Upcoming SlideShare
×

# Quantum Cryptography 101

600 views

Published on

Guest lecture by Omar Shehab for the Information Assurance course by Dr. Alan Sherman in fall 2012.

1 Comment
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• কী কঠিন রে বাবা !

Are you sure you want to  Yes  No
• Be the first to like this

Views
Total views
600
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
49
1
Likes
0
Embeds 0
No embeds

No notes for slide

### Quantum Cryptography 101

1. 1. Quantum Cryptography Omar ShehabDepartment of Computer Science and Electrical Engineering University of Maryland, Baltimore County Baltimore, Maryland 21250 shehab1@umbc.edu September 21, 2012
2. 2. CuriosityWe start with following questions:Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 2 / 52
3. 3. Curiosity (contd.)How strong are the classical cryptographic schemes?Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 3 / 52
4. 4. Curiosity (contd.)Is it possible to break them quickly?Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 4 / 52
5. 5. Let’s take an exampleRSA (Rivest et al. [1978]) is a standard classical cryptographicscheme.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 5 / 52
6. 6. Here is the situation Alice wants to send a message to Bob. Both of them are worried about Eve who is notoriously trying to intercept the message.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 6 / 52
7. 7. Proposed solution Alice decides a secret key and encrypts her message with that key. The encrypted message is sent to Bob over public channel. Alice sends the key to Bob over a secure channel. Bob decrypts the message with the key.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 7 / 52
8. 8. Issue with the solutionHow to ﬁnd a secure channel to transfer the key?Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 8 / 52
9. 9. It is a good idea?What if Alice decides another secret sub-key to encrypt the originalkey and send it over the public channel?Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 9 / 52
10. 10. Let’s see!Another sub-sub-key to encrypt the sub-key and anothersub-sub-sub-key to secure the sub-sub-key and so on...Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 10 / 52
11. 11. It never stops!Catch-22 (Lomonaco [1998])!Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 11 / 52
12. 12. Now what?Let us redeﬁne ’secret’ !Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 12 / 52
13. 13. ’Secret’A secret is secret if it is always secret!A secret is secret is it is computationally unbreakable (Lomonaco[1998])!Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 13 / 52
14. 14. Computationally secret!!!Here comes RSA!Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 14 / 52
15. 15. Assumptions in RSAThe assumption is that the problem of factoring large number isnot in P, NP-complete, and co-NP-complete (Rivest et al. [1978]).Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 15 / 52
16. 16. How conﬁdent?So far true for classical computers.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 16 / 52
17. 17. Are we safe then?There are other issues.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 17 / 52
18. 18. An issue with public key cryptographyEavesdropping cannot be detected in classical public keycryptographic solutions (Lomonaco [1998]).Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 18 / 52
19. 19. New in the townQuantum Cryptography!!!Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 19 / 52
20. 20. Quantum CryptographyWe need quantum computers.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 20 / 52
21. 21. No more ’bits’Qubits replace bits. Logic one and zero are no longer the scalers 1and 0. They are expressed by orthonormal pairs of vectors living inHilbert space (a special type of vector space) (Lomonaco [1998]).Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 21 / 52
22. 22. What are those orthonormal pairs of vectors?They are called basis sets.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 22 / 52
23. 23. Basis setsThey can be chosen in a number of ways.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 23 / 52
24. 24. Basis sets: Example 1Let the set be S+ . 1 0S+ ≡ , 0 1These vectors are orthonormal to each other.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 24 / 52
25. 25. Basis sets: Example 2Let the set be SX . 1 −1 √ 1SX ≡ √2 , 12 1 1These vectors are orthonormal to each other.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 25 / 52
26. 26. QubitsWhat may Qubits look like in real world?Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 26 / 52
27. 27. Qubits (contd.) Spin of an electron ( 2 or − 1 ) 1 2 Polarization of a photon (horizontal or vertical, right circular or left circular, 45◦ clockwiseorcounter − clockwise etc.) and many other . . .Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 27 / 52
28. 28. Logical impressionUsing S+ , 0 1Logic 1 ≡ , Logic 0 ≡ or vice versa. 1 0Using SX , 1 −1 1 1Logic 1 ≡ √ , Logic 0 ≡ √ or vice versa. 2 1 2 1Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 28 / 52
29. 29. FeaturesQubits have following features:Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 29 / 52
30. 30. Qubits: Feature 1Qubits cannot be copied (Wootters and Zurek [1982]). If someonetries to copy a qubit, the information gets destroyed. So, theproblem of eavesdropping detection is solved.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 30 / 52
31. 31. Qubits: Feature 2Qubits can be in two opposite states at the same time. Forexample, a qubit can be both logic 1 and logic 0 at the same time.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 31 / 52
32. 32. Qubits: Feature 2 (contd.) 1 1If a qubit is in state √ , it is both in logic 1 and logic 0 with 2 1equal probability.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 32 / 52
33. 33. Qubits: Feature 3To read the information of a qubit, we need to measure it. Inquantum world, results of measurement are always probabilistic.So, we end up with information with speciﬁc amount of probabilityassociated to it.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 33 / 52
34. 34. Feature 3: ExampleIf we want to read (measure) an arbitrary qubit using S+ , we will 0 1get with some probability and ≡ with the 1 0complementary amount of probability. 1 −1If we read the same qubit using SX , we will get √2 with 1 1 1some probability and √2 with the complementary amount of 1probability.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 34 / 52
35. 35. A note about basis setWhile working with quantum information, you can encode yourmessage with any basis set whenever you want. So, while sending amessage, a part of the message can be encoded using the basis setSX and rest of the message can be encoded using the basis set S+ .Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 35 / 52
36. 36. Message with mixed basis sets Bit index 1 2 3 4 Logical impression 1 0 1 0 0 1 1 1 −1 1 Qubits √ √ 1 2 1 2 1 0 Basis set S+ SX SX S+Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 36 / 52
37. 37. Back to Alice!We recommend Alice and Bob to buy quantum computers.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 37 / 52
38. 38. Alice’s secret keyAlice wants to send a secret key consisting random bits.Say, she wants to send a 12-bit key. Alice ﬂips a coin for each bitand sets the bit to 1 for head and 0 for tail. For one instance, letthe logical impression of the message be,0 1 1 0 1 1 1 0 1 0 1 0.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 38 / 52
39. 39. Alice’s secret key (contd.)So far, Alice has decided only the logical version of the secret key.She is yet to decide the basis on which she will encode thecorresponding qubits.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 39 / 52
40. 40. Alice’s secret key (contd.)Alice chooses the basis sets in random too. For each bit, if it ishead, the basis set is S+ otherwise SX .Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 40 / 52
41. 41. Alice’s secret key (contd.)The situation may be as in the following table. Qubit Basis set Secret key Index 1 2 3 4 5 6 7 8 9 10 11 12 0 1 1 0 1 1 1 0 1 0 1 0 S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+ 1 1 1 1 1 1 0 − √2 1 1 1 − √2 1 − √2 √ 2 √ 2 1 1 1 1 1 1 0 1 √ 2 0 0 0 √ 2 0 √ 2 √ 2 √ 2 0Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 41 / 52
42. 42. Bob receives and measures the key Real basis Original key Result Basis set Index 1 2 3 4 5 6 7 8 9 10 11 12 SX S+ SX SX S+ SX S+ S+ SX SX SX S+ 0 1 1 1 1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 1 0 S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 42 / 52
43. 43. Message at Bob’s endBob will guess right basis 50% of the time. For those correct basissets, the results of measurement will be exactly what Alice sent.For the rest of the message, Bob will have wrong data.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 43 / 52
44. 44. Conﬁrmation of basis with AliceBob informs Alice the basis he has used for each bit through publicchannel. Whenever, there is a basis mismatch, they discard thecorresponding bit. Here is the scenario, Key Match Bob Alice Index 1 2 3 4 5 6 7 8 9 10 11 12 S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+ SX S+ SX SX S+ SX S+ S+ SX SX SX S+ 1 1 1 0 1 0 1 0Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 44 / 52
45. 45. EavesdroppingTo intercept the message, Eve needs to measure the qubits justlike Bob does. She cannot copy and forward the original messageto Bob due to the no-cloning theorem. So, Eve can also guess only50% of the information correctly. To hide her existence, Eve needsto resend the data to Bob. Any measurement collapses thequantum superposition of the qubits. So, Bob only receives theresult of measurements, not the original qubits.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 45 / 52
46. 46. Bob measures Eve’sWhen Bob measures the message coming from Eve, there isanother layer of applying wrong random bases, which decreases theprobability of getting the original message by more than 50%. Bobneeds a way to detect the eavesdropping.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 46 / 52
47. 47. DetectionBob shares half of the remaining bits with Alice over publicchannel. If there is only a tiny percentage of mismatch (due tonoise), they can safely assume that Eve hasn’t listened to theircommunication. Here is the scenario, Secret Exchange Key Index 1 2 3 4 5 6 7 8 9 10 11 12 1 1 1 0 1 0 1 0 1 1 0 1Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 47 / 52
48. 48. Detection (contd.)With 12-bit secret key, after measurement and intrusion detection,4 bits are still secret. So, if Alice wants a 100-bit secret key, shemay safely start with a 300-bit key.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 48 / 52
49. 49. Meet BBThis scheme is called the BB84 Quantum Key Exchange protocol. Figure: Charles H. Bennett Figure: Gilles BrassardOmar Shehab (UMBC) Quantum Cryptography September 21, 2012 49 / 52
50. 50. 2012 Nobel Prize?Thomson Reuters Predicts 2012 Nobel prize in physics may go tothese two people.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 50 / 52
51. 51. Bibliography ISamuel J. Lomonaco. A quick glance at quantum cryptography. 1998.R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21:120–126, 1978.W. K. Wootters and W. H. Zurek. A single quantum cannot be cloned. volume 299, pages 802–803, 1982.Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 51 / 52
52. 52. Questions?Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 52 / 52