WO2013160511A1 - Method and device for authenticating quantum passwords - Google Patents

Method and device for authenticating quantum passwords Download PDF

Info

Publication number
WO2013160511A1
WO2013160511A1 PCT/ES2013/070259 ES2013070259W WO2013160511A1 WO 2013160511 A1 WO2013160511 A1 WO 2013160511A1 ES 2013070259 W ES2013070259 W ES 2013070259W WO 2013160511 A1 WO2013160511 A1 WO 2013160511A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
comparator
photons
quantic
user equipment
Prior art date
Application number
PCT/ES2013/070259
Other languages
Spanish (es)
French (fr)
Inventor
Juan Carlos GARCÍA ESCARTÍN
Pedro CHAMORRO POSADA
Original Assignee
Universidad De Valladolid
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universidad De Valladolid filed Critical Universidad De Valladolid
Publication of WO2013160511A1 publication Critical patent/WO2013160511A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present invention relates to a procedure for the purpose of authenticating passwords encoded in quantum systems without jeopardizing their privacy even in the case of dishonest participants.
  • the procedure is based on the coding of a password in a quantum system of a dimension such that it is not possible to retrieve any part of the password but that allows comparing in a user equipment the states received with states generated in the equipment itself to determine if They are equal.
  • the invention relates to a device that implements the procedure for performing the authentication by means of the comparison indicated.
  • the invention is applicable in the information technology sector.
  • it is an application of quantum physics to security and privacy computer systems such as electronic commerce systems, banking, access to shared computer resources or national identification systems (such as the national identity document, DNI) .
  • ZKP Zero-knowledge Proofs
  • the existing ZKPP protocols are based on the computational complexity of certain mathematical problems such as factorization or discrete logarithm that appear in schemes very similar to those used in public key cryptography systems such as RSA (Rivest, Shamir, Adleman), described in the US Patent 4,405,829.
  • RSA Rivest, Shamir, Adleman
  • In the chosen problems there is a simple direct problem and an inverse problem difficult to solve with current computers.
  • An example is factorization-based systems, such as the RSA protocol, in which the direct problem is to multiply two numbers, while the inverse is to find the prime factors of a number.
  • ZKPP ZKPP protocol
  • SPEKE ⁇ Simple Password Exponential Key Exchange SPEKE ⁇ Simple Password Exponential Key Exchange
  • modular exponentiation DP Jablon, Strong password-only authenticated key exchange, SIGCOMM Computer Communication Review, 26: 5-26, 1996) or protocols of the standard P1363.2 of the IEEE (Institute of Electrical and Electronics Engineers).
  • These protocols are used in different commercial systems, such as those described in US 7,010,692, US 6,539,479 or US 324,508. Although these protocols are capable of guaranteeing a certain level of security, they are based on the unproven assumption that there are no efficient methods to solve the mathematical problems chosen.
  • the methods based on computational complexity, in addition, make assumptions about the calculation capacity of a possible attacker. It is not taken into account that systems considered safe in the past may be vulnerable to the computers of the future. A transmission that is captured and stored in the present could be compromised in the future if the calculation capacity improves.
  • Quantum cryptography systems CH Bennett and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE international Conference on Computers, Systems and Signal Processing, Bangalore, India, p. 175, 1984
  • AK Ekert Quantum cryptography based on Bell 's theorem, Physical Review Letters, 67 (6): 661-663, 1991
  • QKD Quantum Key Distribution
  • Quantum cryptography patent documents with optical technology can be cited, such as EP 97940111.4, EP 93307120, EP 93307121, WO GB 93/0275, WO GB 93/02637, WO / 2011/036322, PCT / ES2007 / 000323 or the Spanish Patent with publication number 2168204.
  • Quantum security systems provide two fundamental advantages over methods based on computational complexity. On the one hand, they provide a security based on the laws of physics that does not depend on any hypothesis about the difficulty of certain problems. On the other hand, it is a security independent of the technology, since the security comes from physical limitations independent of the device used by the attacker, which guarantees present and future security against attacks with any type of calculation resource, although it improves the technology.
  • the above documents are limited to the field of information encryption, but it is desirable to extend the advantages of quantum security to other systems.
  • the invention is an application of quantum security to zero knowledge password verification systems and consists of a new password verification method and equipment that implements it using photonic technologies.
  • the invention includes a new method and quantum password authentication equipment based on the encoding of a password c constituted by a sequence of p bits in a quantum state of a dimension too small to be able to recover the password value .
  • the procedure comprises a previous phase in which the password c of p bits is stored in the user equipment that performs the authentication.
  • the use of a random sequence is foreseen, also of p bits, that users share and that allows to avoid certain attacks on the system and strengthen their security.
  • the method of the invention is applied in user equipment consisting of an optical module and an electronic module, both formed by conventional elements.
  • the procedure consists of a stage of comparison of states with five phases that is repeated a number of times n, n being a safety parameter chosen by the users.
  • a fundamental feature of the procedure is the distribution of functions: a user equipment that wishes to identify acts as an applicant S and another user equipment acts as a verifier V.
  • a verifying equipment that knows the password can determine that the applicant knows it and a verifier who does not know the password cannot deduce it from the data provided by the applicant.
  • S and V use their equipment to generate and store a random to shared sequence of p bits that both users store in the memories of the electronic part of their respective user equipment.
  • the shared sequence can be made public.
  • c ' will be encoded in symmetric states that are a superposition of base states
  • /) can be chosen among states ⁇ T ⁇ ) with photons located in the time window T ⁇ or states ⁇ ⁇ with angular orbital moment i ⁇ . If both S and V know the password, they generate the same status.
  • the requesting team delivers its copy of the status to the verification team.
  • the status that V generated in the previous phase is compared with the status that the requesting equipment has delivered to it. To do this, use the optical comparator of your user equipment.
  • the verifying team checks the result of the comparator. If the result is positive, The procedure is continued until the n repetitions are reached. If at any time the comparison is negative, the authentication procedure is aborted and it follows that the applicant does not know the password.
  • the random sequence that is generated in the first phase must be different at each repetition of the check. The number of repetitions is set in advance and is a function of the security that is desired in authentication. The higher n, the greater authentication security will be obtained.
  • both users need to prove their identity.
  • the n repetitions of the first to fifth phases of the comparison stage will not be followed but will alternate stages in which the functions of the requesting and verifying equipment are exchanged between the users and their equipment. In this way an illegitimate user can be detected prematurely.
  • the random to shared sequence is established through a public channel.
  • the invention includes a method for users to jointly generate the random sequence a through their requestor and verifier user equipment and which will be explained later.
  • the safety of the procedure is based on the choice of the parameters p, n and d.
  • the invention provides that, as noted, d is less than 0.71-p, so that the probability of recovering k of the p bits of the password tends to 2 ⁇ k . This probability is the same as guessing the bits of the random password. Therefore, with the coding chosen, a spy who captures the quantum state is unable to extract a single bit of information.
  • the XOR operation with the random sequence avoids a repeat attack in which the adversary intercepts states of a legitimate user and then uses them to impersonate him, since the quantum states that are used at each stage are different.
  • n is chosen such that nd ⁇ 0.71-p.
  • nd is less than 0.71-p no coding and decoding process can recover k bits more than with a probability of 2 ⁇ k .
  • the fundamental part of the procedure is the coding of the sequence c 'in a quantum state. In the user equipment of the invention, the coding is performed on the quantum state of a single photon.
  • the invention also relates to the user equipment that implements the described procedure.
  • the equipment includes two parts: an electronic module and an optical module.
  • the electronic module consists of a memory and a processor.
  • the memory stores the sequences with the password c and the random sequence a.
  • the processor is responsible for directing the authentication procedure. Their tasks include the analysis of the data that arrives from the detectors connected to the comparator to decide if the procedure is continued or not and calculate the logical function XOR bit by bit of cya to generate the c 'string that determines a control signal that is Applies to a quantum state generator of the optical module.
  • the optical module comprises a quantum state comparator, a quantum state generator and a detector block located at the output of the comparator that are connected to the electronic module.
  • the detector block comprises at least two detection elements.
  • the quantum state comparator is an optical device with two inputs and two outputs.
  • the inputs include an external connection through which the photon of the requesting equipment arrives with the state that encodes its c 'sequence and an internal connection to the quantum state generator.
  • Each output port of the comparator is connected to a detector element, which, in turn, is connected to the processor. If the states are equal, it follows that the sequences coincide.
  • the comparator works in a probabilistic way. Two different states can be classified as equal, but always with a probability less than one. Two equal states always pass the check. Following the process of the invention, this partial comparison can be used to provide a reliable testing system as desired.
  • the comparator may be constituted by a beam splitter or by a fiber optic coupler. In either case, these comparators are configured to produce an optical interference between the paths of the two photons applied at its entrance.
  • the comparison is made using the Hong-Ou-Mandel effect (CK Hong, ZY Ou and L. Mande1, Measurement of subpicosecond time intervals between two photons by interference, Physical Review Letters, 59 (18): 2044-2046, Nov 1987 ) so that, if the two states are equal, the interference between paths causes the two photons to take the same output. If the photons at the input of the comparator have different states, it is possible to find the photons at different outputs.
  • User equipment detectors are individual photon detectors that can be, for example, conventional avalanche photodiodes (APD).
  • the detectors are placed in the two output ports of the comparator. This configuration of the detectors indicates to the processor if the output paths of the two photons coincide or not.
  • the processor is configured to stop authentication when the output ports are different and to generate a new state when the two photons activate the same
  • the quantum state generator comprises a control block, a laser, a modulator, an attenuator and a switch.
  • the control block receives the control signal generated by the processor and directs the action of the modulator and the switch.
  • the laser generates low intensity states that pass to the modulator.
  • the modulator is governed by the control block and is responsible for coding the sequence c 'in the states generated by the laser.
  • the invention provides that the modulator can be an optical modulator that acts on the phase or a modulator with angular orbital moment, in accordance with the procedure described. After the modulator is an attenuator with an attenuation factor chosen so that at its output the average number of photons is smaller or same as one In this way, the output state will have a photon or less.
  • a switch is included at the end of the generator.
  • the switch directs the photon to two possible outputs depending on the control signal.
  • the choice of switch output allows the same equipment to be used for the user who acts as the applicant and the user who acts as the verifier.
  • One of the planned outputs carries the quantum state coding c 'to the comparator. In this case the equipment works as a verifier.
  • the locally generated status is compared with the status from the applicant.
  • the second output is connected to the outside so that the status encoding c 'can be delivered to an external verifying user equipment in which the comparison described in the procedure would be performed.
  • the optical modulator for temporal coding is an optical fiber modulator configured to introduce different offsets in predefined periods of time.
  • the angular orbital moment modulator comprises a state generation block with a hologram and a Dove prism.
  • the hologram can be generated with conventional photographic techniques so that it generates an initial state
  • ⁇ 0 ) with a
  • the random sequence could be generated in the user equipment itself.
  • the random sequence is generated by the state generator, the comparator, the detector and the processor, in a conventional manner, as described in greater detail in the embodiment of the invention. According to the description given, it is possible to suffer an attack in which the attacker does not introduce any photon. Although the attacker cannot discover the password c, having only one photon in one of the comparator outputs activates a single detector and the verifier can interpret that the attacker knows the password c.
  • the invention includes a block that counts the present photons. In this way it can be detected when an attack has occurred due to the absence of photons.
  • a plurality of stages with comparators are used, the last stage of which is connected to a plurality of detector elements.
  • the number of comparators is doubled at each stage.
  • Each of the outputs of the first comparator is connected to a comparator, whose outputs in turn are connected to two other comparators and so on until the last stage of comparators, which have a detector in each of its outputs.
  • the number of detection elements is twice the number of comparators of the last stage. To realize the account without errors, the free entry of the additional comparators is blocked.
  • the processor is configured to stop the authentication by detecting a sum of photons different from two or zero in a single branch, each branch being understood as each of the two outputs of the first comparator and the different ramifications that each of the stages entails.
  • the processor detects a correct sum of photons, it performs the authentication. This prevents an attack due to lack of photons. If the requesting team does not send any photons, the sum of photons in all branches will be one instead of two.
  • Figure 1. Shows a functional block diagram of a possible embodiment of a user equipment for performing the password check according to the invention.
  • Figure 2. Shows a possible embodiment of the quantum state generator of the previous figure in which an optical modulator for optical fiber is used.
  • Figure 3.- Shows another possible embodiment of the modulator of the invention of Figure 1.
  • the modulator is a modulator with angular orbital moment.
  • Figure 4. Shows a schematic representation of an embodiment of the invention in which a plurality of comparators and detectors are incorporated to avoid an attack due to lack of photons. Neither the processor memory nor the photon generator has been represented to simplify the figure.
  • the method of the invention is described by assuming two users with their corresponding equipment 1, a requesting user with their requesting equipment S and a verification user with their verification equipment V. It starts from a previous phase in which the user equipment 1 stores the password c consisting of a sequence of p bits that it is desired to check in a memory 6a of a processor 6 of the respective user equipment 1, as shown in figure 1.
  • the procedure of the invention is detailed for the case in which the requesting equipment S is identified before the verifying equipment V.
  • the requesting equipment S is the one who must demonstrate that it has the same sequence of bits c as the Verifying equipment V. All phases are the same for the opposite case by exchanging the functions of S and V. If both users must convince the other that they have the password, it is preferable to establish shifts with interleaved identification rounds to detect early to a Possible dishonest user.
  • the procedure consists in the repetition of five phases:
  • sequence a is a public sequence.
  • these states correspond to individual photon states. If both teams know the password, they generate identical states. You must choose a much smaller d than p to protect the password.
  • a possible coding is the one that assigns each sequence of the key c 'to a symmetric state of the form
  • the requesting user equipment S delivers its status to the verification device V.
  • the device V makes a comparison between the received state and the locally generated state in the third phase, by means of a quantum comparator 3. In this way, if the result of the comparison is positive, the authentication procedure is continued and, if negative, it is aborted and it is considered that S does not have the password c.
  • the verification procedure is repeated n times choosing a new random sequence a. The value of n is estimated based on the desired security. This procedure is implemented by user equipment 1 with an input 2 through which the states of the applicant S reach a quantum state comparator 3 where it interferes with the local state from a quantum state generator 8.
  • the state comparator 3 is connected to a detection block 4 with two detectors 5 that indicate to the processor 6 whether the photon output paths coincide or not.
  • the processor 6 contains the memory 6a that stores the aycy sequences, from them, it is able to calculate the sequence c 'described in the procedure. Taking that sequence c 'as a reference, the processor 6 generates a control signal 7 that directs the operation of the quantum state generator 8.
  • the quantum state generator 8 has two outputs, 9 and 10. The output 9 is connected to the comparator 3 and the output 10 is connected to the outside 11, which is the output of the user equipment 1 for the scenarios in which the user and his team act as the applicant and deliver their status to the verifying user equipment.
  • the quantum state generator 8 encodes the sequence c 'in individual photons according to different encodings with the schemes shown in Figures 2 and 3.
  • a configuration of the quantum state generator 8 is shown in which Modulation is based on the modification of the waveform of a photon at different times (time coding).
  • the quantum state generator 8 is based on an angular orbital moment coding of a single photon.
  • the block Detector 4 consists of two APD 5 avalanche photodiodes, both connected to processor 6.
  • the local state is generated according to the contents a and c of memory 6a.
  • the operation of the comparator 3 is based on the Hong-Ou-Mandel effect, which occurs when the paths of two photons interfere with an optical device, such as a beam splitter or a fiber coupler. Only two photons that have the same state have maximum interference.
  • An example is shown in Figure 1 in which the comparison is made by means of a fiber optic comparator in which the interference between photons takes place in a fiber optic coupler. In the coding with angular orbital moment the interference occurs in a beam splitter (beamsplitter) with a transmissivity of 50%.
  • the probability that the two input photons leave through the same output port is 100% for identical states. For a large number of possible quantum states, the probability that photons from two randomly chosen states will exit through different ports is 50%.
  • the photon detection avalanche diodes 5 distinguish these two cases when they are placed in the outputs of the comparator 3.
  • the processor 6 interprets the data and is configured to direct the authentication procedure. If the two detectors 5 find a photon, the states are different and the processor 6 ends the verification process. On the contrary, if only one of the detectors 5 is activated, the checking is continued using a new random sequence value a. After n checks, the probability that the device S does not have the password is exponentially small, of the order of 2 ".
  • the quantum state generator 8 comprises a control block 12 in the that the control sequence 7 from the processor 6 is received to govern the operation of an optical modulator 14.
  • the optical modulator 14 is a fiber optic modulator that introduces different phase shifts in predefined time windows and acts on the signal of a laser 13 which generates a low power optical signal that after the modulation carries the information of the sequence c '.
  • the encoded state passes through an attenuator 15 adjusted so that the state at the output of the quantum state generator 8 has, on average, a photon or less.
  • the photon with the final state is directed to the output 9 or 10 depending on the control information 7.
  • the output 9 is taken when the comparator 3 is used to check passwords of an external user.
  • Output 10 is chosen when the local user generates photons for an external user to check.
  • Figure 3 shows another possible embodiment of the state generator 8 that has a configuration similar to that of Figure 2, but, in this case, with a modulator with orbital moment 14a that encodes the information at the angular orbital moment of a photon.
  • the modulator 14a is constituted
  • FIG. 3 An example is proposed in Figure 3 in which a state generation block with a hologram 17 is used that can be generated with conventional photographic techniques.
  • the rotation angle is adjusted according to the indications of the control signal 7 generated by the processor 6. After the Dove prism 18 and the attenuator 15,
  • the invention provides that user equipment 1 jointly generate a new random sequence for each of the different comparisons to be made.
  • the sequence a must be different in each check to avoid a repeat attack in which a dishonest user who does not know the password captures and stores a valid state of a user who does know the password and subsequently uses it to impersonate him.
  • users In turn generate 1 bit of the sequence and communicate it to the other participant. It is enough that one of the users is honest so that the sequence is not repeated in different rounds and, therefore, a repetition attack cannot be used.
  • S and V can use different random number generators.
  • User equipment 1 is configured to generate quantum random numbers as known in the state of the art.
  • quantum random numbers is based on the intrinsically probabilistic nature of quantum measurement and can be implemented with optical equipment as described in US Patent documents 6249009, WO 2007124089, JP 2033-36188 A, EP 2013706B1 and US 6393448.
  • each user can generate a photon locally with the state generator 8 and close the input 2 so that the probability of detecting the photon in each of the detectors 5 is 50%.
  • a random bit is produced depending on the detector 5 that is activated, so that the processor 6 assigns a 0 if the upper detector is activated and a 1 if the lower one is activated.
  • the described basic configuration of the invention is vulnerable to an attack in which the user of a device S does not introduce any photon. Although you cannot discover the password c, having only one photon will never activate the two detectors 5 and V may come to believe that S knows the password c. If the detectors 5 can count the number of photons present, this attack can be detected.
  • the invention provides for the use of a plurality of comparator stages 3 and a plurality of detectors 5 so that the number of outputs is multiplied by 2 with each stage of 3, as shown in Figure 4.
  • Each Comparator 3 output is connected to an additional comparator.
  • the new comparators in turn, have their outputs connected to a new stage of comparators. This branching of the outputs can be repeated several times. All additional comparators have one of their inputs blocked, so that they only receive the photons that come from the first comparator 3. The probability that two photons end up in the same output port can be made as small as desired by adding several comparator stages 3.
  • the processor 6 analyzes the results and, if the sum of photons detected in each of the two branches of the first comparator 3 is 2 or 0, continue with the authentication procedure. If the detectors 5 corresponding to one of the two branches find a number of photons other than 2 or 0, it is considered that user S does not know the password and the procedure is aborted. This requirement can be relaxed if there is a high probability that during the measurement some photon is lost either by losses in the system or because coherent states are generated with much less than one photon on average. This configuration capable of estimating the number of photons allows, therefore, to avoid an attack due to the absence of photons.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

The invention relates to a method and user device that can be used to verify that two users share a password c of p bits without revealing any information about the password. For this purpose, the method comprises encoding the XOR function of password c with a random sequence a in the quantum state of a single photon. The Hong-Ou-Mandel effect is used in each user device to compare a locally generated quantum state with a state provided by the other user. After n verification phases, the users can determine if the other user knows the password. The method and the user device include techniques for detecting dishonest participants. The invention also relates to the device which performs the method and includes two coding techniques in quantum systems, namely: one based on temporal coding, and another based on coding in the angular orbital momentum of a photon.

Description

PROCEDIMIENTO Y EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS  PASSWORD AUTHENTICATION PROCEDURE AND EQUIPMENT
CUÁNTICAS Quantum
DESCRIPCIÓNDESCRIPTION
OBJE TO DE LA INVENCIÓN La presente invención se refiere a un procedimiento con el objeto de autenticar contraseñas codificadas en sistemas cuánticos sin poner en riesgo la privacidad de las mismas aún en el caso de haber participantes deshonestos. OBJECT OF THE INVENTION The present invention relates to a procedure for the purpose of authenticating passwords encoded in quantum systems without jeopardizing their privacy even in the case of dishonest participants.
El procedimiento se basa en la codificación de una contraseña en un sistema cuántico de una dimensión tal que no es posible recuperar ninguna parte de la contraseña pero que permite comparar en un equipo de usuario los estados recibidos con estados generados en el propio equipo para determinar si son iguales. Además la invención se refiere a un equipo que implementa el procedimiento para efectuar la autenticación mediante la comparación señalada. The procedure is based on the coding of a password in a quantum system of a dimension such that it is not possible to retrieve any part of the password but that allows comparing in a user equipment the states received with states generated in the equipment itself to determine if They are equal. In addition, the invention relates to a device that implements the procedure for performing the authentication by means of the comparison indicated.
En general la invención es aplicable en el sector de las tecnologías de la información. En particular se trata de una aplicación de la física cuántica a los sistemas informáticos de seguridad y privacidad como son los sistemas de comercio electrónico, banca, acceso a recursos informáticos compartidos o los sistemas de identificación nacionales (como el documento nacional de identidad, DNI) . In general, the invention is applicable in the information technology sector. In particular, it is an application of quantum physics to security and privacy computer systems such as electronic commerce systems, banking, access to shared computer resources or national identification systems (such as the national identity document, DNI) .
ANTECEDENTES DE LA INVENCIÓN  BACKGROUND OF THE INVENTION
En sistemas complejos con un gran número de usuarios que no se conocen entre sí, es necesario disponer de mecanismos eficientes de identificación y autenticación de los usuarios y sus equipos. Los usuarios pueden tener derecho a acceder a una parte de la información pero no al resto. Un ejemplo son las aplicaciones de banca por Internet. Cada usuario debe poder operar con su cuenta bancaria con la garantía de que ningún otro usuario pueda utilizarla. In complex systems with a large number of users who do not know each other, it is necessary to have efficient identification and authentication mechanisms for users and their equipment. Users may have the right to access part of the information but not the rest. An example is Internet banking applications. Each user must be able to operate with your bank account with the guarantee that no other user can use it.
En este contexto, es necesario probar que se conoce cierta información privada, como una contraseña, que posee únicamente el usuario legítimo. La comprobación de esta contraseña presenta problemas de seguridad: la privacidad de la contraseña se puede poner en peligro si hay usuarios deshonestos que se hagan pasar por el receptor de la información o si el canal está intervenido por espías que graben la información transmitida. In this context, it is necessary to prove that certain private information, such as a password, is known only to the legitimate user. The verification of this password presents security problems: the privacy of the password can be jeopardized if there are dishonest users who impersonate the recipient of the information or if the channel is intervened by spies that record the transmitted information.
Para solucionar este tipo de problemas, se recurre a las pruebas de conocimiento cero o ZKP (Zero-Knowledge Proofs) , mediante las que un usuario puede convencer a otro de que conoce cierta información sin necesidad de revelar ninguna parte de dicha información (S. Goldwasser, S. Micali y C. Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on Computing, 18:186, 1989) . Un caso restringido de prueba de conocimiento cero son los protocolos de comprobación de contraseña de conocimiento cero o ZKPP {Zero-Knowledge Password Proofs) , mediante los que dos usuarios que comparten una contraseña pueden asegurarse de que el otro usuario la conoce sin tener que hacerla pública (S. M. Bellovin y M. Merritt, Encrypted key exchange: Password-based protocols secure against dictionary attacks r IEEE Symposium on Security and Privacy, 72, 1992) . Además, si uno de los participantes no conoce la contraseña, no puede obtener ninguna información sobre ella o, como mucho, una cantidad exponencialmente pequeña. To solve this type of problem, the zero-knowledge or ZKP (Zero-Knowledge Proofs) tests are used, whereby a user can convince another that he knows certain information without revealing any part of that information (S. Goldwasser, S. Micali and C. Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on Computing, 18: 186, 1989). A restricted case of zero knowledge testing is the zero-knowledge password verification protocols or ZKPP {Zero-Knowledge Password Proofs), whereby two users who share a password can make sure that the other user knows it without having to do it public (SM Bellovin and M. Merritt, Encrypted key exchange: Password-based protocols secure against dictionary attacks r IEEE Symposium on Security and Privacy, 72, 1992). In addition, if one of the participants does not know the password, he cannot obtain any information about it or, at most, an exponentially small amount.
Los protocolos ZKPP existentes se basan en la complejidad computacional de ciertos problemas matemáticos como la factorización o el logaritmo discreto que aparecen en esquemas muy similares a los usados en sistemas de criptografía de clave pública como RSA (Rivest, Shamir, Adleman) , descrito en el documento de Patente US 4.405.829. En los problemas escogidos hay un problema directo sencillo y un problema inverso difícil de resolver con los ordenadores actuales. Un ejemplo son los sistemas basados en la factorización, como el protocolo RSA, en los que el problema directo consiste en multiplicar dos números, mientras que el inverso consiste en hallar los factores primos de un número. The existing ZKPP protocols are based on the computational complexity of certain mathematical problems such as factorization or discrete logarithm that appear in schemes very similar to those used in public key cryptography systems such as RSA (Rivest, Shamir, Adleman), described in the US Patent 4,405,829. In the chosen problems there is a simple direct problem and an inverse problem difficult to solve with current computers. An example is factorization-based systems, such as the RSA protocol, in which the direct problem is to multiply two numbers, while the inverse is to find the prime factors of a number.
Un ejemplo concreto de protocolo ZKPP es el protocolo SPEKE {Simple Password Exponential Key Exchange) basado en la exponenciación modular (D. P. Jablon, Strong password-only authenticated key exchange, SIGCOMM Computer Communication Review, 26:5-26, 1996) o los protocolos del estándar P1363.2 del IEEE ( Institute of Electrical and Electronics Engineers) . Estos protocolos se emplean en distintos sistemas comerciales como, por ejemplo, los descritos en los documentos de Patente US 7.010.692, US 6.539.479 o US 324.508. Aunque estos protocolos son capaces de garantizar cierto nivel de seguridad, se basan en la suposición no demostrada de que no existen métodos eficientes para resolver los problemas matemáticos elegidos. Los métodos basados en complejidad computacional , además, hacen suposiciones sobre la capacidad de cálculo de un posible atacante. No se tiene en cuenta que sistemas considerados seguros en el pasado pueden ser vulnerables ante los ordenadores del futuro. Una transmisión que se capture y almacene en el presente podría ser comprometida en el futuro si la capacidad de cálculo mejora. A specific example of the ZKPP protocol is the SPEKE {Simple Password Exponential Key Exchange) protocol based on modular exponentiation (DP Jablon, Strong password-only authenticated key exchange, SIGCOMM Computer Communication Review, 26: 5-26, 1996) or protocols of the standard P1363.2 of the IEEE (Institute of Electrical and Electronics Engineers). These protocols are used in different commercial systems, such as those described in US 7,010,692, US 6,539,479 or US 324,508. Although these protocols are capable of guaranteeing a certain level of security, they are based on the unproven assumption that there are no efficient methods to solve the mathematical problems chosen. The methods based on computational complexity, in addition, make assumptions about the calculation capacity of a possible attacker. It is not taken into account that systems considered safe in the past may be vulnerable to the computers of the future. A transmission that is captured and stored in the present could be compromised in the future if the calculation capacity improves.
Las leyes de la mecánica cuántica ofrecen una alternativa a la seguridad basada en la complejidad computacional. Un ejemplo son los sistemas de criptografía cuántica (C. H. Bennett y G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE international Conference on Computers, Systems and Signal Processing, Bangalore, India, pág. 175, 1984), (A. K. Ekert, Quantum cryptography based on Bell' s theorem, Physical Review Letters, 67(6) : 661-663, 1991) en los que se aplican procedimientos de distribución cuántica de claves {Quantum Key Distribution o QKD) . La distribución cuántica de claves basa su seguridad en las leyes de la física, que impiden copiar un estado cuántico desconocido (W.K. Wootters y W.H. Zurek, A single quantum cannot be cloned, Nature, 299 (5886) : 802-803, 1982) o medirlo sin alterarlo. Al final de un proceso de distribución cuántica de claves, dos usuarios poseen una secuencia aleatoria de bits que ningún espía puede conocer. Cualquier intento de escuchar el canal puede detectarse y corregirse. En este sentido pueden citarse documentos de patentes de criptografía cuántica con tecnología óptica, como por ejemplo EP 97940111.4, EP 93307120, EP 93307121, WO GB 93/0275, WO GB 93/02637, WO/2011/036322, PCT/ES2007/000323 o la Patente española con número de publicación 2168204. Los sistemas de seguridad cuántica aportan dos ventajas fundamentales con respecto a los métodos basados en complejidad computacional . Por un lado, proporcionan una seguridad basada en las leyes de la física que no depende de ninguna hipótesis sobre la dificultad de ciertos problemas. Por otro lado, se trata de una seguridad independiente de la tecnología, ya que la seguridad proviene de limitaciones físicas independientes del dispositivo que use el atacante, lo que garantiza seguridad presente y futura contra ataques con cualquier tipo de recurso de cálculo, aunque mejore la tecnología. The laws of quantum mechanics offer an alternative to security based on computational complexity. An example is quantum cryptography systems (CH Bennett and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE international Conference on Computers, Systems and Signal Processing, Bangalore, India, p. 175, 1984), (AK Ekert, Quantum cryptography based on Bell 's theorem, Physical Review Letters, 67 (6): 661-663, 1991) in which quantum key distribution procedures are applied {Quantum Key Distribution or QKD). The quantum distribution of keys bases its security on the laws of physics, which prevent copying an unknown quantum state (WK Wootters and WH Zurek, A single quantum cannot be cloned, Nature, 299 (5886): 802-803, 1982) or measure it without altering it. At the end of a quantum key distribution process, two users have a random sequence of bits that no spy can know. Any attempt to listen to the channel can be detected and corrected. In this regard, quantum cryptography patent documents with optical technology can be cited, such as EP 97940111.4, EP 93307120, EP 93307121, WO GB 93/0275, WO GB 93/02637, WO / 2011/036322, PCT / ES2007 / 000323 or the Spanish Patent with publication number 2168204. Quantum security systems provide two fundamental advantages over methods based on computational complexity. On the one hand, they provide a security based on the laws of physics that does not depend on any hypothesis about the difficulty of certain problems. On the other hand, it is a security independent of the technology, since the security comes from physical limitations independent of the device used by the attacker, which guarantees present and future security against attacks with any type of calculation resource, although it improves the technology.
Los documentos anteriores se limitan al campo del cifrado de la información, pero es deseable extender las ventajas de la seguridad cuántica a otros sistemas. La invención es una aplicación de la seguridad cuántica a los sistemas de comprobación de contraseña de conocimiento cero y consiste en un nuevo método de comprobación de contraseña y un equipo que lo implementa mediante tecnologías fotónicas. The above documents are limited to the field of information encryption, but it is desirable to extend the advantages of quantum security to other systems. The invention is an application of quantum security to zero knowledge password verification systems and consists of a new password verification method and equipment that implements it using photonic technologies.
DESCRIPCIÓN DE LA INVENCIÓN  DESCRIPTION OF THE INVENTION
Para conseguir los objetivos y resolver inconvenientes anteriormente indicados, la invención incluye un nuevo procedimiento y equipo de autenticación de contraseñas cuánticas basados en la codificación de una contraseña c constituida por una secuencia de p bits en un estado cuántico de una dimensión demasiado pequeña como para poder recuperar el valor de la contraseña. El procedimiento comprende una fase previa en la que la contraseña c de p bits se almacena en los equipos de usuario que realizan la autenticación . Además, se prevé el empleo de una secuencia aleatoria a , también de p bits, que comparten los usuarios y que permite evitar ciertos ataques al sistema y reforzar su seguridad. To achieve the objectives and solve disadvantages indicated above, the invention includes a new method and quantum password authentication equipment based on the encoding of a password c constituted by a sequence of p bits in a quantum state of a dimension too small to be able to recover the password value . The procedure comprises a previous phase in which the password c of p bits is stored in the user equipment that performs the authentication. In addition, the use of a random sequence is foreseen, also of p bits, that users share and that allows to avoid certain attacks on the system and strengthen their security.
El procedimiento de la invención se aplica en equipos de usuario compuestos por un módulo óptico y un módulo electrónico, ambos formados por elementos convencionales. El procedimiento consiste en una etapa de comparación de estados con cinco fases que se repite un número de veces n, siendo n un parámetro de seguridad que escogen los usuarios. Una característica fundamental del procedimiento es el reparto de funciones: un equipo de usuario que desea identificarse actúa como solicitante S y otro equipo de usuario actúa como verificador V. Al final de las n etapas del procedimiento, un equipo verificador que conoce la contraseña puede determinar que el solicitante la conoce y un verificador que no conoce la contraseña no puede deducirla a partir de los datos que le ha entregado el solicitante. The method of the invention is applied in user equipment consisting of an optical module and an electronic module, both formed by conventional elements. The procedure consists of a stage of comparison of states with five phases that is repeated a number of times n, n being a safety parameter chosen by the users. A fundamental feature of the procedure is the distribution of functions: a user equipment that wishes to identify acts as an applicant S and another user equipment acts as a verifier V. At the end of the n stages of the procedure, a verifying equipment that knows the password can determine that the applicant knows it and a verifier who does not know the password cannot deduce it from the data provided by the applicant.
Cada una de la n etapas se divide en cinco fases: Each of the n stages is divided into five phases:
En la primera fase S y V utilizan sus equipos para generar y almacenar una secuencia aleatoria a compartida de p bits que ambos usuarios almacenan en las memorias de la parte electrónica de sus respectivos equipos de usuario. La secuencia compartida a puede hacerse pública . En la segunda fase los equipos S y V calculan la función lógica XOR bit a bit de la contraseña c y la secuencia compartida a para generar una nueva contraseña c ' =c©a . Si ambos usuarios conocen la contraseña c, la secuencia de bits c ' que generan los equipos S y V son idénticas. In the first phase S and V use their equipment to generate and store a random to shared sequence of p bits that both users store in the memories of the electronic part of their respective user equipment. The shared sequence can be made public. In the second phase, the S and V devices calculate the logical XOR bit-by-bit function of the password c and the shared sequence a to generate a new password c '= c © a. If both users know the password c, the sequence of bits c 'generated by the equipment S and V are identical.
En la tercera fase los equipos S y V codifican la secuencia c ' en el estado cuántico de un sistema con D=2d estados posibles, escogiéndose en la realización preferente un valor de d menor a 0,71 veces el número de bits p de la contraseña. Para ese valor de d<0,71-p es imposible extraer del estado cuántico los bits de c ' con una probabilidad mejor que la de adivinarlos azar (A. Ben-Aroya, O. Regev y R. de Wolf, A hypercontractive inequality for matrix-valued functions with applications to quantum computing and LDCs, Annual IEEE Symposium on Foundations of Computer Science, 477-486, 2008) . En la realización preferente c ' se codificará en estados simétricos que son una superposición de estados base |/) de la forma , donde c es el valor decimal de la secuencia de bits c ' . Según la codificación elegida, los estados base |/) pueden escogerse entre estados \T¡) con fotones localizados en la ventana de tiempo T¡ o estados \ή con momento orbital angular iñ . Si tanto S como V conocen la contraseña, generan el mismo estado . In the third phase the equipment S and V encode the sequence c 'in the quantum state of a system with D = 2 d possible states, choosing in the preferred embodiment a value of d less than 0.71 times the number of bits p of the password. For that value of d <0.71-p it is impossible to extract the bits of c 'from the quantum state with a better probability than to guess them randomly (A. Ben-Aroya, O. Regev and R. de Wolf, A hypercontractive inequality for matrix-valued functions with applications to quantum computing and LDCs, Annual IEEE Symposium on Foundations of Computer Science, 477-486, 2008). In the preferred embodiment c 'will be encoded in symmetric states that are a superposition of base states | /) of the form, where c is the decimal value of the sequence of bits c'. Depending on the coding chosen, the base states | /) can be chosen among states \ T¡) with photons located in the time window T¡ or states \ ή with angular orbital moment iñ. If both S and V know the password, they generate the same status.
- En la cuarta fase el equipo solicitante entrega su copia del estado al equipo verificador. En el equipo verificador se compara el estado que V generó en la fase anterior con el estado que le ha entregado el equipo solicitante. Para ello utiliza el comparador óptico de su equipo de usuario. - In the fourth phase the requesting team delivers its copy of the status to the verification team. In the verifying equipment, the status that V generated in the previous phase is compared with the status that the requesting equipment has delivered to it. To do this, use the optical comparator of your user equipment.
- En la quinta fase el equipo verificador comprueba el resultado del comparador. Si el resultado es positivo, se sigue con el procedimiento hasta alcanzar las n repeticiones. Si en algún momento la comparación resulta negativa, se aborta el procedimiento de autenticación y se deduce que el solicitante no conoce la contraseña. La secuencia aleatoria a que se genera en la primera fase debe ser diferente en cada repetición de la comprobación. El número n de repeticiones se establece previamente y es función de la seguridad que se desee obtener en la autenticación. Cuanto mayor sea n, mayor seguridad de autenticación se obtendrá. - In the fifth phase the verifying team checks the result of the comparator. If the result is positive, The procedure is continued until the n repetitions are reached. If at any time the comparison is negative, the authentication procedure is aborted and it follows that the applicant does not know the password. The random sequence that is generated in the first phase must be different at each repetition of the check. The number of repetitions is set in advance and is a function of the security that is desired in authentication. The higher n, the greater authentication security will be obtained.
Mediante el procedimiento y el equipo de la invención, aunque las leyes de la física impiden leer la información, sí es posible comparar dos estados en un único intento que detecta estados diferentes con una buena probabilidad. De este modo se permite detectar usuarios ilegítimos que se hagan pasar por el receptor de la información y se gana seguridad frente a espías que escuchen el canal de comunicación . Through the procedure and the equipment of the invention, although the laws of physics prevent reading the information, it is possible to compare two states in a single attempt that detects different states with a good probability. In this way, it is possible to detect illegitimate users who impersonate the information receiver and gain security against spies who listen to the communication channel.
En la realización preferente de la invención se prevé que ambos usuarios necesitan probar su identidad. En este caso, las n repeticiones de las fases primera a quinta de la etapa de comparación no se harán seguidas sino que se alternarán etapas en las que las funciones del equipo solicitante y verificador se intercambia entre los usuarios y sus equipos. De este modo se puede detectar prematuramente a un usuario ilegítimo. In the preferred embodiment of the invention it is anticipated that both users need to prove their identity. In this case, the n repetitions of the first to fifth phases of the comparison stage will not be followed but will alternate stages in which the functions of the requesting and verifying equipment are exchanged between the users and their equipment. In this way an illegitimate user can be detected prematurely.
En la realización preferente de la invención, la secuencia aleatoria a compartida se establece a través de un canal público. La invención incluye un procedimiento para que los usuarios generen de forma conjunta la secuencia aleatoria a mediante sus equipos de usuario del solicitante y verificador y que será explicado posteriormente. In the preferred embodiment of the invention, the random to shared sequence is established through a public channel. The invention includes a method for users to jointly generate the random sequence a through their requestor and verifier user equipment and which will be explained later.
La seguridad del procedimiento se basa en la elección de los parámetros p, n y d. La invención prevé que, tal y como se ha señalado, d sea menor que 0,71-p, de forma que la probabilidad de recuperar k de los p bits de la contraseña tiende a 2~k . Esta probabilidad es la misma que la de adivinar los bits de la contraseña al azar. Por lo tanto, con la codificación elegida, un espía que capture el estado cuántico es incapaz de extraer un solo bit de información. Además, la operación XOR con la secuencia aleatoria a evita un ataque de repetición en el que el adversario intercepta estados de un usuario legítimo y los utiliza luego para hacerse pasar por él, ya que los estados cuánticos que se usan en cada etapa son diferentes. The safety of the procedure is based on the choice of the parameters p, n and d. The invention provides that, as noted, d is less than 0.71-p, so that the probability of recovering k of the p bits of the password tends to 2 ~ k . This probability is the same as guessing the bits of the random password. Therefore, with the coding chosen, a spy who captures the quantum state is unable to extract a single bit of information. In addition, the XOR operation with the random sequence avoids a repeat attack in which the adversary intercepts states of a legitimate user and then uses them to impersonate him, since the quantum states that are used at each stage are different.
Además, para que el procedimiento de la invención resulte más seguro, se prevé que el valor máximo de etapas n se escoge de forma que n-d < 0,71-p. Con esta elección, un espía que capturase todos los estados sin ser detectado tampoco podría averiguar la contraseña, ya que el espacio de n estados de dimensión D = 2d tiene dimensión 2"'d . Mientras n-d sea menor que 0,71-p ningún proceso de codificación y decodificación permite recuperar k bits más que con una probabilidad de 2~k . La parte fundamental del procedimiento es la codificación de la secuencia c ' en un estado cuántico. En el equipo de usuario de la invención, la codificación se realiza sobre el estado cuántico de un único fotón. La codificación de c ' se puede realizar o bien mediante una codificación temporal que module la forma de onda de un único fotón generando diferentes desfases en ventanas de tiempo predefinidas (H.P. Specht, J. Bochmann, M. Mücke, B. Weber, E. Figueroa, D.L. Moehring y G. Rempe, Phase shaping of single-photon wave packets, Nature Photonics, 3 ( 8 ) : 469-472 , 2009) , o bien mediante una codificación en el momento orbital angular de un único fotón (G. Molina-Terriza, J. P. Torres y L. Torner, Management of the angular momentum of light: Preparation of photons in multidimensional vector states of angular momentum, Physical Review Letters, 88(1) : 013601, Dec 2001) . En la descripción de la implementación preferida se detallan estos dos métodos de codificación. La invención se refiere también al equipo de usuario que implementa el procedimiento descrito. El equipo, tal y como fue señalado, incluye dos partes: un módulo electrónico y un módulo óptico. El módulo electrónico está formado por una memoria y un procesador. La memoria almacena las secuencias con la contraseña c y la secuencia aleatoria a . El procesador se encarga de dirigir el procedimiento de autenticación. Sus tareas incluyen el análisis de los datos que llegan desde los detectores conectados al comparador para decidir si se prosigue el procedimiento o no y calcular la función lógica XOR bit a bit de c y a para generar la cadena c ' que determina una señal de control que se aplica a un generador de estados cuánticos del módulo óptico. El módulo óptico comprende un comparador de estados cuánticos, un generador de estados cuánticos y un bloque detector situado a la salida del comparador que se conectan al módulo electrónico. El bloque detector comprende al menos dos elementos de detección . Furthermore, in order for the process of the invention to be safer, it is envisioned that the maximum value of stages n is chosen such that nd <0.71-p. With this choice, a spy who captures all the states without being detected could not find out the password either, since the space of n states of dimension D = 2 d has dimension 2 "'d . As long as nd is less than 0.71-p no coding and decoding process can recover k bits more than with a probability of 2 ~ k . The fundamental part of the procedure is the coding of the sequence c 'in a quantum state. In the user equipment of the invention, the coding is performed on the quantum state of a single photon. The coding of c 'can be done either by a temporary coding that modulates the waveform of a single photon generating different phase shifts in predefined time windows (HP Specht, J. Bochmann, M. Mücke, B. Weber, E. Figueroa, DL Moehring and G. Rempe, Phase shaping of single-photon wave packets, Nature Photonics, 3 (8): 469-472, 2009), or by coding in the ang orbital moment single photon ular (G. Molina-Terriza, JP Torres and L. Torner, Management of the angular momentum of light: Preparation of photons in multidimensional vector states of angular momentum, Physical Review Letters, 88 (1): 013601, Dec 2001). These two coding methods are detailed in the description of the preferred implementation. The invention also relates to the user equipment that implements the described procedure. The equipment, as indicated, includes two parts: an electronic module and an optical module. The electronic module consists of a memory and a processor. The memory stores the sequences with the password c and the random sequence a. The processor is responsible for directing the authentication procedure. Their tasks include the analysis of the data that arrives from the detectors connected to the comparator to decide if the procedure is continued or not and calculate the logical function XOR bit by bit of cya to generate the c 'string that determines a control signal that is Applies to a quantum state generator of the optical module. The optical module comprises a quantum state comparator, a quantum state generator and a detector block located at the output of the comparator that are connected to the electronic module. The detector block comprises at least two detection elements.
El comparador de estados cuánticos es un dispositivo óptico con dos entradas y dos salidas. Las entradas incluyen una conexión al exterior por la que llega el fotón del equipo solicitante con el estado que codifica su secuencia c ' y una conexión interna al generador de estados cuánticos. Cada puerto de salida del comparador está conectado a un elemento detector, que, a su vez, está conectado al procesador. Si los estados son iguales se deduce que las secuencias coinciden. El comparador funciona de manera probabilista . Dos estados diferentes pueden clasificarse como iguales, pero siempre con una probabilidad menor que uno. Dos estados iguales siempre superan la comprobación. Siguiendo el procedimiento de la invención, se puede emplear esta comparación parcial para ofrecer un sistema de comprobación tan fiable como se desee. The quantum state comparator is an optical device with two inputs and two outputs. The inputs include an external connection through which the photon of the requesting equipment arrives with the state that encodes its c 'sequence and an internal connection to the quantum state generator. Each output port of the comparator is connected to a detector element, which, in turn, is connected to the processor. If the states are equal, it follows that the sequences coincide. The comparator works in a probabilistic way. Two different states can be classified as equal, but always with a probability less than one. Two equal states always pass the check. Following the process of the invention, this partial comparison can be used to provide a reliable testing system as desired.
De acuerdo con el procedimiento descrito, se prevé que el comparador pueda estar constituido por un divisor de haz o por un acoplador de fibra óptica. En cualquiera de los dos casos, dichos comparadores se encuentran configurados para producir una interferencia óptica entre los caminos de los dos fotones aplicados en su entrada. La comparación se realiza mediante el efecto Hong-Ou-Mandel (C. K. Hong, Z. Y. Ou y L . Mande1,. Measurement of subpicosecond time intervals between two photons by interference, Physical Review Letters, 59 (18) : 2044-2046, Nov 1987) de forma que, si los dos estados son iguales, la interferencia entre caminos hace que los dos fotones tomen la misma salida. Si los fotones a la entrada del comparador tienen estados distintos, es posible encontrar los fotones en distintas salidas. According to the described procedure, it is envisioned that the comparator may be constituted by a beam splitter or by a fiber optic coupler. In either case, these comparators are configured to produce an optical interference between the paths of the two photons applied at its entrance. The comparison is made using the Hong-Ou-Mandel effect (CK Hong, ZY Ou and L. Mande1, Measurement of subpicosecond time intervals between two photons by interference, Physical Review Letters, 59 (18): 2044-2046, Nov 1987 ) so that, if the two states are equal, the interference between paths causes the two photons to take the same output. If the photons at the input of the comparator have different states, it is possible to find the photons at different outputs.
Los detectores del equipo de usuario son detectores de fotones individuales que pueden ser, por ejemplo, fotodiodos de avalancha (APD) convencionales. Los detectores se colocan en los dos puertos de salida del comparador. Esta configuración de los detectores indica al procesador si los caminos de salida de los dos fotones coinciden o no. El procesador está configurado para parar la autenticación cuando los puertos de salida son distintos y para generar un nuevo estado cuando los dos fotones activan el mismo
Figure imgf000011_0001
User equipment detectors are individual photon detectors that can be, for example, conventional avalanche photodiodes (APD). The detectors are placed in the two output ports of the comparator. This configuration of the detectors indicates to the processor if the output paths of the two photons coincide or not. The processor is configured to stop authentication when the output ports are different and to generate a new state when the two photons activate the same
Figure imgf000011_0001
detector, repitiendo la etapa de comparación con nuevos estados hasta un número de veces n, según fue comentado
Figure imgf000011_0002
detector, repeating the comparison stage with new states up to a number of times n, as commented
Figure imgf000011_0002
anteriormente . previously .
El generador de estados cuánticos comprende un bloque de control, un láser, un modulador, un atenuador y un conmutador. El bloque de control recibe la señal de control generada por el procesador y dirige la acción del modulador y del conmutador. El láser genera estados de baja intensidad que pasan al modulador. El modulador está gobernado por el bloque de control y se encarga de codificar la secuencia c ' en los estados generados por el láser. La invención prevé que el modulador pueda ser un modulador óptico que actúe sobre la fase o un modulador con momento orbital angular, de acuerdo con lo descrito para el procedimiento. Tras el modulador se encuentra un atenuador con un factor de atenuación escogido para que a su salida el número medio de fotones sea menor o igual que uno. De este modo, el estado de salida tendrá un fotón o menos. Al final del generador se incluye un conmutador. El conmutador dirige el fotón hacia dos posibles salidas en función de la señal de control. La elección de la salida del conmutador permite usar el mismo equipo para el usuario que actúa como solicitante y el usuario que actúa como verificador. Una de las salidas previstas lleva el estado cuántico que codifica c ' al comparador. En este caso el equipo funciona como verificador. El estado generado localmente se compara con el estado procedente del solicitante. La segunda salida está conectada al exterior de modo que puede entregarse el estado que codifica c ' a un equipo de usuario verificador externo en el que se realizaría la comparación descrita en el procedimiento. En la realización preferente de la invención el modulador óptico para la codificación temporal es un modulador de fibra óptica configurado para introducir desfases diferentes en períodos de tiempo predefinidos. El modulador con momento orbital angular comprende un bloque de generación de estados con un holograma y un prisma de Dove . El holograma puede generarse con técnicas fotográficas convencionales de modo que genere un estado inicial | Φ0 ) = con un
Figure imgf000012_0001
The quantum state generator comprises a control block, a laser, a modulator, an attenuator and a switch. The control block receives the control signal generated by the processor and directs the action of the modulator and the switch. The laser generates low intensity states that pass to the modulator. The modulator is governed by the control block and is responsible for coding the sequence c 'in the states generated by the laser. The invention provides that the modulator can be an optical modulator that acts on the phase or a modulator with angular orbital moment, in accordance with the procedure described. After the modulator is an attenuator with an attenuation factor chosen so that at its output the average number of photons is smaller or same as one In this way, the output state will have a photon or less. A switch is included at the end of the generator. The switch directs the photon to two possible outputs depending on the control signal. The choice of switch output allows the same equipment to be used for the user who acts as the applicant and the user who acts as the verifier. One of the planned outputs carries the quantum state coding c 'to the comparator. In this case the equipment works as a verifier. The locally generated status is compared with the status from the applicant. The second output is connected to the outside so that the status encoding c 'can be delivered to an external verifying user equipment in which the comparison described in the procedure would be performed. In the preferred embodiment of the invention, the optical modulator for temporal coding is an optical fiber modulator configured to introduce different offsets in predefined periods of time. The angular orbital moment modulator comprises a state generation block with a hologram and a Dove prism. The hologram can be generated with conventional photographic techniques so that it generates an initial state | Φ 0 ) = with a
Figure imgf000012_0001
momento orbital angular a . El estado que sale del holograma se dirige a un prisma de Dove convencional rotado un ángulo angular orbital moment a. The state that leaves the hologram is directed to a conventional Dove prism rotated at an angle
2nC'  2nC '
a= . La rotación esta controlada por el bloque de control para generar un estado simétrico x¥' = ^='í_0 e v \ ), según fue descrito. a =. The rotation is controlled by the control block to generate a symmetrical state x ¥ '= ^ = 'í _ 0 ev \), as described.
En el procedimiento de la invención, se indicó que la secuencia aleatoria a podía generarse en el propio equipo de usuario. En ese caso, la secuencia aleatoria se genera mediante el generador de estados, el comparador, el detector y el procesador, de forma convencional, como se describe en mayor detalle en el ejemplo de realización de la invención. De acuerdo con la descripción realizada, cabe la posibilidad de sufrir un ataque en el que el atacante no introduzca ningún fotón. Aunque el atacante no puede descubrir la contraseña c , al haber sólo un fotón en una de las salidas del comparador se activa un único detector y el verificador puede llegar a interpretar que el atacante conoce la contraseña c . In the process of the invention, it was indicated that the random sequence could be generated in the user equipment itself. In that case, the random sequence is generated by the state generator, the comparator, the detector and the processor, in a conventional manner, as described in greater detail in the embodiment of the invention. According to the description given, it is possible to suffer an attack in which the attacker does not introduce any photon. Although the attacker cannot discover the password c, having only one photon in one of the comparator outputs activates a single detector and the verifier can interpret that the attacker knows the password c.
Para evitar este inconveniente la invención incluye un bloque que realiza la cuenta de fotones presentes. De este modo se puede detectar cuándo ha ocurrido un ataque por ausencia de fotones. Para ello se utiliza una pluralidad de etapas con comparadores, cuya última etapa está conectada a una pluralidad de elementos detectores. El número de comparadores se duplica en cada etapa. Cada una de las salidas del primer comparador se conecta a un comparador, cuyas salidas a su vez se conectan a otros dos comparadores y asi sucesivamente hasta la última etapa de comparadores, que tienen un detector en cada una de sus salidas. El número de elementos de detección es el doble del número de comparadores de la última etapa. Para realizar la cuenta sin errores, la entrada libre de los comparadores adicionales se encuentra bloqueada. El procesador está configurado para parar la autenticación al detectar una suma de fotones diferente de dos o cero en una sola rama, entendiéndose por rama cada una de las dos salidas del primer comparador y las diferentes ramificaciones que comporta cada una de las etapas. En caso de que el procesador detecte una suma de fotones correcta realiza la autenticación. De este modo se evita un ataque por falta de fotones. Si el equipo solicitante no envía ningún fotón, la suma de fotones en todas las ramas será uno en vez de dos. To avoid this inconvenience, the invention includes a block that counts the present photons. In this way it can be detected when an attack has occurred due to the absence of photons. For this, a plurality of stages with comparators are used, the last stage of which is connected to a plurality of detector elements. The number of comparators is doubled at each stage. Each of the outputs of the first comparator is connected to a comparator, whose outputs in turn are connected to two other comparators and so on until the last stage of comparators, which have a detector in each of its outputs. The number of detection elements is twice the number of comparators of the last stage. To realize the account without errors, the free entry of the additional comparators is blocked. The processor is configured to stop the authentication by detecting a sum of photons different from two or zero in a single branch, each branch being understood as each of the two outputs of the first comparator and the different ramifications that each of the stages entails. In case the processor detects a correct sum of photons, it performs the authentication. This prevents an attack due to lack of photons. If the requesting team does not send any photons, the sum of photons in all branches will be one instead of two.
A continuación, para facilitar una mejor comprensión de esta memoria descriptiva, y formando parte integrante de la misma, se acompaña una serie de figuras en las que con carácter ilustrativo y no limitativo se ha representado el objeto de la invención. BREVE ENUNCIADO DE LAS FIGURAS Next, in order to facilitate a better understanding of this specification, and being an integral part thereof, a series of figures are attached in which the object of the invention has been shown as an illustrative and non-limiting nature. BRIEF STATEMENT OF THE FIGURES
Figura 1.- Muestra un diagrama de bloques funcional de un posible ejemplo de realización de un equipo de usuario para realizar la comprobación de contraseña de acuerdo con la invención. Figure 1.- Shows a functional block diagram of a possible embodiment of a user equipment for performing the password check according to the invention.
Figura 2.- Muestra un posible ejemplo de realización del generador de estados cuánticos de la figura anterior en el que se emplea un modulador óptico para fibra óptica. Figure 2.- Shows a possible embodiment of the quantum state generator of the previous figure in which an optical modulator for optical fiber is used.
Figura 3.- Muestra otro posible ejemplo de realización del modulador de la invención de la figura 1. En este caso el modulador es un modulador con momento orbital angular. Figure 3.- Shows another possible embodiment of the modulator of the invention of Figure 1. In this case the modulator is a modulator with angular orbital moment.
Figura 4.- Muestra una representación esquemática de una realización de la invención en la que se incorporan una pluralidad de comparadores y detectores para evitar un ataque por falta de fotones. No se ha representado ni la memoria del procesador ni el generador de fotones para simplificar la figura . Figure 4.- Shows a schematic representation of an embodiment of the invention in which a plurality of comparators and detectors are incorporated to avoid an attack due to lack of photons. Neither the processor memory nor the photon generator has been represented to simplify the figure.
DESCRIPCIÓN DE LA FORMA DE REALIZACIÓN PREFERIDA DESCRIPTION OF THE PREFERRED EMBODIMENT
A continuación se realiza una descripción de la invención basada en las figuras anteriormente comentadas. Below is a description of the invention based on the figures mentioned above.
El procedimiento de la invención se describe suponiendo dos usuarios con sus correspondientes equipos 1, un usuario solicitante con su equipo solicitante S y un usuario verificador con su equipo verificador V. Se parte de una fase previa en la que los equipos de usuario 1 almacenan la contraseña c constituida por una secuencia de p bits que se desea comprobar en una memoria 6a de un procesador 6 de los respectivos equipos de usuario 1, según se muestra en la figura 1. Se detalla el procedimiento de la invención para el caso en el que el equipo solicitante S se identifica ante el equipo verificador V. El equipo solicitante S es quien debe demostrar que tiene la misma secuencia de bits c que el equipo verificador V. Todas las fases son iguales para el caso contrario intercambiando las funciones de S y V. Si ambos usuarios deben convencer al otro de que poseen la contraseña, es preferible establecer turnos con rondas de identificación intercaladas para detectar de forma temprana a un posible usuario deshonesto. El procedimiento consiste en la repetición de cinco fases: The method of the invention is described by assuming two users with their corresponding equipment 1, a requesting user with their requesting equipment S and a verification user with their verification equipment V. It starts from a previous phase in which the user equipment 1 stores the password c consisting of a sequence of p bits that it is desired to check in a memory 6a of a processor 6 of the respective user equipment 1, as shown in figure 1. The procedure of the invention is detailed for the case in which the requesting equipment S is identified before the verifying equipment V. The requesting equipment S is the one who must demonstrate that it has the same sequence of bits c as the Verifying equipment V. All phases are the same for the opposite case by exchanging the functions of S and V. If both users must convince the other that they have the password, it is preferable to establish shifts with interleaved identification rounds to detect early to a Possible dishonest user. The procedure consists in the repetition of five phases:
En la primera fase, S y V generan con untamente una secuencia aleatoria a de p bits, tal y como será descrito con posterioridad, de forma que ambos la almacenan en sus respectivas memorias 6a. En el ejemplo de realización la secuencia a es una secuencia pública. In the first phase, S and V generate only a random sequence a of p bits, as will be described later, so that both store it in their respective memories 6a. In the exemplary embodiment sequence a is a public sequence.
- A continuación, en la segunda fase, S y V calculan la función lógica XOR bit a bit de la contraseña c y de la secuencia aleatoria a generando una clave nueva c ' = c e a . - Then, in the second phase, S and V calculate the logical function XOR bit by bit of the password c and the random sequence a by generating a new key c '= c e a.
- En la tercera fase, S y V codifican c ' en los estados y de un sistema cuántico con D = 2d estados. En la implementación preferente estos estados se corresponden con estados de fotones individuales. Si los dos equipos conocen la contraseña, generan estados idénticos . Se debe escoger un d mucho menor que p para proteger la contraseña. Una posible codificación es la que asigna cada secuencia de la clave c ' a un estado simétrico de la forma - In the third phase, S and V encode c 'in the states and of a quantum system with D = 2 d states. In the preferred implementation these states correspond to individual photon states. If both teams know the password, they generate identical states. You must choose a much smaller d than p to protect the password. A possible coding is the one that assigns each sequence of the key c 'to a symmetric state of the form
Ψε ^ = -7=^._o e v |z , donde c es el número que tiene como representación binaria la secuencia de la clave c' . Ψ ε ^ = -7 = ^ . _ or e v | z, where c is the number that has the sequence of the key c 'as binary representation.
- En la cuarta fase, el equipo de usuario solicitante S entrega su estado al equipo verificador V. - In the fourth phase, the requesting user equipment S delivers its status to the verification device V.
- En la quinta fase el equipo V realiza una comparación entre el estado recibido y el estado generado localmente en la tercera fase, mediante un comparador cuántico 3. De esta forma, si el resultado de la comparación es positivo, se continúa el procedimiento de autenticación y, si es negativo, se aborta y se considera que S no posee la contraseña c . El procedimiento de comprobación, con todas las fases mencionadas, se repite n veces escogiendo una nueva secuencia aleatoria a . El valor de n se estima en función de la seguridad deseada. Este procedimiento se implementa mediante equipos de usuario 1 con una entrada 2 por la que llegan los estados del solicitante S hasta un comparador de estados cuánticos 3 donde interfiere con el estado local procedente de un generador de estados cuánticos 8. El comparador de estados 3 está conectado a un bloque de detección 4 con dos detectores 5 que indican al procesador 6 si los caminos de salida de los fotones coinciden o no . El procesador 6 contiene la memoria 6a que almacena las secuencias a y c y, a partir de ellas, es capaz de calcular la secuencia c' descrita en el procedimiento. Tomando como referencia esa secuencia c ' , el procesador 6 genera una señal de control 7 que dirige el funcionamiento del generador de estados cuánticos 8. El generador de estados cuánticos 8 tiene dos salidas, 9 y 10. La salida 9 se conecta con el comparador 3 y la salida 10 se conecta con el exterior 11, que es la salida del equipo de usuario 1 para los escenarios en los que el usuario y su equipo actúan como solicitante y entrega sus estados al equipo de usuario verificador. - In the fifth phase the device V makes a comparison between the received state and the locally generated state in the third phase, by means of a quantum comparator 3. In this way, if the result of the comparison is positive, the authentication procedure is continued and, if negative, it is aborted and it is considered that S does not have the password c. The verification procedure, with all the mentioned phases, is repeated n times choosing a new random sequence a. The value of n is estimated based on the desired security. This procedure is implemented by user equipment 1 with an input 2 through which the states of the applicant S reach a quantum state comparator 3 where it interferes with the local state from a quantum state generator 8. The state comparator 3 is connected to a detection block 4 with two detectors 5 that indicate to the processor 6 whether the photon output paths coincide or not. The processor 6 contains the memory 6a that stores the aycy sequences, from them, it is able to calculate the sequence c 'described in the procedure. Taking that sequence c 'as a reference, the processor 6 generates a control signal 7 that directs the operation of the quantum state generator 8. The quantum state generator 8 has two outputs, 9 and 10. The output 9 is connected to the comparator 3 and the output 10 is connected to the outside 11, which is the output of the user equipment 1 for the scenarios in which the user and his team act as the applicant and deliver their status to the verifying user equipment.
El generador de estados cuánticos 8 codifica la secuencia c ' en fotones individuales de acuerdo con distintas codificaciones con los esquemas que se muestran en las figuras 2 y 3. Asi en la figura 2 se muestra una configuración del generador de estados cuánticos 8 en la que la modulación se basa en la modificación de la forma de onda de un fotón en distintos instantes (codificación temporal) . En el ejemplo de la figura 3 el generador de estados cuánticos 8 se basa en una codificación en el momento orbital angular de un único fotón. Estos generadores serán descritos en mayor detalle más adelante. La comparación entre los estados se produce en el comparador 3 que tiene como entradas el estado , generado localmente en el bloque de generación de estados 8, y el estado que se recibe de un solicitante en el exterior y que entra en el equipo de usuario 1 a través de la entrada 2. El bloque detector 4 está constituido por dos fotodiodos de avalancha APD 5, ambos conectados al procesador 6. El procesador 6, en función de si los dos detectores 5 se activan a la vez o no, decide si debe parar el procedimiento o seguir con él. El estado local se genera según los contenidos a y c de la memoria 6a. The quantum state generator 8 encodes the sequence c 'in individual photons according to different encodings with the schemes shown in Figures 2 and 3. Thus in Figure 2 a configuration of the quantum state generator 8 is shown in which Modulation is based on the modification of the waveform of a photon at different times (time coding). In the example of Figure 3 the quantum state generator 8 is based on an angular orbital moment coding of a single photon. These generators will be described in greater detail below. The comparison between the states occurs in the comparator 3 whose inputs are the state, generated locally in the state generation block 8, and the state that is received from an outside applicant and that enters user equipment 1 through input 2. The block Detector 4 consists of two APD 5 avalanche photodiodes, both connected to processor 6. The processor 6, depending on whether the two detectors 5 are activated at the same time or not, decides whether to stop the procedure or continue with it. The local state is generated according to the contents a and c of memory 6a.
El funcionamiento del comparador 3 se basa en el efecto Hong-Ou-Mandel , que ocurre cuando los caminos de dos fotones interfieren en un dispositivo óptico, como por ejemplo puede ser un divisor de haz o un acoplador de fibra. Sólo dos fotones que tengan el mismo estado presentan la máxima interferencia. En la figura 1 se muestra un ejemplo en el que la comparación se realiza mediante un comparador de fibra óptica en el que la interferencia entre fotones tiene lugar en un acoplador de fibra óptica. En la codificación con momento orbital angular la interferencia ocurre en un divisor de haz (beamsplitter) con una transmitividad del 50%. The operation of the comparator 3 is based on the Hong-Ou-Mandel effect, which occurs when the paths of two photons interfere with an optical device, such as a beam splitter or a fiber coupler. Only two photons that have the same state have maximum interference. An example is shown in Figure 1 in which the comparison is made by means of a fiber optic comparator in which the interference between photons takes place in a fiber optic coupler. In the coding with angular orbital moment the interference occurs in a beam splitter (beamsplitter) with a transmissivity of 50%.
La probabilidad de que los dos fotones de entrada salgan por el mismo puerto de salida es del 100% para estados idénticos. Para un número grande de estados cuánticos posibles, la probabilidad de que los fotones de dos estados escogidos al azar salgan por puertos diferentes es del 50%. Los diodos de avalancha 5 de detección de fotones distinguen estos dos casos al encontrarse colocados en las salidas del comparador 3. El procesador 6 interpreta los datos y está configurado para dirigir el procedimiento de autenticación. Si los dos detectores 5 encuentran un fotón, los estados son diferentes y el procesador 6 acaba con el proceso de comprobación. Por el contrario, si sólo se activa uno de los detectores 5, se continúa la comprobación usando un nuevo valor de secuencia aleatoria a . Tras n comprobaciones, la probabilidad de que el equipo S no tenga la contraseña es exponencialmente pequeña, del orden de 2 " . The probability that the two input photons leave through the same output port is 100% for identical states. For a large number of possible quantum states, the probability that photons from two randomly chosen states will exit through different ports is 50%. The photon detection avalanche diodes 5 distinguish these two cases when they are placed in the outputs of the comparator 3. The processor 6 interprets the data and is configured to direct the authentication procedure. If the two detectors 5 find a photon, the states are different and the processor 6 ends the verification process. On the contrary, if only one of the detectors 5 is activated, the checking is continued using a new random sequence value a. After n checks, the probability that the device S does not have the password is exponentially small, of the order of 2 ".
Tal y como se ha comentado, para el generador de estados cuánticos 8 se sugieren dos posibles realizaciones en las figuras 2 y 3. En el ejemplo de realización de la figura 2, el generador de estados cuánticos 8 comprende un bloque de control 12 en el que se recibe la secuencia de control 7 procedente del procesador 6 para gobernar el funcionamiento de un modulador óptico 14. El modulador óptico 14 es un modulador de fibra óptica que introduce desfases diferentes en ventanas de tiempo predefinidas y actúa sobre la señal de un láser 13 que genera una señal óptica de baja potencia que tras la modulación lleva la información de la secuencia c' . Tras el modulador óptico 14, el estado codificado pasa por un atenuador 15 ajustado para que el estado a la salida del generador de estados cuánticos 8 tenga, en promedio, un fotón o menos. Mediante un conmutador 16 se dirige el fotón con el estado final hacia la salida 9 o 10 en función de la información de control 7. Se toma la salida 9 cuando el comparador 3 se utiliza para comprobar contraseñas de un usuario externo. Se escoge la salida 10 cuando el usuario local genera fotones para que un usuario externo los compruebe . As mentioned, for the quantum state generator 8 two possible embodiments are suggested in Figures 2 and 3. In the exemplary embodiment of Figure 2, the quantum state generator 8 comprises a control block 12 in the that the control sequence 7 from the processor 6 is received to govern the operation of an optical modulator 14. The optical modulator 14 is a fiber optic modulator that introduces different phase shifts in predefined time windows and acts on the signal of a laser 13 which generates a low power optical signal that after the modulation carries the information of the sequence c '. After the optical modulator 14, the encoded state passes through an attenuator 15 adjusted so that the state at the output of the quantum state generator 8 has, on average, a photon or less. Using a switch 16, the photon with the final state is directed to the output 9 or 10 depending on the control information 7. The output 9 is taken when the comparator 3 is used to check passwords of an external user. Output 10 is chosen when the local user generates photons for an external user to check.
En la figura 3 se muestra otro posible ejemplo de realización del generador de estados 8 que presenta una configuración similar a la de la figura 2, pero, en este caso, con un modulador con momento orbital 14a que codifica la información en el momento orbital angular de un fotón. El modulador 14a está constituido Figure 3 shows another possible embodiment of the state generator 8 that has a configuration similar to that of Figure 2, but, in this case, with a modulator with orbital moment 14a that encodes the information at the angular orbital moment of a photon. The modulator 14a is constituted
etapa se crea una superposiciónstage an overlay is created
Figure imgf000018_0001
Figure imgf000018_0001
de estados base \ή con un momento orbital angular a . En este sentido cabe señalar que existen diferentes técnicas para generar estos estados de forma convencional (G. Molina- Terriza, J. P. Torres y L. Torner, Management of the angular momentum of light: Preparation of photons in multidimensional vector states of angular momentum, Physical Review Letters, 88 (1) : 013601, Dec 2001), (S. Slussarenko, E. Karimi, B. Piccirillo, L. Marrucci y E. Santamato, Efficient generation and control of different-order orbital angular momentum states for communication links, Journal of the Optical Society of America A, 28(1) : 61-65, Jan 2011) . En la figura 3 se propone un ejemplo en el que se emplea un bloque de generación de estados con un holograma 17 que puede generarse con técnicas fotográficas convencionales. En la segunda parte de la modulación, se dirige la superposición de estados a un prisma de Dove convencional 18 rotado un ángulo a= . of base states \ ή with an angular orbital moment a. In this sense it should be noted that there are different techniques to generate these states in a conventional way (G. Molina-Terriza, JP Torres and L. Torner, Management of the angular momentum of light: Preparation of photons in multidimensional vector states of angular momentum, Physical Review Letters, 88 (1): 013601, Dec 2001), (S. Slussarenko, E. Karimi, B. Piccirillo, L. Marrucci and E. Santamato, Efficient generation and control of different-order angular orbital momentum states for communication links, Journal of the Optical Society of America A, 28 (1): 61-65, Jan 2011). An example is proposed in Figure 3 in which a state generation block with a hologram 17 is used that can be generated with conventional photographic techniques. In the second part of the modulation, the superposition of states is directed to a conventional Dove prism 18 rotated an angle a =.
iP  iP
El ángulo de rotación se ajusta en función de las indicaciones de la señal de control 7 generada por el procesador 6. Tras el prisma de Dove 18 y el atenuador 15, se
Figure imgf000019_0001
The rotation angle is adjusted according to the indications of the control signal 7 generated by the processor 6. After the Dove prism 18 and the attenuator 15,
Figure imgf000019_0001
Tal y como se ha comentado, la invención prevé que los equipos de usuario 1 generen de forma conjunta una secuencia aleatoria a nueva para cada una de las diferentes comparaciones a realizar. La secuencia a debe ser diferente en cada comprobación para evitar un ataque de repetición en el que un usuario deshonesto que no conoce la contraseña captura y almacena un estado válido de un usuario que si conoce la contraseña y lo utiliza posteriormente para hacerse pasar por él. Para establecer la secuencia común a , los usuarios generan por turnos 1 bit de la secuencia a y lo comunican al otro participante. Basta con que uno de los usuarios sea honesto para que la secuencia a no se repita en diferentes rondas y, por lo tanto, no pueda usarse un ataque de repetición. S y V pueden usar distintos generadores de números aleatorios. El equipo de usuario 1 está configurado para generar los números aleatorios cuánticos según se conoce en el estado de la técnica. La generación de números aleatorios cuánticos se basa en el carácter intrínsecamente probabilístico de la medida cuántica y se puede implementar con equipos ópticos como por ejemplo se describe en los documentos de Patente US6249009, WO 2007124089, JP 2033-36188 A, EP 2013706B1 y US 6393448. As mentioned, the invention provides that user equipment 1 jointly generate a new random sequence for each of the different comparisons to be made. The sequence a must be different in each check to avoid a repeat attack in which a dishonest user who does not know the password captures and stores a valid state of a user who does know the password and subsequently uses it to impersonate him. To establish the common sequence a, users in turn generate 1 bit of the sequence and communicate it to the other participant. It is enough that one of the users is honest so that the sequence is not repeated in different rounds and, therefore, a repetition attack cannot be used. S and V can use different random number generators. User equipment 1 is configured to generate quantum random numbers as known in the state of the art. The generation of quantum random numbers is based on the intrinsically probabilistic nature of quantum measurement and can be implemented with optical equipment as described in US Patent documents 6249009, WO 2007124089, JP 2033-36188 A, EP 2013706B1 and US 6393448.
Asi, con el equipo representado en la figura 1, cada usuario puede generar un fotón localmente con el generador de estados 8 y cerrar la entrada 2 de forma que la probabilidad de detectar el fotón en cada uno de los detectores 5 es del 50%. Por cada fotón generado se produce un bit aleatorio en función del detector 5 que se active, de forma que el procesador 6 asigna un 0 si se activa el detector superior y un 1 si se activa el inferior. La configuración básica descrita de la invención es vulnerable a un ataque en el que el usuario de un equipo S no introduce ningún fotón. Aunque no puede descubrir la contraseña c , al haber sólo un fotón nunca se activarán los dos detectores 5 y V puede llegar a creer que S conoce la contraseña c . Si los detectores 5 pueden contar el número de fotones presentes, este ataque puede ser detectado. Para evitar el ataque, la invención prevé el uso de una pluralidad de etapas de comparadores 3 y una pluralidad de detectores 5 de forma que el número de salidas se multiplica por 2 con cada etapa de 3, según se representa en la figura 4. Cada salida del comparador 3 se conecta a un comparador adicional. Los nuevos comparadores, a su vez, tienen sus salidas conectadas a una nueva etapa de comparadores. Esta ramificación de las salidas puede repetirse varias veces. Todos los comparadores adicionales tienen una de sus entradas bloqueada, de modo que sólo reciben los fotones que provienen del primer comparador 3. La probabilidad de que dos fotones acaben en el mismo puerto de salida puede hacerse tan pequeña como se desee añadiendo varias etapas de comparadores 3. Si se coloca un detector a cada salida de los comparadores 3 de la última etapa, se puede estimar cuántos fotones han salido por las ramas superior e inferior del primer comparador 3. El procesador 6 analiza los resultados y, si la suma de fotones detectados en cada una de las dos ramas del primer comparador 3 es 2 o 0, continúa con el procedimiento de autenticación. Si los detectores 5 correspondientes a una de las dos ramas encuentran un número de fotones distinto de 2 o 0, se considera que el usuario S no conoce la contraseña y se aborta el procedimiento. Este requisito se puede relajar si hay una probabilidad alta de que durante la medida se pierda algún fotón ya sea por pérdidas en el sistema o porque se generan estados coherentes con mucho menos de un fotón en promedio. Esta configuración capaz de estimar el número de fotones permite, por lo tanto, evitar un ataque por ausencia de fotones. Thus, with the equipment represented in Figure 1, each user can generate a photon locally with the state generator 8 and close the input 2 so that the probability of detecting the photon in each of the detectors 5 is 50%. For each generated photon a random bit is produced depending on the detector 5 that is activated, so that the processor 6 assigns a 0 if the upper detector is activated and a 1 if the lower one is activated. The described basic configuration of the invention is vulnerable to an attack in which the user of a device S does not introduce any photon. Although you cannot discover the password c, having only one photon will never activate the two detectors 5 and V may come to believe that S knows the password c. If the detectors 5 can count the number of photons present, this attack can be detected. To prevent attack, the invention provides for the use of a plurality of comparator stages 3 and a plurality of detectors 5 so that the number of outputs is multiplied by 2 with each stage of 3, as shown in Figure 4. Each Comparator 3 output is connected to an additional comparator. The new comparators, in turn, have their outputs connected to a new stage of comparators. This branching of the outputs can be repeated several times. All additional comparators have one of their inputs blocked, so that they only receive the photons that come from the first comparator 3. The probability that two photons end up in the same output port can be made as small as desired by adding several comparator stages 3. If a detector is placed at each output of the comparators 3 of the last stage, it is possible to estimate how many photons have exited the upper and lower branches of the first comparator 3. The processor 6 analyzes the results and, if the sum of photons detected in each of the two branches of the first comparator 3 is 2 or 0, continue with the authentication procedure. If the detectors 5 corresponding to one of the two branches find a number of photons other than 2 or 0, it is considered that user S does not know the password and the procedure is aborted. This requirement can be relaxed if there is a high probability that during the measurement some photon is lost either by losses in the system or because coherent states are generated with much less than one photon on average. This configuration capable of estimating the number of photons allows, therefore, to avoid an attack due to the absence of photons.

Claims

REIVI DICACIONES REIVI DICATIONS
1.- PROCEDIMIENTO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS que comprende : una fase previa de almacenamiento de una contraseña c constituida por una secuencia de p bits en unos equipos de usuario donde se lleva a cabo el procedimiento de autenticación; caracterizado por que además comprende etapas repetidas de comparación con las siguientes fases: 1.- QUANTIC PASSWORD AUTHENTICATION PROCEDURE comprising: a previous phase of storing a password c constituted by a sequence of p bits in user equipment where the authentication procedure is carried out; characterized in that it also comprises repeated stages of comparison with the following phases:
- una primera fase de generación y almacenamiento en los equipos de usuario de una secuencia aleatoria a de p bits compartida; - a first phase of generation and storage in the user equipments of a random sequence to shared p bits;
- una segunda fase en la que cada equipo de usuario calcula la función lógica XOR bit a bit correspondiente a la contraseña c y a la secuencia aleatoria a y genera una nueva secuencia c'=cea; - a second phase in which each user equipment calculates the logical function XOR bit by bit corresponding to the password c and the random sequence a and generates a new sequence c '= cea;
- una tercera fase en la que cada equipo de usuario codifica c' en estados cuánticos de un espacio de dimensión D = 2d , donde d es mucho menor que p; - una cuarta fase en la que un equipo de un usuario solicitante que desea identificarse entrega el estado cuántico que codifica la contraseña c' a un equipo de usuario verificador que debe autenticar la contraseña; una quinta fase en la que el equipo de usuario verificador que debe autenticar la contraseña compara el estado cuántico recibido con el generado en la tercera fase por dicho equipo de usuario verificador y, si no coinciden los estados cuánticos comparados, se aborta el proceso de autenticación y, si coinciden dichos estados cuánticos comparados, se continúa dicho proceso de autenticación; - a third phase in which each user equipment encodes c 'in quantum states of a space of dimension D = 2 d , where d is much smaller than p; - a fourth phase in which a team of a requesting user who wishes to identify himself delivers the quantum state encoding the password c 'to a verifying user equipment that must authenticate the password; a fifth phase in which the verifying user equipment that must authenticate the password compares the quantum state received with that generated in the third phase by said verifying user equipment and, if the compared quantum states do not match, the authentication process is aborted and, if said compared quantum states coincide, said authentication process is continued;
- en caso de continuar el proceso de autenticación se repiten las fases primera a quinta anteriores un numero preestablecido de veces n con una nueva secuencia aleatoria a considerando que la contraseña es válida si las n comparaciones son positivas. - in case of continuing the authentication process, Repeat the previous first to fifth phases a preset number of times n with a new random sequence considering that the password is valid if the n comparisons are positive.
2.- PROCEDIMIENTO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 1, caracterizado por que los equipos de usuario que actúan como solicitante y verificador cambian sus funciones en cada una de las n repeticiones de las fases primera a quinta, para que ambos usuarios puedan confirmar que el otro usuario conoce la contraseña. 2.- QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that the user equipment that acts as the applicant and verifier changes their functions in each of the n repetitions of the first to fifth phases, so that both users can confirm that the other user knows the password.
3. - PROCEDIMIENTO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 1, caracterizado por que la secuencia aleatoria a compartida es pública. 3. - QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that the random to shared sequence is public.
4. - PROCEDIMIENTO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 1, caracterizado por que d es menor que 0, 71-p. 4. - QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that d is less than 0.71-p.
5. - PROCEDIMIENTO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 1, caracterizado por que n-d es menor que 0 , 71-p. 5. - QUANTIC PASSWORD AUTHENTICATION PROCEDURE, according to claim 1, characterized in that n-d is less than 0.71-p.
6.- PROCEDIMIENTO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 1, caracterizado por que la codificación de c' en un estado cuántico está seleccionada entre una codificación temporal de la forma de onda de un único fotón mediante la generación de diferentes desfases en ventanas de tiempo predefinidas y una codificación en el momento orbital angular de un único fotón mediante la creación de una superposición uniforme de estados |Φ0)
Figure imgf000023_0001
y la de un estado simétrico 6. AUTHENTICATION PROCEDURE FOR QUANTIC PASSWORDS, according to claim 1, characterized in that the coding of c 'in a quantum state is selected from a temporary coding of the waveform of a single photon by generating different phase shifts in windows predefined time and an angular orbital moment coding of a single photon by creating a uniform superposition of states | Φ 0 )
Figure imgf000023_0001
and that of a symmetric state
donde c es el valor decimal de la
Figure imgf000023_0002
where c is the decimal value of the
Figure imgf000023_0002
secuencia de bits c' y \ή los estados base de fotones con momento orbital angular a . bit sequence c 'and \ ή the base states of photons with angular orbital moment a.
7.- EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS de acuerdo con el procedimiento de las reivindicaciones 1 a 6, que comprende medios de almacenamiento de una contraseña c constituida por una secuencia de p bits y de al menos una secuencia aleatoria a de p bits que comparten los equipos a autenticar, caracterizado por que comprende: 7.- QUANTIC PASSWORD AUTHENTICATION EQUIPMENT according to the procedure of claims 1 to 6, comprising means for storing a password c constituted by a sequence of p bits and at least one random sequence a of p bits shared by the equipment to be authenticated, characterized in that it comprises:
- un procesador (6) configurado para calcular la función lógica XOR bit a bit de la contraseña c y la secuencia aleatoria a y generar una señal de control (7) correspondiente al cálculo c'=cea realizado que se aplica a un generador de estados cuánticos (8) que codifica la secuencia c' en el estado cuántico de un fotón, que se dirige a - a processor (6) configured to calculate the logical XOR bit by bit function of the password c and the random sequence a and generate a control signal (7) corresponding to the calculation c '= cea performed that is applied to a quantum state generator ( 8) which encodes the sequence c 'in the quantum state of a photon, which is directed to
- un comparador de estados cuánticos (3) que compara un estado procedente de un equipo de usuario solicitante que desea identificarse y el estado que codifica c' y que proviene del generador de estados cuánticos (8) del propio equipo de usuario verificador que debe autenticar la contraseña, - a quantum state comparator (3) that compares a state from a requesting user equipment that it wishes to identify and the state that encodes c 'and that comes from the quantum state generator (8) of the verifying user equipment itself that must authenticate the password,
- un bloque detector (4) configurado para indicar cuándo los dos fotones de entrada al comparador (3) salen por el mismo puerto de salida de dicho comparador (3) y cuándo salen por puertos distintos, y - a detector block (4) configured to indicate when the two photons input to the comparator (3) exit through the same output port of said comparator (3) and when they exit through different ports, and
- estando el procesador (6), además, configurado para parar la autenticación cuando los puertos de salida del comparador (3) por los que salen los dos fotones son distintos y para generar un nuevo estado c' cuando los dos fotones salen por el mismo puerto, generando dichos nuevos estados c' hasta un número de veces n, previamente establecido, para realizar la autenticación. - the processor (6) being also configured to stop authentication when the output ports of the comparator (3) through which the two photons leave are different and to generate a new state c 'when the two photons exit through the same port, generating said new states c 'up to a number of times n, previously established, to perform the authentication.
8.- EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 7, caracterizado por que el comparador (3) está seleccionado entre un divisor de haz y un acoplador de fibra óptica configurados para producir una interferencia óptica entre los caminos de dos fotones aplicados en sus entradas y realizar la comparación de acuerdo con el efecto Hong-Ou-Mandel , donde cuando los estados son iguales los dos fotones salen por el mismo puerto de salida del comparador8. QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the comparator (3) is selected between a beam splitter and a fiber optic coupler configured to produce an optical interference between the paths of two photons applied in their inputs and make the comparison according to the Hong-Ou-Mandel effect, where when the states are equal the two photons leave through the same output port of the comparator
(3) con una probabilidad del 100% y donde cuando los estados son diferentes la probabilidad de que dos fotones salgan por el mismo puerto de salida son cercanas al 50%. (3) with a probability of 100% and where when the states are different the probability that two photons leave by the same output port are close to 50%.
9 . - EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS , según reivindicación 7, caracterizado por que el bloque detector9. - QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the detector block
(4) comprende elementos detectores (5) de fotones individuales conectados a cada uno de los puertos de salida del comparador (3) que se activan al detectar un fotón para indicar al procesador (6) cuándo se detectan fotones simultáneamente en ambos puertos de salida del comparador (3) y cuándo se detectan en uno solo de los puertos de salida del comparador (3) . (4) comprises detection elements (5) of individual photons connected to each of the comparator's output ports (3) that are activated when a photon is detected to indicate to the processor (6) when photons are detected simultaneously in both output ports of the comparator (3) and when they are detected in only one of the comparator's output ports (3).
10 . - EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS , según reivindicación 7, caracterizado por que el generador de estados cuánticos (8) comprende: un bloque de control (12) que recibe la señal de control (7) del procesador (6), un láser (13) de baja potencia conectado a un modulador seleccionado entre un modulador óptico (14) y un modulador con momento orbital angular (14a) , - un atenuador (15) que presenta a su salida estados cuánticos con un número medio de fotones menor o igual que uno, un conmutador (16) configurado para dirigir el fotón hacia una salida seleccionada entre una primera salida (9) y una segunda salida (10) en función de la señal de control (7), seleccionando la primera salida (9) cuando el equipo de usuario funciona como verificador y el estado generado debe aplicarse al comparador (3) para compararlo con el estado proporcionado por un equipo de usuario solicitante y seleccionando la segunda salida (10) cuando el equipo de usuario funciona como solicitante y el estado generado debe entregarse a un equipo de usuario verificador . 10. - QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the quantum state generator (8) comprises: a control block (12) that receives the control signal (7) from the processor (6), a laser ( 13) of low power connected to a modulator selected between an optical modulator (14) and a modulator with angular orbital moment (14a), - an attenuator (15) that presents at its output quantum states with a lower or equal average number of photons than one, a switch (16) configured to direct the photon to an output selected between a first output (9) and a second output (10) depending on the control signal (7), selecting the first output (9) when the user equipment functions as a verifier and the generated status must be applied to the comparator (3) to compare it with the status provided by a requesting user equipment and selecting the second output (10) when the user equipment functions as the requestor and the generated status must be delivered to a verifying user equipment.
11. - EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 10, caracterizado por que el modulador óptico (14) es un modulador de fibra óptica configurado para introducir desfases diferentes en periodos de tiempo predefinidos . 11. - QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 10, characterized in that the optical modulator (14) is a fiber optic modulator configured to introduce different lags in predefined periods of time.
12. - EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 10, caracterizado por que el modulador con momento orbital angular (14a) comprende un bloque de generación de es erar estados iniciales 8) rotado un ángulo trol 12. - QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 10, characterized in that the modulator with angular orbital moment (14a) comprises a generation block of being initial states 8) rotated a trolling angle
(12) para generar(12) to generate
Figure imgf000026_0001
Figure imgf000026_0001
13. - EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 7, caracterizado por que la secuencia aleatoria a se genera mediante el generador de estados cuánticos (8), el comparador (3), el bloque detector (4) y el procesador (6) de forma convencional.  13. - QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 7, characterized in that the random sequence a is generated by the quantum state generator (8), the comparator (3), the detector block (4) and the processor (6 ) in a conventional way.
14. - EQUIPO DE AUTENTICACIÓN DE CONTRASEÑAS CUÁNTICAS, según reivindicación 9, caracterizado por que comprende una pluralidad de etapas de comparadores (3), donde la última etapa está conectada a un bloque de detección (4) dotado de una pluralidad de elementos detectores (5), estando las etapas de comparadores (3) configuradas en etapas sucesivas en las que cada una de las salidas de la etapa anterior se conecta a un nuevo comparador (3) con su segunda entrada bloqueada, duplicando el número de salidas de cada etapa de comparadores (3); donde el número de elementos de detección (5) es el doble del número de comparadores (3) de la última etapa para que, al llegar los fotones a los detectores (5), indiquen al procesador (6) el número de fotones que ha salido por cada uno de los puertos de salida del primer comparador (3), estando el procesador (6) configurado para parar el procedimiento de autenticación al detectar un número de fotones en alguno de los puertos de salida del primer comparador (3) distinto de cero o dos. 14. - QUANTIC PASSWORD AUTHENTICATION EQUIPMENT, according to claim 9, characterized in that it comprises a plurality of comparator stages (3), wherein the last stage is connected to a detection block (4) provided with a plurality of detector elements ( 5), the comparator stages (3) being configured in successive stages in which each of the outputs of the previous stage is connected to a new comparator (3) with its second input blocked, doubling the number of outputs of each stage of comparators (3); where the number of detection elements (5) is twice the number of comparators (3) of the last stage so that, when the photons arrive at the detectors (5), they indicate to the processor (6) the number of photons that have exited through each of the output ports of the first comparator (3), with the processor (6) configured to stop the authentication procedure when detecting a number of photons in any of the output ports of the first comparator (3) other than zero or two.
PCT/ES2013/070259 2012-04-23 2013-04-23 Method and device for authenticating quantum passwords WO2013160511A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ESP201230599 2012-04-23
ES201230599A ES2431465B1 (en) 2012-04-23 2012-04-23 QUANTIC PASSWORD AUTHENTICATION PROCEDURE AND EQUIPMENT

Publications (1)

Publication Number Publication Date
WO2013160511A1 true WO2013160511A1 (en) 2013-10-31

Family

ID=49482251

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ES2013/070259 WO2013160511A1 (en) 2012-04-23 2013-04-23 Method and device for authenticating quantum passwords

Country Status (2)

Country Link
ES (1) ES2431465B1 (en)
WO (1) WO2013160511A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112600666A (en) * 2020-11-18 2021-04-02 中山大学 Quantum secure communication method and device, computer equipment and storage medium
CN112953647A (en) * 2021-03-01 2021-06-11 清华大学 Quantum communication method, quantum communication device, computer equipment and storage medium
US20220376906A1 (en) * 2015-07-02 2022-11-24 Adrian Kent Quantum tokens

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080037790A1 (en) * 2006-08-14 2008-02-14 Magiq Technologies, Inc. Frame synchronization method for QKD systems

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080037790A1 (en) * 2006-08-14 2008-02-14 Magiq Technologies, Inc. Frame synchronization method for QKD systems

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHIA-HUNG CHIEN ET AL.: "Quantum authentication protocol using entanglement swapping.", NANOTECHNOLOGY (IEEE-NANO), 2011 11TH IEEE CONFERENCE ON, 15 August 2011 (2011-08-15), pages 1533 - 1537 *
YOUNES ET AL.: "Enhancing the security of quantum communication by hiding the message in a superposition.", INFORMATION SCIENCES, vol. 181, no. 2, 15 January 2011 (2011-01-15), AMSTERDAM, NL, pages 329 - 334 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220376906A1 (en) * 2015-07-02 2022-11-24 Adrian Kent Quantum tokens
US11962688B2 (en) * 2015-07-02 2024-04-16 Quantinuum Limited Quantum tokens
CN112600666A (en) * 2020-11-18 2021-04-02 中山大学 Quantum secure communication method and device, computer equipment and storage medium
CN112953647A (en) * 2021-03-01 2021-06-11 清华大学 Quantum communication method, quantum communication device, computer equipment and storage medium
CN112953647B (en) * 2021-03-01 2023-04-11 清华大学 Quantum communication method, quantum communication device, computer equipment and storage medium

Also Published As

Publication number Publication date
ES2431465B1 (en) 2014-12-16
ES2431465A1 (en) 2013-11-26

Similar Documents

Publication Publication Date Title
US10848303B2 (en) Methods and apparatuses for authentication in quantum key distribution and/or quantum data communication
Dušek et al. Quantum identification system
Hong et al. Quantum identity authentication with single photon
ES2912265T3 (en) Multi-factor authentication using quantum communication
US6226383B1 (en) Cryptographic methods for remote authentication
US20040223619A1 (en) Cryptographic methods for remote authentication
Price et al. A quantum key distribution protocol for rapid denial of service detection
KR100989185B1 (en) A password authenticated key exchange method using the RSA
Shukla et al. A new secure authenticated key agreement scheme for wireless (mobile) communication in an EHR system using cryptography
ES2431465B1 (en) QUANTIC PASSWORD AUTHENTICATION PROCEDURE AND EQUIPMENT
Abushgra et al. A shared secret key initiated By EPR authentication and Qubit transmission channels
Ruan et al. Provably leakage-resilient password-based authenticated key exchange in the standard model
Thangavel et al. Performance of integrated quantum and classical cryptographic model for password authentication
Zhang et al. Quantum authentication using entangled state
Li et al. HPAKE: Honey password-authenticated key exchange for fast and safer online authentication
Chan et al. Security analysis of the multi-photon three-stage quantum key distribution
Crawford et al. Quantum authentication: current and future research directions
Eldefrawy et al. One-time password system with infinite nested hash chains
Tan et al. Identity authentication by entanglement swapping in controlled quantum teleportation
El Rifai Quantum secure communication using polarization hopping multi-stage protocols
Sahi et al. Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption
Ryu et al. Cryptanalysis of improved and provably secure three-factor user authentication scheme for wireless sensor networks
Rajanbabu et al. Implementing a reliable cryptography based security tool for communication networks
US20230370494A1 (en) Quantum secure direct communication with mutual authentication via rotation of an arbitrary basis
Abushgra A New QKD Protocol Based Upon Authentication By EPR Entanglement State

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13782586

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13782586

Country of ref document: EP

Kind code of ref document: A1