US20060059343A1 - Key expansion for qkd - Google Patents

Key expansion for qkd Download PDF

Info

Publication number
US20060059343A1
US20060059343A1 US10544172 US54417205A US2006059343A1 US 20060059343 A1 US20060059343 A1 US 20060059343A1 US 10544172 US10544172 US 10544172 US 54417205 A US54417205 A US 54417205A US 2006059343 A1 US2006059343 A1 US 2006059343A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
key
keys
stations
expanded
bob
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10544172
Inventor
Audrius Berzanskis
Alexei Trifonov
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MagiQ Technologies Inc
Original Assignee
MagiQ Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L7/00Arrangements for synchronising receiver with transmitter
    • H04L7/0008Synchronisation information channels, e.g. clock distribution lines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L7/00Arrangements for synchronising receiver with transmitter
    • H04L7/0075Arrangements for synchronising receiver with transmitter with photonic or optical means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Abstract

A method of encrypting information using an encryption pad based on keys exchanged between quantum key distribution (QKD) stations is disclosed. The method includes establishing raw keys between two stations using QKD, processing the keys to establish a plurality of matching privacy amplified keys at each station and buffering the keys in a shared key schedule. The method also includes the option of expanding one or more of the keys in the shared key schedule using a stream cipher to create a supply of expanded keys that serve as pads for one-time-pad encryption.

Description

    CLAIM OF PRIORITY
  • This patent application claims priority from U.S. Provisional Patent Application No. 60/445,805, filed on Feb. 7, 2003.
  • TECHNICAL FIELD
  • The present invention relates to quantum cryptography, and in particular relates to key expansion methods applied to keys established between quantum key distribution (QKD) stations for the purpose of forming one-time pads for sending encrypted information between the QKD stations.
  • BACKGROUND ART
  • Quantum key distribution involves establishing a key between a sender (“Alice”) and a receiver (“Bob”) by using weak (e.g., 0.1 photon on average) optical signals transmitted over a “quantum channel.” The security of the key distribution is based on the quantum mechanical principal that any measurement of a quantum system in unknown state will modify its state. As a consequence, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the quantum signal will introduce errors into the transmitted signals, thereby revealing her presence.
  • The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, pp. 175-179 (IEEE, New York, 1984). A specific QKD system is described in U.S. Pat. No. 5,307,410 to Bennet (the '410 patent).
  • The Bennett-Brassard article and the '410 patent each describe a so-called “one-way” QKD system wherein Alice randomly encodes the polarization of single photons, and Bob randomly measures the polarization of the photons. The one-way system described in the '410 patent is based on two optical fiber Mach-Zehnder intefFerometers. Respective parts of the interferometer are accessible by Alice and Bob so that each can control the phase of the interferometer. The signals (pulses) sent from Alice to Bob are time-multiplexed and follow different paths.
  • U.S. Pat. No. 6,438,234 to Gisin (the '234 patent), which patent is incorporated herein by reference, discloses a so-called “two-way” QKD system that is autocompensated for polarization and thermal variations. The two-way system is based on a folded interferometer wherein the optical pulses traverse the same path through the interferometer, but with a time-delay.
  • The general operation of a QKD system is described in the book by Bouwmeester, Ekert and Zeilinger (Eds.) entitled “The physics of quantum information,” Springer-Verlag (2001), section 2.3. In the operation of the two-way phase-encoding system of the '234 patent, Bob generates a single optical pulse and forms therefrom two coherent pulses P1 and P2 that travel to Alice with a time delay between the pulses. Alice attenuates the pulses to make them weak and then randomly phase modulates one of the pulses (say P1). Alice also reflects the pulses with a Faraday mirror so that the polarization of each pulse is rotated by 90° before returning to Bob. The pulses return to Bob and in doing so traverse the same round-trip path through the interferometer but in different order. Bob then randomly phase-modulates the yet-unmodulated pulse P2, and recombines the now-modulated pulses P1 and P2. The combined pulses interfere, and the result of the interference is detected in one of two detectors, depending on the respective phases imparted to pulses P1 and P2 by Alice and Bob, respectively. The detected pulses constitute Bob's measured qubits.
  • After a sufficiently large number of qubits are exchanged between Bob and Alice, Bob and Alice publicly compare the basis used to encode each photon, and also discard photons that did not arrive at Bob or Alice. Alice and Bob keep only those qubits corresponding to the same phase-encoding basis. This forms the sifted key. Alice and Bob then choose at random some of the qubits in the sifted key to test for errors that reveal the presence of an eavesdropper. These test qubits are then discarded. If there are no errors, the remaining qubits form the shared key. At this point, an operation called “privacy amplification” is typically performed. This operation involves deducing the number of bits (ζ) by which the (error-corrected) key kN of n bits needs to be shortened so that any information an eavesdropper has about the final key kF is lower than a specified value. Privacy amplification further includes forming a binary matrix K of dimension (n−ζ)×n, publicly sharing this matrix, and then performing kF=K·kN (mod 2) to arrive at the final key kF.
  • Finally, an authentication step is typically performed wherein a previously shared authentication key or code is used to ensure that the Alice is really Alice and Bob is really Bob. This authentication step can be performed at any point in the key exchange process.
  • Using the above-described processes, the final key kF has a given length. The length of the key kF dictates the amount of information that can be encrypted. The secure key rate from a QKD system is usually too low for commercially available data transmission lines if one-time pad encryption is being used. Also, the achievable data bandwidth is very low and is limited by the key generation rate, which is around 1-10 kbps with present technology. The technology of the present invention, set forth below, presents a method that allows QKD to encrypt broadband streams of data (up to 10 Gbps or more), thus providing a method for expanding the key without having to send additional photons over the system.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a flow diagram that provides an overview of the QKD processes of the present invention;
  • FIG. 2 is a flow diagram illustrating key sifting as run on Alice's computer;
  • FIG. 3 is a flow diagram that continues from the flow diagram of FIG. 2, and which illustrates key shuffling using a modified Cascade protocol on Alice's computer;
  • FIG. 4 is a flow diagram that continues from the flow diagram of FIG. 3, and that illustrates an example embodiment of generating an error-free key on Alice's computer, based on performing privacy amplification of the shuffled key;
  • FIG. 5 is a flow diagram that illustrates an example embodiment of performing key sifting on Bob's computer;
  • FIG. 6 is a flow diagram that continues from the flow diagram of FIG. 5, and that illustrates an example embodiment of key shuffling using a modified Cascade protocol on Bob's computer;
  • FIG. 7 is a flow diagram that continues from the flow diagram of FIG. 6, and that illustrates an example embodiment of generating an error-free key on Bob's computer by performing privacy amplification of the shuffled key;
  • FIG. 8 is a flow diagram illustrating an example embodiment of performing key expansion on a privacy amplified key;
  • FIG. 9 a is a diagram of an exemplary key schedule for “Pad Expansion Flag”=0, for the case when AES in CTR mode is used; and
  • FIG. 9 b is a diagram of an exemplary key schedule for “Pad Expansion Flag”=1, for the case when AES in CTR mode is used.
  • DETAILED DESCRIPTION OF THE INVENTION
  • The present invention has industrial utility in the fields of quantum cryptography, quantum key distribution, and data encryption. In particular, the present invention has industrial utility in combining quantum, cryptography and classical cryptography. The present invention provides protection from not only eavesdroppers that utilize passive tapping of transmitted information from a carrier such as, but not limited to, an optical photon, but from any type of intrusion attack including involved active types of attacks wherein an eavesdropper probes the Alice and Bob nodes (stations) using a probe signal sent through an optical fiber used to transmit data.
  • As described in greater detail below, the present invention includes a method for generating a cryptographically secure key between two stations. An example method includes exchanging single photon signals between two QKD stations to establish a plurality of matching raw keys at each station. The method also includes processing the raw keys using error correction and privacy amplification, to establish matching privacy amplified keys at each station. The method also includes buffering the privacy amplified keys at each station to form matching key schedules. The method further includes forming at least one expanded key from a key selected from the key schedules, wherein the expanded key serve as a one-time pad to encrypt information to be exchanged between the two stations.
  • The discussion below assumes that the eavesdropper (“Eve”) is unlimited in her technological resources. The system is optimized to provide maximal key generation rate in unconditional security regime. As an example, the system described herein can be implemented on a Pentium III, 500 MHz machine or better machines (assuming that quantum layer clock does not exceed 10 MHz), and also on a digital signal processor (DSP). A communication channel of approximately 10 Mbit/s may be utilized (depending on quantum layer clock rate and optical channel length).
  • Also, in the discussion below, the term “key” is interchangeable with “pad” when the pad is the same length as the key. However, generally speaking, a key is used to form a pad, say by generating a string of bits to be used for data encoding. In this case, the pad has a different length (i.e., number of bits) than they key and is not the same as the key per se. However, in the discussion below, an “expanded key” is used as a pad for one-time pad encryption. Also, the term “expanded pad” is used below and is the same as the “expanded key.” The term “expanded pad” is used to denote a pad that is expanded over a pad that would be formed from an unexpanded key.
  • In an example embodiment, the method of present invention includes a number of main algorithmic parts, including sifting, error correction, privacy amplification and key expansion (or no key expansion). The error correction protocol is optimized to reveal as few bits on the public channel as possible. In addition, the error correction protocol utilizes encryption (preferably one-time pad) of bits sent over the public discussion (PD) layer.
  • The privacy amplification method utilized herein implements a multiplication by a random binary matrix. The matrix multiplication is preceded by cryptographically strong sifted key shuffling. The key expansion step uses a stream cipher.
  • QKD Process Overview
  • FIG. 1 is a flow diagram that provides a general overview of the QKD process according to the present invention. With reference to FIG. 1, to start a quantum key distribution (QKD) process, the two parties involved (Alice and Bob) share initial secret information that is required for authentication of a sifting procedure. In the sifting stage, the two parties involved in QKD exchange basis and single-photon detector ‘click’ information.
  • In order to ‘fight quantum memory’ the sifting process is started with a delay of >1 s after bits are detected. Bob (the party ultimately receiving photons) sends Alice (the party sending photons) information about click time slots and basis information for positions of the clicks. Alice responds with a stream of bits encoding the ‘correct’ bases for the ‘clicks’. Both parties disregard the bits with ‘wrong’ bases.
  • The sifting procedure is authenticated. For this purpose, Alice and Bob form a string of bits that they are sending/receiving in pre-agreed form and calculate message authentication code (MAC) values of the string. If the latter values coincide, Alice and Bob proceed to the error correction protocol. If the MAC values to not coincide, they issue an intrusion or “attack alert.”
  • Authentication may be performed by means of any strong authentication procedure. Preferable procedures are the unconditionally secure message authentication codes (for example, UMAC).
  • Other possible authentication procedures can be based on hash function SHA, RIPEMD (or other) based HMAC. The latter case is not unconditionally secure. However, the parties can decide to encrypt/partially encrypt the MAC by using a one-time pad with the absolutely secure key they possess. This removes any possibility of cracking the authentication. It is preferable to use some kind of encryption for the whole sifting procedure, for example AES or TDES.
  • With continuing reference to FIG. 1, the sifted key is buffered until it reaches a number of bits high enough (e.g., 10ˆ5 bits or more) to run the error correction protocol. Cryptographically strong shuffling is then performed on the sifted key stored in the buffer. Both parties (i.e., Alice and Bob) use the same seed for the shuffling procedure, which they take from their absolutely secure key buffer. In this way, an eavesdropper has no information on a shuffling result. The seed is refreshed at pre-agreed time moments. The shuffling step is utilized to randomize the positions of errors that are needed for realization of an efficient error correction protocol, to erase (preferably to a very high degree) eavesdropper's information on specific bit positions in the sifted key, and to prepare the sifted key for the privacy amplification procedure.
  • The shuffling step is a security enhancement to the standard BB84 protocols and in an example embodiment may be skipped if all the data transmitted over public channel is encrypted.
  • The error correction utilized by the system is characterized, among other ways, by the party correcting the errors deciding on a number of passes of a Cascade protocol based on a hash value provided by another party. After each pass through the Cascade protocol, the party calculates the hash value on its buffer and compares it to the received value. When the hash values coincide, the Cascade is stopped. If the values do not coincide, then another pass of Cascade is performed. In this way, fewer bits have to be sent over the public channel, and the probability of failure of Cascade to correct some errors is effectively zero. In general, any hash function with good mixing properties may be used (e.g., SHA, MD5). Another modification of the Cascade process includes encrypting parity bits sent over the public discussion layer. The hash value mentioned above should preferably be encrypted as well. Therefore, an eavesdropper listening to the communication over the public discussion layer (channel) does not receive information on bit parities. It should be noted that information on specific bit positions is, to a high degree, erased in the shuffling step.
  • The outcome of the error correction procedure is buffered for privacy amplification. This buffering may be required to adjust different sizes of blocks in the error correction and privacy amplification steps. Privacy amplification is performed as multiplication of the error-corrected string by a fixed random binary matrix M. The shuffling step enables maintaining the matrix as fixed during QKD.
  • Quantum Key Generation at Alice
  • FIG. 2 [Alice-1], FIG. 3 [Alice-2], and FIG. 4 [Alice-3] are flow diagrams of a quantum key generation process according to the present invention as performed by Alice's computer, located at the Alice node. Further “Alice's apparatus”, “Alice's computer” and “Bob's apparatus” and “Bob's computer” are referred to as “Alice” and “Bob,” respectively.
  • FIG. 2 [Alice-1] is a flow diagram illustrating a sifting stage as run on Alice's computer. In 8-1, Alice receives quantum layer key bits and bases from the RNG within Alice's apparatus. In 8-2, Alice receives click positions of single photon detectors at Bob's apparatus (CPB), bases for clicks (BCB), and message authentication code (MACB1) from Bob. In 8-3, Alice calculates her message authentication code (MACA1) and compares it to Bob's message authentication code (MACB1). In 8-4, MACB1 is compared to MACB2. If the values of MACB1 and MACA1 coincide (“yes”), Alice concludes that there was no attempt to tamper with data. If the values of MACB1 and MACA1 do not coincide (“no”), the program generates an attack alert at 8-5 and sends a warning to Bob at 8-6.
  • In the case that values of MACB1 and MACA1 coincide, in 8-7 Alice forms a correct basis positions string (CBPA) by checking bases for coincidence and calculates a message authentication code for CBPA (MACA2). In 8-8, CBPA and MACA2 are then sent to Bob. Thereafter, in 8-9, Alice picks bits that correspond to correct bases and discards the rest of the bits.
  • FIG. 3 [Alice-2] is a flow diagram that continues from the flow diagram of FIG. 2, and contains buffering for sifting stage and shuffling a modified Cascade, as an example, a protocol part of the algorithm as run on Alice's computer. Following 8-9 of FIG. 2, buffering is completed in 9-1. Then in 9-2, Alice performs cryptographically strong shuffling utilizing the pre-agreed part of the key. Then in 9-3, the shuffled string hash (ha) is calculated and in 9-4 ha is sent to Bob.
  • For error correction, Alice uses the modified Cascade protocol with one-time pad parity bit encryption at 9-5. Within each run of 9-5, an Nth pass of modified Cascade algorithm is communicated to Bob. After each pass of the modified Cascade protocol of 9-5, Alice checks the status of coincided hash values sent from Bob. If at 9-6 a new hash (h) and the old hash (ha) at Bob's side do not coincide (“no”), a higher pass of the modified Cascade is run. The process is stopped when coinciding hashes (“yes”) are achieved at 9-6. In 9-7, results of error correction may also be buffered.
  • The parties might decide to exchange some authenticated information about their generated keys to ensure that there was no spoofing during communication over the public channel.
  • FIG. 4 [Alice-3] is a flow diagram that continues from the flow diagram of FIG. 3 and that illustrates the generation of error-free key stage as run on Alice's computer. In 10-1, privacy amplification is performed on the corrected bit string by multiplication of the corrected bit stream by a fixed random binary matrix M. This procedure generates the secure key. In 10-2, the secure key is buffered synchronously to Bob's station and in 10-3 the secure key is outputted.
  • Buffering is a good measure against denial of service (DOS) attack. In case of DOS attack, the stations issue an alarm to the control center. For example, the stations can send a simple network management protocol (SNMP) trap. The stations can then start using buffered keys instead of QKD-generated keys until the DOS is mitigated. The size of the buffer should be big enough to provide the time for technical personnel to address the DOS problem. It should be noted that standard implementation of quantum cryptography is not resistant to DOS attacks.
  • Quantum Key Generation Process at Bob
  • FIG. 5 [Bob-1], FIG. 6 [Bob-2], and FIG. 7 [Bob-3] are flow diagrams diagram for a quantum key generation process as performed by Bob's computer. FIG. 5 [Bob-1] is a flow diagram that contains a sifting stage as run on Bob's computer. In 11-1, Bob receives quantum layer bases for clicks from RNG within Bob's apparatus (BCB) and click positions (CPB) from the single photon detector(s) through, for example, a 32 bit input/output port. In 11-2, a string is formed for CPB and for BCB. In 11-3, for these strings Bob calculates message authentication code (MACB1). In 11-4, Bob sends Alice BPB, BCB and MACB1. In turn, in 11-5 Bob receives from Alice CBPA and MACA2. In 11-6, for the data received, message authentication code (MACB2) is once more calculated, and in 11-7 MACB2 and MACA2 are compared. If MACB2 and MACA2 do not coincide (“no”), an attempt of tampering with data occurred during data transfer. In this case, the in 11-8 program generates an attack alert and in 11-9 sends a warning to Bob and Alice. If MACB2 and MACA2 do coincide (“yes”) at 11-7, no attack happened during data transfer. In this case, in 11-10 the program picks bits that correspond to correct bases and discards the rest of the bits.
  • FIG. 6 [Bob-2] is a flow diagram that continues from the flow diagram of FIG. 5 and that contains buffering for a sifting stage and shuffling, and a modified Cascade protocol part of the algorithm as run on Bob's computer.
  • In 12-1, the bits selected in 11-10 are buffered. After buffering is completed, then in 12-2 cryptographically strong shuffling utilizing the pre-agreed part of the key is performed. In 12-3, Bob receives hash from Alice and saves it (ha) in 124. For error correction, in 12-5, Bob uses the modified Cascade protocol with one-time pad parity bit encryption. Within each run of 12-5, an Nth pass of the modified Cascade algorithm communication with Bob takes place. Such data exchange assures parity bit encryption. After each pass of the modified Cascade protocol of 12-5, a new hash (h) is calculated in 12-6, and compared to the previous hash (ha) in 12-7. If h and ha do not coincide (“no”), a higher pass of the modified Cascade is run in 12-5. The process is stopped when coinciding hashes are achieved (“yes”) at 12-6. In this case Bob, in 12-8 sends Alice a flag, which informs Alice that hash h and hash ha coincided. In 12-9, results of error correction are also buffered.
  • FIG. 7 [Bob-3] is a flow diagram that continues from the flow diagram of FIG. 6 and contains a generation of error-free key stage as run on Bob's computer. In 13-1 (which follows buffering step 12-9), privacy amplification is performed on the corrected bit string by multiplication of the corrected bit stream by a fixed random binary matrix M. This procedure generates the secure key. The secure key from 13-1 is then buffered in 13-2 and a key is generated in 13-3.
  • Again, in case of a DOS attack, the stations issue an alarm to the control center and follow the above-described procedure to ensure continued operation.
  • Key Expansion
  • It should be noted that, in an example embodiment of the present invention, an arbitrarily long key for one-time pad encryption is produced, which increases the encrypted data bandwidth. Strictly speaking, one-time pad-like encryption with the expanded key is no longer one-time pad encryption. However, all the operations a user has to perform to encrypt the data are identical to the operations needed to implement one-time pad encryption, so the term ‘one-time pad’ is used herein.
  • As mentioned above, the secure key rate from a QKD system is usually too low for commercially available data transmission lines if one-time pad encryption is being used. At the same time, in many cases using a one-time pad is an excess security measure. Accordingly, the following describes a QKD device that comprises a key expansion protocol in addition to the standard protocols of QKD. This lets a user select between two regimes of QKD operation: one-time pad and one-time expanded pad. In principle, a user can expand a key only at the users site. However such a solution is expensive and not necessarily safe, thus reducing the security level of the QKD system. The present technique allows users to choose between an expanded key regime and a one-time pad regime. However, the key expansion itself is performed within the QKD apparatus.
  • Current implementations of QKD suffer from a low key rate that today is on the order of 1 kbit/sec. The key rate is defined by the clock rate of the QKD device, imperfections of light sources, finite efficiency of detectors, finite finesse of optical elements, and losses in the optical fiber connecting the QKD stations. Though technological advances will likely enable an increase in the rate of secure bits, this rate will be lower than the bandwidth of commercially available communication lines. This prevents using QKD systems with one-time pad encryption on such communication lines.
  • On the other hand, one-time pad is a natural encryption choice when a QKD is used. A one-time pad encures ultimate security, thus making one-time pad encryption and QKD combination unbreakable. The drawback is that using a one-time pad limits the data transmission bandwidth to that of the key rate.
  • In many cases, one-time pad encryption is excessive and other classical symmetric key encryption techniques can be employed with a QKD system. These techniques would require additional hardware and/or software. The present invention concerns a QKD system that does not provide specialized encryptors. Such systems can be used in one-time pad encryption mode. The following describes a feature of a QKD system (“one-time pad/expanded pad switch”) that enables the system to be used in either one-time pad or expanded pad regimes. The one-time pad embodiment provides the ultimate security delivered by quantum key distribution, while the expanded pad regimes solves the problem of finite data bandwidth in cases when one-time pad is not required.
  • A one-time pad/expanded pad switch can readily be added to a QKD system. In many cases, it can be realized by software means on existing QKD hardware. Preferably, both one-time pad and expanded pad regimes use the same key distribution interface.
  • The QKD system can be seen as a perfect random number generator producing the same random bits at two remote locations. At the switch position ‘one-time pad,’ the generated bits are sent via interface to the user and for one-time pad encryption of a particular message.
  • At a switch position ‘expanded pad’ the random bits serve as a seed for a cryptographically strong pseudo random number generator that can be implemented on QKD hardware to produce a pseudo random bit stream that is long enough to encrypt a message and which, again, is sent via the same interface, to the user and for one-time pad encryption of the message.
  • The communicating parties switch the regimes synchronously. For synchronization, they can use any communication network in their possession. For example, the party—Alice or Bob—that requests key expansion, sets “Pad Expansion Flag”=1 for a pre-agreed bit, and exchanges this bit with another party within the accepted communication protocol between the two QKD stations. The synchronization protocol also can be implemented in a QKD device and can use the communication line of QKD. The party transmitting the encrypted message informs the receiving party of the encryption regime and, in case of expanded pad regime, the key expansion ratio.
  • Example of Key (Pad) Expansion
  • Key expansion can be performed in a QKD device after the privacy amplification protocol, or it can be combined with privacy amplification step. FIG. 8 [Bob-31] is a flow diagram for the embodiment where key expansion is performed after privacy an amplification protocol, represented by 14-1. The privacy amplified key is buffered in 14-2. In 14-3, the QKD system generates random bit blocks r=r1, r2, . . . , rN. The cryptographically strong pseudorandom number generator P stretches the bits blocks pi=P(ri), producing a pseudorandom bit stream p=p1,p2, . . . ,pN. For the pseudorandom number generator, one may use a type of stream cipher, for example AES in CTR mode. The pseudorandom bit stream is used for one-time pad encryption in expanded pad mode. This operation is run on both QKD stations, i.e. at Bob and Alice. In 14-4, parties check the value of the exchanged “Pad ExpansiQn Flag” bit. It should be noted here that the term “Pad Expansion” is used to denote expanding the key to form the (expanded) pad.
  • If “Pad Expansion Flag”=0, then the output is just a key as generated during the QKD process. Having buffered keys is mind, the key schedule with AES in Counter (CTR) mode has a structure “ID_1 Key_1; ID_2 Key_2; ID_N Key_N” (see FIG. 9 a), where ID_I is a number assigned to each key Key_I.
  • In 14-5, the expanded pad is outputted. If “Pad Expansion Flag”=1, than the output is expanded key. Than the key schedule with AES in CTR mode has a structure “ID_1 Key_1 Pad_1; ID_2 Key2 Pad_2; . . . :ID_N Key_N Pad N” (see FIG. 9 b), where ID_I is a number assigned to each pair of Key_I and Pad_I. Pad_N is a bit stream generated by means of AES-256 (Key_N) using AES in CTR mode. There is no correlation of ID_N with either Key_N or Pad_N. The key expansion ratio depends on the user's data bandwidth and the key generation rate. Key data is never reused. Although a key ID may be reused, its associated key data will always be different.
  • Thus, in the present invention one-time pad encryption need not be used to encrypt data whose bandwidth is higher than the key generation rate. In other words, if the data bandwidth B is higher than the key generation rate K, then we use K in combination with some classical cryptographic methods. For example, K is split into n 256 bit blocks-k1, k2, . . . , kn (n=K/256) (in that way n is a number of 256 bit keys we can generate per second) and keys kj are used with some classical encryption method to encrypt data for time 1/n seconds
  • Similar implementation can be achieved for other cipher modes as well. For example, in CBC mode one would need to send the Key_ID only and there is no need to send the offset. CBC mode provides a higher data integrity check. If, for example, the packets are being encrypted at OSI level 2, then the data forgery after decryption will usually be noticed by OSI level 3 protocols. In that way CBC mode provides much better data integrity check than CTR mode. To implement CBC mode encryption, a user might need specialized hardware.
  • It is worth noting that AES in CTR (as well as many other block stream ciphers) has a known flaw in that it is subject to data forgery or spoofing. Because of this, it is preferred that it be used with a data authenticity mechanism to ensure that the data has not been altered with out authorization.
  • The same implementation can be used with other stream ciphers. It is worth noting that the stream ciphers, which provide message authentication, can prevent data forgery and spoofing.
  • Pad expansion can be performed by cryptographically strong pseudorandom generators (like block stream ciphers). The privacy amplification step utilizes is a QKD protocol that produces a perfectly secure bit stream from a partially secure bit stream. This is usually achieved by applying some universal hash function on the partially secure bits (e.g., Bennet, Brassard-Generalized PA). The hash function compresses the bit stream in a way so that eavesdropper has exponentially little information on the compressed bits. To some extent, pad expansion ‘does the opposite.’ Specifically, pad expansion stretches the bit stream so that more key bits are received at the output.
  • The expanded pad can be generated by modifying the privacy amplification procedure by adjusting the compression ratio. The latter reduces computational complexity and, thus, computational resources of the hardware. As an example, one possible embodiment involves the communicating parties applying a cryptographically strong shuffling procedure on partially secure bits without compression. The seed for the shuffling procedure can be exchanged between the parties over any existing communication network that the parties possess. The parties can agree on a one-time pad encryption for the shuffling seed. Starting at this point, the parties can seed a cryptographically strong pseudo random number generator with the shuffled bits.
  • In accordance with an example embodiment of the present invention, the receiver of the single-bit transmission is aware of when the transmitter is going to transmit the encrypted data to the receiver. It should be noted that in one example the transmitter is transmitting the encrypted data to the receiver, while in another example the receiver may instead be a transmitter, while the transmitter acts as a receiver.
  • User Data Encryption
  • In an example embodiment, the present invention is used perform data encryption in the following as manner outlined below. At the encryption station (say, Bob), the station reads the user data packet and determines the packet data size in bytes. The encryption station then checks to see if the sum of the current offset and the packet data size is less than the Pad size in bytes. If not, the station jumps to the next key ID and resets the offset to zero.
  • The encryption station then XORs the packet data with an appropriate pad, starting from current offset value. It adds the Key ID and offset information in unencrypted format to the packet. The latter can be done by encapsulating the packet into another packet, by adding an additional header, or by using some already existing field of the data packet. The encryption station then increases the current offset by the size of the encrypted data packet and transmits the encrypted packet to the receiver.
  • At the decrypting station (say, Alice), the packets are read and the Key ID and offset are extracted. The received data is then XORed with the appropriate pad starting from the received offset value. The receiver station then restores all packet headers (if necessary), and passes the data to the user.

Claims (5)

  1. 1. A method for establishing a secure key between two stations, the method comprising:
    a) exchanging single photon signals between two quantum key distribution stations to form a plurality of raw keys at each station;
    b) performing error correction and privacy amplification on the raw keys to form a plurality of privacy amplified keys at each station;
    c) buffering the privacy amplified keys in each station to form matching key schedules at each station; and
    d) forming at least one expanded key from a key selected from the matching key schedules, wherein the at least one expanded key is suitable for one-time pad encryption of information to be exchanged between the two stations.
  2. 2. The method of claim 1, including:
    a) encrypting information using the at least one expanded key as a one-time pad; and
    b) transmitting the encrypted information between the two stations.
  3. 3. A method of sending encrypted information between two stations, comprising:
    a) establishing a raw key between the two stations using quantum key distribution;
    b) establishing a privacy amplified key from the establish raw key;
    c) providing the option of encrypting data using a one-time pad based on either the privacy amplified key as an unexpanded key, or an expanded version of the privacy amplified key as an expanded key; and
    d) sending encrypted information between the two stations using a one-time pad based on either the unexpanded key or the expanded key.
  4. 4. The method of claim 3, including:
    a) expanding one or more of the privacy amplified keys; and
    b) storing at each station the one or more expanded keys in a key schedule.
  5. 5. The method of claim 3, including:
    a) storing at each station one or more unexpanded keys in a first key schedule;
    b) storing at each station one or more expanded keys in a second key schedule; and
    c) encrypting information using one-time pads based on keys from at least one of the first and second key schedules when raw keys cannot be exchanged between the stations.
US10544172 2003-02-07 2004-02-05 Key expansion for qkd Abandoned US20060059343A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US44580503 true 2003-02-07 2003-02-07
PCT/US2004/003299 WO2004073234A3 (en) 2003-02-07 2004-02-05 Key expansion for qkd
US10544172 US20060059343A1 (en) 2003-02-07 2004-02-05 Key expansion for qkd

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10544172 US20060059343A1 (en) 2003-02-07 2004-02-05 Key expansion for qkd

Publications (1)

Publication Number Publication Date
US20060059343A1 true true US20060059343A1 (en) 2006-03-16

Family

ID=32869422

Family Applications (2)

Application Number Title Priority Date Filing Date
US10670979 Active 2025-09-16 US7227955B2 (en) 2003-02-07 2003-09-25 Single-photon watch dog detector for folded quantum key distribution system
US10544172 Abandoned US20060059343A1 (en) 2003-02-07 2004-02-05 Key expansion for qkd

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10670979 Active 2025-09-16 US7227955B2 (en) 2003-02-07 2003-09-25 Single-photon watch dog detector for folded quantum key distribution system

Country Status (4)

Country Link
US (2) US7227955B2 (en)
EP (2) EP1590918A2 (en)
JP (2) JP2006514512A (en)
WO (2) WO2004073234A3 (en)

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050078827A1 (en) * 2003-10-10 2005-04-14 Nec Corporation Quantum cryptography key distributing system and synchronizing method used in the same
US20050151187A1 (en) * 2003-11-20 2005-07-14 Hiroki Wakimoto Insulated gate semiconductor device
US20060059403A1 (en) * 2002-09-18 2006-03-16 Youdai Watanabe Quantum key distribution method and communication device
US20060212936A1 (en) * 2005-03-16 2006-09-21 Audrius Berzanskis Method of integrating QKD with IPSec
US20070014415A1 (en) * 2005-06-16 2007-01-18 Harrison Keith A Quantum key distribution method and apparatus
US20070092083A1 (en) * 2005-10-24 2007-04-26 Magiq Technologies, Inc. QKD system with synchronization channel verification
US20070177424A1 (en) * 2005-09-29 2007-08-02 Martin Sadler Device with n-time pad and a method of managing such a pad
US20080031456A1 (en) * 2005-09-29 2008-02-07 Keith Alexander Harrison Device with multiple one-time pads and method of managing such a device
US20080095370A1 (en) * 2006-10-18 2008-04-24 Rose Gregory G Method for securely extending key stream to encrypt high-entropy data
WO2008147171A2 (en) * 2007-05-31 2008-12-04 Mimos Berhad Error eliminating for communicating parties
US20090316901A1 (en) * 2006-07-26 2009-12-24 Japan Science And Technology Agency Secret communication method and secret communication device thereof
US7697693B1 (en) * 2004-03-09 2010-04-13 Bbn Technologies Corp. Quantum cryptography with multi-party randomness
US7706535B1 (en) 2003-03-21 2010-04-27 Bbn Technologies Corp. Systems and methods for implementing routing protocols and algorithms for quantum cryptographic key transport
GB2467975A (en) * 2009-02-24 2010-08-25 Hewlett Packard Development Co Authentication method and apparatus using one time pads
US20100293380A1 (en) * 2008-01-25 2010-11-18 Qinetiq Limited Quantum cryptography apparatus
US20100290626A1 (en) * 2008-01-28 2010-11-18 Qinetiq Limited Optical transmitters and receivers for quantum key distribution
US20100299526A1 (en) * 2008-01-25 2010-11-25 Qinetiq Limited Network having quantum key distribution
US20100329459A1 (en) * 2008-01-25 2010-12-30 Qinetiq Limited Multi-community network with quantum key distribution
US20110064222A1 (en) * 2008-05-19 2011-03-17 Qinetiq Limited Quantum key distribution involving moveable key device
US20110069972A1 (en) * 2008-05-19 2011-03-24 Qinetiq Limited Multiplexed quantum key distribution
US20110213979A1 (en) * 2008-10-27 2011-09-01 Qinetiq Limited Quantum key distribution
US20110228380A1 (en) * 2008-12-08 2011-09-22 Qinetiq Limited Non-linear optical device
US20110231665A1 (en) * 2008-12-05 2011-09-22 Qinetiq Limited Method of performing authentication between network nodes
US20110228937A1 (en) * 2008-12-05 2011-09-22 Qinetiq Limited Method of establishing a quantum key for use between network nodes
WO2012105930A3 (en) * 2010-01-29 2012-10-26 Hewlett-Packard Development Company, L.P. Quantum key distribution method and apparatus
CN102904726A (en) * 2012-11-08 2013-01-30 中国科学院信息工程研究所 Classical channel message authentication method and device for quantum key distribution system
US20130275757A1 (en) * 2012-04-17 2013-10-17 The Boeing Company Secure Quantum Authentication System
US8654979B2 (en) 2008-05-19 2014-02-18 Qinetiq Limited Quantum key device
US8683192B2 (en) 2009-09-29 2014-03-25 Qinetiq Methods and apparatus for use in quantum key distribution
US8693691B2 (en) * 2012-05-25 2014-04-08 The Johns Hopkins University Embedded authentication protocol for quantum key distribution systems
US20140208116A1 (en) * 2013-01-22 2014-07-24 Kabushiki Kaisha Toshiba Communication apparatus, communication system, and computer program product
WO2015048783A1 (en) * 2013-09-30 2015-04-02 Nordholt, Jane, E. Quantum-secured communications overlay for optical fiber communications networks
US20150236852A1 (en) * 2014-02-17 2015-08-20 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and quantum key distribution method
US9191198B2 (en) 2005-06-16 2015-11-17 Hewlett-Packard Development Company, L.P. Method and device using one-time pad data
US20160028542A1 (en) * 2013-10-25 2016-01-28 Sk Telecom Co., Ltd. Method for processing double click event for securing safety in quantum key distribution system
WO2016070141A1 (en) * 2014-10-30 2016-05-06 Alibaba Group Holding Limited Method, apparatus, and system for quantum key distribution, privacy amplification, and data transmission
US20160142203A1 (en) * 2014-11-19 2016-05-19 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and quantum key distribution method
US20160218868A1 (en) * 2015-01-23 2016-07-28 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and computer program product
US9692595B2 (en) 2010-12-02 2017-06-27 Qinetiq Limited Quantum key distribution

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7227955B2 (en) * 2003-02-07 2007-06-05 Magiq Technologies, Inc. Single-photon watch dog detector for folded quantum key distribution system
WO2004105289A3 (en) * 2003-05-14 2005-03-24 Science Res Lab Inc Methods and systems for high-data-rate quantum cryptography
GB2404103B (en) * 2003-07-15 2005-06-29 Toshiba Res Europ Ltd A quantum communication system
GB2419264B (en) * 2003-08-18 2006-12-27 Toshiba Res Europ Ltd A quantum communication system and a receiver for a quantum communication system
WO2005053219A1 (en) * 2003-11-28 2005-06-09 Japan Science And Technology Agency Communication system and communication method using the same
US7606371B2 (en) * 2003-12-22 2009-10-20 Magiq Technologies, Inc. Two-way QKD system with active compensation
JP4584975B2 (en) * 2004-03-02 2010-11-24 マジック テクノロジーズ,インコーポレーテッドMagiq Technologies,Inc. Modulator automatic calibration method for the Qkd
EP1783931B1 (en) * 2004-07-12 2009-02-18 Mitsubishi Electric Corporation Photon detecting apparatus and optical communication system
JP4775820B2 (en) * 2004-09-02 2011-09-21 アイディー クアンティック エス.アー. Device having the qubit and qubit interference for non-orthogonal two-state quantum cryptography and eavesdropping detection
JP4654649B2 (en) * 2004-10-07 2011-03-23 ソニー株式会社 Quantum cryptography communication method, and a quantum cryptography communication apparatus, and a quantum cryptography communication system
US7437081B2 (en) * 2004-11-01 2008-10-14 Magiq Technologies, Inc System and method for providing two-way communication of quantum signals, timing signals, and public data
FR2879381B1 (en) * 2004-12-15 2008-12-26 Thales Sa quantum key distribution encryption system has continuous variables
JP4504833B2 (en) * 2005-02-17 2010-07-14 富士通株式会社 Secret key distribution system
US8098826B2 (en) * 2005-04-20 2012-01-17 Magiq Technologies, Inc. QKD system laser autocalibration based on bit-error rate
US7853011B2 (en) * 2005-05-13 2010-12-14 Ciena Corporation Methods and apparatus for monitoring the integrity of a quantum channel supporting multi-quanta pulse transmission
US7502476B1 (en) * 2005-05-27 2009-03-10 Magiq Technologies, Inc. Systems and methods of enhancing QKD security using a heralded photon source
JP4957952B2 (en) * 2005-06-21 2012-06-20 日本電気株式会社 Communication system and its timing control method
FR2889320B1 (en) * 2005-07-27 2007-10-26 Smartquantum Sa optical transmission system and reception device of an optical signal
US20070110247A1 (en) * 2005-08-03 2007-05-17 Murphy Cary R Intrusion detection with the key leg of a quantum key distribution system
US20070113268A1 (en) * 2005-08-03 2007-05-17 Murphy Cary R Intrusion resistant passive fiber optic components
US7639947B2 (en) * 2005-09-19 2009-12-29 The Chinese University Of Hong Kong System and methods for quantum key distribution over WDM links
US7747019B2 (en) 2005-09-28 2010-06-29 Nortel Networks Limited Methods and systems for communicating over a quantum channel
GB0519814D0 (en) * 2005-09-29 2005-11-23 Hewlett Packard Development Co Methods and apparatus for managing and using one-time pads
US8250363B2 (en) 2005-09-29 2012-08-21 Hewlett-Packard Development Company, L.P. Method of provisioning devices with one-time pad data, device for use in such method, and service usage tracking based on one-time pad data
US20070076878A1 (en) * 2005-09-30 2007-04-05 Nortel Networks Limited Any-point-to-any-point ("AP2AP") quantum key distribution protocol for optical ring network
US20070076887A1 (en) * 2005-09-30 2007-04-05 Nortel Networks Limited Double phase encoding quantum key distribution
KR100759811B1 (en) * 2005-12-08 2007-09-20 한국전자통신연구원 Transciver and method for high-speed auto-compensating quantum cryptography
US7248695B1 (en) * 2006-02-10 2007-07-24 Magiq Technologies, Inc. Systems and methods for transmitting quantum and classical signals over an optical network
JP2007251678A (en) * 2006-03-16 2007-09-27 Sony Corp Quantum encryption communication apparatus and average photon number setting method in communication terminal
JP4595853B2 (en) * 2006-03-22 2010-12-08 日本電気株式会社 Cryptosystem, encryption circuit and the encryption control method used therefor
JP2008005046A (en) * 2006-06-20 2008-01-10 Oki Electric Ind Co Ltd Encryption communication system
GB0613319D0 (en) * 2006-07-05 2006-08-16 Qinetiq Ltd Quantum cryptography apparatus
KR100890389B1 (en) 2006-12-05 2009-03-26 한국전자통신연구원 Polarization-insensitive one way quantum key receiver, transmitter/receiver system
US8320774B2 (en) * 2007-07-07 2012-11-27 Id Quantique Sa Apparatus and method for adjustment of interference contrast in an interferometric quantum cryptography apparatus by tuning emitter wavelength
JP5013521B2 (en) 2007-09-05 2012-08-29 独立行政法人情報通信研究機構 Quantum cryptography communication device and method
JP5167156B2 (en) * 2009-01-19 2013-03-21 株式会社デンソー Biological state evaluation apparatus, the biological state evaluation system, program, and recording medium
JP5464413B2 (en) * 2009-08-19 2014-04-09 日本電気株式会社 Communication apparatus and communication control method in a secret communications system
KR101314210B1 (en) * 2009-11-24 2013-10-02 한국전자통신연구원 A method of User-authenticated Quantum Key Distribution
WO2012025988A1 (en) * 2010-08-24 2012-03-01 三菱電機株式会社 Encryption device, encryption system, encryption method and encryption program
CN104303449B (en) * 2010-10-08 2017-11-28 Id量子技术股份有限公司 By randomly changing one kind of Attack detection apparatus and method control a quantum encryption device in the single-photon detector for their effectiveness
WO2013052861A1 (en) * 2011-10-05 2013-04-11 Telcordia Technologies, Inc. System and method for nonlinear optical devices
CN102638301B (en) * 2012-03-23 2015-09-02 中国科学院西安光学精密机械研究所 Modulation and demodulation apparatus and method in an optical signal A spatial light communication
CN102723947B (en) * 2012-06-18 2015-01-21 中国电力科学研究院 Variable-speed true random source logic circuit based on quantum physics and applied to electric power system
GB2520208B (en) * 2012-10-12 2015-12-09 Toshiba Res Europ Ltd A system and method for intensity monitoring
KR101479107B1 (en) * 2012-10-30 2015-01-07 에스케이 텔레콤주식회사 Method and Apparatus for Generating and Processing Quantum Signals in forms of Regular Frames for Quantum Key Distribution

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5850441A (en) * 1993-09-09 1998-12-15 British Telecommunications Public Limited Company System and method for key distribution using quantum cryptography
US6104811A (en) * 1996-08-16 2000-08-15 Telcordia Technologies, Inc. Cryptographically secure pseudo-random bit generator for fast and secure encryption
US6445794B1 (en) * 1998-06-24 2002-09-03 Benyamin Ron System and method for synchronizing one time pad encryption keys for secure communication and access control
US20050157875A1 (en) * 2002-09-26 2005-07-21 Tsuyoshi Nishioka Crytographic communication apparatus
US7194090B2 (en) * 2000-07-12 2007-03-20 Kabushiki Kaisha Toshiba Encryption apparatus, decryption apparatus, expanded key generating apparatus and method therefor, and recording medium
US7227955B2 (en) * 2003-02-07 2007-06-05 Magiq Technologies, Inc. Single-photon watch dog detector for folded quantum key distribution system

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3319158C2 (en) * 1983-05-26 1987-11-19 Precitronic Gesellschaft Fuer Feinmechanik Und Electronic Mbh, 2000 Hamburg, De
US4965856A (en) * 1989-05-23 1990-10-23 Arbus Inc. Secure optical-fiber communication system
JP3645261B2 (en) * 1993-09-09 2005-05-11 ブリテイッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー Key in a multiple access network using quantum cryptography delivery
WO1995007585A1 (en) * 1993-09-09 1995-03-16 British Telecommunications Public Limited Company Method for key distribution using quantum cryptography
CA2168851C (en) * 1993-09-09 1999-11-02 Keith James Blow System and method for quantum cryptography
WO1994015422A1 (en) * 1992-12-24 1994-07-07 British Telecommunications Public Limited Company System and method for key distribution using quantum cryptography
US5307410A (en) 1993-05-25 1994-04-26 International Business Machines Corporation Interferometric quantum cryptographic key distribution system
US5515438A (en) * 1993-11-24 1996-05-07 International Business Machines Corporation Quantum key distribution using non-orthogonal macroscopic signals
US5953421A (en) * 1995-08-16 1999-09-14 British Telecommunications Public Limited Company Quantum cryptography
EP0972373B1 (en) * 1996-05-22 2005-08-03 BRITISH TELECOMMUNICATIONS public limited company Method and apparatus for polarisation-insensitive quantum cryptography
ES2215238T3 (en) 1996-09-05 2004-10-01 Swisscom Ag Device and method for quantum cryptography.
FR2763193B1 (en) * 1997-05-06 1999-06-18 France Telecom Method and quantum distribution encryption key device
US6188768B1 (en) * 1998-03-31 2001-02-13 International Business Machines Corporation Autocompensating quantum cryptographic key distribution system based on polarization splitting of light
WO2001086855A3 (en) * 2000-04-28 2002-03-28 Univ California Apparatus for free-space quantum key distribution in daylight

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5850441A (en) * 1993-09-09 1998-12-15 British Telecommunications Public Limited Company System and method for key distribution using quantum cryptography
US6104811A (en) * 1996-08-16 2000-08-15 Telcordia Technologies, Inc. Cryptographically secure pseudo-random bit generator for fast and secure encryption
US6445794B1 (en) * 1998-06-24 2002-09-03 Benyamin Ron System and method for synchronizing one time pad encryption keys for secure communication and access control
US7194090B2 (en) * 2000-07-12 2007-03-20 Kabushiki Kaisha Toshiba Encryption apparatus, decryption apparatus, expanded key generating apparatus and method therefor, and recording medium
US20050157875A1 (en) * 2002-09-26 2005-07-21 Tsuyoshi Nishioka Crytographic communication apparatus
US7227955B2 (en) * 2003-02-07 2007-06-05 Magiq Technologies, Inc. Single-photon watch dog detector for folded quantum key distribution system

Cited By (65)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7609839B2 (en) * 2002-09-18 2009-10-27 Mitsubishi Electric Corporation Quantum key distribution method and communication device
US20060059403A1 (en) * 2002-09-18 2006-03-16 Youdai Watanabe Quantum key distribution method and communication device
US7706535B1 (en) 2003-03-21 2010-04-27 Bbn Technologies Corp. Systems and methods for implementing routing protocols and algorithms for quantum cryptographic key transport
US20050078827A1 (en) * 2003-10-10 2005-04-14 Nec Corporation Quantum cryptography key distributing system and synchronizing method used in the same
US7869599B2 (en) * 2003-10-10 2011-01-11 Nec Corporation Quantum cryptography key distributing system and synchronizing method used in the same
US20050151187A1 (en) * 2003-11-20 2005-07-14 Hiroki Wakimoto Insulated gate semiconductor device
US7697693B1 (en) * 2004-03-09 2010-04-13 Bbn Technologies Corp. Quantum cryptography with multi-party randomness
WO2006101685A3 (en) * 2005-03-16 2007-07-12 Audrius Berzanskis Method of integrating qkd with ipsec
US20060212936A1 (en) * 2005-03-16 2006-09-21 Audrius Berzanskis Method of integrating QKD with IPSec
US7602919B2 (en) * 2005-03-16 2009-10-13 Magiq Technologies, Inc Method of integrating QKD with IPSec
US7864958B2 (en) * 2005-06-16 2011-01-04 Hewlett-Packard Development Company, L.P. Quantum key distribution method and apparatus
US9191198B2 (en) 2005-06-16 2015-11-17 Hewlett-Packard Development Company, L.P. Method and device using one-time pad data
US20070014415A1 (en) * 2005-06-16 2007-01-18 Harrison Keith A Quantum key distribution method and apparatus
US8842839B2 (en) * 2005-09-29 2014-09-23 Hewlett-Packard Development Company, L.P. Device with multiple one-time pads and method of managing such a device
US20080031456A1 (en) * 2005-09-29 2008-02-07 Keith Alexander Harrison Device with multiple one-time pads and method of managing such a device
US20070177424A1 (en) * 2005-09-29 2007-08-02 Martin Sadler Device with n-time pad and a method of managing such a pad
US20070092083A1 (en) * 2005-10-24 2007-04-26 Magiq Technologies, Inc. QKD system with synchronization channel verification
US7809143B2 (en) * 2005-10-24 2010-10-05 Magiq Technologies, Inc. QKD system with synchronization channel verification
US20090316901A1 (en) * 2006-07-26 2009-12-24 Japan Science And Technology Agency Secret communication method and secret communication device thereof
US8239680B2 (en) * 2006-07-26 2012-08-07 Japan Science And Technology Agency Secret communication method and secret communication device thereof
US8213607B2 (en) * 2006-10-18 2012-07-03 Qualcomm Incorporated Method for securely extending key stream to encrypt high-entropy data
US20080095370A1 (en) * 2006-10-18 2008-04-24 Rose Gregory G Method for securely extending key stream to encrypt high-entropy data
WO2008147171A3 (en) * 2007-05-31 2009-03-05 Bin Shamsul Shaari Jesni Error eliminating for communicating parties
WO2008147171A2 (en) * 2007-05-31 2008-12-04 Mimos Berhad Error eliminating for communicating parties
US20100329459A1 (en) * 2008-01-25 2010-12-30 Qinetiq Limited Multi-community network with quantum key distribution
US20100293380A1 (en) * 2008-01-25 2010-11-18 Qinetiq Limited Quantum cryptography apparatus
US8855316B2 (en) * 2008-01-25 2014-10-07 Qinetiq Limited Quantum cryptography apparatus
US20100299526A1 (en) * 2008-01-25 2010-11-25 Qinetiq Limited Network having quantum key distribution
US8650401B2 (en) 2008-01-25 2014-02-11 Qinetiq Limited Network having quantum key distribution
US8885828B2 (en) 2008-01-25 2014-11-11 Qinetiq Limited Multi-community network with quantum key distribution
US20100290626A1 (en) * 2008-01-28 2010-11-18 Qinetiq Limited Optical transmitters and receivers for quantum key distribution
US9148225B2 (en) 2008-01-28 2015-09-29 Qinetiq Limited Optical transmitters and receivers for quantum key distribution
US8654979B2 (en) 2008-05-19 2014-02-18 Qinetiq Limited Quantum key device
US20110064222A1 (en) * 2008-05-19 2011-03-17 Qinetiq Limited Quantum key distribution involving moveable key device
US20110069972A1 (en) * 2008-05-19 2011-03-24 Qinetiq Limited Multiplexed quantum key distribution
US8792791B2 (en) 2008-05-19 2014-07-29 Qinetiq Limited Multiplexed quantum key distribution
US8755525B2 (en) 2008-05-19 2014-06-17 Qinetiq Limited Quantum key distribution involving moveable key device
US8639932B2 (en) 2008-10-27 2014-01-28 Qinetiq Limited Quantum key distribution
US20110213979A1 (en) * 2008-10-27 2011-09-01 Qinetiq Limited Quantum key distribution
US20110228937A1 (en) * 2008-12-05 2011-09-22 Qinetiq Limited Method of establishing a quantum key for use between network nodes
US8681982B2 (en) * 2008-12-05 2014-03-25 Qinetiq Limited Method of establishing a quantum key for use between network nodes
US20110231665A1 (en) * 2008-12-05 2011-09-22 Qinetiq Limited Method of performing authentication between network nodes
US8762728B2 (en) 2008-12-05 2014-06-24 Qinetiq Limited Method of performing authentication between network nodes
US20110228380A1 (en) * 2008-12-08 2011-09-22 Qinetiq Limited Non-linear optical device
US8749875B2 (en) 2008-12-08 2014-06-10 Qinetiq Limited Non-linear optical device
GB2467975B (en) * 2009-02-24 2014-09-10 Hewlett Packard Development Co Authentication method and apparatus using one time pads
GB2467975A (en) * 2009-02-24 2010-08-25 Hewlett Packard Development Co Authentication method and apparatus using one time pads
US8683192B2 (en) 2009-09-29 2014-03-25 Qinetiq Methods and apparatus for use in quantum key distribution
WO2012105930A3 (en) * 2010-01-29 2012-10-26 Hewlett-Packard Development Company, L.P. Quantum key distribution method and apparatus
US9692595B2 (en) 2010-12-02 2017-06-27 Qinetiq Limited Quantum key distribution
US20130275757A1 (en) * 2012-04-17 2013-10-17 The Boeing Company Secure Quantum Authentication System
US9184912B2 (en) * 2012-04-17 2015-11-10 The Boeing Company Secure quantum authentication system
US8693691B2 (en) * 2012-05-25 2014-04-08 The Johns Hopkins University Embedded authentication protocol for quantum key distribution systems
CN102904726A (en) * 2012-11-08 2013-01-30 中国科学院信息工程研究所 Classical channel message authentication method and device for quantum key distribution system
US9313184B2 (en) * 2013-01-22 2016-04-12 Kabushiki Kaisha Toshiba Communication apparatus, communication system, and computer program product
US20140208116A1 (en) * 2013-01-22 2014-07-24 Kabushiki Kaisha Toshiba Communication apparatus, communication system, and computer program product
WO2015048783A1 (en) * 2013-09-30 2015-04-02 Nordholt, Jane, E. Quantum-secured communications overlay for optical fiber communications networks
US9876639B2 (en) * 2013-10-25 2018-01-23 Sk Telecom Co., Ltd. Method for processing double click event for securing safety in quantum key distribution system
US20160028542A1 (en) * 2013-10-25 2016-01-28 Sk Telecom Co., Ltd. Method for processing double click event for securing safety in quantum key distribution system
US20150236852A1 (en) * 2014-02-17 2015-08-20 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and quantum key distribution method
US9503257B2 (en) * 2014-02-17 2016-11-22 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and quantum key distribution method
WO2016070141A1 (en) * 2014-10-30 2016-05-06 Alibaba Group Holding Limited Method, apparatus, and system for quantum key distribution, privacy amplification, and data transmission
US20160142203A1 (en) * 2014-11-19 2016-05-19 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and quantum key distribution method
US20160218868A1 (en) * 2015-01-23 2016-07-28 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and computer program product
US9768954B2 (en) * 2015-01-23 2017-09-19 Kabushiki Kaisha Toshiba Quantum key distribution device, quantum key distribution system, and computer program product

Also Published As

Publication number Publication date Type
JP4353946B2 (en) 2009-10-28 grant
JP2006514512A (en) 2006-04-27 application
US20040161109A1 (en) 2004-08-19 application
US7227955B2 (en) 2007-06-05 grant
WO2004073235A3 (en) 2005-04-14 application
WO2004073235A2 (en) 2004-08-26 application
JP2006513678A (en) 2006-04-20 application
WO2004073234A2 (en) 2004-08-26 application
WO2004073234A3 (en) 2004-11-18 application
EP1537698A2 (en) 2005-06-08 application
EP1590918A2 (en) 2005-11-02 application

Similar Documents

Publication Publication Date Title
US7110545B2 (en) Method and apparatus for symmetric-key encryption
Elliott et al. Quantum cryptography in practice
US6449473B1 (en) Security method for transmissions in telecommunication networks
US7240202B1 (en) Security context sharing
US20030072059A1 (en) System and method for securing a communication channel over an optical network
US20060034456A1 (en) Method and system for performing perfectly secure key exchange and authenticated messaging
EP0535863A2 (en) A cryptographic protocol for secure communications
US20030217263A1 (en) System and method for secure real-time digital transmission
US5297208A (en) Secure file transfer system and method
US20050152540A1 (en) Fast multi-photon key distribution scheme secured by quantum noise
US6052466A (en) Encryption of data packets using a sequence of private keys generated from a public key exchange
US20030131233A1 (en) Efficient packet encryption method
US20060083379A1 (en) Cryptographic communications session security
US7430295B1 (en) Simple untrusted network for quantum cryptography
US20040083362A1 (en) Cryptographic method and computer program product for use in wireless local area networks
US20060159260A1 (en) Method and communication system employing secure key exchange for encoding and decoding messages between nodes of a communication network
US20060177056A1 (en) Secure seed generation protocol
US20080095371A1 (en) Ends-Messaging Protocol That Recovers And Has Backward Security
US20050259825A1 (en) Key bank systems and methods for QKD
US20070014415A1 (en) Quantum key distribution method and apparatus
US20050157875A1 (en) Crytographic communication apparatus
US20040179690A1 (en) Dynamic security authentication for wireless communication networks
US20040184605A1 (en) Information security via dynamic encryption with hash function
Gao et al. Dense-coding attack on three-party quantum key distribution protocols
US20130083926A1 (en) Quantum key management

Legal Events

Date Code Title Description
AS Assignment

Owner name: MAGIQ TECHNOLOGIES, INC., NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BERZANSKIS, AUDRIUS;TRIFONOV, ALEXEI;REEL/FRAME:017242/0836

Effective date: 20050801