1. Quantum Cryptography
Omar Shehab
Department of Computer Science and Electrical Engineering
University of Maryland, Baltimore County
Baltimore, Maryland 21250
shehab1@umbc.edu
September 21, 2012
2. Curiosity
We start with following questions:
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 2 / 52
3. Curiosity (contd.)
How strong are the classical cryptographic schemes?
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 3 / 52
4. Curiosity (contd.)
Is it possible to break them quickly?
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 4 / 52
5. Let’s take an example
RSA (Rivest et al. [1978]) is a standard classical cryptographic
scheme.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 5 / 52
6. Here is the situation
Alice wants to send a message to Bob.
Both of them are worried about Eve who is notoriously trying
to intercept the message.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 6 / 52
7. Proposed solution
Alice decides a secret key and encrypts her message with that
key.
The encrypted message is sent to Bob over public channel.
Alice sends the key to Bob over a secure channel.
Bob decrypts the message with the key.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 7 / 52
8. Issue with the solution
How to find a secure channel to transfer the key?
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 8 / 52
9. It is a good idea?
What if Alice decides another secret sub-key to encrypt the original
key and send it over the public channel?
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 9 / 52
10. Let’s see!
Another sub-sub-key to encrypt the sub-key and another
sub-sub-sub-key to secure the sub-sub-key and so on...
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 10 / 52
11. It never stops!
Catch-22 (Lomonaco [1998])!
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 11 / 52
12. Now what?
Let us redefine ’secret’ !
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 12 / 52
13. ’Secret’
A secret is secret if it is always secret!
A secret is secret is it is computationally unbreakable (Lomonaco
[1998])!
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 13 / 52
15. Assumptions in RSA
The assumption is that the problem of factoring large number is
not in P, NP-complete, and co-NP-complete (Rivest et al. [1978]).
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 15 / 52
16. How confident?
So far true for classical computers.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 16 / 52
17. Are we safe then?
There are other issues.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 17 / 52
18. An issue with public key cryptography
Eavesdropping cannot be detected in classical public key
cryptographic solutions (Lomonaco [1998]).
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 18 / 52
19. New in the town
Quantum Cryptography!!!
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 19 / 52
20. Quantum Cryptography
We need quantum computers.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 20 / 52
21. No more ’bits’
Qubits replace bits. Logic one and zero are no longer the scalers 1
and 0. They are expressed by orthonormal pairs of vectors living in
Hilbert space (a special type of vector space) (Lomonaco [1998]).
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 21 / 52
22. What are those orthonormal pairs of vectors?
They are called basis sets.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 22 / 52
23. Basis sets
They can be chosen in a number of ways.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 23 / 52
24. Basis sets: Example 1
Let the set be S+ .
1 0
S+ ≡ ,
0 1
These vectors are orthonormal to each other.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 24 / 52
25. Basis sets: Example 2
Let the set be SX .
1 −1 √ 1
SX ≡ √2 , 12
1 1
These vectors are orthonormal to each other.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 25 / 52
26. Qubits
What may Qubits look like in real world?
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 26 / 52
27. Qubits (contd.)
Spin of an electron ( 2 or − 1 )
1
2
Polarization of a photon (horizontal or vertical, right circular
or left circular, 45◦ clockwiseorcounter − clockwise etc.)
and many other . . .
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 27 / 52
30. Qubits: Feature 1
Qubits cannot be copied (Wootters and Zurek [1982]). If someone
tries to copy a qubit, the information gets destroyed. So, the
problem of eavesdropping detection is solved.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 30 / 52
31. Qubits: Feature 2
Qubits can be in two opposite states at the same time. For
example, a qubit can be both logic 1 and logic 0 at the same time.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 31 / 52
32. Qubits: Feature 2 (contd.)
1 1
If a qubit is in state √ , it is both in logic 1 and logic 0 with
2 1
equal probability.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 32 / 52
33. Qubits: Feature 3
To read the information of a qubit, we need to measure it. In
quantum world, results of measurement are always probabilistic.
So, we end up with information with specific amount of probability
associated to it.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 33 / 52
34. Feature 3: Example
If we want to read (measure) an arbitrary qubit using S+ , we will
0 1
get with some probability and ≡ with the
1 0
complementary amount of probability.
1 −1
If we read the same qubit using SX , we will get √2 with
1
1 1
some probability and √2 with the complementary amount of
1
probability.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 34 / 52
35. A note about basis set
While working with quantum information, you can encode your
message with any basis set whenever you want. So, while sending a
message, a part of the message can be encoded using the basis set
SX and rest of the message can be encoded using the basis set S+ .
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 35 / 52
36. Message with mixed basis sets
Bit index 1 2 3 4
Logical impression 1 0 1 0
0 1 1 1 −1 1
Qubits √ √
1 2 1 2 1 0
Basis set S+ SX SX S+
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 36 / 52
37. Back to Alice!
We recommend Alice and Bob to buy quantum computers.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 37 / 52
38. Alice’s secret key
Alice wants to send a secret key consisting random bits.
Say, she wants to send a 12-bit key. Alice flips a coin for each bit
and sets the bit to 1 for head and 0 for tail. For one instance, let
the logical impression of the message be,
0 1 1 0 1 1 1 0 1 0 1 0.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 38 / 52
39. Alice’s secret key (contd.)
So far, Alice has decided only the logical version of the secret key.
She is yet to decide the basis on which she will encode the
corresponding qubits.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 39 / 52
40. Alice’s secret key (contd.)
Alice chooses the basis sets in random too. For each bit, if it is
head, the basis set is S+ otherwise SX .
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 40 / 52
42. Bob receives and measures the key
Real basis Original key Result Basis set Index
1 2 3 4 5 6 7 8 9 10 11 12
SX S+ SX SX S+ SX S+ S+ SX SX SX S+
0 1 1 1 1 0 1 0 1 0 1 0
0 1 1 0 1 1 1 0 1 0 1 0
S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 42 / 52
43. Message at Bob’s end
Bob will guess right basis 50% of the time. For those correct basis
sets, the results of measurement will be exactly what Alice sent.
For the rest of the message, Bob will have wrong data.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 43 / 52
44. Confirmation of basis with Alice
Bob informs Alice the basis he has used for each bit through public
channel. Whenever, there is a basis mismatch, they discard the
corresponding bit. Here is the scenario,
Key Match Bob Alice Index
1 2 3 4 5 6 7 8 9 10 11 12
S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+
SX S+ SX SX S+ SX S+ S+ SX SX SX S+
1 1 1 0 1 0 1 0
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 44 / 52
45. Eavesdropping
To intercept the message, Eve needs to measure the qubits just
like Bob does. She cannot copy and forward the original message
to Bob due to the no-cloning theorem. So, Eve can also guess only
50% of the information correctly. To hide her existence, Eve needs
to resend the data to Bob. Any measurement collapses the
quantum superposition of the qubits. So, Bob only receives the
result of measurements, not the original qubits.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 45 / 52
46. Bob measures Eve’s
When Bob measures the message coming from Eve, there is
another layer of applying wrong random bases, which decreases the
probability of getting the original message by more than 50%. Bob
needs a way to detect the eavesdropping.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 46 / 52
47. Detection
Bob shares half of the remaining bits with Alice over public
channel. If there is only a tiny percentage of mismatch (due to
noise), they can safely assume that Eve hasn’t listened to their
communication. Here is the scenario,
Secret Exchange Key Index
1 2 3 4 5 6 7 8 9 10 11 12
1 1 1 0 1 0 1 0
1 1 0 1
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 47 / 52
48. Detection (contd.)
With 12-bit secret key, after measurement and intrusion detection,
4 bits are still secret. So, if Alice wants a 100-bit secret key, she
may safely start with a 300-bit key.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 48 / 52
49. Meet BB
This scheme is called the BB84 Quantum Key Exchange protocol.
Figure: Charles H. Bennett
Figure: Gilles Brassard
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 49 / 52
50. 2012 Nobel Prize?
Thomson Reuters Predicts 2012 Nobel prize in physics may go to
these two people.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 50 / 52
51. Bibliography I
Samuel J. Lomonaco. A quick glance at quantum cryptography. 1998.
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems.
Communications of the ACM, 21:120–126, 1978.
W. K. Wootters and W. H. Zurek. A single quantum cannot be cloned. volume 299, pages 802–803, 1982.
Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 51 / 52