#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Quantum cryptography
1. DATA SECURITY
PROJECT REPORT:
QUANTUM CRYPTOGRAPHY
Department of Computer Science
Arkansas State University
SUBMITTED TO:-
DR. HAI JIANG
SUBMITTED BY:
NISHANT BHARDWAJ
1 ABSTRACT:
2. Modern cryptography algorithms are based over the fundamental process of factoring large
integers into their primes, which is said to be ‘intractable’. But these are vulnerable to both
technological progress of computing power and evolution in mathematics function to quickly
reverse one way functions example: factoring large integers. One of the solutions to these
problems is to induce laws of quantum physics into cryptography which led to the introduction of
the term QUANTUM CRYPTOGRAPHY, which is one of the emerging topics in the computer
industry.
Quantum cryptography uses quantum mechanics to guarantee secure communication. It enables
two parties to produce a shared random bit string known only to them, which is used as a key to
encrypt and decrypt messages. A unique property of quantum cryptography is the ability of two
communicating users to detect the presence of any third party trying to gain knowledge of the key.
These results from a fundamental part of quantum mechanics: the process of measuring a
quantum system in general disturbs the system. A third party trying to eavesdrop on the key must
in some way measure it, thus producing detectable anomalies. By using quantum superposition or
quantum entanglement and transmitting information in quantum states, a communication system
can be implemented which detects eavesdropping.
This report focuses on quantum cryptography and how this technology contributes value to
defense-in-depth strategy appending to completely secure key distribution. Also this paper
discusses the weakness of modern digital cryptosystems, the real world implementation and its
limitations. Also will try to discuss the breaking of the quantum cryptography system that has been
discussed in theories by the scientists.
3. INTRODUCTION TO CRYPTOGRAPHY:
Cryptography is the science of keeping private information from unauthorized access ensuring data
integrity and authentication. This report focuses on quantum cryptography, but before jumping to
it, lets put a brief look at the classical cryptography and its challenges.
Let us assume that Alice and Bob wish to exchange messages via some channel in a way that they
protect their messages from eavesdropping. An algorithm, which is called a cipher in this context,
scrambles Alice’s message via some rule such that restoring the original message is hard—if not
impossible—without knowledge of the secret key. This “scrambled” message is called the
ciphertext. On the other hand, Bob (who possesses the secret key) can easily decipher Alice’s
ciphertext and obtains her original plaintext. The following figure represents the scenario:
Classical cryptography:
Definition: A (deterministic, symmetric) cryptosystem is a five-tuple (P, C, K, E, D) satisfying the
following conditions:
1. P is a finite set of possible plaintexts.
2. C is a finite set of possible ciphertexts.
3. K is a finite set of possible keys.
4. 4. For each k є K, there are an encryption rule ek є E and a corresponding decryption rule dk є D,
where ek: P→ C and dk : C→ P are functions satisfying dk (ek (x)) = x for each plaintext element x є
P.
In the basic scenario in cryptography, we have two parties who wish to communicate over an
insecure channel, such as a phone line or a computer network. Usually, these parties are referred
to as Alice and Bob. Since the communication channel is insecure, an eavesdropper, called Eve,
may intercept the messages that are sent over this channel. By agreeing on a secret key k via a
secure communication method, Alice and Bob can make use of a cryptosystem to keep their
information secret, even when sent over the insecure channel. This situation is illustrated in Fig 1.
The method of encryption works as follows. For her secret message m, Alice uses the key k and the
encryption rule ek to obtain the ciphertext c = ek (m). She sends Bob the ciphertext c over the
insecure channel. Knowing the key k, Bob can easily decrypt the ciphertext by the decryption rule
dk :
dk (c) = dk (ek (m)) = m.
Knowing the ciphertext c but missing the key k, there is no easy way for Eve to determine
the original message m.
There exist many cryptosystems in modern cryptography to transmit secret messages. An early
well-known system is the one-time pad, which is also known as the Vernam cipher. The one-time
pad is a substitution cipher. Despite its advantageous properties, which we will discuss later on,
the one-time pad’s drawback is the costly effort needed to transmit and store the secret keys.
fig1: letters and punctuations marks encoded by numbers from 0 to 29
5. fig (a): Encryption and decryption example for the one-time pad
One-Time Pad: For plaintext elements in P , we use capital letters and some punctuation marks,
which we encode as numbers ranging from 0 to 29, see fig above. As is the case with most
cryptosystems, the ciphertext space equals the plaintext space. Furthermore, the key space K also
equals P , and we have P =C= K={0, 1, . . . , 29}. Next, we describe how Alice and Bob use the one-
time pad to transmit their messages. A concrete example is shown in Figure 3. Suppose Alice and
Bob share a joint secret key k of length n = 12, where each key symbol k I є {0, 1, . . . , 29} is chosen
uniformly at random. Let m = m1m2. . . mn be a given message of length n, which Alice wishes to
encrypt. For each plaintext letter mi, where 1 ≤ i ≤ n, Alice adds the plaintext numbers to the key
numbers. The result is taken modulo 30. For example, the last letter of the plaintext from Figure
(a), “D,” is encoded by “m12=03.” The corresponding key is “m12= 28,” so we have c12= 3 + 28 =
31. Since 31 1 mod 30, our plaintext letter “D” is encrypted as “B.” Decryption works similarly by≡
subtracting, character by character, the key letters from the corresponding ciphertext letters. So
the encryption and decryption can be written as respectively ci= (mi+ ki) mod 30 and mi=(ci− ki)
mod 30, 1 ≤ i ≤ n.
Limitations
Cryptographic technology in use today relies on the hardness of certain mathematical problems.
Classical cryptography faces the following two problems. First, the security of many classical
cryptosystems is based on the hardness of problems such as integer factoring or the discrete
6. logarithm problem. But since these problems typically are not provably hard, the corresponding
cryptosystems are potentially insecure. For example, the famous and widely used RSA public-key
cryptosystem [Rivest et al. 1978] could easily be broken if large integers were easy to factor. The
hardness of integer factoring, however, is not a proven fact but rather a hypothesis.1.We mention
in passing that computing the RSA secret key from the corresponding public key is polynomial-time
equivalent to integer factoring [May 2004].
Second, the theory of quantum computation has yielded new methods to tackle these
mathematical problems in a much more efficient way. Although there are still numerous
challenges to overcome before a working quantum computer of sufficient power can be built, in
theory many classical ciphers (in particular public-key cryptosystems such as RSA) might be broken
by such a powerful machine. However, while quantum computation seems to be a severe
challenge to classical cryptography in a possibly not so distant future, at the same time it offers
new possibilities to build encryption methods that are safe even against attacks performed by
means of a quantum computer. Quantum cryptography extends the power of classical
cryptography by protecting the secrecy of messages using the physical laws of quantum
mechanics.
The currently used public key encryption and signature schemes can be broken by quantum
adversaries. This led to the innovation of quantum cryptography.
Quantum Cryptography
It is the science of exploiting the quantum mechanical properties to perform cryptographic tasks.
The quantum key distribution offers an information- theoretically secure solution to the key
exchange problem. Its main advantage is that it allows the completion of various cryptographic
tasks that are proven or assume to be impossible using only classical communication. For example:
7. it is impossible to copy data encoded in a quantum state and the very act of reading data encoded
in quantum state changes the state. This is used to detect the eavesdropping in quantum key
distribution.
History:
Quantum cryptography is based on 2 major elements of quantum mechanics as the base of its
implementation.
The two principles are:
1) Heisenberg uncertainty principle: At the instant at which the position of the electron is
known, its momentum therefore can be known only up to magnitudes which correspond to that
discontinuous change; thus, the more precisely the position is determined, the less precisely the
momentum is known, and conversely. This simply means that observation of quanta changes its
behavior. By measuring the velocity of quanta we would affect it, and thereby change its position;
if we want to find a quant's position, we are forced to change its velocity. Therefore, we cannot
measure a quantum system's characteristics without changing it (Clark, n.d.) and we cannot record
all characteristics of a quantum system before those characteristics are measured.[1]
2)Principle of photon polarization: It is the quantum mechanical description of the classical
polarized sinusoidal plane electromagnetic wave. An individual photon can be described as having
right or left circular polarization or a superposition of two.
The concept of quantum cryptography was first proposed by Stephen Wiesner in his seminar paper
“Conjugate Coding”, which proposed how to store or transmit two messages by coding them in
two “conjugate observables”, such as circular or linear polarization of light, so that either (not
both) of which may be received and decoded. This study was further carried on by Charles H.
8. Bennett and Gilles Brassard who proposed a method of secure communication which is called
BB84. This method is at the basis of quantum key distribution methods.[2]
3. There is one more principle that forms the basis of Quantum cryptography i.e. The No Cloning
Theorem. It states that it is impossible to create a copy of an arbitrary unknown quantum state.
This makes it impossible to perform eavesdropping because it will quickly be detected and thus
guarantees that the communicated data remains private.
Quantum Key Distribution(QKD):
The current key distribution approach presents many challenges. Its security is threatened by weak
random number generators, advances to CPU power, new attack strategies and emergence of
quantum computers.
Quantum key distribution addresses these challenges by using quantum properties to exchange
secret information such as a cryptographic key which can then be used over an insecure channel.
The security of this relies on fundamental laws of nature, which are not vulnerable to increasing
computational power, new attack techniques and quantum computers. For the highest security
requirements, QKD enables the contiguous generation and sharing of truly random one time pad
keys. If there is an eavesdropper trying to intercept a quantum exchange, will inevitably leave
detectable traces. The legitimate exchanging parties can decide either to discard the corrupt
information or reduce the information available to the eavesdropper to nought by distilling a
shorter key.
A QKD implementation typically includes the following components:
i) A fiber or free-space quantum channel to send quantum states of light between the
transmitter (Alice) and receiver (Bob). This channel does not need to be secured.
9. ii) A public but authenticated communication link between the two parties to perform
post-processing steps and distill a correct and secret key.
iii) A key exchange protocol that exploits quantum properties to ensure security by detecting
eavesdropping or errors, and by calculating the amount of information that has been intercepted
or lost. Both errors and potential information leakage are removed during subsequent error
correction and privacy amplification post-processing steps, leaving Bob and Alice with a shared key
known only to them.[3]
Types of Quantum Key Distribution:
1. Discrete variable QKD: It encodes quantum information in discrete variables and uses single
photon detectors to measure the received quantum states. Example: BB84 and E91 protocols.
2. Contiguous variable QKD: IN this the quantum information is encoded onto the amplitude and
phase quadratures of a coherent laser and then can be measured by the receiver using homodyne
detectors.
Both these approaches have been proven to be information theoretically secure even in the
presence of an attacker or eavesdropper.
10. Desirable Attributes of QKD:
1. Confidentiality: Confidentiality is the main reason for interest in QKD. Public key systems suffer
from an ongoing uncertainty that decryption is mathematically intractable. Thus key agreement
primitives widely used in today’s Internet security architecture, e.g., Diffie-Hellman, may perhaps
be broken at some point in the future. This would not only hinder future ability to communicate
but could reveal past traffic. Classic secret key systems have suffered from different problems,
namely, insider threats and the logistical burden of distributing keying material. Assuming that
QKD techniques are properly embedded into an overall secure system, they can provide automatic
distribution of keys that may offer security superior to that of its competitors.
2. Authentication: QKD does not in itself provide authentication. Current strategies for
authentication in QKD systems include prepositioning of secret keys at pairs of devices, to be used
in hash-based authentication schemes, or hybrid QKD-public key techniques. Neither approach is
entirely appealing. Prepositioned secret keys require some means of distributing these keys before
QKD itself begins, e.g., by human courier, which may be costly and logistically challenging.
Furthermore, this approach appears open to denial of service attacks in which an adversary forces
a QKD system to exhaust its stockpile of key material, at which point it can no longer perform
authentication. On the other hand hybrid QKD public key schemes inherit the possible
vulnerabilities of public key systems to cracking via quantum computers or unexpected advances in
mathematics.
3. Rapid key delivery: Key distribution systems must deliver keys fast enough so that encryption
devices do not exhaust their supply of key bits. This is a race between the rate at which keying
material is put into place and the rate at which it is consumed for encryption or decryption
activities. Today’s QKD systems achieve on the order of 1,000 bits/second throughput for keying
11. material, in realistic settings and often run at much lower rates. This is unacceptably low if one
uses these keys in certain ways, e.g., as one-time pads for high speed traffic flows. However it may
well be acceptable if the keying material is used as input for less secure (but often secure enough)
algorithms such as the Advanced Encryption Standard. Nonetheless, it is both desirable and
possible to greatly improve upon the rates provided by today’s QKD technology.[4][5].
QKD Example:
The following is an example of how quantum cryptography can be used to securely distribute keys.
Alice begins by sending a message to Bob using a photon gun to send a stream of photons
randomly chosen in one of four polarizations that correspond to vertical, horizontal or diagonal in
opposing directions (0,45,90 or 135 degrees). For each individual photon, Bob will randomly
choose a filter and use a photon receiver to count and measure the polarization which is either
rectilinear (0 or 90 degrees) or diagonal (45 or 135 degrees), and keep a log of the results based on
which measurements were correct vis-à-vis the polarizations that Alice selected. While a portion of
the stream of photons will disintegrate over the distance of the link, only a predetermined portion
is required to build a key sequence for a onetime pad. Next, using an out- of-band communication
system, Bob will inform Alice to the type of measurement made and which measurements were of
the correct type without mentioning the actual results. The photons that were incorrectly
measured will be discarded, while the correctly measured photons are translated into bits based
on their polarization. These photons are used to form the basis of a onetime pad for sending
encrypted information. It is important to point out that neither Alice nor Bob are able to determine
what the key will be in advance because the key is the product of both their random choices. Thus,
quantum cryptography enables the distribution of a one-time key exchanged securely. Now let us
suppose that a malicious attacker attempts to infiltrate the cryptosystem and defeat the quantum
12. key distribution mechanisms. If this malicious attacker, tries to eavesdrop, s/he too must also
randomly select either a rectilinear or diagonal filter to measure each of Alice’s photons. Hence,
attacker will have an equal chance of selecting the right and wrong filter, and will not be able to
confirm with Alice the type of filter used. Even if the attacker is able to successfully eavesdrop
while Bob confirms with Alice the protons he received, this information will be of little use to the
attacker unless s/he knows the correct polarization of each particular photon. As a result, attacker
will not correctly interpret the photons that form the final key, and s/he will not be able to render
a meaningful key and thus be thwarted in her endeavors. In sum, there are three significant
advantages of this system. First, the Heisenberg Uncertainty principle means that information
regarding photons cannot be duplicated because photons will be destroyed once they are
measured or tampered with. Since photons are indivisible, once it hits a detector, the photon no
longer exists. Secondly, Alice and Bob must calculate beforehand the amount of photons needed
to form the encryption key so that the length of the one-time pad will correspond to the length of
the message. Since mathematically Bob should receive about 25 percent of transmitted photons, if
there is a deviation for the predetermined fixed number, Bob can be certain that traffic is being
sniffed or something is wrong in the system. This is the result of the fact that if the attacker detects
a photon, it will no longer exist to be detected by Bob due to the attacker’s inability to copy an
unknown quantum state. If the attacker attempts to create and pass on to Bob a photon, s/he will
have to randomly choose its orientation, and on average be incorrect about 50 percent of the time
–enough of an error rate to reveal his/her presence.
13. BASIC QUANTUM KEY DISTRIBUTION PROTOCOLS
1. THE BB84 Protocol
It is based on ‘uncertainty principle’. This implies that the eavesdropper cannot gain even a partial
data without altering it and if altered they are easily detected. In BB84 Alice generates a sequence
of random numbers and encodes them using basis i.e. rectilinear (0 or 90 degrees) or diagonal (45
or 135 degrees) which are also chosen randomly and transmits the polarized photon to Bob. Bob
now measures the polarization of each received bit by choosing a random basis per bit. Now
according to theory of probability, alice and bob chooses same basis more than 50% of the time on
an average. In an ideal case of no eavesdropping and no transmission errors, the quantum bit error
rate(QBER) of the transmission will be less than 50%. If there is presence of an eavesdropper, the
QBER rate will increase to 75%. The table below clears that the QBER is less than 50% which is
acceptable(13/29*100=44.82%). Thus Alice and Bob can decide to continue the communication. In
this case shifted keys of bith the parties will be partially correlated due to transmission errors,
14. which can be easily removed by reconciliation process of parity check.
15. The table below depicts the presence of an eavesdropper and transmission errors, where QBER
rates are very high(24/29*100=82.75%). Both parties can abort the transmission now.
16. BB84 uses quantum properties so well that it has become the base for quantum cryptography. Its
disadvantage is its assumption for ideal quantum sources and detectors, which makes it vulnerable
to PNS and detector noise attacks.[6]
B92 PROTOCOL
It is similar to BB84 coding scheme but uses only for 2 out of 4 BB84 states, which makes it easier
to implement. It encodes classical bits in two non orthogonal BB84 states. Since no measurement
can distinguish two non orthogonal quantum states, it makes it impossible to identify the bit with
certainty. If there is any attempt to learn the bit, it will modify the state in a noticeable way. B92
allows the receiver to learn whenever he gets the bit sent without further discussion with Alice.
But it is difficult to establish in certain experimental settings and very often turns to be insecure. In
B92, the classical bit b=0 is encoded by a photon with horizontal polarization and b=1 is encoded
by photon with polarization angle 45 degrees.[7]
IS QUANTUM CRYPTOGRAPHY HACKABLE?
A hacker can blind a detector with a strong pulse, rendering it unable to see the secret keeping
photons. Another weakness to the system is, photons are often generated using a laser tuned to
such a low intensity that its producing one single photon at a time. There is a certain probability
that the laser will make a photon encoded with your secret information and then a second photon
with that same information. All an intruder has to do is to steal that second photon and could gain
access to the data. The problems mentioned are just in theories given by Renner. To put them into
action will take a lot of technological advancements.[8]
17. CITATIONS AND REFERNCES
[1] https://en.wikipedia.org/wiki/Quantum_cryptography
[2] [https://en.wikipedia.org/wiki/Photon_polarization]
[3] [https://www.quintessencelabs.com/wp-content/uploads/2016/09/CSA_What-is-
[4] https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwiqyp-
O0OLXAhWi5oMKHZY5Ag4QFggsMAA&url=http%3A%2F%2Fblog.protogenist.com%2F%3Fp
%3D702&usg=AOvVaw1_7CvJg9qdKR0mzL8igaBC
[5]C. Elliott, “Building the quantum network,” New J. Phys. 4 (July 2002) 46.
[6] [https://arxiv.org/ftp/arxiv/papers/1407/1407.2357.pdf]
[7] [http://gva.noekeon.org/QCandSKD/QCandSKD-introduction.html]
[8] https://www.wired.com/2013/06/quantum-cryptography-hack
[9] https://www.quora.com/What-are-the-pros-and-cons-of-quantum-cryptography
[10] http://ieeexplore.ieee.org/document/5383498