Quantum Key Distribution: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
No edit summary
 
(32 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Functionality==
==Functionality Description==
Quantum key distribution is a task that enables two parties,  Alice and Bob, to establish a classical secret key by using quantum systems. A classical secret key is a random string of bits known to only Alice and Bob, and completely unknown to any third party, namely an eavesdropper. Such a secret key can for example be used to encrypt a classical message sent over a public channel.
Quantum key distribution (QKD) is a task that enables two parties,  Alice and Bob, to establish a classical secret key by using quantum systems. A classical secret key is a random string of bits known to only Alice and Bob, and completely unknown to any third party, namely an eavesdropper. Such a secret key can for example be used to encrypt a classical message sent over a public channel.


'''Tags:'''  [[:Category: Two Party Protocols|Two Party]],  [[:Category: Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]],  [[:Category: Specific Task|Specific Task]], unconditional security (information theoretical security), random number generator, key generation, secret key
'''Tags:'''  [[:Category: Two Party Protocols|Two Party]],  [[:Category: Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]],  [[:Category: Specific Task|Specific Task]], unconditional security (information theoretical security), random number generator, key generation, secret key


[[Category: Two Party Protocols]] [[Category: Quantum Enhanced Classical Functionality]] [[Category:Specific Task]]
[[Category: Two Party Protocols]] [[Category: Quantum Enhanced Classical Functionality]] [[Category:Specific Task]]
== Use-cases ==
* QKD can replace Diffie-Hellman key agreement protocols. For example in TLS, SSL, IPsec, etc.
* If secure key rate is sufficiently high, one can use QKD to generate a secure key that will be used for information theoretically secure authenticated encryption scheme, e.g. using one-time pad together with an authentication scheme like those presented in [[Quantum Key Distribution #References|[1] ]].
* [[Cross-platform finance]]
* [[Toward regulation for security and privacy]]


==Protocols==
==Protocols==


*[[BB84 Quantum Key Distribution]]: [[:Category: Prepare and Measure Network Stage]]  
*[[BB84 Quantum Key Distribution]]: [[:Category: Prepare and Measure Network Stage|Prepare and Measure Network Stage]]  
*[[Device-Independent Quantum Key Distribution]]:[[:Category: Entanglement Distribution Network Stage]]
*[[Device Independent Quantum Key Distribution]]:[[:Category:Entanglement Distribution Network stage| Entanglement Distribution Network Stage]]
Device-Independent Quantum Key Distribution (DI-QKD) has better security guarantees than BB84 QKD.
Device-Independent Quantum Key Distribution (DI-QKD) is secure under weaker assumptions than BB84 QKD. In particular, and contrary to BB84 QKD,
DI-QKD relaxes the assumption that the operations performed by the parties' measurement devices are known and well characterized.
[[Category: Prepare and Measure Network Stage]] [[Category:Entanglement Distribution Network stage]]


==Properties==
==Properties==
A quantum key distribution protocol is secure if it is ''correct'' and ''secret''. Correctness is the statement that Alice and Bob share the same string of bits, namely the secret key, at the end of the protocol. Secrecy is the statement that the eavesdropper is totally ignorant about the final key.  
A quantum key distribution protocol is secure if it is ''correct'' and ''secret''. Correctness is the statement that Alice and Bob share the same string of bits, namely the secret key, at the end of the protocol. Secrecy is the statement that the eavesdropper is (nearly) ignorant about the final key.  


*'''Correctness''' A QKD protocol is <math>\epsilon_{\rm corr}</math>-correct if the probability that the final key of Alice differs from the final key of Bob, is smaller than <math>\epsilon_{\rm corr}</math>
*'''Correctness''' A QKD protocol is <math>\epsilon_{\rm corr}</math>-correct if the probability that the final key of Alice differs from the final key of Bob, is smaller than <math>\epsilon_{\rm corr}</math>
Line 23: Line 31:
*A protocol implements a <math>(n,\epsilon_{\rm corr},\epsilon_{\rm sec},\ell)</math>-QKD if with <math>n</math> rounds it generates an <math>\epsilon_{\rm corr}</math>-correct and <math>\epsilon_{\rm sec}</math>-secret key of size <math>\ell</math> bits.
*A protocol implements a <math>(n,\epsilon_{\rm corr},\epsilon_{\rm sec},\ell)</math>-QKD if with <math>n</math> rounds it generates an <math>\epsilon_{\rm corr}</math>-correct and <math>\epsilon_{\rm sec}</math>-secret key of size <math>\ell</math> bits.


==Discussion==
==Further Information==
The security definition presented here, Definition \ref{def:correct} and \ref{def:secret}, are proven to be sufficient to guarantee universal composability for standard QKD in (2). For device-independent quantum key distribution, attacks presented in (1) show that security can be compromised if the same devices are used to implement another instance of the protocol.
The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in [[Quantum Key Distribution #References|[2] ]]. For device-independent quantum key distribution, attacks presented in [[Quantum Key Distribution #References|[3] ]] show that security can be compromised if the same devices are used to implement another instance of the protocol.
 
==Knowledge Graph==
{{graph}}


==References==
#[https://doi.org/10.1007/3-540-48329-2_30 Codes for Interactive Authentication]
#[https://arxiv.org/abs/1409.3525 PR (2014)] discusses security of various QKD schemes composed in other cryptographic protocols.
#[https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.110.010503 BCK (2013)] Analyses device independent QKD
#[https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.110.010503 BCK (2013)] Analyses device independent QKD
#[https://arxiv.org/abs/1409.3525 PR (2014)] discusses security of various QKD schemes composed in other cryptographic protocols.


==References==
 
#C. Portmann and R. Renner, [https://arxiv.org/abs/1409.3525 Cryptographic security of quantum key distribution}]
<div style='text-align: right;'>''contributed by Bas Dirke, Victoria Lipinska, Gláucia Murta and Jérémy Ribeiro''</div>
#J. Barrett, R. Colbeck, and A. Kent, [ Phys. Rev. Lett., vol. 110, p. 010503, (2013) Memory attacks on device-independent quantum cryptography]

Latest revision as of 17:56, 21 December 2020

Functionality Description[edit]

Quantum key distribution (QKD) is a task that enables two parties, Alice and Bob, to establish a classical secret key by using quantum systems. A classical secret key is a random string of bits known to only Alice and Bob, and completely unknown to any third party, namely an eavesdropper. Such a secret key can for example be used to encrypt a classical message sent over a public channel.

Tags: Two Party, Quantum Enhanced Classical Functionality, Specific Task, unconditional security (information theoretical security), random number generator, key generation, secret key

Use-cases[edit]

  • QKD can replace Diffie-Hellman key agreement protocols. For example in TLS, SSL, IPsec, etc.
  • If secure key rate is sufficiently high, one can use QKD to generate a secure key that will be used for information theoretically secure authenticated encryption scheme, e.g. using one-time pad together with an authentication scheme like those presented in [1] .
  • Cross-platform finance
  • Toward regulation for security and privacy

Protocols[edit]

Device-Independent Quantum Key Distribution (DI-QKD) is secure under weaker assumptions than BB84 QKD. In particular, and contrary to BB84 QKD, DI-QKD relaxes the assumption that the operations performed by the parties' measurement devices are known and well characterized.

Properties[edit]

A quantum key distribution protocol is secure if it is correct and secret. Correctness is the statement that Alice and Bob share the same string of bits, namely the secret key, at the end of the protocol. Secrecy is the statement that the eavesdropper is (nearly) ignorant about the final key.

  • Correctness A QKD protocol is -correct if the probability that the final key of Alice differs from the final key of Bob, is smaller than
  • Secrecy A QKD protocol is -secret if for every input state it holds that

where is the maximally mixed state in the space of strings , and is the trace norm.

  • A protocol implements a -QKD if with rounds it generates an -correct and -secret key of size bits.

Further Information[edit]

The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in [2] . For device-independent quantum key distribution, attacks presented in [3] show that security can be compromised if the same devices are used to implement another instance of the protocol.

Knowledge Graph[edit]

References[edit]

  1. Codes for Interactive Authentication
  2. PR (2014) discusses security of various QKD schemes composed in other cryptographic protocols.
  3. BCK (2013) Analyses device independent QKD


contributed by Bas Dirke, Victoria Lipinska, Gláucia Murta and Jérémy Ribeiro