Question

4. In the key change operation of 20.15.7 Key Changes, suppose the manager simply transmitted delta2 = oldkey XOR newkey to the agent.

1. Suppose an eavesdropper discovers delta2 and also knows a few bits of oldkey. What can the eavesdropper learn about newkey? Would the same vulnerability apply to the mechanism of 20.15.7 Key Changes?
2. Suppose an eavesdropper later discovers newkey. Explain how to recover oldkey, and why this does not work when the mechanism of 20.15.7 Key Changes is used.

Answer 1

Principle behind the proposed quantum cryptography protocol. The final single bit value is calculated from many bits through a pair of numbers {i,j} announced by the receiver, Bob. The upper panel corresponds to the actual scheme, in which Bob measures the wave-like nature of the received light sent by Alice to learn the final bit value. Notice that the value of {i,j} might be controlled by an eavesdropper (Eve) through the signal (II) fed to Bob's measurement process M, so looking at this panel alone, the security is ambiguous. If Bob now measures the particle-like nature of the received light, he no longer learns the final bit but can still exactly produce the same pair {i,j} Lower panel: Here it is seen that {i,j} is directly randomized by the random number generator. Therefore, the possibility that Bob could have measured the particle-like nature of the received light ensures that the randomness of {i,j} is not rigged by Eve. Credit: Toshihiko Sasak

—Cryptography – the art and science of providing secure communications – typically employs three methods to authenticate users and prevent data theft: secret key (symmetric) cryptography, which uses a single key for both encryption and decryption; public key (asymmetric) cryptography which uses different keys for encryption and decryption; and hash functions, which employs a mathematical transformation to irreversibly encrypt information. That being said, quantum cryptography relies on the laws of quantum mechanics to secure private information exchange, specifically through quantum key distribution (QKD) of a random bit sequence, in which an attempt to eavesdrop on the encoded quantum states causes a detectable disturbance in the communications signal. Historically, high-precision monitoring of the disturbance decreases efficiency – but recently, scientists at The University of Tokyo, Stanford University and National Institute of Informatics (Tokyo) proposed a QKD protocol based on an entirely different principle.

ll number of bits can be simultaneously read, and the receiver to determine how a single bit is to be calculated. Since an eavesdropper is unable to learn the entire sequence it is impossible to correctly guess the bit value. Moreover, the proposed QKD protocol demonstrated a novel way of utilizing it for secure communication by spreading quantum information coherently over hundreds of quantum systems, such as optical pulses– and because the resulting quantum effect survives under significant noise, the researchers state that their results will facilitate the simple and efficient use of conventional lasers for QKD.

Prof. Masato Koashi discussed the paper that he, Prof. Yoshihisa Yamamoto and Dr. Toshihiko Sasaki published in Nature, first addressing the challenges of defining a quantum key distribution protocol in which non-orthogonal quantum states and random bit calculation to prevent an eavesdropper from correctly determining the bit value by independently bounding leaked information. "This is the point where our new QKD scheme differs from conventional QKD, which relies on the Heisenberg uncertainty principle and allows an eavesdropper to read the signal but leaves a trace that the legitimate users can counter by observing the trace," Koashi tells Phys.org. "Our new QKD protocol works on a different principle that prevents eavesdropping attempts rather than detecting them. The challenge was to conceive of a QKD based on such a different principle."

Koashi points out that encoding many raw key bits on quantum systems coherently such that only a few bits can be read out at the same time had some issues as well. "The idea of using a weak coherent pulse train instead of individual photons itself was introduced in 2003, in the form of a QKD scheme called differential phase shift (DPS) QKD. The problem was the lack of a security proof to show that DPS QKD achieves a good key rate."Another challenge was determining that a practical implementation using a laser pulse train achieves a key rate comparable to a decoy-state QKD protocol, in which several different photon intensities are used instead of one to compensate for the security loophole that arises when the sender uses multi-photon sources rather than a single-photon source to transmit quantum information. "The challenge here was to determine how to use a mundane laser, rather than more exotic light sources such as a single-photon source, for QKD," Koashi explains. "The laser is cheap and can emit pulses in a rapid sequence – for example, 10⁹ pulses per second – but its drawback is the photon number randomness in a single pulse: a laser pulse sometimes includes two or more photons, so if we use laser pulses for a QKD scheme employing a photon as an information carrier, such multi-photon pulses are exploited by an eavesdropper because additional photons are available." He concludes that since the decoy-state QKD protocol incorporates additional monitoring steps to infer how much an eavesdropper may have exploited multi-photon pulses, it was one of the best answers so far – but since the complicated monitoring steps in the decoy-state QKD is tedious, a QKD scheme which does not use a single photon as a carrier, but uses more of the wave-like property of light, would be preferable. "In that case, we wouldn't need to worry when the laser emits two or more photons. That said," he acknowledges "while DPS QKD – which utilizes a weak coherent pulse train instead of individual photons – is one example of such an attempt, there is no security proof showing that this scheme works well."