WO2023066542A1 - Procédés, dispositif émetteur, dispositif récepteur et système de distribution de clé quantique - Google Patents

Procédés, dispositif émetteur, dispositif récepteur et système de distribution de clé quantique Download PDF

Info

Publication number
WO2023066542A1
WO2023066542A1 PCT/EP2022/072654 EP2022072654W WO2023066542A1 WO 2023066542 A1 WO2023066542 A1 WO 2023066542A1 EP 2022072654 W EP2022072654 W EP 2022072654W WO 2023066542 A1 WO2023066542 A1 WO 2023066542A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
encrypted
exchanging
quantum
symbols
Prior art date
Application number
PCT/EP2022/072654
Other languages
English (en)
Inventor
Fred Chi Hang FUNG
Original Assignee
Huawei Technologies Duesseldorf Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Duesseldorf Gmbh filed Critical Huawei Technologies Duesseldorf Gmbh
Publication of WO2023066542A1 publication Critical patent/WO2023066542A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Definitions

  • the present disclosure generally relates to the field of Quantum Key Distribution (QKD). Specifically, the present disclosure relates to a QKD method, a method of operating a QKD system, a method of operating a transmitter device (Tx) in a QKD system, a method of operating a receiver device (Rx) in a QKD system, a transmitter device (Tx) for operating in a QKD system, a receiver device (Rx) for operating in a QKD system, and a QKD system.
  • the present disclosure relates to a QKD protocol for operating a QKD system in order to generate a secret key based on quantum physics.
  • QKD protocols are the foundation for generating secret keys based on quantum physics.
  • the generated secret keys are information-theoretically secure, in contrast to computational security offered by conventional cryptographic methods.
  • There are currently two conventional types of QKD protocols available including a discrete-variable (DV)-QKD based protocol and a continuous-variable (CV)-QKD based protocol.
  • DV-QKD based protocol the secure bits are derived from information carried in single photons.
  • CV-QKD based protocol the secure bits are derived from information carried in the quadratures of the quantized electromagnetic wave.
  • DV-QKD and CV-QKD systems rely on different detection technologies for implementation.
  • QKD protocols can be limited to certain operational distances.
  • a QKD protocol and its security proof are constructed to provide a security called information theoretic security.
  • the security of the protocol is achieved by quantum mechanics. Such a security may be limited to a distance, over which the QKD can provide secure keys.
  • the present disclosure aims to improve conventional QKD methods, operating methods of transmitter devices in QKD systems, operating methods of receiver devices in QKD system, and operating methods of QKD systems.
  • An objective is to provide a QKD protocol that may facilitate the QKD in practical settings.
  • Another objective is to provide a QKD processing method that may facilitate achieving a high performance against an eavesdropper with a quantum memory.
  • Another objective is to provide a QKD method that may enable generating longer secret keys over a standard protocol.
  • a first aspect of the present disclosure provides a method for obtaining a quantum key, the method comprising transmitting a quantum signal from a transmitter device (Tx) to a receiver device (Rx) via an optical channel, exchanging encrypted information over a classical communication channel, determining a transmitter-side sequence of symbols and a receiverside sequence of symbols based on the quantum signal and the encrypted information, and obtaining the quantum key based on the transmitter-side sequence of symbols and the receiverside sequence of symbols.
  • the method may be a method for operating a QKD system.
  • the QKD system may be a CV- QKD system or a DV-QKD system.
  • the QKD system may comprise a Tx and an Rx.
  • the terms “transmitter device” and “Alice” are used interchangeably. For the ease of description, it is assumed that Alice is a user operating the transmitter device. Moreover, the terms “receiver device” and “Bob” are also used interchangeably. For the ease of description, it is assumed that Bob is a user operating the receive device, without limiting the present disclosure to a specific nomenclature.
  • the Tx may be any known transmitter device that may operate in a QKD system.
  • the Tx may comprise a circuitry and an optical unit.
  • the circuitry may comprise hardware and software.
  • the hardware may comprise analog or digital circuitry, or both analog and digital circuitry.
  • the circuitry may comprise one or more processors and a non-volatile memory connected to the one or more processors.
  • the non-volatile memory may carry executable program code which, when executed by the one or more processors, causes the Tx to perform the operations or one or more steps of the methods described herein.
  • the optical unit of the Tx may comprise a laser diode, a local oscillator, a coupler, a polarizer, an amplitude modulator, a pulse modulator, a photodiode, a polarization beam splitters, an attenuator, etc., as it is generally known.
  • the Rx may be any known receiver device that may operate in a QKD system.
  • the Rx may comprise a circuitry and an optical unit.
  • the circuitry may comprise hardware and software.
  • the hardware may comprise analog or digital circuitry, or both analog and digital circuitry.
  • the circuitry may comprise one or more processors and a non-volatile memory connected to the one or more processors.
  • the non-volatile memory may carry executable program code which, when executed by the one or more processors, causes the Rx to perform the operations or one or more steps of the methods described herein.
  • the optical unit of the Rx may comprise a detector (e.g., a homodyne detector, a heterodyne detector, or the like), a polarization controller, a polarization beam splitters, one or more mirrors, a local oscillator, a coupler, an amplitude modulator, a pulse modulator, etc., as it is generally known.
  • a detector e.g., a homodyne detector, a heterodyne detector, or the like
  • a polarization controller e.g., a polarization controller, a polarization beam splitters, one or more mirrors, a local oscillator, a coupler, an amplitude modulator, a pulse modulator, etc.
  • the QKD method may comprise transmitting the signal, for example, Alice may operate the Tx to drive an optical mode of the optical channel to a quantum state according to a probability distribution.
  • the optical mode may have a two-dimensional (2D) phase space.
  • Alice may drive the optical mode to the quantum state according to a Gaussian distribution in the 2D phase space.
  • Alice may transmit the quantum signal to Bob, and Bob may perform a measurement on the optical mode of the Rx, in order to determine a receiver-side symbol.
  • Exchanging of encrypted information may comprise sending encrypted information and/or receiving encrypted information.
  • Alice and/or Bob may obtain a cryptographic key for encrypting and decrypting information.
  • the cryptographic key may be, for example, a quantum key generated from a previous round of performing the method, a quantum key generated by performing a known QKD method, a quantum key provided to Alice and/or Bob, a cryptographic key for a symmetric cryptography, a cryptographic key for an asymmetric cryptography, a computationally-secure key, or the like.
  • Alice and Bob may determine the amount and type of information to encrypt and exchange over the classical communication channel. For example, Alice and Bob may determine information such as privacy amplification information, error correcting information, sifting information, etc., to encrypt with a cryptographic key, and further exchange the encrypted information over the classical commination channel. Moreover, the amount of information being encrypted may be determined such that the use of the cryptographic key may not consume any QKD key bits. Furthermore, the amount of information being encrypted may be determined such that the use of the cryptographic key may consume less QKD key bits than the information (e.g., a length of a message indicating the information) that it encrypts. Hence, the exchanging of the encrypted information may not affect a quantum key generation rate (key length) or it may insignificantly affect it.
  • information such as privacy amplification information, error correcting information, sifting information, etc.
  • the transmitter-side sequence of symbols may comprise a plurality of transmitter-side symbols.
  • a transmitter-side symbol may be a symbol determined by operating the Tx.
  • the transmitter-side symbol may comprise a bit string and soft information.
  • the soft information may represent a probability that the transmitter-side symbol is correct.
  • the receiver-side sequence of symbol may comprise a plurality of receiver-side symbols.
  • a receiver-side symbol may be a symbol that is determined by operating the Rx. Further, the receiver-side symbol may comprise a bit string and soft information. The soft information may represent a probability that the receiver-side symbol is correct.
  • the obtained quantum key may be a quantum key that is generated. Furthermore, the quantum key may have a desired length.
  • the method of the first aspect may facilitate increasing a key length of the obtained quantum key. For example, it may be possible to increase a key length or a generation rate of the quantum key.
  • the method of the first aspect may enable generating the quantum key that may be an ever-lasting-secure key.
  • Alice and Bob may exchange the encrypted information and may further generate the quantum key.
  • an eavesdropper hereinafter: Eve
  • Eve may be able to learn about the exchanged information, at a time later than a time in which the encrypted information is exchanged.
  • Eve may crack the encrypted information and may learn the information, after a time at which the information is exchanged between Alice and Bob.
  • Eve may miss a window of opportunity to customize quantum measurements on her quantum probes.
  • Eve customizes her quantum measurements on the quantum probes based on the exchanged information.
  • Eve may not learn the information during the measurements, and may not be able to customize her quantum measurement, at least when the encrypted information is exchanged. Therefore, it may be possible to increase a length of a generated quantum key, a security of the generated quantum key, or the like.
  • the exchanging of the encrypted information comprises exchanging encrypted privacy amplification information
  • the method further comprises, before the exchanging of the privacy amplification information, estimating channel statistic information for the optical channel, and determining the privacy amplification information based on at least one of the estimated channel statistic information, error correcting information, and an encryption property of the encrypted information exchanged over the classical communication channel.
  • Alice and/or Bob may determine one or more of excess noise, channel static information, bit error rate (BER), Signal to Noise Ratio (SNR), etc., for the transmitter-side symbols and/or the receiver-side symbols.
  • Alice and/or Bob may define a type and amount of information to be encrypted and further exchanged.
  • Alice and/Bob may select the privacy amplification information to be encrypted and exchanged.
  • a specific privacy amplification procedure may be used for generating the quantum key.
  • a desired privacy amplification procedure may be used depending on the content (e.g., an error correcting syndrome) of encrypted information and type (e.g., privacy amplification information, error correcting information, etc.) of encrypted information.
  • a desired privacy amplification procedure may be used depending on the content (e.g., an error correcting syndrome) of encrypted information and type (e.g., privacy amplification information, error correcting information, etc.) of encrypted information.
  • the obtaining of the quantum key comprises generating the quantum key based on an error-free sequence of symbols by performing a privacy amplification procedure using the encrypted privacy amplification information.
  • the exchanging of the encrypted information comprises exchanging encrypted error correcting information
  • the method further comprises determining an error-free sequence of symbols based on the encrypted error correcting information, information derived from the transmitter-side sequence of the symbols, and information derived from the receiver-side sequence of symbols.
  • the method is a Continuous-Variable Quantum Key Distribution (CV-QKD) method, wherein the exchanging of the encrypted information comprises exchanging encrypted mapping information, and wherein the determining the transmitter-side sequence of symbols and the receiver-side sequence of symbols comprises determining a receiver-side symbol based on the encrypted mapping information and a first symbol value, and determining a transmitter-side symbol based on the encrypted mapping information and a second symbol value.
  • CV-QKD Continuous-Variable Quantum Key Distribution
  • the Tx and the Rx may be connected to each other via the optical channel having the optical mode.
  • the optical channel may be any kind of physical space that allows light to propagate from a first location (i.e., the Tx location) to a second location (i.e., the Rx location).
  • the optical channel may be air, vacuum, an optical fibre, or the like.
  • the optical mode has the 2D phase space.
  • the 2D phase space may be the X-P phase space having two axes of X and P which are the quadratures of the quantized electromagnetic field.
  • Alice may transmit the quantum signal.
  • Alice may drive the optical mode of the Tx to a quantum coherent state that may have a maximum amplitude at or near the first point in the 2D phase space.
  • the first point may be selected such that it has a selected X value and a selected P value in the 2D X-P phase space.
  • An example of the first point is (XI, Pl), wherein the values of the XI and Pl are selected.
  • the Tx may further be operated to determine the transmitter-side symbol based on the encrypted mapping information.
  • Bob may operate the Rx to determine a second point (a detected signal) in the 2D phase space or the X-P plane by performing a measurement on the optical mode.
  • the second point may be obtained such that it has a selected X value and a selected P value in the 2D X-P phase space.
  • An example of the second point is (X2, P2), wherein the values of the X2 and P2 are selected.
  • the Rx may further be operated to determine the transmitterside symbol based on thee encrypted mapping information.
  • the Rx may be operated to determine the receiver-side symbol based on the encrypted mapping information.
  • the optical channel has an optical mode, wherein the optical mode has a two-dimensional (2D) phase space, wherein the exchanging of the encrypted information further comprises exchanging encrypted position information of a first point in the 2D phase space, and wherein the transmitting of the quantum signal comprises driving, at the Tx, the optical mode to a quantum state in accordance with a probability distribution in the 2D phase space, the quantum state having a maximum amplitude at or near the position information of the first point in the 2D phase space, and determining, at the Rx, a position information of a second point in the 2D phase space, by performing a measurement on the optical mode, and wherein the method further comprises obtaining, at the Rx, the first symbol value based on the position information of the second point in the 2D phase space.
  • 2D two-dimensional
  • the exchanging of the encrypted information further comprises exchanging encrypted subspace information of a subspace in the 2D phase space
  • the method further comprises determining, at the Rx, among a plurality of subspaces of the 2D phase space, the subspace that includes the second point, and obtaining, at the Tx, the second symbol value based on the encrypted subspace information and the position information of the first point in the 2D phase space.
  • the method is a Discrete-Variable (DV- QKD) method, wherein the exchanging of the encrypted information comprises exchanging encrypted first basis information associated with a first quantum state, wherein the transmitting of the quantum signal comprises sending the first quantum state associated with the first basis information from the Tx to the Rx via the optical channel, and detecting, at the Rx, a second quantum state by performing a measurement on an optical mode of the optical channel, wherein the method further comprises determining second basis information for the second quantum state, and determining a receiver-side symbol based on the second basis information and the encrypted first basis information.
  • DV- QKD Discrete-Variable
  • the exchanging of the encrypted information further comprises exchanging encrypted second basis information associated with the second quantum state, wherein the method further comprises determining a transmitter-side symbol based on the first basis information and the encrypted second basis information.
  • the method further comprises obtaining a cryptographic key, and encrypting information with the cryptographic key.
  • the cryptographic key may be any computationally-secure key or a computationally-secure key derived from a quantum key.
  • the cryptographic key may be provided to Alice and/or Bob, or the cryptographic key may be derived from a quantum key generated by operating a QKD system.
  • Alice and/or Bob may encrypt information with the cryptographic key (e.g., the computationally-secure key).
  • the cryptographic key e.g., the computationally-secure key
  • the exchanging of the encrypted information comprises sending and/or receiving the encrypted information over the classical communication channel, and wherein the method further comprises decrypting the encrypted information.
  • a second aspect of the disclosure provides a QKD system configure to perform the steps of the method of the first aspect or any of its implementation forms.
  • a third aspect of the disclosure provides a method of operating a Tx in order to obtain a quantum key, the method comprising sending a quantum signal from the Tx to an Rx via an optical channel, exchanging encrypted information with the Rx over a classical communication channel, determining a transmitter-side sequence of symbols based on the quantum signal and the encrypted information, and obtaining the quantum key based on the transmitter-side sequence of symbols and a receiver-side sequence of symbols.
  • the exchanging of the encrypted information comprises exchanging encrypted privacy amplification information
  • the obtaining of the quantum key comprises generating the quantum key based on an error-free sequence of symbols by performing a privacy amplification procedure using the encrypted privacy amplification information.
  • the exchanging of the encrypted information comprises exchanging encrypted error correcting information
  • the method further comprises determining an error-free sequence of symbols based on the encrypted error correcting information, information derived from the transmitter-side sequence of the symbols, and information derived from the receiver-side sequence of symbols.
  • the method is for a Tx operating in a Continuous-Variable (CV-QKD) system, wherein the exchanging of the encrypted information comprises exchanging encrypted mapping information, and wherein the determining the transmitter-side sequence of symbols comprises determining a transmitter-side symbol based on the encrypted mapping information and a symbol value.
  • CV-QKD Continuous-Variable
  • the optical channel has an optical mode, wherein the optical mode has a two-dimensional (2D) phase space, wherein the exchanging of the encrypted information further comprises exchanging encrypted subspace information of a subspace in the 2D phase space, and wherein the transmitting of the quantum signal comprises driving the optical mode to a quantum state in accordance with a probability distribution in the 2D phase space, the quantum state having a maximum amplitude at or near position information of a point in the 2D phase space, and obtaining the symbol value based on the encrypted subspace information and the position information of the point in the 2D phase space.
  • 2D two-dimensional
  • the method is for a Tx operating in a DV- QKD system, wherein the exchanging of the encrypted information comprises exchanging encrypted first basis information associated with a first quantum state, wherein the transmitting the quantum signal comprises obtaining a second quantum state associated with second basis information, and determining a transmitter-side symbol based on the second basis information and the encrypted first basis information.
  • a fourth aspect of the disclosure provides a Tx for operating in a QKD system, the Tx being configured to perform the steps of the method of the third aspect or any of its implementation forms.
  • a fifth aspect of the disclosure provides a method of operating an Rx in order to obtain a quantum key, the method comprising receiving a quantum signal from a Tx via an optical channel, exchanging encrypted information with the Tx over a classical communication channel, determining a receiver-side sequence of symbols based on the quantum signal and the encrypted information, and obtaining the quantum key based on a transmitter-side sequence of symbols and the receiver-side sequence of symbols.
  • the exchanging of the encrypted information comprises exchanging encrypted privacy amplification information
  • the obtaining of the quantum key comprises generating the quantum key based on an error-free sequence of symbols by performing a privacy amplification procedure using the encrypted privacy amplification information
  • the exchanging of the encrypted information comprises exchanging encrypted error correcting information
  • the method further comprises determining an error-free sequence of symbols based on the encrypted error correcting information, information derived from the transmitter-side sequence of the symbols, and information derived from the receiver-side sequence of symbols.
  • the method is for an Rx operating in a CV- QKD system, wherein the exchanging of the encrypted information comprises exchanging encrypted mapping information, and wherein the determining the receiver-side sequence of symbols comprises determining a receiver-side symbol based on the encrypted mapping information and a symbol value.
  • the optical channel has an optical mode, wherein the optical mode has a two-dimensional (2D) phase space, wherein the exchanging of the encrypted information further comprises exchanging encrypted position information of a first point in the 2D phase space, and wherein the receiving the quantum signal comprises determining a position information of a second point in the 2D phase space, by performing a measurement on the optical mode, and wherein the method further comprises obtaining the symbol value based on the encrypted position information of the first point and the position information of the second point in the 2D phase space.
  • 2D two-dimensional
  • the method is for an Rx operating in a DV- QKD system, wherein the exchanging of the encrypted information comprises exchanging encrypted first basis information associated with a first quantum state, wherein the transmitting the quantum signal comprises obtaining a second quantum state associated with second basis information by performing a measurement on an optical mode of the optical channel, and determining a receiver-side symbol based on the second basis information and the encrypted first basis information.
  • a sixth aspect of the disclosure provides an Rx for operating in a QKD system, the Rx being configured to perform the steps of the method of the fifth aspect or any of its implementation forms.
  • a seventh aspect of the present disclosure provides a computer program comprising a program code for performing one or more steps of the method according to the first aspect or the third aspect or fifth aspect or any of their implementation forms.
  • An eighth aspect of the present disclosure provides a non-transitory storage medium storing executable program code which, when executed by a processor, causes one or more steps of the method according to the first aspect or the third aspect or fifth aspect or any of their implementation forms to be performed.
  • the devices, elements, units and means described in the present application could be implemented in software or hardware elements or any kind of combination thereof.
  • the steps which are performed by the various entities described in the present application, as well as the functionalities described to be performed by the various entities, are intended to mean that the respective entity is adapted to or configured to perform the respective steps and functionalities. Even if, in the following description of specific embodiments, a specific functionality or step to be performed by external entities is not reflected in the description of a specific detailed element of that entity which performs that specific step or functionality, it should be clear for a skilled person that these methods and functionalities can be implemented in respective software or hardware elements, or any kind of combination thereof.
  • FIG. 1 depicts a flowchart of a QKD method for obtaining a quantum key, according to an exemplary embodiment of the disclosure
  • FIG. 2 depicts a flowchart of a method of operating a Tx in order to obtain a quantum key, according to an exemplary embodiment of the disclosure
  • FIG. 3 depicts a flowchart of a method of operating an Rx in order to obtain a quantum key, according to an exemplary embodiment of the disclosure
  • FIG. 4 depicts a diagram illustrating a QKD system for obtaining a quantum key, according to an exemplary embodiment of the disclosure
  • FIG. 5 depicts exchanging encrypted information over a classical communication channel
  • FIG. 6 depicts a flowchart of a CV-QKD method for generating a quantum key according to an exemplary embodiment of the disclosure.
  • FIG. 7 depicts a flowchart of a DV-QKD method for generating a quantum key according to an exemplary embodiment of the disclosure.
  • the information exchanged over classical communication channel comprises information from many steps.
  • the encrypted information is an error correction syndrome
  • Eve does not have any knowledge about it.
  • Eve’s quantum states are pso and PEI having occurrence probabilities of po and pi, corresponding to Bob’s bit values of 0 and 1.
  • Bob computes an (n - &)-bit syndrome of his //-bit strings (e.g., Bob follows a standard step in the error correction paradigm).
  • An object of Eve may be to increase, e.g., maximize her knowledge about the key y, by measuring her states which are either p o or psi for each bit of y under the below assumption.
  • the Holevo quantity is an amount of information Eve knows, when the classical communications are not encrypted by a computationally secure encryption.
  • This may be the amount of reduction in the key length in the privacy amplification step, in order to remove Eve’s information obtained by her measurement on the quantum probes.
  • a measurement strategy for Eve is to separately measure each probe, and the measurement for each probe should be a measurement that maximizes the information for the quantum states pso and psi with occurrence probabilities of po and pi. In general, this amount of information is less than the Holevo quantity, and thus, Alice and Bob can perform privacy amplification with a smaller reduction of the key length. This increases the final key length and has the effect of increasing the reach.
  • VI is a classical variable representing an outcome of Eve measuring the quantum probes.
  • V2 is a classical variable representing Bob’s syndrome after Eve breaks its encryption.
  • Eve has both VI and V2.
  • Y represents the key, as follows: where, the upper bound is given by number of bits of the V2. Note that, in the upper bound (i.e., I (V1: Y) + log2 F2
  • I (VI: Y) may be bounded independently of the syndrome used by Alice and Bob, as it is mentioned above.
  • the reduction in the key size may be a sum of an upper bound of I (VI: Y) which corresponds to information that Eve learns by measuring her quantum probes and the number of bits of the syndrome.
  • FIG. 1 depicts a flowchart of a QKD method 100 for obtaining a quantum key, according to an exemplary embodiment of the disclosure.
  • the QKD method 100 may be a method of operating a QKD system.
  • the QKD system may be a CV-QKD system or a DV-QKD system.
  • the method 100 comprises a step 101 of transmitting a quantum signal from a Tx to an Rx via an optical channel.
  • the method 100 further comprises a step 102 of exchanging encrypted information over a classical communication channel.
  • the method 100 further comprises a step 103 of determining a transmitter-side sequence of symbols and a receiver-side sequence of symbols based on the quantum signal and the encrypted information.
  • the method 100 further comprises a step 104 of obtaining the quantum key based on the transmitter-side sequence of symbols and the receiver-side sequence of symbols.
  • the encrypted information may be at least one of privacy amplification information, error correcting information, bit mapping information, or it may be related to any other step in the QKD post processing.
  • the method 100 may enable obtaining the quantum key, which may have a higher key generate rate or may be ever-lasting-secure. For example, assuming that Eve is able to learn about the classical messages of Alice and Bob at a later time (when she cracks the encryption), she has missed the window of opportunity to customize the quantum measurement on her quantum probes where the customization should have been done using the information about classical messages which was not available to her. Therefore, she is forever limited by whatever information she has obtained from her suboptimal quantum measurement.
  • the information about which classical messages have been encrypted should be incorporated into the calculation of Eve’s information and may be considered in the privacy amplification procedure.
  • the quantum memory of Eve used for storing her probes has a limited storage time, therefore, Eve’s information about Alice’s and Bob’s data can be computed in a way different from the conventional setting. For instance, in this case, Eve’s information is generally less than in that in the conventional setting and this reduction in Eve’s information is reflected in the increase in the output length of the privacy amplification procedure. This may increase the key length.
  • FIG. 2 depicts a flowchart of a method 200 of operating a Tx in order to obtain a quantum key, according to an exemplary embodiment of the disclosure.
  • the method 200 comprises a step 201 of sending a quantum signal from the Tx to an Rx Rx via an optical channel.
  • the method 200 further comprises a step 202 of exchanging encrypted information with the Rx over a classical communication channel.
  • the method 200 further comprises a step 203 of determining a transmitter-side sequence of symbols based on the quantum signal and the encrypted information.
  • the method 200 further comprises a step 204 of obtaining the quantum key based on the transmitter-side sequence of symbols and a receiver-side sequence of symbols.
  • FIG. 3 depicts a flowchart of a method 300 of operating an Rx in order to obtain a quantum key, according to an exemplary embodiment of the disclosure.
  • the method 300 comprises a step 301 of receiving a quantum signal from a Tx via an optical channel.
  • the method 300 further comprises a step 302 of exchanging encrypted information with the Tx over a classical communication channel.
  • the method 300 further comprises a step 303 of determining a receiver-side sequence of symbols based on the quantum signal and the encrypted information.
  • the method 300 further comprises a step 304 of obtaining the quantum key based on a transmitter-side sequence of symbols and the receiver-side sequence of symbols.
  • FIG. 4 depicts a diagram 400 illustrating a QKD system 1 for obtaining a quantum key, according to an exemplary embodiment of the disclosure.
  • the QKD system 1 may be a CV-QKD system or a DV-QKD system.
  • the QKD system 1 comprises the Tx 20 and the Rx 30.
  • the Tx 20 and the Rx 30 are connected to each other via an optical channel having an optical mode.
  • an eavesdropper (Eve) is also shown performing a quantum interaction with the transmitted signal.
  • Eve has a quantum memory 41 and a classical memory 42.
  • cryptographic keys are shared between Alice 20 and Bob 30 for later use. These cryptographic keys can be symmetric or asymmetric. Further, classical communications exchanged in the QKD post-processing are sent over the classical communications channel which is a classical channel that is authenticated, unjammable, and error-free. In this example, cryptographic keys are provided to Alice 20 and Bob 30. Alice 20 and Bob 30 may use the cryptographic keys for encrypting and decrypting information and may exchange the encrypted information on the classical communication channel.
  • the Tx 20 comprises an optical unit 21 and a circuitry 22.
  • the optical unit 21 of the Tx 20 may comprise a laser diode, a local oscillator, a coupler, a polarizer, an amplitude modulator, a pulse modulator, a photodiode, a polarization beam splitters, an attenuator, etc., as it is generally known.
  • the RX 30 may comprise an optical unit 31 and a circuitry 32.
  • the optical unit 31 of the Rx 30 may comprise a laser diode, a local oscillator, a coupler, a polarizer, an amplitude modulator, a pulse modulator, a photodiode, a polarization beam splitters, an attenuator, etc., as it is generally known.
  • the Tx 20 is connected to the Rx 30 via the optical channel.
  • the optical channel is located between the optical unit 21 of the Tx 20 and the optical unit 31 of the Rx 30.
  • the circuitry 22 of the Tx 20 may comprise hardware and software.
  • the hardware may comprise analog or digital circuitry, or both analog and digital circuitry.
  • the circuitry comprises one or more processors and a non-volatile memory connected to the one or more processors.
  • the non-volatile memory may carry executable program code which, when executed by the one or more processors, causes the Tx 20 to perform the operations or one or more steps of the methods described herein.
  • the circuitry 32 of the Rx 30 may comprise hardware and software.
  • the hardware may comprise analog or digital circuitry, or both analog and digital circuitry.
  • the circuitry comprises one or more processors and a non-volatile memory connected to the one or more processors.
  • the non-volatile memory may carry executable program code which, when executed by the one or more processors, causes the Tx to perform the operations or one or more steps of the methods described herein.
  • the Tx 20 is connected to the Rx 30 via a classical communication channel.
  • the classical communication channel is located between the circuitry 22 of the Tx 20 and the circuitry 32 of the Rx 30.
  • Alice 20 may operate the optical unit 21 to transmit a quantum state to Bob over the quantum channel.
  • Bob 30 may operate the optical unit 31 to detect the received signal with a detector of the Rx 30, by performing a measurement on the optical mode of the optical channel.
  • Alice 20 may use the circuitry 22 and Bob 30 may use the circuitry 32 to perform QKD post-processing to transform the raw data into a quantum key.
  • the circuities 22 and 32 may be classical computing devices connected by a classical channel which is authenticated, unjammable, and error-free.
  • Eve may have a quantum memory 41 and a classical memory 42. Eve may interact with all the quantum signals sent by Alice 20. After the quantum interactions, Eve may obtain quantum states assigned to the quantum probes and may further store them in the quantum memory 41. Furthermore, Eve may also obtain quantum states which may be assigned to Bob 30 and may store them in the quantum memory 41.
  • Alice 20 and Bob 30 may exchange many messages over the classical channel which is authenticated, unjammable, and error-free. Moreover, when Alice 20 and Bob 30 do not encrypt the information, it may be possible for Eve to obtain the information without error, however, Eve may not modify her obtained information (if she modifies them, Alice 20 and Bob 30 may notice and may further abort the QKD process). Furthermore, Eve may store such information exchanged over the classical communication in the classical memory 42.
  • most of the classical communications may occur after the transmission of the quantum signals. It can occur on a block-by-block basis or signal-by- signal basis. For the ease of the description, in FIG. 4, one round of classical communications is shown after each quantum signal transmission, indicated by the slight time shift between them.
  • Eve may perform a final quantum measurement on all of the probes, in order to learn about the data in which Alice20 and Bob 30 may use to derive the quantum key.
  • Eve normally designs the quantum measurement based on the contents of the classical messages that she has observed on the classical channel. This message-dependent measurement strategy is essential to Eve for her to gain information on Alice and Bob’s data.
  • Alice 20 and Bob 30 use respective cryptographic keys provided to them to encrypt and decrypt information.
  • the encrypted information may be at least one of privacy amplification information, error correcting information, or the like.
  • cryptographic keys e.g. computationally- secure keys or quantum keys
  • FIG. 5 shows exchanging encrypted information over a classical communication channel.
  • Alice 20 and Bob 30 may define type and amount of encrypted information to be exchange over the classical communication channel.
  • the encrypted information may be at least one of encrypted privacy amplification information, encrypted error correcting information, encrypted mapping information, encrypted basis information, or the like.
  • QKD time is indicated with the reference number 501.
  • Alice 20 and Bob 30 continue exchanging encrypted information over the classical communication channel.
  • the encrypted information is public information encrypted with a cryptographic key.
  • the time information indicated with the reference number 503 represents a maximum storage time of a quantum memory 41 locate at a remote location.
  • the quantum memory 41 may be used by Eve to store the result of measurements on her quantum probes.
  • Alice 20 and Bob 30 may estimate a time needed to crack the encrypted information.
  • the time information indicated with the reference number 502 represents time needed for cracking the encryption.
  • Alice 20 and Bob 30 may estimate information related to a quantum memory 41 located at a remote location or a potential leaking information over the classical communication channel. Moreover, Alice 20 and Bob 30 may define a type of information to be encrypted. In FIG. 5, an example is illustrated in which Alice 20 and Bob 30 determine encrypted information based on a storage capacity of the quantum memory, without limiting the present disclosure to this specific example.
  • Alice 20 and Bob 30 may estimate the storage time of the quantum memory 41. Moreover, Alice and Bob may use a cryptographic function, or may determine a type and amount of information being encrypted such that the time needed to crack the encryption 502 is larger than the storage time 503 of the quantum memory located at the remote location.
  • Eve may store her quantum probes in the quantum memory 41. Since, the maximum storage time 503 before the content of the quantum memory 41 degrades to an unusable level is smaller than the time 502 that generally takes Eve to crack (e.g., using a powerful quantum computer) the exchanged encrypted information. Therefore, Eve is forced to make a measurement on her quantum probes without using the content of the classical messages exchanged between Alice and Bob. This may reduce Eve’s information on Alice and Bob’s data.
  • FIG. 6 depicts a flowchart of a CV-QKD method 600 for generating a quantum key according to an exemplary embodiment of the disclosure.
  • the method 600 may be a method of operating a CV-QKD system including a Tx and an Rx.
  • the Tx and the Rx may be based on any known Tx and Rx that can operate in a CV-QKD system.
  • the Tx is connected to the Rx via the optical channel that has the optical mode. Further, the optical mode has a 2D phase space.
  • the Tx is connected to the Rx via a classical communication channel.
  • the method 600 may be performed by Alice operating the Tx and Bob operating the Rx.
  • Alice operates the Tx and performs the steps 610-A, 611-A, 612-A, 613, 614, 615, 616, and 617 of the method 600.
  • Bob operates the Rx and performs the steps 611-B, 612-B, 613, 614, 615, 616, and 617 of the method 600.
  • Alice and Bob may exchange encrypted information.
  • cryptographic keys e.g., computationally- secure keys or quantum keys
  • These cryptographic keys may be symmetric or asymmetric.
  • Alice and Bob may use the provided cryptographic keys for encrypting and/or decrypting information, and further exchange encrypted information over the classical communication channel.
  • Alice may operate a random number generator of the Tx and generates a plurality of random numbers.
  • the plurality of random numbers may be used for generating quantum states and/or for QKD post processing.
  • Alice may generate a plurality of quantum states. Alice may further transmit at least one quantum state to Bob over the optical channel. Moreover, at 611-B, Bob operates the Rx and performs a plurality of measurements on the optical mode of the optical channel.
  • Alice may drive the optical mode to a quantum state in accordance with a probability distribution in the 2D phase space.
  • the quantum state has a maximum amplitude at or near the position information of a first point in the 2D phase space.
  • Bob may perform a measurement on the optical mode, and may further determine position information of a second point in the 2D phase space.
  • Alice may randomly select a quantum coherent state over a Gaussian distribution in the 2D phase space. Moreover, Alice may transmit the quantum coherent state to Bob over the optical channel. For each signal, Bob may measure received signal with a coherent detector of the Rx. Furthermore, Bob may obtain a first symbol value based on the position information of the second point in the 2D phase space.
  • Alice and Bob may start a QKD post processing procedure. For example, at 612 - A Alice performs a random sampling procedure.
  • Bob may estimate at least one of channel statistic information, excess noise, SNR, and BER for the receiver-side symbols.
  • the step 612-B may be performed after the step 613.
  • Alice and Bob continue the QKD post processing procedure with a parameter estimation process. For example, Alice and Bob may determine positions and values for points in the 2D phase space, and further determine the transmitter-side symbols and the receiver-side symbols.
  • Alice and Bob may exchange encrypted subspace information of a subspace in the 2D phase space. For example, Bob may determine among a plurality of subspaces of the 2D phase space, the subspace that includes the second point. Bob may encrypt the subspace information of the determined subspace in the 2D phase space. Bob may further transmit the encrypted subspace information of the determined subspace in the 2D phase space, to Alice over the classical communication channel. Furthermore, Alice may receive the encrypted subspace information of the determined subspace in the 2D phase space. Alice may further decrypt the encrypted subspace information. Moreover, Alice may obtain a second symbol value based on the encrypted subspace information and the position information of the first point in the 2D phase space.
  • Alice and Bob may perform a bit mapping procedure. For example, Alice and Bob may exchange encrypted mapping information. Moreover, Bob may determine a receiver-side symbol based on the encrypted mapping information and the first symbol value. Bob may further determine a receiver-side sequence of symbols based on the receiver-side symbol. Alice may further determine a transmitter-side symbol based on the encrypted mapping information and the second symbol value. In addition, Alice may determine a transmitter-side sequence of symbols based on the transmitter-side symbol.
  • Bob may decide using a specific mapping procedure for the bit mapping.
  • Bob may further map the received signals to bits and potentially soft information.
  • Bob may further encrypt the mapping information of all the signals in a processing block.
  • Bob may send the mapping information to Alice.
  • Bob may further detect every signal transmitted by Alice.
  • Alice may receive and decrypt the encrypted mapping information. Alice may obtain the mapping information and may perform the same mapping as Bob to map the transmitted signals to bits and potentially soft information.
  • Alice and Bob may perform an information reconciliation procedure. For example, Alice and Bob may exchange encrypted error correcting information. Moreover, Alice may derive information from the transmitter-side sequence of the symbols and Bob may derive information from the receiver-side sequence of symbols. Furthermore, Alice and Bob may cooperate and determine an error-free sequence of symbols based on the encrypted error correcting information, information derived from the transmitter-side sequence of the symbols, and information derived from the receiver-side sequence of symbols.
  • Bob may use an error correction code and may compute syndrome information on the bits and potentially the soft information.
  • Bob may further encrypt the syndrome information and send it to Alice.
  • Alice may receive the encrypted error correcting information (i.e., the encrypted syndrome information) and may decrypt it.
  • Alice may further use the syndrome information to correct the bits potentially the soft information.
  • Alice and Bob may have the same bit strings.
  • Alice may compute Eve’s information on their data. It can be assumed that Eve does not know the contents of the encrypted information. Eve may measure her quantum probes completely independent of the encrypted information. It can be assumed that the amount of obtained data by Eve is not more than that in a conventional setting in which Eve measures the quantum probes dependent on the information exchanged over classical communication channel.
  • Alice and Bob may perform a privacy amplification procedure.
  • Alice and Bob may exchange encrypted privacy amplification information.
  • Alice and/or Bob may estimate channel statistic information for the optical channel, and may further determine the privacy amplification information based on at least one of the estimated channel statistic information, error correcting information, and an encryption property of the encrypted information.
  • Alice and Bob may use different procedures of privacy amplification information depending encrypted information.
  • Alice may randomly pick a hash function and may perform a privacy amplification procedure. This function may output a length that may be consistent with the computed information about data that is leaked to Eve. Alice may send a description of this function to Bob without encryption. Alice and Bob may further apply this function to their bit strings to obtain the quantum key.
  • Alice and Bob may obtain a quantum key. For example, Alice and Bob may generate the quantum key based on the error-free sequence of symbols by performing a privacy amplification procedure using the encrypted privacy amplification information.
  • FIG. 7 depicts a flowchart of a DV-QKD method 700 for generating a quantum key according to an exemplary embodiment of the disclosure.
  • the method 700 may be a method of operating a DV-QKD system including a Tx and an Rx.
  • the Tx and the Rx may be based on any known Tx and Rx that can operate in a DV-QKD system.
  • the Tx is connected to the Rx via the optical channel that has the optical mode. Further, the optical mode has a 2D phase space.
  • the Tx is connected to the Rx via a classical communication channel.
  • the method 700 may be performed by Alice operating the Tx and Bob operating the Rx.
  • Alice operates the Tx and performs the steps 710-A, 711-A, 712-A, 713, 714, 715, 716, and 717 of the method 700.
  • Bob operates the Rx and performs the steps 710-B, 712-B, 713, 714, 715, 716, and 717 of the method 700.
  • Alice and Bob may exchange encrypted information.
  • cryptographic keys e.g., computationally- secure keys or quantum keys
  • the cryptographic keys may be symmetric or asymmetric.
  • Alice and Bob may use the provided cryptographic keys for encrypting and/or decrypting information and may further exchange encrypted information over the classical communication channel.
  • Alice may operate a random number generator of the Tx and randomly selects one of the four quantum states, i.e., two eigenstates of the X basis and two eigenstates of the Z basis.
  • Alice may transmit at least one quantum state to Bob over the quantum channel. For example, Alice may drive the optical mode to a first quantum state associated with a first basis information.
  • Bob may operate the Rx and performs a plurality of measurements on the optical mode of the optical channel. For example, Bob may detect a second quantum state by performing a measurement on the optical mode of the optical channel. Bob may further determine second basis information for the second quantum state.
  • Alice and Bob may start a QKD post processing procedure. For example, at 712-A Alice performs a random sampling procedure.
  • Bob may further estimate at least one of channel statistic information, excess noise, SNR, and BER for the receiver-side symbols.
  • the step 712-B may be performed after the step 713.
  • Bob may encrypt at least one of the channel statistic information, excess noise, SNR, and BER, and may further send it to Alice over the classical communication channel.
  • Alice and Bob continue the QKD post processing procedure with a parameter estimation process.
  • Alice and Bob may perform a sifting procedure. For example, Alice may encrypt the first basis information of the first quantum state and may send the encrypted information to Bob over the classical communication channel.
  • Bob receives the encrypted information, decrypt it, and obtains the first basis information associated with the first quantum state.
  • Bob further determines a receiver-side symbol based on the second basis information and the encrypted first basis information.
  • Bob determines a receiver-side sequence of symbols based on the receiver-side symbol.
  • Bob may further encrypt the second basis information and may send the encrypted information to Alice.
  • Alice obtains the encrypted second basis information, and decrypt it.
  • Alice may further determine a transmitter-side symbol based on the first basis information and the encrypted second basis information.
  • Alice may determine a transmitter-side sequence of symbols based on the transmitter-side symbol.
  • a signal sent by Alice may be received by Bob or it may not be received. Further, a signal sent by Alice may be detected by Bob or it may not be detected.
  • Bob encrypts the information about the signals that have been detected and encrypts the basis information used for each detected signal. Bob sends this encrypted information to Alice which receive and decrypts it. Next, Alice and Bob may keep the signal pairs for which Bob has detected and Alice and Bob have used the same basis.
  • Alice and Bob may perform an information reconciliation procedure. For example, Alice and Bob may exchange encrypted error correcting information. Moreover, Alice may derive information from the transmitter-side sequence of the symbols and Bob may derive information from the receiver-side sequence of symbols. Furthermore, Alice and Bob may cooperate and determine an error-free sequence of symbols based on the encrypted error correcting information, information derived from the transmitter-side sequence of the symbols, and information derived from the receiver-side sequence of symbols.
  • Bob may use an error correction code and may compute syndrome information on the bits and potentially the soft information.
  • Bob may further encrypt the syndrome information and send it to Alice.
  • Alice may receive the encrypted error correcting information (i.e., the encrypted syndrome information) and may decrypt it.
  • Alice may further use the syndrome information to correct the bits potentially the soft information.
  • Alice and Bob may have the same bit strings.
  • Alice and Bob may perform a privacy amplification procedure.
  • Alice may compute Eve’s information on their data. It can be assumed that Eve does not know the contents of the encrypted information. Eve may measure her quantum probes completely independent of the encrypted information. It can be assumed that the amount of obtained data by Eve is not more than that in a conventional setting in which Eve measures the quantum probes dependent on the information exchanged over classical communication channel.
  • Alice and Bob may exchange encrypted privacy amplification information.
  • Alice and/or Bob may estimate channel statistic information for the optical channel, and may further determine the privacy amplification information based on at least one of the estimated channel statistic information, error correcting information, and an encryption property of the encrypted information.
  • Alice and Bob may use different procedures of privacy amplification information depending encrypted information.
  • Alice may randomly pick a hash function and may perform a privacy amplification procedure. This function may output a length that may be consistent with the computed information about data that is leaked to Eve. Alice may send a description of this function to Bob without encryption. Alice and Bob may further apply this function to their bit strings to obtain the quantum key.
  • Alice and Bob may obtain a quantum key. For example, Alice and Bob may generate the quantum key based on the error-free sequence of symbols by performing a privacy amplification procedure using the encrypted privacy amplification information.

Abstract

Est divulgué un procédé d'obtention d'une clé quantique. Le procédé comprend les étapes consistant à : transmettre un signal quantique d'un dispositif émetteur (Tx) à un dispositif récepteur (Rx) par l'intermédiaire d'un canal optique; échanger des informations chiffrées sur un canal de communication classique; sur la base du signal quantique et des informations chiffrées, déterminer une séquence de symboles côté émetteur et une séquence de symboles côté récepteur; et obtenir la clé quantique sur la base de la séquence de symboles côté émetteur et de la séquence de symboles côté récepteur.
PCT/EP2022/072654 2021-10-18 2022-08-12 Procédés, dispositif émetteur, dispositif récepteur et système de distribution de clé quantique WO2023066542A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102021006382.1 2021-10-18
DE102021006382 2021-10-18

Publications (1)

Publication Number Publication Date
WO2023066542A1 true WO2023066542A1 (fr) 2023-04-27

Family

ID=83228940

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/072654 WO2023066542A1 (fr) 2021-10-18 2022-08-12 Procédés, dispositif émetteur, dispositif récepteur et système de distribution de clé quantique

Country Status (1)

Country Link
WO (1) WO2023066542A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050259825A1 (en) * 2004-05-24 2005-11-24 Alexei Trifonov Key bank systems and methods for QKD
WO2011039503A2 (fr) * 2009-09-29 2011-04-07 Qinetiq Limited Procédés et appareil destinés à être utilisés dans la cryptographie quantique

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050259825A1 (en) * 2004-05-24 2005-11-24 Alexei Trifonov Key bank systems and methods for QKD
WO2011039503A2 (fr) * 2009-09-29 2011-04-07 Qinetiq Limited Procédés et appareil destinés à être utilisés dans la cryptographie quantique

Similar Documents

Publication Publication Date Title
US7983422B2 (en) Quantum cryptography
US10389525B2 (en) Method, apparatus, and system for quantum key distribution, privacy amplification, and data transmission
CN106411521B (zh) 用于量子密钥分发过程的身份认证方法、装置及系统
CN107370546B (zh) 窃听检测方法、数据发送方法、装置及系统
US9306739B1 (en) Quantum key distribution protocol process
WO2009145392A1 (fr) Système et procédé de cryptographie quantique
CN113141252B (zh) 一种量子密钥分发方法、量子通信方法及装置和系统
Cederlof et al. Security aspects of the authentication used in quantum cryptography
WO2020177848A1 (fr) Étalonnage de bruit de confiance dans la distribution de clés quantiques
WO2021213631A1 (fr) Procédé et système cryptographiques améliorés
Yuen et al. Classical noise-based cryptography similar to two-state quantum cryptography
Trizna et al. An overview of quantum key distribution protocols
Li et al. The improvement of QKD scheme based on BB84 protocol
CN108712254B (zh) 一种量子密钥分发系统及方法
Ardehali et al. Efficient quantum key distribution
JP7440108B2 (ja) 量子鍵配送のための方法及びシステム
JP2013021422A (ja) 暗号送信装置
WO2023066542A1 (fr) Procédés, dispositif émetteur, dispositif récepteur et système de distribution de clé quantique
JP2022126611A (ja) 長距離量子鍵配送
Gilbert et al. Secrecy, computational loads and rates in practical quantum cryptography
Karabo et al. A novel quantum key distribution resistant against large‐pulse attacks
US20230370494A1 (en) Quantum secure direct communication with mutual authentication via rotation of an arbitrary basis
WO2023066543A1 (fr) Procédés, dispositif émetteur, dispositif récepteur et système de distribution quantique de clé
CN114157418B (zh) 一种基于量子网络的可信数据上链装置及方法
Papadopoulos et al. Increasing Interference Detection in Quantum Cryptography using the Quantum Fourier Transform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22765477

Country of ref document: EP

Kind code of ref document: A1