Intro to Quantum

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 9 months ago)

84 views

Intro to Quantum
Cryptography Algorithms


Andrew Hamel




EECS 598 Quantum Computing



FALL 2001

References


Ekert, A. “From quantum code
-
making
to quantum code
-
breaking”, 1997


Brassard, et al. “A Quantum Bit
Commitment Scheme Provably
Unbreakable by both Parties”, 1993

Outline


Classical Cryptography overview


Problems with classical cryptography


Quantum Algorithms


Quantum Bit Commitment


Quantum Key Distribution Introduction


Conclusions

Classical Cryptography


Simple Methods


Transposition


Arrange the “plaintext” in a special permutation


Substitution


Replace letters of the “plaintext” with other
letters or symbols in a certain way


Caesar’s Cipher


COLD
-
> FROG

Classical Cryptography


Problem with simple methods


Security depends on the secrecy of the
entire encrypting/decrypting process


Need a way to ensure secrecy even if the
encryption process is compromised

Classical Cryptography


Key
-
based Cryptography


Private Key


Secret key locks and unlocks data


Encrypt


E
Pri
(P) = C


Decrypt


D
Pri
(C) = P


Public Key


Separate keys to lock and unlock data


Encrypt


E
Pub
(P) = C


Decrypt


D
Pri
(C) = P

Classical Cryptography


Problem with private
-
key encryption


Depends entirely on the secrecy of the key


Requires two parties who initially share no
secret information to exchange a secret
key


An eavesdropper can passively snoop
secret key as it’s being exchanged

Classical Cryptography


Problems with Public
-
key encryption


No key distribution problem


However, security relies on unproven
mathematical assumptions such as the
difficulty of factoring large integers


Shor has already shown that the
assumption wont hold up against quantum
computation

What can be done?


Private key is vulnerable to classical
attacks, Public key is vulnerable to
quantum attacks


Solution: Augment private key
encryption with quantum key
distribution

A Slightly Different Problem


Before worrying about eavesdroppers, let’s consider
at simple bit
-
commitment scenario:


Alice and Bob (who are mutually untrustworthy) wish to play
a multiplayer game over a network


Each player takes one action per round


In order to prevent a player from waiting for the other’s
move before deciding, each player commits themselves to
an action by first transmitting an encrypted move (hash)


Upon receiving the actual move, each player can encrypt it
and compare to the previously received hash


Quantum Bit Commitment


Why is bit commitment useful?


Allows Alice to commit to a certain action
without revealing that action to Bob


Alice gives Bob a “hint” about what her
action will be


Later, if Alice wishes to reveal that action
to Bob, the hint allows Bob to be certain
that Alice has not changed the action

Quantum Bit Commitment


Obvious problem with classical bit
commitment


Problem similar to the public
-
key encryption
problem


Hard for Alice to give Bob evidence that will both
lock in her action AND prevent Bob for interpreting
her action from the hint


If we give Bob unlimited computational power (or
a quantum computer) he could decrypt the hash
and gain an advantage over Alice

Quantum Bit Commitment


Solution:


We need a hash that is not based on a
shared algorithm that Bob could reverse


Add a quantum channel in parallel to the
classical communication channel


Utilize quantum channel for transmission of
“hint” to Bob

Quantum Bit Commitment


Alice wants to commit a bit v to Bob


Alice calls a function commit(v) that
uses the quantum channel to transmit a
“hint” to Bob


Later, Alice calls unveil(v) to reveal v


Bob can use his hint to ensure that
Alice has not changed v

Quantum Bit Commitment


Notation


Rectilinear Base

{|0>,|1>} = ‘+’


Diagonal Base



{ (|0>+|1>)/sqrt(2), (|0>
-
|1>)/sqrt(2) } = ‘X’


Vectors


|0> = ‘|’


|1> = ‘
-



(|0>+|1>) = ‘/’


(|0>
-

|1>) = ‘
\


Quantum Bit Commitment


Algorithm commit(v)


Bob supplies Alice with a matrix G that generates
code words that differ by at least 10
εn bits


Alice chooses a random n
-
bit string(r)


Alice uses matrix G to generate a codeword(c)
such that r
•c = v


Alice announces r to Bob


Alice chooses another n
-
bit random string(b)


Alice sends c to Bob on the quantum channel
encoded according to:


b
i
=0
-
> +

0 = |

1 =
-


b
i
=1
-
> x

0 = /

1 =
\

Quantum Bit Commitment


Algorithm commit(v)


Bob chooses his own random string of bases (b’)


Bob uses b’ to measure the incoming values which
gives Bob string c’


Bob now has a “quantum hint” of what Alice’s
codeword is


However, Bob cannot get any information out of the
codeword since he doesn’t know what transmission
bases Alice used


Statistically Bob will only guess 50% of the bases
correctly


50% of the codeword bits are effectively
random

Quantum Bit Commitment


Algorithm unveil(v)


Alice sends c,b,v to Bob


Bob calculates a compare
-
summation on
code words c and c’ for all bits in which
Bob correctly guessed the transmission
basis.




= (b
i

= b’
i
)


(c
i

xor c’
i
) / (n/2)

Quantum Bit Commitment


Algorithm unveil(v)


If r
•c = v (Alice’s original setup)


And c is a valid codeword of matrix G


And


< 1.4
ε



Bob accepts v


Otherwise


Bob rejects v

Quantum Bit Commitment


Example:


Alice obtains a c = 10110110


Generates random base:


B = {++X+XX+X}


Encodes c in base B:


{
-

|
\

-

/
\

-

/ }


Transmits quantum string to Bob

Quantum Bit Commitment


Example cont…


Bob receives encoded string


Chooses own random base and measures
the quantum transmission


B’ = {X+++X+XX}


Obtains result


c’ = { * 0 * 1 0 * * 0 }


* = random result


Example cont…


Alice sends b, c to Bob


Bob compares b to b’


b

= {++X+XX+X}


b’

= {X+++X+XX}


Bob compares c and c’ for bits
corresponding to matches in b an b’


c

= {10110110}


c’

= {*0*10**0}

Quantum Bit Commitment

Can Either Player Cheat?


Alice


In order to fool Bob, would have to alter her
codeword so that r
•c
new

= ~v


However, she also has to ensure that c
new

is a
valid codeword of generating matrix G


This means Alice will have to flip at least
10
εn bits
to reach a new, valid codeword


Also, to avoid detection, all Alice’s bit flips would
have to be done on bits in which Bob chose a
different measurement base than Alice did

Can Either Player Cheat?


Alice’s Chances:


The Probability that a given base differs:


Prob (b != b’) = 0.5


Prob (success) = (0.5)
10
εn


So for:


N = 1000, ε = 1%


P(success) = 7.9 * 10
-
31

Can Either Player Cheat?


Favorable conditions for Alice


If there is no noise on the channel when Alice
transmits Bob can attribute some of the
differences to noise


Alice could afford to incorrectly flip X bits where x
must be:


0.7
εn > X = 7 bits in our previous example


Improves her chances to 1 * 10
-
28


Does not help when n is large enough


Flipping bases in conjunction with bits can also
help

Can Either Player Cheat?


Bob


Until Alice reveals b, Bob knows nothing about c
since c’ is nothing but random data until the bases
are known.


The information hidden in c’ “comes into being”
only when Alice reveals her quantum transmission
bases.


Since no information exists prior to Alice’s
transmission, it’s impossible for Bob to draw
information out of c’

Can Either Player Cheat?


Bob does an exhaustive key search


Restricting Alice’s codeword choices could
help Bob


Bob finds all possible code words from
matrix G that differ by 0.25n bit flips from
the measured codeword


However code words themselves only differ
by 10
εn

which would produce an large
enough set to negate Bob’s efforts


Can Either Player Cheat?


Bob uses a non
-
standard base:


Uses base halfway between diagonal and
rectilinear


Still only gives Bob 75% bit accuracy


Also negates Bob’s ability to check Alice’s
moves


Conclusions


With a significantly large n and a reasonable
ε, a cheat
-
proof Bit
commitment algorithm can be implemented


Using a Quantum channel allows a sender to “create”
information after it has been transmitted


Bob’s random data contains no information until Alice
announces her transmission bases


Will be a useful property for Quantum Key Distribution


The “bothersome” properties of quantum mechanics ensure that
the algorithm works


If measurement did not destroy quantum information, Bob
could continue to measure the bits received until he was
probabilistically certain of the correct value


Likewise if Bob could clone quantum states