2010a7ps128g Sop Final

8/13/2019 2010a7ps128g Sop Final

1/20

QUANTUM KE

IT

BIRLA INSTITUTEK

1

A Report on

DISTRIBUTION PROT AND

APPLICATIONS

Submitted by

ISHABH ARORA2010A7PS128G

F TECHNOLOGY AND SCIENCE, PILK BIRLA GOA CAMPUS

COLS

NI

8/13/2019 2010a7ps128g Sop Final

2/20

2

Acknowledgements

I warmly acknowledge the continuous encouragement, invaluable supervision,timely suggestions and inspired guidance offered by D.r. S.K.Sahay,Department of Computer Science, Birla Institute Of Technology and SciencePilani, KK Birla Goa Campus.

RISHABH ARORA2010A7PS128G

8/13/2019 2010a7ps128g Sop Final

3/20

3

Table of Contents

Topic Page No.

Acknowledgements 2

Abstract 4

1. Basics of cryptography and quantum theory 5

2. Quantum properties 7

3. QKD protocols 12

4. QKD challenges 17

5. Quantum networks 18

6. Potential applications 19

7. Conclusion 20

8/13/2019 2010a7ps128g Sop Final

4/20

4

Abstract

Quantum cryptography uses quantum mechanics to guarantee secure communication. Itenables two parties to produce a shared random bit string known only to them, which canbe used as a key to encrypt and decrypt messages. An important and unique property ofquantum cryptography is the ability of the two communicating users to detect the presenceof any third party trying to gain knowledge of the key. This results from a fundamental partof quantum mechanics: the process of measuring a quantum system in general disturbs thesystem. A third party trying to eavesdrop on the key must in some way measure it, thusintroducing detectable anomalies. By using quantum superposition or quantumentanglement and transmitting information in quantum states, a communication system

can be implemented which detects eavesdropping. If the level of eavesdropping is below acertain threshold a key can be produced which is guaranteed as secure, otherwise no securekey is possible and communication is aborted. The security of quantum cryptography relieson the foundations of quantum mechanics, in contrast to traditional public keycryptography which relies on the computational difficulty of certain mathematical functions,and cannot provide any indication of eavesdropping or guarantee of key security. Quantumcryptography is only used to produce and distribute a key, not to transmit any messagedata. This key can then be used with any chosen encryption algorithm to encrypt anddecrypt a message, which can then be transmitted over a standard communication channel.The algorithm commonly associated with QKD is the one-time pad.

8/13/2019 2010a7ps128g Sop Final

5/20

5

Basics of cryptography and quantum theory

1) CRYPTOGRAPHY

Cryptography is the practice and study of techniques for secure communication in thepresence of third parties (called adversaries).More generally, it is about constructing andanalyzing protocols that overcome the influence of adversaries and which are related tovarious aspects in information security such as data confidentiality, dataintegrity, authentication, and non-repudiation. It is of two the following types

Symmetric key -Symmetric-key cryptography refers to encryption methods in whichboth the sender and receiver share the same key. Symmetric key ciphers areimplemented as either block ciphers or stream ciphers.

Asymmetric key -A public key system is so constructed that calculation of one key(the 'private key') is computationally infeasible from the other (the 'public key'), eventhough they are necessarily related. Instead, both keys are generated secretly, as aninterrelated pair. In public-key cryptosystems, the public key may be freelydistributed, while its paired private key must remain secret. In a public-keyencryption system, the public key is used for encryption, while the private or secretkey is used for decryption.

2) Types of Security

Computational security- This describes a crypto-system which is theoretically breakable(by trying every possible key the brute-force attack) but the computational effort requiredto do so is so time consuming and expensive that it is not economically viable for an attackerto consider (i.e. computationally infeasible ).Information theoretic security -This describes cases when, even if an attacker has infiniteresources at their disposal, the crypto-system simply cannot be broken. This is clearly muchstronger than computational security, but is not necessarily practically achievable.

3) One time pad

The one-time pad (OTP) is a type of encryption which has been proven to be impossibleto crack if used correctly. Each bit or character from the plaintext is encrypted by a modularaddition with a bit or character from a secret random key (or pad ) of the same length as theplaintext, resulting in a cipher text. If the key is truly random, as large as or greater than theplaintext, never reused in whole or part, and kept secret, the cipher text will be impossibleto decrypt or break without knowing the key. It has also been proven that any cipher with

8/13/2019 2010a7ps128g Sop Final

6/20

6

the perfect secrecy property must use keys with effectively the same requirements as OTPkeys.

There are fundamental requirements for using the OTP:The key is random and non-repeating.The key is as long as the message.The key is used only once and then discarded never reused.

4) Quantum key distribution

Quantum key distribution (QKD) uses quantum mechanics to guarantee securecommunication. It enables two parties to produce a shared random secret key known onlyto them, which can then be used to encrypt and decrypt messages. An important andunique property of quantum distribution is the ability of the two communicating users to

detect the presence of any third party trying to gain knowledge of the key. This results froma fundamental aspect of quantum mechanics: the process of measuring a quantumsystem in general disturbs the system. A third party trying to eavesdrop on the key must insome way measure it, thus introducing detectable anomalies. By using quantumsuperposition or quantum entanglement and transmitting information in quantum states, acommunication system can be implemented which detects eavesdropping. If the level ofeavesdropping is below a certain threshold, a key can be produced that is guaranteed to besecure (i.e. the eavesdropper has no information about), otherwise no secure key is possibleand communication is aborted. Quantum key distribution is only used to produce anddistribute a key, not to transmit any message data. This key can then be used with anychosen encryption algorithm to encrypt (and decrypt) a message, which can then be

transmitted over a standard communication channel. The algorithm most commonlyassociated with QKD is the one-time pad, as it is provably secure when used with a secret,random key.

5) Photon and quantum

A quantum is the minimum amount of any physical entity involved in an interaction. Thismeans that the magnitude can take on only certain discrete values. A photon is a singlequantum of light, and is referred to as a "light quantum".

8/13/2019 2010a7ps128g Sop Final

7/20

7

Quantum properties

1)quantum superposition

Quantum superposition is a fundamental principle of quantum mechanics. It holds that aphysical systemsuch as an electronexists partly in all its particular, theoreticallypossible states (or, configuration of its properties) simultaneously; but, when measured, itgives a result corresponding to only one of the possible configurations. Once anobserver measures the quantum, the wave function collapses and one of the previouslysuperposed states is chosen according to the probability inherent in the wave function.

2) Heisenbergs Uncertainty Principle

In quantum mechanics, the uncertainty principle is any of a variety of mathematicalinequalities asserting a fundamental limit to the precision with which certain pairs ofphysical properties of a particle, such as position x and momentum p , can be knownsimultaneously. The more precisely the position of some particle is determined, the lessprecisely its momentum can be known, and vice versa. The Uncertainty Principle is notconfined to position and momentum: it affects any conjugate pair of states.

3) Quantum Entanglement

A weird quantum property of relevance to QKD is that of quantum entanglement. Accordingto the Copenhagen interpretation of quantum mechanics, their shared state of the pair isindefinite until measured. Quantum entanglement is a form of quantum superposition.When a measurement is made and it causes one member of such a pair to take on a definitevalue (e.g., clockwise spin), the other member of this entangled pair will at any subsequenttime be found to have taken the appropriately correlated value (e.g., counter clockwisespin). Thus, there is a correlation between the results of measurements performed onentangled pairs, and this correlation is observed even though the entangled pair may havebeen separated by arbitrarily large distances.

4) Quantum decoherence

Quantum decoherence is the loss of coherence or ordering of the phase angles between thecomponents of a system in a quantum superposition. One consequence of this dephasing isclassical or probabilistically additive behaviour. Quantum decoherence givesthe appearance of wave function collapse. It is the mechanism by which the classicallimit emerges out of a quantum starting point and it determines the location of the

8/13/2019 2010a7ps128g Sop Final

8/20

8

quantum-classical boundary. It occurs when a system interacts with its environment ina thermodynamically irreversible way. Decoherence represents a challenge for the practicalrealization of quantum computers, since such machines are expected to rely heavily on theundisturbed evolution of quantum coherences.

5) Quantum channelIn quantum information theory, a quantum channel is a communication channel which cantransmit quantum information, as well as classical information. An example of quantuminformation is the state of a qubit.

6) Quantum no cloning

The no-cloning theorem is a result of quantum mechanics that forbids the creation ofidentical copies of an arbitrary unknown quantum state. It has profound implicationsin quantum computing and related fields. It also means that a quantum signal cannot be

amplified along a quantum channel.

7) Photon Polarisation

Electromagnetic waves such as light have an electric field associated with them, whichvibrates as the wave travels. The direction of this vibration is known as polarisation, andpolarised photons can be created by passing a normal beam of light (which containsphotons of many differing polarisations) through a filter set for a specific angle of polarisation. If vertically polarised photons are sent through a filter set at an angle to thevertical, the probability of passing through the filter decreases as increases: when is 90

degree, i.e. when the second filter is horizontal, the photon will not pass through. When is45 degree, this probability is precisely one half, so the output from the second filter in thiscase is exactly the same as it would have been had a randomly polarised stream of photonsbeen passed through it it has been randomized.

Orthogonal (i.e. perpendicular, such as vertical/horizontal) polarisation states are referredto as a polarisation basis. Two bases are conjugate if the measurement of the polarisation ofone randomizes the other, and thus are subject to the Heisenberg Uncertainty Principle measuring one affects the value of the other, so you cannot know both valuessimultaneously. So, for example, filters set at 0 degree and 90 degree form one basis, and itsconjugate basis has filters set at 45 degree and 135 degree. Photons passing through the

first will emerge with vertical or horizontal polarisation, which will then be changed todiagonal polarisation once they have been filtered by the conjugate basis, but 45 degree or135 degree polarisations will occur with random probability of .

8/13/2019 2010a7ps128g Sop Final

9/20

9

8/13/2019 2010a7ps128g Sop Final

10/20

8) Quantum computer

A quantum computer is a comechanical phenomena, suchon data. Quantum computers

Whereas digital computers reqcomputation uses quantum prodata. A theoretical model is tquantum computer. Quantudeterministic and probabilisticsimultaneously. The field of qua1982.They have also been shospaces, using Shors algorithm, t

9) Qubit

In quantum computing, a qubit quantum analogue of the classicsuch as the polarization of a sinhorizontal polarization. In a clasother, but quantum mechanicssame time, a property which is f

A qubit has some similarities tocan have two possible valuesnbe either 0 or 1, a qubit can be 0

Representation

The two states in which a quvectors). As is the tradition witused to represent them. Thiconventionally written as |0> an

Qubit states

A pure qubit state is a linear supbe represented as a linear comb

where and are probability a

10

mputation device that makes direct uses superposition and entanglement, to perforre different from digital computers based

uire data to be encoded into binary digits (bi perties to represent data and perform operat e quantum Turing machine, also known as

computers share theoretical similaritiomputers, like the ability to be in more thtum computing was first introduced by Richarn to be efficient at finding hidden cyclic sub

hereby reducing time taken to factorize large n

r quantum bit is a unit of quantum informatio al bit. A qubit is a two-state quantum-mechani

le photon: here the two states are vertical polaical system, a bit would have to be in one statllows the qubit to be in a superposition of bot

undamental to quantum computing.

classical bit, but is overall very different. Likeormally a 0 or a 1. The difference is that where, 1, or a superposition of both.

it may be measured are known as basis stany sort of quantum states, Dirac, or bra-k

s means that the two computational basid |1> (pronounced "ket 0" and "ket 1").

erposition of the basis states. This means thatination of|0> and |1>

plitudes and can in general both be complex

of quantumoperations

n transistors.

ts), quantumions on thesethe universals with non-

an one stated Feynman inroups in key

umbers.

ntheal system

rization andor thestates at the

bit, a qubitas a bit must

tes (or basist notation, iss states are

he qubit can

umbers.

8/13/2019 2010a7ps128g Sop Final

11/20

10) Bloch sphere

The possible states for a singlesuch a sphere, a classical bit colocations where |0> and |1>

inaccessible to a classical bit, busurface.

The surface of the sphere is twopure qubit states. This state spseem that there should be fourtwo degrees of freedom eac

constraint .observable consequences, so wof freedom.

It is possible to put the qubit istates. Mixed states can be repr

11

ubit can be visualised using a Bloch sphere. Reuld only be at the "North Pole" or the "Southre respectively. The rest of the surface of

t a pure qubit state can be represented by any

-dimensional space, which represents the statce has two local degrees of freedom. It mighdegrees of freedom, as and are complex. However, one degree of freedom is rem

nother, the overall phase of the state, hascan arbitrar ily choose to be real, leaving jus

a mixed state, a statistical combination ofsented by points inside the Bloch sphere.

presented onPole", in thehe sphere is

point on the

space of theat first sightumbers with

oved by the

no physicallytwo degrees

ifferent pure

8/13/2019 2010a7ps128g Sop Final

12/20

12

QKD PROTOCOLS

General methodology

Quantum mechanical effects can be used to transfer information from Alice to Bob, and any

attempted eavesdropping by Eve will always be detectable. But how can this be turned into aworking cryptographic key distribution protocol? A combination of quantum processing and wellestablished classical procedures is needed. Three distinct phases are needed: raw key exchange, keysifting and key distillation, with the option to discard the secret key at any of the stages if it isdeemed that not enough security could be obtained from it.

FIG- QKD PROTOCOL STACK

Raw Key Exchange

This is the only quantum part of Quantum Key Distribution! Alice and Bob exchange somequantum states, it actually doesnt matter what type of quantum state or technology isused so quantum information is passed along a quantum channel from Alice to bemeasured by Bob, with or without the presence of Eve, the eavesdropper. In all subsequentexchanges in a protocol, only a secure classical channel will be used. This is known asclassical post-processing.

8/13/2019 2010a7ps128g Sop Final

13/20

13

Key Sifting

Alice and Bob decide (classically) between them which of the measurements will be used forthe secret key. The decision making rules depend on which protocol is being used, and somemeasurements will be discarded e.g. if the settings used by Alice and Bob did not match.

Key distillation

Further, error correction and privacy amplification are required, which are the first twosteps in the key distillation phase of the classical post-processing of the remaining secret keybits. The third (and arguably most important!) final process is authentication, whichcounteracts man-in-the-middle attacks (MITM).

Error CorrectionA classical error-correction protocol estimates the actual error rate of the transmission,known as the Quantum Bit Error Rate (QBER). Errors occur either through noise on thequantum channel, or the presence of an eavesdropper, but for security reasons, it isassumed that all errors are due to eavesdropping. If the QBER is less than a pre-determinedmaximum value, then the secret key is passed on to the next step of key distillation. If theQBER is greater than this value, then the conclusion is drawn that the amount ofinformation lost to an eavesdropper is too great to guarantee the secrecy of the keymaterial, and so the secret key is discarded and a new round of QKD is initiated.

Privacy Amplification

This is designed to counteract any knowledge Eve may have acquired on the raw key.Privacy amplification compresses the key material by an appropriate factor, determined bythe previously calculated QBER: a high QBER needs more compression, as the purpose is toremove at least the same number of key bits that Eve may have gleaned information about.

Authentication

As stated previously, probably the most important stage of the whole QKD protocol is thisfinal one: strong classical authentication to ensure that Alice and Bob are not the subjects ofa man-in-the-middle (MITM) attack. An adversary poses as Bob to Alice, and Alice to Bob: alltraffic between Alice and Bob is therefore redirected through a third party, without themknowing.

However, QKD does have a property which can be used to strengthen classicalauthentication procedures. A secret key has to be pre-shared between Alice and Bob, for

8/13/2019 2010a7ps128g Sop Final

14/20

14

use in authentication of the very first quantum exchange. But if subsequent sessions usepart of the key generated in the previous QKD session to replace the new sessionsauthentication key, then,

if authentication is unbroken during the first round of QKD, even if it is onlycomputationally secure, subsequent rounds of QKD will be information theoreticallysecure.

QUANTUM PROTOCOLS

The BB84 Protocol

BB84 is a quantum key distribution scheme developed by Charles Bennett and GillesBrassard in 1984. It is the first quantum cryptography protocol. The protocol is provablysecure, relying on the quantum property that information gain is only possible at theexpense of disturbing the signal if the two states we are trying to distinguish are notorthogonal (see no cloning theorem). It is usually explained as a method of securelycommunicating a private key from one party to another for use in one-time pad encryption.The security of the protocol comes from encoding the information in non-orthogonalstates. Quantum indeterminacy means that these states cannot in general be measuredwithout disturbing the original state (see No cloning theorem). BB84 uses two pairs ofstates, with each pair conjugate to the other pair, and the two states within a pairorthogonal to each other. Pairs of orthogonal states are referred to as a basis. The usualpolarization state pairs used are either the rectilinear basis of vertical (0) and horizontal

(90), the diagonal basis of 45 and 135 or the circular basis of left- and right-handedness.Any two of these bases are conjugate to each other, and so any two can be used in theprotocol. The first step in BB84 is quantum transmission. Alice creates a random bit (0 or 1)and then randomly selects one of her two bases (rectilinear or diagonal in this case) totransmit it in. She then prepares a photon polarization state depending both on the bitvalue and basis, as shown in the table to the left. So for example a 0 is encoded in therectilinear basis (+) as a vertical polarization state, and a 1 is encoded in the diagonal basis(x) as a 135 state. Alice then transmits a single photon in the state specified to Bob, usingthe quantum channel. This process is then repeated from the random bit stage, with Alicerecording the state, basis and time of each photon sent.

According to quantum mechanics (particularly quantum indeterminacy), no possiblemeasurement distinguishes between the 4 different polarization states, as they are not allorthogonal. The only possible measurement is between any two orthogonal states (anorthonormal basis). So, for example, measuring in the rectilinear basis gives a result ofhorizontal or vertical. If the photon was created as horizontal or vertical (as arectilinear eigenstate) then this measures the correct state, but if it was created as 45 or135 (diagonal eigenstates) then the rectilinear measurement instead returns eitherhorizontal or vertical at random. Furthermore, after this measurement the photon is

8/13/2019 2010a7ps128g Sop Final

15/20

polarized in the state it was meits initial polarization lost.

As Bob does not know the basibasis at random to measure in,he receives, recording the tim

Bob has measured all the phochannel. Alice broadcasts the bmeasured in. They both discarbasis, which is half on average, l

To check for the presence of eavtheir remaining bit strings. If a t

gained any information about thmeasurements. If more thandifferent quantum channel, as tthat if the number of bits knownreduce Eve's knowledge of the kthe key.

The B92 Protocol

The B92 protocol is a variant of

with non-orthogonal quantumused, instead of the four requiquantum states and sends themeasure the arriving photons,During the Key Sifting stage, Bomeasurement, and all otheramplification continue as normaBob.

15

asured in (horizontal or vertical), with all infor

s the photons were encoded in, all he can doeither rectilinear or diagonal. He does this for, measurement basis used and measurement

ons, he communicates with Alice over the pasis each photon was sent in, and Bob the bphoton measurements (bits) where Bob us

aving half the bits as a shared key.

esdropping Alice and Bob now compare a certird party (usually referred to as Eve, for 'eaves

e photons' polarization, this introduces errors iits differ they abort the key and try again, pose security of the key cannot be guaranteed.

to Eve is less than this, privacy amplification cey to an arbitrarily small amount, by reducing t

he BB84 scheme, still using polarised photons,

states for encoding information. Two quantued in BB84. Alice randomly chooses one or o

to Bob via a quantum channel. Bob has twwhich will either register detection or ntells Alice which photons he detected, butphotons are discarded. Error correction

l, to verify that the secret key is the same for b

ation about

is to select aeach photonresult. After

blic classicalsis each wasd a different

in subset ofropper') has

n Bobs'ibly with ais chosen son be used to

he length of

but this time

m states arether of these

methods too detection.

not his actualand privacyoth Alice and

8/13/2019 2010a7ps128g Sop Final

16/20

16

The SARG04 Protocol

The Photon Number Splitting vulnerability of the BB84 protocol arises because whenever

Eve siphons off a photon, she can obtain all the information from it after the publickeysifting stage. The SARG04 protocol generalizes the BB84 approach to become robustagainst PNS attacks by using four non-orthogonal quantum states for key carrying. Aliceencodes her bits in one of these four states: Bob randomly selects one of two special filtersto measure them, and a key sifting process ensues. At the basic quantum level, this isidentical to BB84, but it is the key sifting where the radical change occurs. Instead of discussing which bases were used to generate the photons, Alice reveals the state she hassent and one of the states which code for the other value of the bit, which are notorthogonal to the first one. Bob will either have guessed correctly or incorrectly ,and qubitsare discarded accordingly. If there are no errors, then the length of the key remaining afterthe sifting stage is of the raw key. The SARG04 protocol provides almost identical security

to BB84 in a perfect single-photon implementation: if the quantum channel is of a givenvisibility (i.e. with losses) then the QBER of SARG04 is twice that of BB84, and is moresensitive to losses. However, SARG04 provides more security than BB84 in the presence ofPNS attacks, in both the secret key rate and distance the signals can be carried (limitingdistance).

8/13/2019 2010a7ps128g Sop Final

17/20

17

QKD - The Challenges

Point to Point links and Denial of Service

The point-to-point nature of QKD restricts potential growth, and gives rise to the possibilityof a denial-of-service attack: if Eve cant obtain key information, then cutting the physicallink will mean Alice and Bob cant either, which might serve Eves purposes just as well.

Photon Sources and Detectors

The quality of photon sources and detectors can have a significant impact on the security of a protocol. less than perfect single photon sources mean polarisation based protocols haveto be amended to reflect this to maintain unconditional security levels.

An ideal photon detector should have the following properties-

High efficiency over a large spectral rangeLow probability of generating noise (i.e. low dark count)The time between the detection of a photon and the corresponding electrical signal

should be as constant as possibleThe dead time after a detection event should be as small as possible to allow for higher

data transfer rates

Losses in the Quantum Channel and Limiting Distance

Quantum properties such as polarisation are adversely affected by the distance they travelalong a channel. Decoherence, chromatic dispersion, polarisation mode dispersion in fibreoptic channels can all result in irreversible loss of quantum state for the photons sent alongthe link. Free space quantum channels also have atmospheric and equipment dependentgeometric losses. Since quantum signals cannot be amplified, eventually the losses on thechannel will be so high that readings obtained at detectors will be indistinguishable fromdark count rates. Unfortunately, it is impossible to avoid lossy channels: they introducesecurity weaknesses sand limit long-distance transmission of information, both challengesto QKD protocols.

Key Distribution Rate

The length of the quantum channel also has an effect on the achievable rate of keydistribution. The rate at which key material can be sent decreases exponentially withrespect to distance, and is regarded as another limiting factor in the usability of QKDsystems.

8/13/2019 2010a7ps128g Sop Final

18/20

18

Quantum Networks

Problems with Quantum Channels

The protocols described so far are well thought out and theoretically sound. However,quantum transmission has two glaring problems not addressed by the protocols, whichrestrict their practicality in a wider setting: the point-to-point nature and distancelimitations of a quantum channel. Alice and Bob have, of necessity, a fixed link betweenthem, the quantum channel. The point-to-point nature of the connection invokes thequadratic curse. For use by multiple users, each pair of users needs to pre-sharesymmetric keys, so N users connected via point-to-point links, require distribution of anumber of keys proportional to N 2 . Clearly this becomes unworkable as the number of usersgrows larger, so an alternative strategy is needed.

Quantum Network Types

The design objectives for a quantum network are that many users can be catered forsimultaneously, and that the distance quantum signals can be sent with unconditionalsecurity must be significantly longer than that of the individual links. Quantum networks canbe split into three distinct types, depending on the technology used at each nodeconnecting individual quantum links. They each have strengths and weaknesses, and varyingdegrees of practicality - quantum node networks, optical node networks and trusted relaynode networks.

Optical Node Networks

Optical nodes use classical processes on the quantum signal: beam splitting, multiplexing,de-multiplexing and switching, for example. As this is a classical approach, it is well withinthe capabilities of existing technology, and can be used to create one-to-many QKDrelationships. With the addition of active switching, two QKD nodes can be specificallyselected for connection. Optical nodes have no requirement to be trusted, as they merelyswitch the signal from one quantum channel to another; no processing on the contents of the signal is done. The main disadvantage of this type of network is that it cannot be used oextend the distance the quantum signal travels. In fact, it reduces the maximum signaldistance due to optical losses at the node!

8/13/2019 2010a7ps128g Sop Final

19/20

19

Trusted Relay Networks

In this network , a relay node is trusted implicitly to forward on the quantum signal withouteavesdropping or tampering with it. To do this in a QKD network, local keys are generatedover QKD links and stored securely in trusted nodes at each end of the links. (The nodes areeffectively a mini-Alice and mini-Bob performing their own little QKD protocol run,independently of any other messages being passed through the network.) When a real Aliceand real Bob want to do a QKD protocol run, a chain of trusted relays and their intermediatequantum links is created to connect them together: this is a QKD path. Alice and Bobsquantum key is treated as a message, and encrypted via a one time pad using a local keystored at a trusted node: it travels hop by hop between each node on the QKD path, andis decrypted and re-encrypted at each node using a new key from the node key store.

Some Potential Applications

Key Distribution in Classical Networks

The Internet is the biggest, most hostile classical network that cryptographic keys need tobe distributed across. Secure key distribution is a challenge, but many protocols havesucceeded, using symmetric and asymmetric cryptographic primitives appropriately. othernetwork-based authentication protocol examples are SSL, where key agreement proceduresare negotiated in an initial handshake process between the communicating parties, and

Kerberos where long-term keys between a user and Trusted Third parties (TTPs) are used toset up session keys for secure communications.

QKD Networks

The whole raison-dtre of QKD networks is to transfer keys between parties who wish tocommunicate securely. The networks are essentially closed, as there are (not insignificant)barriers to joining, in terms of quantum channels, quantum optics equipment, key pre-sharing, and costs. This is in marked contrast to the freely available, open network that isthe Internet. The closed nature of QKD networks suggest that they are best suited to highsecurity, controlled environments, where the trust scenario is well defined. So, Military,Intelligence, Government and Finance are areas where QKD could find a place. Transfer ofthe highest level cryptographic keys between Certification Authorities in a PKI system couldalso be a potential application arena.

8/13/2019 2010a7ps128g Sop Final

20/20

20

CONCLUSION

This report has analysed the most common QKD protocols. Potential weaknesses in the

protocols have been highlighted, notably the point-to-point nature of the quantum links andthe limited distance quantum optic signals can travel along these links. Overall, it can beconcluded that although absolute confidence in QKDs security may be slightly misplaced atthe moment, it is most certainly an area which merits further research. If QKD is used incarefully selected applications, alongside existing classical cryptography, then there couldwell be a commercial future for this technology.