Intro to Quantum
Cryptography Algorithms
Andrew Hamel
EECS 598 Quantum Computing
FALL 2001
References
Ekert, A. “From quantum code

making
to quantum code

breaking”, 1997
Brassard, et al. “A Quantum Bit
Commitment Scheme Provably
Unbreakable by both Parties”, 1993
Outline
Classical Cryptography overview
Problems with classical cryptography
Quantum Algorithms
Quantum Bit Commitment
Quantum Key Distribution Introduction
Conclusions
Classical Cryptography
Simple Methods
Transposition
Arrange the “plaintext” in a special permutation
Substitution
Replace letters of the “plaintext” with other
letters or symbols in a certain way
Caesar’s Cipher
COLD

> FROG
Classical Cryptography
Problem with simple methods
Security depends on the secrecy of the
entire encrypting/decrypting process
Need a way to ensure secrecy even if the
encryption process is compromised
Classical Cryptography
Key

based Cryptography
Private Key
Secret key locks and unlocks data
Encrypt
–
E
Pri
(P) = C
Decrypt
–
D
Pri
(C) = P
Public Key
Separate keys to lock and unlock data
Encrypt
–
E
Pub
(P) = C
Decrypt
–
D
Pri
(C) = P
Classical Cryptography
Problem with private

key encryption
Depends entirely on the secrecy of the key
Requires two parties who initially share no
secret information to exchange a secret
key
An eavesdropper can passively snoop
secret key as it’s being exchanged
Classical Cryptography
Problems with Public

key encryption
No key distribution problem
However, security relies on unproven
mathematical assumptions such as the
difficulty of factoring large integers
Shor has already shown that the
assumption wont hold up against quantum
computation
What can be done?
Private key is vulnerable to classical
attacks, Public key is vulnerable to
quantum attacks
Solution: Augment private key
encryption with quantum key
distribution
A Slightly Different Problem
Before worrying about eavesdroppers, let’s consider
at simple bit

commitment scenario:
Alice and Bob (who are mutually untrustworthy) wish to play
a multiplayer game over a network
Each player takes one action per round
In order to prevent a player from waiting for the other’s
move before deciding, each player commits themselves to
an action by first transmitting an encrypted move (hash)
Upon receiving the actual move, each player can encrypt it
and compare to the previously received hash
Quantum Bit Commitment
Why is bit commitment useful?
Allows Alice to commit to a certain action
without revealing that action to Bob
Alice gives Bob a “hint” about what her
action will be
Later, if Alice wishes to reveal that action
to Bob, the hint allows Bob to be certain
that Alice has not changed the action
Quantum Bit Commitment
Obvious problem with classical bit
commitment
Problem similar to the public

key encryption
problem
Hard for Alice to give Bob evidence that will both
lock in her action AND prevent Bob for interpreting
her action from the hint
If we give Bob unlimited computational power (or
a quantum computer) he could decrypt the hash
and gain an advantage over Alice
Quantum Bit Commitment
Solution:
We need a hash that is not based on a
shared algorithm that Bob could reverse
Add a quantum channel in parallel to the
classical communication channel
Utilize quantum channel for transmission of
“hint” to Bob
Quantum Bit Commitment
Alice wants to commit a bit v to Bob
Alice calls a function commit(v) that
uses the quantum channel to transmit a
“hint” to Bob
Later, Alice calls unveil(v) to reveal v
Bob can use his hint to ensure that
Alice has not changed v
Quantum Bit Commitment
Notation
Rectilinear Base
{0>,1>} = ‘+’
Diagonal Base
{ (0>+1>)/sqrt(2), (0>

1>)/sqrt(2) } = ‘X’
Vectors
0> = ‘’
1> = ‘

’
(0>+1>) = ‘/’
(0>

1>) = ‘
\
’
Quantum Bit Commitment
Algorithm commit(v)
Bob supplies Alice with a matrix G that generates
code words that differ by at least 10
εn bits
Alice chooses a random n

bit string(r)
Alice uses matrix G to generate a codeword(c)
such that r
•c = v
Alice announces r to Bob
Alice chooses another n

bit random string(b)
Alice sends c to Bob on the quantum channel
encoded according to:
b
i
=0

> +
0 = 
1 =

b
i
=1

> x
0 = /
1 =
\
Quantum Bit Commitment
Algorithm commit(v)
Bob chooses his own random string of bases (b’)
Bob uses b’ to measure the incoming values which
gives Bob string c’
Bob now has a “quantum hint” of what Alice’s
codeword is
However, Bob cannot get any information out of the
codeword since he doesn’t know what transmission
bases Alice used
Statistically Bob will only guess 50% of the bases
correctly
–
50% of the codeword bits are effectively
random
Quantum Bit Commitment
Algorithm unveil(v)
Alice sends c,b,v to Bob
Bob calculates a compare

summation on
code words c and c’ for all bits in which
Bob correctly guessed the transmission
basis.
= (b
i
= b’
i
)
(c
i
xor c’
i
) / (n/2)
Quantum Bit Commitment
Algorithm unveil(v)
If r
•c = v (Alice’s original setup)
And c is a valid codeword of matrix G
And
< 1.4
ε
Bob accepts v
Otherwise
Bob rejects v
Quantum Bit Commitment
Example:
Alice obtains a c = 10110110
Generates random base:
B = {++X+XX+X}
Encodes c in base B:
{


\

/
\

/ }
Transmits quantum string to Bob
Quantum Bit Commitment
Example cont…
Bob receives encoded string
Chooses own random base and measures
the quantum transmission
B’ = {X+++X+XX}
Obtains result
c’ = { * 0 * 1 0 * * 0 }
* = random result
Example cont…
Alice sends b, c to Bob
Bob compares b to b’
b
= {++X+XX+X}
b’
= {X+++X+XX}
Bob compares c and c’ for bits
corresponding to matches in b an b’
c
= {10110110}
c’
= {*0*10**0}
Quantum Bit Commitment
Can Either Player Cheat?
Alice
In order to fool Bob, would have to alter her
codeword so that r
•c
new
= ~v
However, she also has to ensure that c
new
is a
valid codeword of generating matrix G
This means Alice will have to flip at least
10
εn bits
to reach a new, valid codeword
Also, to avoid detection, all Alice’s bit flips would
have to be done on bits in which Bob chose a
different measurement base than Alice did
Can Either Player Cheat?
Alice’s Chances:
The Probability that a given base differs:
Prob (b != b’) = 0.5
Prob (success) = (0.5)
10
εn
So for:
N = 1000, ε = 1%
P(success) = 7.9 * 10

31
Can Either Player Cheat?
Favorable conditions for Alice
If there is no noise on the channel when Alice
transmits Bob can attribute some of the
differences to noise
Alice could afford to incorrectly flip X bits where x
must be:
0.7
εn > X = 7 bits in our previous example
Improves her chances to 1 * 10

28
Does not help when n is large enough
Flipping bases in conjunction with bits can also
help
Can Either Player Cheat?
Bob
Until Alice reveals b, Bob knows nothing about c
since c’ is nothing but random data until the bases
are known.
The information hidden in c’ “comes into being”
only when Alice reveals her quantum transmission
bases.
Since no information exists prior to Alice’s
transmission, it’s impossible for Bob to draw
information out of c’
Can Either Player Cheat?
Bob does an exhaustive key search
Restricting Alice’s codeword choices could
help Bob
Bob finds all possible code words from
matrix G that differ by 0.25n bit flips from
the measured codeword
However code words themselves only differ
by 10
εn
which would produce an large
enough set to negate Bob’s efforts
Can Either Player Cheat?
Bob uses a non

standard base:
Uses base halfway between diagonal and
rectilinear
Still only gives Bob 75% bit accuracy
Also negates Bob’s ability to check Alice’s
moves
Conclusions
With a significantly large n and a reasonable
ε, a cheat

proof Bit
commitment algorithm can be implemented
Using a Quantum channel allows a sender to “create”
information after it has been transmitted
Bob’s random data contains no information until Alice
announces her transmission bases
Will be a useful property for Quantum Key Distribution
The “bothersome” properties of quantum mechanics ensure that
the algorithm works
If measurement did not destroy quantum information, Bob
could continue to measure the bits received until he was
probabilistically certain of the correct value
Likewise if Bob could clone quantum states
Comments 0
Log in to post a comment