Quantum Cryptography 101

Quantum Cryptography

Omar Shehab

Department of Computer Science and Electrical EngineeringUniversity of Maryland, Baltimore County

Baltimore, Maryland 21250

shehab1@umbc.edu

September 21, 2012

Curiosity

We start with following questions:

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 2 / 52

Curiosity (contd.)

How strong are the classical cryptographic schemes?

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 3 / 52

Curiosity (contd.)

Is it possible to break them quickly?

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 4 / 52

Let’s take an example

RSA (Rivest et al. [1978]) is a standard classical cryptographicscheme.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 5 / 52

Here is the situation

Alice wants to send a message to Bob.

Both of them are worried about Eve who is notoriously tryingto intercept the message.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 6 / 52

Proposed solution

Alice decides a secret key and encrypts her message with thatkey.

The encrypted message is sent to Bob over public channel.

Alice sends the key to Bob over a secure channel.

Bob decrypts the message with the key.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 7 / 52

Issue with the solution

How to find a secure channel to transfer the key?

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 8 / 52

It is a good idea?

What if Alice decides another secret sub-key to encrypt the originalkey and send it over the public channel?

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 9 / 52

Let’s see!

Another sub-sub-key to encrypt the sub-key and anothersub-sub-sub-key to secure the sub-sub-key and so on...

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 10 / 52

It never stops!

Catch-22 (Lomonaco [1998])!

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 11 / 52

Now what?

Let us redefine ’secret’ !

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 12 / 52

’Secret’

A secret is secret if it is always secret!A secret is secret is it is computationally unbreakable (Lomonaco[1998])!

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 13 / 52

Computationally secret!!!

Here comes RSA!

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 14 / 52

Assumptions in RSA

The assumption is that the problem of factoring large number isnot in P, NP-complete, and co-NP-complete (Rivest et al. [1978]).

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 15 / 52

How confident?

So far true for classical computers.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 16 / 52

Are we safe then?

There are other issues.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 17 / 52

An issue with public key cryptography

Eavesdropping cannot be detected in classical public keycryptographic solutions (Lomonaco [1998]).

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 18 / 52

New in the town

Quantum Cryptography!!!

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 19 / 52

Quantum Cryptography

We need quantum computers.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 20 / 52

No more ’bits’

Qubits replace bits. Logic one and zero are no longer the scalers 1and 0. They are expressed by orthonormal pairs of vectors living inHilbert space (a special type of vector space) (Lomonaco [1998]).

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 21 / 52

What are those orthonormal pairs of vectors?

They are called basis sets.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 22 / 52

Basis sets

They can be chosen in a number of ways.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 23 / 52

Basis sets: Example 1

Let the set be S+.

S+ ≡{(

10

),

(01

)}

These vectors are orthonormal to each other.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 24 / 52

Basis sets: Example 2

Let the set be SX .

SX ≡{

1√2

(−11

), 1√

2

(11

)}

These vectors are orthonormal to each other.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 25 / 52

Qubits

What may Qubits look like in real world?

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 26 / 52

Qubits (contd.)

Spin of an electron (12or −12)

Polarization of a photon (horizontal or vertical, right circularor left circular, 45◦clockwiseorcounter − clockwise etc.)

and many other . . .

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 27 / 52

Logical impression

Using S+,

Logic 1 ≡(

01

), Logic 0 ≡

(10

)or vice versa.

Using SX ,

Logic 1 ≡ 1√2

(−11

), Logic 0 ≡ 1√

2

(11

)or vice versa.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 28 / 52

Features

Qubits have following features:

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 29 / 52

Qubits: Feature 1

Qubits cannot be copied (Wootters and Zurek [1982]). If someonetries to copy a qubit, the information gets destroyed. So, theproblem of eavesdropping detection is solved.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 30 / 52

Qubits: Feature 2

Qubits can be in two opposite states at the same time. Forexample, a qubit can be both logic 1 and logic 0 at the same time.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 31 / 52

Qubits: Feature 2 (contd.)

If a qubit is in state 1√2

(11

), it is both in logic 1 and logic 0 with

equal probability.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 32 / 52

Qubits: Feature 3

To read the information of a qubit, we need to measure it. Inquantum world, results of measurement are always probabilistic.So, we end up with information with specific amount of probabilityassociated to it.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 33 / 52

Feature 3: Example

If we want to read (measure) an arbitrary qubit using S+, we will

get

(01

)with some probability and ≡

(10

)with the

complementary amount of probability.

If we read the same qubit using SX , we will get 1√2

(−11

)with

some probability and 1√2

(11

)with the complementary amount of

probability.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 34 / 52

A note about basis set

While working with quantum information, you can encode yourmessage with any basis set whenever you want. So, while sending amessage, a part of the message can be encoded using the basis setSX and rest of the message can be encoded using the basis set S+.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 35 / 52

Message with mixed basis sets

Bit index 1 2 3 4

Logical impression 1 0 1 0

Qubits

(01

)1√2

(11

)1√2

(−11

) (10

)Basis set S+ SX SX S+

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 36 / 52

Back to Alice!

We recommend Alice and Bob to buy quantum computers.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 37 / 52

Alice’s secret key

Alice wants to send a secret key consisting random bits.Say, she wants to send a 12-bit key. Alice flips a coin for each bitand sets the bit to 1 for head and 0 for tail. For one instance, letthe logical impression of the message be,0 1 1 0 1 1 1 0 1 0 1 0.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 38 / 52

Alice’s secret key (contd.)

So far, Alice has decided only the logical version of the secret key.She is yet to decide the basis on which she will encode thecorresponding qubits.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 39 / 52

Alice’s secret key (contd.)

Alice chooses the basis sets in random too. For each bit, if it ishead, the basis set is S+ otherwise SX .

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 40 / 52

Alice’s secret key (contd.)

The situation may be as in the following table.

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Sec

ret

key

0 1 1 0 1 1 1 0 1 0 1 0

Bas

isse

t

S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+

Qu

bit (

10

)(01

)(− 1√2

1√2

)(10

)(10

)(10

)(− 1√2

1√2

)(10

)(− 1√2

1√2

)(1√21√2

)(1√21√2

)(10

)

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 41 / 52

Bob receives and measures the key

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Bas

isse

t

SX S+ SX SX S+ SX S+ S+ SX SX SX S+

Res

ult

0 1 1 1 1 0 1 0 1 0 1 0

Ori

gin

alke

y

0 1 1 0 1 1 1 0 1 0 1 0

Rea

lb

asis

S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 42 / 52

Message at Bob’s end

Bob will guess right basis 50% of the time. For those correct basissets, the results of measurement will be exactly what Alice sent.For the rest of the message, Bob will have wrong data.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 43 / 52

Confirmation of basis with Alice

Bob informs Alice the basis he has used for each bit through publicchannel. Whenever, there is a basis mismatch, they discard thecorresponding bit. Here is the scenario,

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Alic

e

S+ S+ SX S+ S+ S+ SX S+ SX SX SX S+

Bob

SX S+ SX SX S+ SX S+ S+ SX SX SX S+

Mat

ch

X X X X X X X X

Key

1 1 1 0 1 0 1 0

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 44 / 52

Eavesdropping

To intercept the message, Eve needs to measure the qubits justlike Bob does. She cannot copy and forward the original messageto Bob due to the no-cloning theorem. So, Eve can also guess only50% of the information correctly. To hide her existence, Eve needsto resend the data to Bob. Any measurement collapses thequantum superposition of the qubits. So, Bob only receives theresult of measurements, not the original qubits.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 45 / 52

Bob measures Eve’s

When Bob measures the message coming from Eve, there isanother layer of applying wrong random bases, which decreases theprobability of getting the original message by more than 50%. Bobneeds a way to detect the eavesdropping.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 46 / 52

Detection

Bob shares half of the remaining bits with Alice over publicchannel. If there is only a tiny percentage of mismatch (due tonoise), they can safely assume that Eve hasn’t listened to theircommunication. Here is the scenario,

Ind

ex

1 2 3 4 5 6 7 8 9 10 11 12

Key

1 1 1 0 1 0 1 0

Exc

han

ge

X X X X

Sec

ret

1 1 0 1

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 47 / 52

Detection (contd.)

With 12-bit secret key, after measurement and intrusion detection,4 bits are still secret. So, if Alice wants a 100-bit secret key, shemay safely start with a 300-bit key.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 48 / 52

Meet BB

This scheme is called the BB84 Quantum Key Exchange protocol.

Figure: Charles H. Bennett

Figure: Gilles Brassard

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 49 / 52

2012 Nobel Prize?

Thomson Reuters Predicts 2012 Nobel prize in physics may go tothese two people.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 50 / 52

Bibliography I

Samuel J. Lomonaco. A quick glance at quantum cryptography. 1998.

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems.Communications of the ACM, 21:120–126, 1978.

W. K. Wootters and W. H. Zurek. A single quantum cannot be cloned. volume 299, pages 802–803, 1982.

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 51 / 52

Questions?

Omar Shehab (UMBC) Quantum Cryptography September 21, 2012 52 / 52