Cryptography – Key management – Key distribution
Reexamination Certificate
1999-06-18
2004-01-13
Barrón, Gilberto (Department: 2132)
Cryptography
Key management
Key distribution
C380S279000, C380S277000, C380S044000, C380S256000, C713S171000
Reexamination Certificate
active
06678379
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to quantum cryptography techniques and, more particularly, to a method for testing the security of a quantum cryptographic system used for quantum key distribution.
2. Prior Art
Current cryptography techniques can be broadly divided into “computationally secure” and “unconditionally secure” varieties. Computationally secure cryptography is theoretically breakable, but is difficult to break in practice due to the huge amount of time that would be required with existing computer capabilities. On the other hand, unconditionally secure cryptography is impossible to break no matter how much computer power is available, and the existence of unconditionally secure cryptography is proved by Shannon's information theory.
A typical form of unconditionally secure cryptography is Vernam cryptography, which is implemented by the following procedure. A cryptographic key, which is a random sequence of n bits {0,1}
n
, is shared between the sending and receiving parties. This key is used only once, and is then discarded (one-time pad method). The sending party converts the plaintext to be conveyed to the receiving party by cryptographic communication into a binary number (consisting of n bits). The cryptographic text (n bits) is obtained as the exclusive-OR (bitwise parity) of the plaintext with the cryptographic key. The resulting cryptographic text is sent to the receiving party. The receiving party obtains the bitwise exclusive-OR of the received cryptographic text with the key. The result is the plaintext expressed as a binary number.
Since a random sequence of data with absolutely no regularity is used as the key, it is essentially impossible to break the cryptographic text without obtaining the key itself, and since the key is only used once before being discarded, it is impossible to gain any information from the cryptographic text.
The quantum key distribution method is currently the only known method whereby shared keys necessary for the implementation of unconditionally secure cryptography in this way can be produced securely between sending and receiving parties at remote locations. The unconditional security of this key distribution method has been proven based on the uncertainty principle of quantum mechanics, which states that any eavesdropping activities made by an eavesdropper will always leave some form of trace in a quantum-level signal.
Quantum key distribution methods that have hereto before been proposed include four-state protocol (commonly referred to as the “BB84” protocol), two-particle interference protocol, non-orthogonal two-state protocol, and orthogonal two-state protocol. The BB84 protocol is summarized below. For a detailed description, see C. H. Bennett and G. Brassard,
Proceedings of IEEE International Conference on Computers, Systems and Signal Processing
, Bangalore, India (IEEE, New York, 1984), p. 175.
FIG. 2
illustrates an overview of an apparatus for BB84 protocol, referred to generally by reference numeral
300
. Sending party
301
, traditionally referred to as “Alice”, can produce individual photons with controlled polarization states by operating a transmitter
303
consisting of a single-photon source and a polarization modulator. The individual photons carrying this polarization information constitute carriers for the smallest units of information (quantum bits). Individual photons that have exited from transmitter
303
pass through a quantum channel
305
and arrive at a receiving party
302
, traditionally referred to as “Bob”. Quantum channel
305
might consist of a propagation mode in an optical fiber or in free space. Receiving party
302
measures the state of the individual incoming photons by operating a measuring device
304
, which has a controllable measurement basis. This measuring device can be configured from a polarizer and a photon detector, and its measurement basis can be switched by combining it with an electro-optical polarization rotating element such as a Pockels cell. A classical public channel
306
is used when collating the transmitted and received results to test for an eavesdropper
308
, traditionally referred to as “Eve”. Classical public channel
306
might be a radio or telephone link, and although there is no way of telling if it is subjected to eavesdropping, it is assumed that the content of this channel is not falsified.
A description of the BB84 protocol and its basic principles will now be discussed with reference to
FIG. 3. A
single bit of information, either a logical
0
or a logical
1
, is transmitted by using the polarization state of a single photon. A coding method is prearranged between sending party
301
and receiving party
302
, an example of which is as follows.
Two types of bases
400
,
402
are used: the set {|0>+,|1>+} of linear polarization along horizontal and vertical polarization axes (referred to hereinafter as the plus (+) basis), and the set {|0>x,|1>x} of linear polarization along polarization axes inclined at ±45° to the horizontal axis (referred to hereinafter as the cross (x) basis). The states |0>+ and |0>x are used to represent a logical 0, and the states |1>+ and |1>x are used to represent a logical 1. Since four quantum states {|0>+,|1>+,|0>x,|1>x} of individual photons are used in this way, it is referred to as four-state protocol.
A measuring device that can discriminate between photons in the |0>+ and |1>+ states without errors is called a plus basis measuring device. A plus basis measuring device is completely unable to discriminate between the |0>x and |1>x states, and thus produces logical 0 and logical 1 data at random for each state. On the other hand, a measuring device that can discriminate between photons in the |0>x and |1>x states without errors is called a cross basis measuring device. A cross basis measuring device is completely unable to discriminate between the |0>+ and |1>+ states, and thus produces logical 0 and logical 1 data at random for each state. It is not possible to use these measuring devices to determine which of these four states {0>+,|1>+,|0>x,|1>x} a photon of unknown state is in (according to the uncertainty principle).
The effect of eavesdropping will now be discussed with reference to FIG.
4
. One way in which eavesdropping might occur in this process is as follows. An eavesdropper
308
accesses quantum channel
305
and measures the polarization state of a photon. If the eavesdropper has selected a measuring device capable of distinguishing the polarization state (probability ½), the eavesdropper can either perform a non-demolition quantum measurement (cloning), or retransmit a photon with exactly the same quantum state after performing a demolition measurement, and can thereby reliably ascertain the bit value without raising any suspicion. But when the eavesdropper has selected a measuring device that is unable to distinguish between the polarization states (probability ½), the polarization state of the photon is disturbed. When receiving party
302
measures the disturbed photon with a measuring device capable of distinguishing the polarization state before disturbance, the probability of obtaining the same bit value as the sending party is only ½. Accordingly, the probability of eavesdropping activities escaping detection for one bit is 1−(½) ({fraction (1/2 )})=¾. If s is the number of test bits, the probability that none of the s bit values is made inconsistent despite the eavesdropping activities is (¾)
s
, and if s is given a large value, the value of (¾)
s
rapidly approaches zero. Accordingly, if this eavesdropping tes
Kohno Yoshie
Mayers Dominic
Nambu Yoshihiro
Tomita Akihisa
Barrón Gilberto
Scully Scott Murphy & Presser
Zand Kambiz
LandOfFree
Quantum key distribution method and apparatus does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Quantum key distribution method and apparatus, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Quantum key distribution method and apparatus will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3218429