an introduction to quantum key distribution and its...
TRANSCRIPT
Communications Quantiques
Hugo ZbindenGroupe de Physique Appliquée
“Quantum Technologies”Université de Genève
Cryptographie QuantiqueGénération de nombres aléatoires
Stéganographie basée sur du bruit quantique
What’s Cryptography?
Secure communication between Alice and Bob
The spy, Eve, tries to read the encoded message
Eve
BobAlice
“Alice Bob”
asuektüds&l
“Alice Bob”
Plain Text
Key Key
Cipher Text
Plain Text
Classical Cryptography
Based on Complexity
DES, AES (secret key)
RSA (public key)
Security unproven
One-way functionsInteger factorisation
107 53 = x
5671 = y z
Classical Cryptography based on Information Theory
one time pad (Vernam)
plaintext : 001010010010011101010001101001key: +101011011011001010100111010101cyphertext: 100001001001010111110110111100
security provenproblem: key distribution
1) Quantum Key Distribution• Quantum Crpytography is not a new coding method
• Send key with individual photons (quantum states)
• The eavesdropper may not measure without perturbation (Heisenbergs uncertainty principle)
• Eavesdropping can be detected by Alice and Bob!
QKD is proven information theoretically secure!
BB84 protocol (Bennett, Brassard, 1984)
Alice's Bit Sequence
0 1 0 - 0 1 1 1 1 - 1 0
- 1 - - 0 1 - - 1 - 1 0
Bob's Bases
Bob's Results
Key
Alice
Bob
Polarizers
Horizontal - Vertical
Diagonal (-45 , +45 )
H/V Basis
45 Basis
8
Eavesdropping
50% 50%
50%50%
50% 50% 50%50%
Bob
Eve
Ok Ok OkErrorError
Alice
…
Error with 25 % probabilityIAE = 2 QBER (quantum bit
error rate)
Eve’s attacks: information curves
9
0.40.0
Shan
non I
nfo
rmat
ion
0.1 0.2 0.30.0
0.2
0.4
0.6
0.8
1.0
QBER
)(1 QBERHIAB
IAEProbabilistic I-R
IAE = 2 QBER
Secret key rate
Incoherent attacks: information curves
0.40.0
Shan
non I
nfo
rmat
ion
0.1 0.2 0.30.0
0.2
0.4
0.6
0.8
1.0
QBER
)(1 QBERHIAB
IAEProbabilistic I-R
IAE
IAE = 1 - H(1/2 + Sqrt(QBER(1-QBER))
IAE = 2 QBER
Secret key rate
The steps to a secret keyAlice Bob
Quantum channel
Public channel
(losses)
Sifted key
Raw key
Key Key
+ Authentication!!!
Smolin and BennettIBM 1989
Swiss QCRYPT project (2013)
Nature Photonics 9, 163–168 (2015)
Efficient protocol
Finite key analysis
Low noise detectors
Low loss fibres
Ingredient 1: efficient and simple QKD scheme
QBER
Visibility
Reveals action of eavesdropperInput for key distillation
Coherent One Way (COW) Characteristics
• 1.25 GHz clock (625 MHz bit generation
rate)
• No active elements at Bob, robust bit
measurement basis
• Robust against PNS attacks
• Security proof for collective attacks
Ingredient 2: tight finite key analysis
Comparison of secret key rate using different postprocessing blocksizes
(10⁴, 10⁵, 10⁶, 10⁷ left to right)
Solid red: New tail inequality
Dashed blue: Previous tail inequality
Allows around an order of magnitude reduction of post-processing block size
Ingredient 3: low noise single photon detectors
1 cps
100 cps
System requirements:
Low dark count rate of SPD
Compact ( no SNSPD)
APDs: afterpulsing!
Optical QBER
afterpulsing
APD’s in photon counting mode
Bias over breakdown voltage
U
IUBias
A single photon can generate a
macroscopic pulse
How to stop the avalanche
– Passive quenching
– Active quenching
– Active gating +
-
---
+
++
-
50 RQAPD
UBias
SignalU
t
UBias
UBreakdown
Afterpulsing in APDs
Absorption region
Photon
Macroscopic current
Multiplication region
Absorption region
Macroscopic current
Multiplication region
AfterpulseDetection
Absorption region
Multiplication region
Trapped charges
Trapped charges
More current flow = More trapped charges = More afterpulsing
Free running Negative Feedback Aavalanche Photo Diode
• Rapid passive quenching + hold-off time-> low afterpulsing
• 1 darkcount/s( 10% eff, 160 K)
M. Itzler et al., Proc. SPIE 2009, 7222, 72221K-1 B. Korzh et al., Appl. Phys. Lett. 104, 081108 (2014)
Tradeoff: Temperature and noise
Temperature
Afterpulse Dark counts
Compensate with
hold-off
Afterpulse mitigation with longer hold-off time
Specs: dark count rate vs temperature
B. Korzh et al., “Free-running InGaAs single photon detector with 1 dark count per second at 10%
efficiency,” Appl. Phys. Lett. 104, 081108 (2014)
1.2 cps
reduction
of 2 o.m.
Reduction due
to lower
breakdown
voltage
=> smaller
field
Trap-assisted
tunneling
InP
Thermal
generation
InGaAs
Stirling coolers
3.5 kg
153 K
220 g
110 K
Jean-Yves Martin et al., “Thales Cryogenics rotary cryocoolers for HOT applications,” Proc. of
SPIE Vol. 8353 (2012)
Ingredient 4: Low Loss Optical Fibres
Total attenuation of an optical fiber:
BLIMOHTMUVIRRS
Intrinsic Extrinsic
Fiber design
Coating materials
Eliminated
by CVDReduced
by Cl dry
Not major
contribution
Not major
contributorsReduced
stresses
© 2015 Corning Incorporated
Rayleigh scattering is dominant: density and dopant fluctuations minimizedby choosing optimum (small) dopant concentration.
Ultra low loss fibers
Terrestrial applications
Submarine applications
Attenuation (dB/km)
0.16 0.17 0.18 0.19 0.20
SMF28®ULL
80 m2
SMF28®Ultra
80 m2SMF28®e+
80 m2
Vascade®
EX3000
150 m2
Vascade®
EX2000
112 m2
Vascade®
EX1000
76 m2
© 2015 Corning Incorporated
….putting all together:
FPGA is essential!
Results: Secret (finite key) rates vs distance
η = 22%toff = 114 µsµ = 0.075ppbs = 6.6x105
tpp = 17245 s
εQKD= 4x10-9
η = 27%toff = 42 µsµ = 0.1ppbs = 1.1x107
tpp = 308 s
η = 22%toff = 9 µsµ = 0.06ppbs = 2x107
tpp = 537 s
3 b/s
13 kb/s
1kb/s
Stability over 70h (200km)
Automatic tracking:
QBER Temporal alignment:Quantum signal clock recovery with 10 psresolutionExtinction ratio:Modulator bias voltage
VisibilityAdjust Laser current (wavelength)
Summary: Notable QKD demonstrations
B. Korzh, C. W. Lim et al., “Provably Secure and Practical Quantum Key Distribution over
307 km of Optical Fibre,” Nature Photonics 9, 163-168 (2015)
First long distance experiment with finite key analysis and quantifiable
security statement
First long distance experiment with APDs
Current developments
Make it smaller (ATCA Telecom standard)
Make it cheaper
Make it faster longer distances (quantum repeater, satellite)
2) Quantum Random NumberGenerator
Why RNG?Game/Simulation/Classical Cryptography (RSA, DSA …)/
Quantum Key Distribution
Why Physical RNG?"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin.“ John von Neumann (1951)
Why Quantum RNG?Random classical noise could be predictable
Possibility to estimate/certify the entropy
Realisations of QRNGs
using single photons
Rate: 4 Mbit/s per module
If
Possibility to
extract quantum randomness
Example with a Nokia N10
Sanguinetti B., et al. 2004 Phys. Rev. X 4 031056
• Exploiting photon statistics (shot noise)
PART 3: Quantum Secure Steganography
arXiv 1509.07106
Disclaimer: We are physicists….
from Greek steganos, or "covered," and graphie, or
"writing"): hiding of a secret message within an
ordinary message
Cryptography guarantees secrecy, but not privacy.
Steganography important in countries with
untrustworthy, totalitarian regimes
Universal Declaration of Human Rights: Art. 19
Steganography
Hiding secret information in a picture
Example with a Nokia N10
Sanguinetti B., et al. 2004 Phys. Rev. X 4 031056
• Steganography exploiting shot noise
Naive idea
Use least significant bit to transmit (OTP) encoded data
Simulated Histogram of the pixel values of a homogeneous area
Better idea
Take photographs of a static object in rapid succession
Assumptions:
1. state of object and camera unchanged between to consecutive pictures K and C
2. Each pixel is statistical independent (no crosstalk).
Protocol: given Text T, create a new picture S as follows:
S cannot be distinguished from any real photograph
Private key steganography
Experimental realisation
Tests with scientific mono-chrome and consumer colour cameras with raw image files
8 Mpix 16 bit tiff files
error-correction applied (Reed-Solomon code)
Results
It works!
no cross-pixel correlations
stability depends on experimental situation
colour camera needs more investigations
works also for jpeg files (less bits can behidden)
Conclusions
«Practical» QKD over 300 km range(reasonable limit 400km)
«True Random Numbers» have quantum origin
Provable secure steganography is possible(more work needed to test it in more «practical»
situations)
Quantum Communication:some quantum physics - lots of high tech