorporated as if fully set forth.
In an embodiment, a low complexity decoder is integrated with the QKD system.
In an embodiment, there is provided a computer program product which, when executed on a data processing device, preforms the current method.
There is further provided a device for communicating data, in particular according to the current method, comprising a circuit for transmitting data through a data transmission channel that is a public channel, a circuit for receiving data using a quantum channel for transmitting and/or receiving a raw key of length N as a version of the secure key of length N, the device further comprising an integrated circuit, for instance an
FPGA implemented circuit, for splitting the raw key of length N up into words of length n, applying an error correction code to a series of n/N words of length n, and constructing the secure key of length N from the series of words of length n.
In an embodiment of this device, the public channel is selected from an optical communication channel, a free space communication channel, a wired channel, and a combination thereof.
In an embodiment of this device, the quantum channel is selected from an optical channel, a free space channel, and a combination thereof.
There is further provided a device for sending data using quantum key distribution (QKD), comprising a data transmission module for receiving a raw key via a quantum channel and a data transmission module for transmitting data via a public channel, wherein the device comprises an integrated circuit, in particular an FPGA implemented circuit.
There is further provided a method for establishing a secure data communication network of a series of devices using a public channel, comprising the current method for communicating data comprising quantum key distribution (QKD).
For information and further background, the following has been included which is based upon WIKIPEDIA under “Information reconciliation and privacy amplification”.
The quantum key distribution protocols provide Alice and Bob with nearly identical shared keys, and also with an estimate of the discrepancy between their shared keys. These discrepancies of differences can be caused by eavesdropping, but also by imperfections in the transmission channel or transmission line and detectors. As it is impossible to distinguish between these two types of errors (eavesdropping and imperfections), guaranteed security requires the assumption that all errors are due to eavesdropping. Provided the error rate between the keys is lower than a certain threshold (for instance 11% for the QKD protocol BB84), two steps can be performed to first remove the erroneous bits and then reduce Eve's knowledge of the key to an arbitrary small value. These two steps are known in the art as information reconciliation and privacy amplification respectively.
Information reconciliation is a form of error correction carried out between Alice and Bob's keys, in order to ensure both keys are identical. It is usually conducted over a public channel and as such it is vital to minimise the information sent about each key, as this can be read by Eve. A common protocol used for information reconciliation is the ‘cascade protocol’, known as such. This uses several rounds of information exchange between Alice and Bob. They both hold the shared key. Both keys are divided into blocks in each round and the parity of those blocks is compared. If a difference in parity is found then a binary search is performed to find and correct the error. If an error is found in a block from a previous round that had correct parity then another error must be contained in that block; this error is found and corrected as before. This process is repeated recursively, which is the source of the cascade name. After all blocks have been compared, Alice and Bob both reorder their keys in the same random way, and a new round begins. At the end of multiple rounds Alice and Bob have identical keys with high probability; however, Eve has additional information about the key from the parity information exchanged. However, from a coding theory point of view information reconciliation is essentially source coding with side information, in consequence any coding scheme that works for this problem can be used for information reconciliation.
Examples of coding schemes are turbo codes, LDPC codes, and polar codes, which are proposed as improvement of the cascade protocol.
As mentioned, Privacy amplification is a method for reducing (and effectively eliminating) Eve's partial information about Alice’s and Bob's shared key. This partial information could have been gained both by eavesdropping on the quantum channel during key transmission (thus introducing detectable errors), and on the public channel during information reconciliation (where it is assumed Eve gains all possible parity information).
There is further or alternatively provided a method for communicating data comprising quantum key distribution (QKD), comprising establishing a private quantum communication channel and a public communication channel, and sharing a secure key of length N between a first party and a second party via said private quantum communication channel, said method further comprising error-correction post- processing on said secure key using an error-correction code with length n for generating an error-corrected secure key, said error-correction post-processing comprising: - selecting a correction code wherein n < N, in particular 10*n<N, more in particular 100*n<N; - dividing said secure key into N/n small words with length n;
- correcting the small words using the correction code; - transmitting small words which are incorrectly corrected from said second party to said first party; - transmitting the incorrectly properly corrected small words from said first party to said second party; - constructing the error-corrected secure key using the result of the error correction and information from said first party.
There is further provided method and device for communicating data through a public classical channel, which data is protected using a secure key that is shared between at least a first and second party, the method comprising quantum key distribution (QKD) for distributing the secure key of length N which due to noise is received as a raw key, the method comprising the second party: - receiving quantum information through a quantum channel; - deriving its raw key from the quantum information; - dividing the raw key into N/n small words of length n; - applying a decoder for identifying information regarding incorrect small words; - constructing the secure key from its raw key by using information of the incorrect small words.
In an embodiment, both the first and second party apply the method for establishing the secure key that is shared.
The terms “upstream” and “downstream” relate to an arrangement of items or features for instance relative to the propagation of the light from a light generating means (here the especially the first light source), wherein relative to a first position within a beam of light from the light generating means, a second position in the beam of light closer to the light generating means is “upstream”, and a third position within the beam of light further away from the light generating means is “downstream”. This hold also for a flow of information or data, for instance
The term “substantially” herein, such as in “substantially consists”, will be understood by the person skilled in the art. The term “substantially” may also include embodiments with “entirely”, “completely”, “all”, etc. Hence, in embodiments the adjective substantially may also be removed. Where applicable, the term “substantially” may also relate to 90% or higher, such as 95% or higher, especially 99% or higher, even more especially 99.5% or higher, including 100%. The term “comprise” includes also embodiments wherein the term “comprises” means “consists of”.
The term "functionally" will be understood by, and be clear to, a person skilled in the art. The term “substantially” as well as “functionally” may also include embodiments with “entirely”, “completely”, “all”, etc. Hence, in embodiments the adjective functionally may also be removed. When used, for instance in “functionally parallel”, a skilled person will understand that the adjective “functionally” includes the term substantially as explained above. Functionally in particular is to be understood to include a configuration of features that allows these features to function as if the adjective “functionally” was not present. The term “functionally” is intended to cover variations in the feature to which it refers, and which variations are such that in the functional use of the feature, possibly in combination with other features it relates to in the invention, that combination of features is able to operate or function. For instance, if an antenna is functionally coupled or functionally connected to a communication device, received electromagnetic signals that are receives by the antenna can be used by the communication device. The word “functionally” as for instance used in “functionally parallel” is used to cover exactly parallel, but also the embodiments that are covered by the word “substantially” explained above. For instance, “functionally parallel” relates to embodiments that in operation function as if the parts are for instance parallel. This covers embodiments for which it is clear to a skilled person that it operates within its intended field of use as if it were parallel.
Furthermore, the terms first, second, third and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances and that the embodiments of the invention described herein are capable of operation in other sequences than described or illustrated herein.
The devices or apparatus herein are amongst others described during operation.
As will be clear to the person skilled in the art, the invention is not limited to methods of operation or devices in operation.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims,
any reference signs placed between parentheses shall not be construed as limiting the claim. Use of the verb "to comprise" and its conjugations does not exclude the presence of elements or steps other than those stated in a claim. The article "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device or apparatus claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
The invention further applies to an apparatus or device comprising one or more of the characterising features described in the description and/or shown in the attached drawings. The invention further pertains to a method or process comprising one or more of the characterising features described in the description and/or shown in the attached drawings.
The various aspects discussed in this patent can be combined in order to provide additional advantages. Furthermore, some of the features can form the basis for one or more divisional applications.
Brief description of the drawings
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying schematic drawings in which corresponding reference symbols indicate corresponding parts, and in which:
Figures 1-3 schematically depicts a layout of transmission channels, in which a central distribution, is used, or a key is transmitted from one party to the next, which in fact may include a receiver transmitting to more than one other party, and
Figure 4 schematically depicts an embodiment of information reconciliation.
The drawings are not necessarily on scale.
Description of preferred embodiments
In (secure) key distribution protocols, two parties which are typically referred to as ‘Alice’ and ‘Bob’, aim at distributing two identical keys as secure key. In figured 1- 3, several setups of a data communication assembly 1 are illustrated. These embodiments all comprise a first party 2, Alice, and a second party 3, Bob. For simplicity, we will say in the following that a party or the distributor distributes or transmits a raw key, while they distribute or transmit quantum states that are then transformed into a raw key upon measurement and possibly classical communication. In figures 1 and 2, a distributor 5 distributes a secure key which is received by parties as raw key 7, 7° through a quantum channel 6. In figure 1, the distributor 5 transmits the raw key 7, 7’ to both the first party 2 and the second party 3. Due to all types of noise in/through the quantum channel 6, the first party 2 and second party 3 can receive the raw key 7, 7° distorted, so it will have differences. For this reason, the first and second party 2, 3 need to exchange information in order to restore the raw key 7, 7°. In figure 2, an alternative distribution scheme is illustrated, in which the first party 2 transmits a raw key 7° to the distributor 5. The distributor 5 in turn transmits the raw key to the second party 3, which then receives the raw key 7’. Again, the first party 2 and second party 3 have to exchange information.
In general, the quantum information exchange between Alice and Bob is via the already discussed channel 6. This implies that Allice and Bob assume that there is a third party, Eve, who can intercept the information that is transmitted.
Figure 3 shows a somewhat different embodiment where Alice transmits a secure key to Bob. In this situation, we also define version of the keys again raw keys 7, 7’.
Both parties have a version of the secure key that may comprise noise. In this embodiment, it is in fact not important if Alice has an original secure key, or is in fact a distributor 5 who distributes the secure key. What is important in this embodiment is that Alice and Bob need to be sure that they both have the same, secure, key. To that end, again they need to exchange information through the public channel 11.
The raw keys 7, 7°, can be strings of bits, or a, continuous variable. When information is exchanged between Alice and Bob, there is always the possibility of the eavesdropper, typically referred to as ‘Eve’. In fact, Alice and Bob assume that there is an eavesdropper.
Figures 1-3 depict some possibilities of distributing a secure key, for instance using a distributing party, trusted third party, or just another party, or it can be based on parties transmitting secure keys from one to another.
Figure 1 shows a possible method with devices for communication data. In this example, Alice and Bob seek to exchange information of data using a public channel 11.
Once Alice and Bob have their secure keys, they can also use them to communicate via a classical channel which might be different than the one they used for distilling the key (11). In order to secure their communication, they use a secure key. In order to both get the same, secure key, this key is distributed using quantum key distribution (QKD). This can be done between Alice and Bob (and more parties if needed) via a quantum line or channel 6 and an authenticated classical line or channel 11. In the above, examples of such lines and methods are illustrated.
In an embodiment, there is a quantum line or quantum channel 6 and a ‘classical’ line or public channel 11 between Alice 2 and Bob 3 and possibly further parties. In this way, the secure key can be shared. Alternatively, as illustrated in figure 1, a third party is connected via a quantum channel with both Alice and to Bob, and other parties if needed. In this way, a raw key of length N is shared or disseminated.
Both Alice and Bob now split the received raw key in strings or words of length n with n smaller than N. Each word is error-corrected by for instance Alice. If error correction gives a faulty correction, Alice sends information to Bob over a public authentic line. On this line, there is an eavesdropper (Eve). In QKD, the classical channel connecting Alice and Bob is always assumed to be authentic, i.e. Eve can not change the content of the messages or introduce false messages. An authentic channel can be implemented with classical crypto. Then for simplicity, one always assumes that Alice and Bob have implemented such an authentic channel.
The distributing of the secure key between Alice and Bob usually starts with sending signals over a physical line or channel. At the end of the process, Alice and Bob hold strings of length N: x =(x1, … ‚ xn) andy =(y1, ... , yn), respectively. These strings are called the “raw” key.
A goal of an information reconciliation protocol or error correction 1s to help each party to recover the others party’s string by exchanging information over a public authentic channel. If Bob recovers Alice’s string x, this is referred to as a “direct” reconciliation protocol. In the other case (Alice recovers Bob’s string), it is called a “reverse” reconciliation protocol.
There are at least three important parameters of merit in a reconciliation protocol: - The number of bits that are exchanged over the public channel. The eavesdropper Eve is assumed to tap the channel. As a result of this assumption,
for each bit exchanged over the public channel the length of the final secure key is reduced by one bit. - The success probability of the reconciliation protocol. If the reconciliation protocol fails, key distribution must start all over from scratch. - The number of interactions, i.e. uses of the public channel, that are required.
The classical communication requires synchronization which can present a bottleneck. This is the case for instance with a satellite link.
One typical approach to information reconciliation is based upon etror correcting codes. A linear error correcting code C with parameters (n, k) protects a string t= (ti, ... 10, to) i.e, of length k, against noise by encoding it with the codeword c(t) = (ci, ... , ca) i.e., of length n, such that the additional (n-k) bits help identify errors. In particular, the code C associates with each word w = (wi, ... , wo) (i.e., of length n) a syndrome s(w) = (st, ... , Sw) such that a word is a codeword if and only if the syndrome s(w) is the all zero string, i.e. s(w) = (0, ...., 0).
One can use a code C with parameters (n, k) for information reconciliation as follows. Alice and Bob first share x and y, where y can be interpreted as the result of sending x through a noisy channel. Then Alice sends to Bob s(x), the syndrome of her string x. With the help of this syndrome s(x) and y Bob is able to recover string x.
Because of finite key effects (see, for instance, Tomamichel, M., Lim, C. C. W
Gisin, N, & Renner, R. (2012). Tight finite-key analysis for quantum cryptography. Nature communications, 3(1), 1-6. ), itis necessary to distribute very long “raw” keys. These “raw” keys can be as long as 2?* positions/bits. Reconciliation of a long raw key can be challenging. Some reasons are the memory limitations for hardware implementations, the low success probability in some previous solutions (Reference is made, in this context, to Jouguet, Paul, Sébastien Kunz-Jacques, and Anthony Leverrier. "Long-distance continuous-variable quantum key distvibution with a Gaussian modulation.” Physical Review A484, no. 6 (2011) 062317) and the superlinear complexity of some decoders, which makes decoding of such long words unfeasible.
An embodiment of the currently proposed reconciliation protocol is as follows.
Suppose a code (n’, k’), with mn’=n and m>> 1. 1 - Alice divides her string x in m blocks of length n°: xt, … | x™ 2 — Bob divides his string y in m blocks of length n’: y', … | y™ 3 — Bob creates a string, referred to as FailedBlocks, of length m
4 - for each block, i.e. fori = 1 to m, do a. Alice sends s(x), i.e. the syndrome of block x’, to Bob through a classical channel. b. Alice sends h(x'), i.e. a hash of block x' and having length p, to Bob through a public classical channel. c. Bob attempts to recover x' with the help of s(x’) and block i of his own string y, i.e. using yi. d. If Bobs decoder fails, he sets the 1-th bit of Failedblocks to 1, ie.
FailedBlock[1]:=1. e. If Bobs decoder succeeds, it produces £° which is an estimate of x. Bob then computes h(£°), which is the hash of £í, and compares h(£5) with h(x). If h(x) = h(®!), Bob sets the i-th bit of FailedBlocks to zero, i.e.
FailedBlock[i]:=0 5 — Bob sends the string FailedBlocks to Alice. 6 — For all blocks, 1.e. fori = 1 tom, do a. If FailedBlocks[i] = 1 Alice sends to Bob over the public channels xi, b. Bob’s guess of block 1 is: i. if FailedBlocks[i] = 0 then £í i. if FailedBlocks[i] = 1 then x".
Figure 4 schematically depicts a transmission setup as illustrated above, illustrating in fact step 4.
It will also be clear that the above description and drawings are included to illustrate some embodiments of the invention, and not to limit the scope of protection.
Starting from this disclosure, many more embodiments will be evident to a skilled person. These embodiments are within the scope of protection and the essence of this invention and are obvious combinations of prior art techniques and the disclosure of this patent.
Reference numbers 1 data communication assembly 2 first party 3 second party 4 eavesdropping/ information intercepting party 5 quantum key distributing system 6 quantum channel 7 7,7 raw key 8 8, 8’ raw key divided in words of length n 9 information transmitter/receiver 10 information transmitter/receiver 11 Public information transmission channel 12 12° small word 13 13’ information encoder/decoder using small word and information

Claims (1)

ConclusiesConclusions 1. Een methode voor het communiceren van data door cen publiek klassiek kanaal, welke data beschermd is gebruikmakend van cen beveiligde sleutel welke gedeeld is tussen ten minste cen corste on tweede partij, waarbij de methode omvat cen quantum key distribution (QK DD) voor het verspreiden van de beverligde sleutel met lengte N welke door ruis wordt ontvangen als een nowe sleutel, de methode omvattende voor de tweede partij: - Het ontvangen van quantum informatie door cen quantum kanaal: - Het afleiden van de ruwe sleutel uit de quantum infomatie; - Het Verdelen van de ruwe sleutel naar N/n kleine woorden van lengten; - Het Ontvangen van con Serie van transoussios van de eerste partij door bet publieke klassieke kanaal, waarbij elke transmissie omvat gecodeerde informatie gecodeerd gebruik makend van ten minste cen klein woord van lengte n van de cerste partij’s ruwe sleutel van de eerste partij ’s beveiligde sleutel: - Het Verwerken van det kleine woorden omvattend het toepassen van cen caorrectisende op de kleine woorden en de gecodeerde informatie van de transmissies van de eerste party; - Het dentiticeren van onjuist gecorrigeerde kleine woorden; - Het Versturen naar de eerste partij van ten minste een geselecteerd wit de onjuist zecorrigeerde kleme woorden, informatie gerelateerd aan de onjuist gecorngeerde kleine woorden, gecodeerde informatie gecodeerd gebruik makend van het incorrecte kleine woord, en cen combinatie daarvan, en - Het Construeren van de beveiligde sleutel van de ruwe sleutel door gebruik tc maken van informatie van de onjuist gecomgeerde kleine woorden.1. A method of communicating data through a public classical channel, which data is protected using a secure key shared between at least one third party, the method including a quantum key distribution (QK DD) for disseminating the shared key of length N which is received by noise as a new key, the method comprising for the second party: - Receiving quantum information through a quantum channel: - Deriving the raw key from the quantum information; - Divide the raw key into N/n small words of length; - Receiving a series of transmissions from the first party through the public classical channel, each transmission comprising encrypted information encoded using at least one small word of length n from the first party's raw key from the first party's secure key : - Smallword Processing including applying corrections to the smallwords and encoded information of the first party's transmissions; - Dentiticating incorrectly corrected small words; - Sending to the first party at least one selected white the incorrectly corrected capital words, information related to the incorrectly corrected small words, encoded information encoded using the incorrect small word, and a combination thereof, and - Constructing the secure key from the raw key by using information from the incorrectly composed small words. 2. De methode volgens conclasie 1, waarbij de tweede partij de onjuist gecorrigeerde kleine woorden verwijdert vif zijn ruwe sloutel en de eerste partij de onjuist gecorngeerde kleine woorden verwijdert uit zijn ruwe sleutel, resulterend in een zewijzigde beveiligde sleutel met cen gereduceerde lengte.2. The method according to claim 1, wherein the second party removes the incorrectly corrected small words from its raw key and the first party removes the incorrectly corrected small words from its raw key, resulting in a modified secure key with a reduced length. 3. De methode volgens cen van de voorgaande conclusies, waarbij voor de tweede panty verder:3. The method according to any of the preceding claims, wherein for the second panty further: - Het Ontvangen van de eerste party van verdere informatie omvationde ton munste cen geselecteerd van zijn versie van de onjuist gecorrigeerde kleine woorden, informatie gerelateerd aan zijn versie van de onjuist gecorrigeerde kleine woorden, gecodeerde informatie gecodeerd gebruik makend van zijn versie van de onjuist gecorrigeerde kleine woorden, on cen contbinatie daarvan, cn - Het Construeren van zijn beveiligde sleutel uit zijn ruwe sleutel door het comgeren van de onjuist gccomgeerde kleine woorden door het toepassen van de verdere informatie van de cerste partij.- Receiving from the first party further information about ton munste cen selected from his version of the incorrectly corrected small words, information related to his version of the incorrectly corrected small words, encoded information encoded using his version of the incorrectly corrected small words words, on their combination, cn - Constructing its secure key from its raw key by combining the incorrectly combined small words and applying the further information from the first party. 4. De methode volgens cen van de voorgaande conclusies, waarbij de twoede partij zijn quantum informatie ontvangt door het goardum kanaal van cen derde partij en gebascerd op deze quantum informatie een ruwe sleutel afleid van de derde partij, in het bijzonder waarbij de eerste partij quantum 1nformate door het quantum kanaal aan cen derde partij shut en de derde partij de quantum informatie naar de tweede partij stuurt, waarbij de tweede party de ruwe sleutel afleidt van zijn ontvangen quantum informatie.4. The method according to any of the preceding claims, wherein the second party receives its quantum information through the goardum channel of a third party and, based on this quantum information, derives a raw key from the third party, in particular wherein the first party is quantum 1 information through the quantum channel to a third party shuts down and the third party sends the quantum information to the second party, whereby the second party derives the raw key from its received quantum information. 5. De methode volgens een van de voorgaande conchisies, waarbij de tweede partij zijn ruwe sleutel van de eerste partij ontvangt G, De methode volgens cen van de voorgaande conclusies, waarbij de muwe sleutel is samengesteld ut discrete vanabelen.5. The method according to any of the preceding claims, wherein the second party receives its raw key from the first party G. The method according to any of the preceding claims, wherein the raw key is composed of discrete variables. 7. De methode volgens een van de voorgaande conclusies, waarbij de nove sleutel correspondeert met de kwantisatie van echte variabelen seprodvceerd door een continue variabel QKD protocol.The method according to any one of the preceding claims, wherein the new key corresponds to the quantization of real variables produced by a continuously variable QKD protocol. 8. De methode volgens een van de voorgaande conclusies, waarbij de quantum informatie 1s gecodeerd gebruik makend van continue variabelen.8. The method according to any of the preceding claims, wherein the quantum information is encoded in 1s using continuous variables. 9. De methode volgens zen van de voorgaande conclusies, waarbij foutcorrectie nabewerking wordt toegepast op de ruwe sleutel gebnnk makend van een foutcorrectie code met lengte n voor het gencreren of construeren van een fout gecomgoerde beveiligde sleutel.The method according to any of the preceding claims, wherein error correction post-processing is applied to the raw key using an error correction code of length n to generate or construct an error corrected secure key. 10, Pe methode volgens een van de voorgaande conclusies, verder omvattend het vestigen van gen privé qoantum communicatie kanaal on cen publick communicatie kanaal tussen ten nunsie de corste en de tweede partij. en het delen van de beveiligde sleutel van lengie N tussen ton nunste de erste en de tweede partij via het priv quantum kanaal.10. The method according to any one of the preceding claims, further comprising establishing a private quota communication channel on a public communication channel between the client and the second party. and sharing the secure key of lengie N between the first and second parties via the private quantum channel. 11. De methode volgens een van de voorgaande conclusies, waarbij de correctecode waarbij de lengis van de codewoorden varieert HPn<N, in het bijzonder 100*9N, in cen uitvoenngsvorm MN is ten ounste 1076 en is kleiner dan 1674.The method according to any of the preceding claims, wherein the correct code in which the length of the code words varies HPn<N, in particular 100*9N, in one embodiment MN is at least 1076 and is less than 1674. 12. De methode volgens cen van de voorgaande conclusies, waarbij aanvullende informatie wordt verzonden van con geselecteerde uit de eerste en tweede partij naar cen van de tweede en eerste partij als ontvangende partij, dat het voor de ontvangende partij mogelijk maakt om de kleine woorden die aanvankelijk niet gecorrigeerd konden worden te corrigeren.The method according to any one of the preceding claims, wherein additional information is sent from one selected from the first and second parties to one of the second and first parties as receiving party, which allows the receiving party to read the small words initially could not be corrected. 13. De methode volgens een van de voorgaande conclusies, waarbij ven segmentatie van de ruwe sleutel in het keine woord is gebruik in combinatic met cen lage complexiteit decoder, in het bijzonder een min-sum decoder.The method according to any of the preceding claims, wherein segmentation of the raw key into the small word is used in combination with a low complexity decoder, in particular a min-sum decoder. 14. De methode volgens cen van de voorgaande conclusies, waarbij cen lage complexiteit decoder 1s geïntegreerd met het QKD systeem.14. The method according to any of the preceding claims, wherein a low complexity decoder is integrated with the QKD system. 15. De methode volgens een van de voorgaande conclusies, waarbij de eerste part; zijn ruowe sleutel ontvangt door het quantum kanaal, en: - Do eerste partij verdecft zijn ruwe sleutel in N/a Kleine woorden van lengte ng - Do eerste partij van de tweede partij door bet publieke klassieke kanaal cen serie transmissies ontvangt, waarbij elke transmissie omvat gecodeerde informatie omvattend ten minste een klein woord van de lengte n van de ruwe sleutel van de tweede partij: - De eerste partij de kleine woorden verwerkt gebnuk makend van cen corrigeerde code zebaseerd op de kleme woorden lengte ig - De corste partij onjuist zecormigeerde kleine woorden identificeert gebruik makend van de informatie van de N/n transmissies van de eerste partij door het publieke klassieke kanaal.The method according to any of the preceding claims, wherein the first part; receives its raw key through the quantum channel, and: - The first party resolves its raw key in N/a Small words of length ng - The first party receives from the second party through the public classical channel a series of transmissions, each transmission comprising encoded information comprising at least a small word of length n of the raw key of the second party: - The first party processes the small words using a corrected code based on the short words length ig - The largest party incorrectly corrected small words identifies using the information of the N/n first party transmissions through the public classical channel. - De corste partij naar de tweede partij ten minste cen geselecteerd uit de onjuist gecomgeerde kleine woorden, informatie welke betrekking beeft op de onjuist gecomgeerde kleine woorden, en cen combinatie daarvan, zendt, en - De eerste partij de beveiligde sleutel construeert gebruik makend van de informatie van de onjuist verbeterde kleine woorden.- The first party sends to the second party at least one selected from the incorrectly composed small words, information relating to the incorrectly combined small words, and a combination thereof, and - The first party constructs the secure key using the information from the incorrectly corrected small words. 16. De methode volgens conclusie 15, waarbij de eerste partij de onjuist verbeterde woorden verwijdert it zijn ruwe sleutel en de tweede parti de onpust verbeterde kleine woorden verwijdert uit zijn ruwe sleutel, resulterend in cen aangepaste beveiligde sleutel met oen gereduceerde lengte.The method of claim 15, wherein the first party removes the incorrectly corrected words from its raw key and the second party removes the incorrectly corrected small words from its raw key, resulting in a reduced length modified secure key. 17. De methode volgens een van de voorgaande conclusies 15-16, waarbij voor de eerste partij verder: - Het Ontvangen van verder informatie van de tweede partij omvattend van ten minste cen goselceteord wit zijn versie van de onjuist verbeterde kleine woorden, informatie gerelateerd aan zijn versie van de onjuist gccorrigeerde kleme woorden, gecodeerde informatie gecodeerd gebruik makend van zijn versie van het onjuist verbeterde kleine woord, en een combinatie daarvan, en - Het Construeren van de beveiliger sleutel van zijn ruwe sleutel door het verbeteren van de onjuist verbeterde kleine woorden door de verdere informatie van de tweede partij toe te passen.The method according to any one of the preceding claims 15-16, wherein for the first party further: - Receiving further information from the second party including at least one goselceteord white its version of the incorrectly corrected small words, information related to his version of the incorrectly corrected small words, encrypted information encoded using his version of the incorrectly corrected small word, and a combination thereof, and - Constructing the security guard's key from his raw key by correcting the incorrectly corrected small words by applying the further information from the second party. 18. Een computerprogramma product welke, waneer uitgevoerd op cen data verwerkingsapparaat, de methode volgens cen van de voorgaande conclusies uitvoert.A computer program product which, when executed on a data processing device, performs the method of any preceding claim. 19. Hen apparaat voor het convouniceren van data, in bet bijzonder volgens de methode van cen van de voorgaande methode conclusies, omvat cen circuit voor het verzenden van data door cen data overdraagkanaal welke cen publiek kanaal is, cen ctcuit voor het ontvangen van data gebruik maken van cen quantum kanaal voor het verzenden en/of ontvangen van een ruwe sleutel van de lengte N als een versie van de beveiligde sleutel met lengte N, waarbij het apparaat verder omvat een geïntegreerd circus, bijvoorbeeld cen FPGA geïmplementeerde circuit, voor het splitsen van de rawe sleutel met lengte N tot woorden van lengte n, het toepassen van cen foutcorretiecode met oen serie van N/n woorden van lengte n, en het construeren van de beveiligde sleutel van lengte N van de sere van woorden met lengte n.19. The apparatus for communicating data, in particular according to the method of one of the preceding method claims, comprises a circuit for transmitting data through a data transmission channel which is a public channel, and a circuit for receiving data using creating a quantum channel for sending and/or receiving a raw key of length N as a version of the secure key of length N, the device further comprising an integrated circuit, for example an FPGA implemented circuit, for splitting the raw key of length N to words of length n, applying an error correction code to a series of N/n words of length n, and constructing the secure key of length N from the series of words of length n. 20. Het apparaat volgens conclusie 19. Waarbij het publicke kanaal geselectoend is uit cen optisch comnumicatie kanaal, cen vre rutnts conununicatic kanaal, een bedraad kanaal, en cen combinatie daarvan. 21, Het apparaat volgens conclusie 19 of 20, waarbij het quantum kanaal geselecteerd is uit con optisch kanaal, cen vrije rammte kanaal, on cen combinatie daarvan.The apparatus of claim 19. Wherein the public channel is selected from an optical communication channel, a remote communication channel, a wired channel, and a combination thereof. The device according to claim 19 or 20, wherein the quantum channel is selected from a con optical channel, a free space channel, or a combination thereof. 22. Een apparaat voor het versturen van data gebmik makend van de metbode van cen van de voorgaande methode conclusies, omvattend: - Een data transoussie module voor het ontvangen van cen ruwe sleutel via cen quantum Kanaal: - Een data transmissie module voor het verzenden van data via eon publick klassiek kanaal: - Een geïntegreerd ctreuil, in het bijzonder cen field programmable gate array (FPGA) geïmplementeerd circuit, voor het ontvangen van klem woord, voor het informatie ontvangen van de data transmissie module, cn voor het implementeren van de fout verbeter code op het kleine woord en de informatie ontvangen van de data transmissie modale.22. An apparatus for transmitting data using the method of one of the foregoing method claims, comprising: - A data transmission module for receiving a raw key via a quantum channel: - A data transmission module for transmitting data via a publick classic channel: - An integrated control, in particular a field programmable gate array (FPGA) implemented circuit, for receiving terminal word, for receiving information from the data transmission module, and for implementing the fault improve code on the small word and the information received from the data transmission modal. 23. Een methode voor het vostigen van gen beveiligd data conununicate netwerk van cen serie van apparaten gebruk makend van cen publiek kanaal, omvattende de methode voor het commmiceren van data omvattende quantum sleutel distnbatie {QKD) volgens cen van de voorgaande conclusies 1-17. -0-0-0-0-0-A method for establishing a secure data interconnected network from an array of devices using a public channel, comprising the method for communicating data including quantum key distnbation (QKD) according to any of the preceding claims 1-17. -0-0-0-0-0-
NL2032162A 2022-06-14 2022-06-14 Segmented error correction for QKD post-processing NL2032162B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
NL2032162A NL2032162B1 (en) 2022-06-14 2022-06-14 Segmented error correction for QKD post-processing
PCT/NL2023/050326 WO2023244105A1 (en) 2022-06-14 2023-06-12 Segmented error correction for qkd post-processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
NL2032162A NL2032162B1 (en) 2022-06-14 2022-06-14 Segmented error correction for QKD post-processing

Publications (1)

Publication Number Publication Date
NL2032162B1 true NL2032162B1 (en) 2023-12-21

Family

ID=83506749

Family Applications (1)

Application Number Title Priority Date Filing Date
NL2032162A NL2032162B1 (en) 2022-06-14 2022-06-14 Segmented error correction for QKD post-processing

Country Status (2)

Country Link
NL (1) NL2032162B1 (en)
WO (1) WO2023244105A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040109564A1 (en) 2002-07-05 2004-06-10 Nicolas Cerf High-rate quantum key distribution scheme relying on continuously phase and amplitude-modulated coherent light pulses
WO2009056871A1 (en) 2007-10-31 2009-05-07 Hewlett-Packard Development Company, L.P. Quantum key distribution system using ldpc codes with a graph having a toroid structure
US20150312035A1 (en) 2012-10-23 2015-10-29 Sk Telecom Co., Ltd. Permutation method for correcting bit error in quantum key distribution protocol
WO2020211954A1 (en) 2019-04-18 2020-10-22 Huawei Technologies Duesseldorf Gmbh Device and method for performing information reconciliation in a quantum key distribution system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411511B (en) * 2016-11-18 2019-07-19 浙江神州量子网络科技有限公司 A kind of error correction method of multi-party quantum key distribution system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040109564A1 (en) 2002-07-05 2004-06-10 Nicolas Cerf High-rate quantum key distribution scheme relying on continuously phase and amplitude-modulated coherent light pulses
WO2009056871A1 (en) 2007-10-31 2009-05-07 Hewlett-Packard Development Company, L.P. Quantum key distribution system using ldpc codes with a graph having a toroid structure
US20150312035A1 (en) 2012-10-23 2015-10-29 Sk Telecom Co., Ltd. Permutation method for correcting bit error in quantum key distribution protocol
WO2020211954A1 (en) 2019-04-18 2020-10-22 Huawei Technologies Duesseldorf Gmbh Device and method for performing information reconciliation in a quantum key distribution system

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
G. VAN ASSCHEJ. CARDINALN.J. CERF: "Reconciliation of a quantum-distributed Gaussian key", IEEE TRANS. INFO. THEORY, vol. 50, no. 394, pages 204
HUTH CHRISTOPHER ET AL: "Information reconciliation schemes in physical-layer security: A survey", COMPUTER NETWORKS, ELSEVIER, AMSTERDAM, NL, vol. 109, 15 June 2016 (2016-06-15), pages 84 - 104, XP029788158, ISSN: 1389-1286, DOI: 10.1016/J.COMNET.2016.06.014 *
JOUGUET, PAULSEBASTIEN KUNZ-JACQUESANTHONY LEVERRIER: "Long-distance continuous-variable quantum key distribution with a Gaussian modulation", PHYSICAL REVIEW A, vol. 84, no. 6, 2011, pages 062317
NEDRA BENLETAIEF ET AL: "Reconciliation for Practical Quantum Key Distribution with BB84 protocol", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 16 February 2020 (2020-02-16), XP081602458, DOI: 10.1109/MMS.2011.6068566 *
NEDRA BENLETAIEF ET AL: "Toward Efficient Quantum Key Distribution Reconciliation", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 12 February 2020 (2020-02-12), XP081597940 *
P. HAILESL. XUR. G. MAUNDERB. M. AL-HASHIMIL. HANZO: "A Survey of FPGA-Based LDPC Decoders", IEEE COMMUNICATIONS SURVEYS & TUTORIALS, vol. 18, no. 2, 2016, pages 1098 - 1122, XP011611164, DOI: 10.1109/COMST.2015.2510381
TOMAMICHEL, MLIM, C. C. WGISIN, NRENNER, R: "Tight finite-key analysis for quantum cryptography", NATURE COMMUNICATIONS, vol. 3, no. 1, 2012, pages 1 - 6

Also Published As

Publication number Publication date
WO2023244105A1 (en) 2023-12-21

Similar Documents

Publication Publication Date Title
Xu et al. Secure quantum key distribution with realistic devices
AU2013265020B2 (en) Secure communication
US11336442B2 (en) Secure key agreement with untrusted parties
Djordjevic Physical-layer security and quantum key distribution
Zhou et al. Continuous-variable quantum key distribution with rateless reconciliation protocol
US8391491B2 (en) Communication system and synchronization control method
CN111404672B (en) Quantum key distribution method and device
EP1715615B1 (en) Quantum key delivering method and communication device
US20080292099A1 (en) Two Non-Orthogonal States Quantum Cryptography Method and Apparatus with Inter-and Inter-Qubit Interference for Eavesdropper Detection
Ribezzo et al. Deploying an inter‐European quantum network
Alon et al. Round efficient secure multiparty quantum computation with identifiable abort
RU2295199C1 (en) Method for generation of encryption/decryption key
Garay et al. Secure message transmission with small public discussion
Ranu et al. Differential phase encoded measurement-device-independent quantum key distribution
NL2032162B1 (en) Segmented error correction for QKD post-processing
EP4062580B1 (en) Quantum bit decoding apparatus, system and method
Li et al. The improvement of QKD scheme based on BB84 protocol
Kurt et al. A key verification protocol for quantum key distribution
Mehic et al. Fundamentals of quantum key distribution
Korzhik et al. Performance evaluation of keyless authentication based on noisy channel
EP4128649A1 (en) Improvements to digital transactions using quantum technology
Pfeiffer et al. Design of Practical Scrambling Schemes for Physical-Layer Security
RU2755593C1 (en) Method for authentication of switches based on signal encoding in several bases
Guo et al. Polarization-multiplexed quadrature amplitude modulation for continuous-variable quantum key distribution
Kumar et al. Reliable and secure communication using fundamental cut-sets and fundamental circuits