COMPUTER ENGINEERING DEPARTMENT UNIVERSITY COLLEGE OF ENGINEERING, RAJASTHAN TECHNICAL UNIVERSITY, KOTA

SEMINOR PROJECT REPORT

Quantum Cryptography

Submitted To: Computer Engineering Department, University College of Engineering, Kota

Submitted By: Shashank Kumar Jain (08/181) B.Tech Final Year

2 Quantum Cryptography

Certificate

This is to certify that Mr. Shashank Kumar Jain, College Roll No. 08/181 and University Roll No 08EUCCS031, has submitted the seminar report entitled Quantum Cryptography in partial fulfilment for the award of the degree of Bachelor of Technology in Computer Engineering B.Tech Final year for the academic Session 20112012. The report has been prepared as per the prescribed format and is approved for submission and presentation.

Seminar Guide:
Mr. R. S. Sharma Associate Professor Computer Engineering Department University College of Engineering, Kota(Raj.)

Submitted by :
Shashank Kumar Jain College Roll No. 08/181

3 Quantum Cryptography

ACKNOWLEDGEMENT

The satisfaction and elation of successfully completing a task would be incomplete without acknowledging the people who are involved with us in it, with their constant guidance, encouragement and efforts. This seminar was under taken as a requirement for the completion of Bachelor of Technology degree. It is not only a technical endeavour but also the initiation of a fresher into the world of information technology. I am thankful to Mr. R. S. Sharma for lending us the opportunity to work under his guidance. Also, I am very much grateful to him for his inspiration and constructive suggestions which helped us in the preparation and completion of the seminar. I would also like to thank Mrs. Nirmala Sharma for acting as lead mentor for the seminar lab and helping us in guiding to prepare seminar topic. Shashank Kumar Jain

4 Quantum Cryptography

Abstract

Quantum cryptography is an emerging technology in which two parties can secure network communications by applying the phenomena of quantum physics. The security of these transmissions is based on the laws of quantum mechanics. The quantum cryptography relies on two important elements of quantum mechanics 1. The Heisenberg Uncertainty principle and the principle of photon polarization. The Heisenberg Uncertainty principle states that, it is not possible to measure the quantum state of any system without distributing that system. 2. The principle of photon polarization states that, an eavesdropper cannot copy unknown qubits i.e. unknown quantum states, due to no-cloning theorem. This presentation concentrates on the theory of quantum cryptography, and how this technology contributes to the network security. This presentation summarizes the current state of quantum cryptography, and the real-world application implementation of this technology, and finally the future direction in which the quantum cryptography is headed forwards. Well-known examples of quantum cryptography are the use of quantum communication to securely exchange a key (quantum key distribution) and the (hypothetical) use of quantum computers that would allow the breaking of various popular public-key encryption and signature schemes (e.g., RSA and ElGamal).

5 Quantum Cryptography

TABLE OF CONTENTS

1.

Cryptography 1.1 Introduction 1.2 Classical Cryptography 1.3 Limitations of Classical Cryptography 6 9 13

2.

Quantum Cryptography 2.1 Introduction 2.2 Photon Polarization 2.3 Quantum Cryptography Procedure 15 16 19

3.

Fully Distrustful Protocol 3.1 Device Independent Protocol 3.2 Distrustful Protocol 3.3 Bit Commitment Protocol 3.4 Device Independence Formulation 3.5 Fully Distrustful Cryptography 3.6 Senders Control 3.7 Receivers Information Gain 23 23 24 25 26 28 28

4. 5.

Conclusion References

6 Quantum Cryptography

Cryptography

1.1 Introduction Cryptography is the art of encoding and decoding messages and has existed as long as people have distrusted each other and sought forms of secure communication. The purpose of cryptography is to transmit information such that only the intended recipient receives it. Although the field of cryptography is ancient, it is not static. Cryptographic techniques have evolved over the centuries, with the code-makers working to stay ahead of the codebreakers. The next major step in this evolutionary process may be at hand. Cryptography is where security engineering meets mathematics. It provides us with the tools that underlie most modern security protocols. It is probably the key enabling technology for protecting distributed systems, yet it is surprisingly hard to do right. Cryptography has often been used to protect the wrong things, or used to protect them in the wrong way. The basic terminology is that cryptography refers to the science and art of designing ciphers. Cryptanalysis to the science and art of breaking them, while cryptology, often shortened to just crypto, is the study of both. The input to an encryption process is commonly called the plaintext, and the output the cipher text. Thereafter, things get somewhat more complicated. There are a number of cryptographic primitivesbasic building blocks, such as block ciphers, stream ciphers, and hash functions. Block ciphers may either have one key for both encryption and decryption, in which case theyre called shared key (also secret key or symmetric), or have separate keys for encryption and decryption, in which case theyre called public key or asymmetric. A digital signature scheme is a special type of asymmetric crypto primitive.

7 Quantum Cryptography

Within the context of any application-to-application communication, there are some specific security requirements, including:

Authentication: The process of proving one's identity. (The primary forms of hostto-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)

Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.

Integrity: Assuring the receiver that the received message has not been altered in any way from the original.

Non-repudiation: A mechanism to prove that the sender really sent this message.

Although the ultimate goal of cryptography, and the mechanisms that make it up, is to hide information from unauthorized individuals, most algorithms can be broken and the information can be revealed if the attacker has enough time, desire, and resources. So a more realistic goal of cryptography is to make obtaining the information too work-intensive to be worth it to the attacker. When data is stored on a computer, it is usually protected by logical and physical access controls. When this same sensitive information is sent over a network, it can no longer take these controls for granted, and the information is in a much more vulnerable state. Encryption is a method of transforming original data, called plaintext, into a form that appears to be random and unreadable, which is called cipher text. Plaintext is either in a form that can be understood by a person (a document) or by a computer (executable code). Once it is transformed into cipher text, neither human nor machine can properly process it

8 Quantum Cryptography

until it is decrypted. This enables the transmission of confidential information over insecure channels without unauthorized disclosure.

Plain Text

Encryption

Cipher Text

Decryption

Plain Text

The process of encryption transforms plaintext into cipher text and the process of decryption transforms cipher text into plaintext

A system that provides encryption and decryption is referred to as a cryptosystem and can be created through hardware components or program code in an application. The cryptosystem uses an encryption algorithm, which determines how simple or complex. Most encryption methods use a secret value called a key (usually a long string of bits), which works with the algorithm to encrypt and decrypt the text.

Key

Algorithm

Message

Cipher Text

In above figure the key is inserted into the mathematical algorithm and the result is applied to the message, which ends up in cipher text.

If an eavesdropper captures a message as it passes between two people, she can view the message, but it appears in its encrypted form and is therefore unusable. Even if this attacker knows the algorithm that the two people are using to encrypt and decrypt their information, without the key, this information remains useless to the eavesdropper.

9 Quantum Cryptography

1.2 Classical Cryptography

There are several ways of classifying cryptographic algorithms. They will be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. Mainly two classical algorithms are defined. 1. Secret Key Cryptography: Uses a single key for both encryption and decryption. 2. Public Key Cryptography: Uses one key for encryption and another for decryption.

1. Secret Key Cryptography:

Secret-key encryption requires that two users first develop and securely share a secret key, which is a long string of randomly-chosen bits. The users then use the secret key along with public algorithms to encrypt and decrypt messages. The algorithms are very complex, and can be designed such that every bit of output is dependent on every bit of input. Suppose that a key of 128 bits is used. Assuming that brute force, along with some parallelism, is employed, the encrypted message should be safe: a billion computers doing a billion operations per second would require a trillion years to decrypt it. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing.

10 Quantum Cryptography

A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plaintext block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher.

When using symmetric algorithms, the sender and receiver use the same key for encryption and decryption functions. The security of the symmetric encryption method is completely dependent on how well users protect the key. Because both users use the same key to encrypt and decrypt messages, symmetric cryptosystems can provide confidentiality, but they cannot provide authentication or nonrepudiation. There is no way to prove who actually sent a message if two people are using the exact same key.

11 Quantum Cryptography

The following are examples of symmetric key cryptography algorithms and will be explained in the Stream and Block Ciphers section: Data Encryption Standard (DES) Triple DES (3DES) Blowfish IDEA RC4, RC5, and RC6.

2. Public Key Cryptography: Public-key encryption is based on the idea of a safe with two keys: a public key to lock the safe and a private key to open it. Using this method, anyone can send a message since the public key is used to encrypt messages, but only someone with the private key can decrypt the messages. Since the encrypting and decrypting keys are different, it is not necessary to securely distribute a key. The security of public-key encryption depends on the assumed difficulty of certain mathematical operations, such as factoring extremely large prime numbers. The public and private keys are mathematically related, but cannot be derived from each other. This means that if one gets a copy of Bobs public key, it does not mean he can now use some mathematical magic and find out Bobs private key.

12 Quantum Cryptography

Public Key cryptosystem

If confidentiality is the most important security service to a sender, she would encrypt the file with the receivers public key. This is called a secure message format because it can only be decrypted by the person who has the corresponding private key. If authentication is the most important security service to the sender, then she would encrypt the message with her private key. This provides assurance to the receiver that the only person who could have encrypted the message is the individual who has possession of that private key. If the sender encrypted the message with the receivers public key, authentication is not provided because this public key is available to anyone.

13 Quantum Cryptography

Encrypting a message with the senders private key is called an open message format because anyone with a copy of the corresponding public key can decrypt the message. Thus, confidentiality is not ensured. For a message to be in a secure and signed format, the sender would encrypt the message with her private key and then encrypt it again with the receivers public key. The receiver would then need to decrypt the message with his own private key and then decrypt it again with the senders public key. This provides confidentiality and authentication for that delivered message. Each key type can be used to encrypt and decrypt, so do not get confused and think the public key is only for encryption and the private key is only for decryption. They both have the capability to encrypt and decrypt data. However, if data is encrypted with a private key, it cannot be decrypted with a private key. If data is encrypted with a private key, it must be decrypted with the corresponding public key. If data is encrypted with a public key, it must be decrypted with the corresponding private key.

1.3 Limitations of Classical Cryptography

1. Secret Key Cryptography:

Following are the limitations of secret key cryptography: Key distribution: It requires a secure mechanism to deliver keys properly. Scalability: Each pair of users needs a unique pair of keys, so the number of keys grows exponentially. Limited security: nonrepudiation. It can provide confidentiality, but not authenticity or

14 Quantum Cryptography

There are two main problems with secret-key encryption. The first problem is that by analyzing the publicly-known encrypting algorithm, it sometimes becomes easier to decrypt the message. This problem can be somewhat offset by increasing the length of the key. The second problem is securely distributing the secret key in the first place. This is the wellknown key-distribution problem. Users must either agree on the secret key when they are together in the same location or when they are in different locations. The drawbacks to developing the key when they are in the same location are that it is not always practical for the users to meet, a large database would be needed to store the predetermined keys, and such storage is not secure. The drawback to developing a key when the users are in different locations is that all classical methods of transmitting the key are subject to eavesdropping that cannot be detected by the users. 2. Public Key Cryptography: Weakness of Public key cryptography is Works much slower than symmetric systems There are two problems with basing security on the assumed difficulty of mathematical problems. The first problem is that the difficulty of the mathematical problems is assumed, not proven. All security will vanish if efficient factoring algorithms are discovered. The second problem is the threat of quantum computers. The theoretical ability of quantum computers to essentially process large amounts of information in parallel would remove the time barrier to factoring large numbers. Thus, public-key encryption, though secure at the moment, faces a serious threat as quantum computing comes closer to reality. Currently, however, this method is still widely used, especially for the encryption of financial information sent over the internet.

15 Quantum Cryptography

Quantum Cryptography

2.1 Introduction Todays most common encryption methods are threatened by the potential creation of the quantum computer. But already quantum cryptography has been developed which promises more secure communication than any existing technique and cannot be compromised by quantum computers. Quantum cryptography takes advantage of the unique and unusual behavior of microscopic objects to enable users to securely develop secret keys as well as to detect eavesdropping. The development of quantum cryptography was motivated by the short-comings of classical cryptographic methods, which can be classified as either public-key or secret-key methods. Quantum cryptography solves the problems of secret-key cryptography by providing a way for two users who are in different locations to securely establish a secret key and to detect if eavesdropping has occurred. In addition, since quantum cryptography does not depend on difficult mathematical problems for its security, it is not threatened by the development of quantum computers. Quantum cryptography accomplishes these remarkable feats by exploiting the properties of microscopic objects such as photons. Quantum cryptography uses our current knowledge of physics to develop a cryptosystem that is not able to be defeated - that is, one that is completely secure against being compromised without knowledge of the sender or the receiver of the messages. The word quantum itself refers to the most fundamental behaviour of the smallest particles of matter and energy: quantum theory explains everything that exists and nothing can be in violation of it.

16 Quantum Cryptography

Essentially, quantum cryptography is based on the usage of individual particles/waves of light (photon) and their intrinsic quantum properties to develop an unbreakable cryptosystem - essentially because it is impossible to measure the quantum state of any system without disturbing that system. It is theoretically possible that other particles could be used, but photons offer all the necessary qualities needed, their behaviour is comparatively well-understood, and they are the information carriers in optical fibre cables, the most promising medium for extremely high-bandwidth communications.

2.2 Photon Polarization

Photon polarization measurements form the foundation for the most common quantum cryptographic techniques, it is important to first understand their properties. The three chosen bases of polarization and the possible results of a measurement according to the bases are: Rectilinear (horizontal or vertical), Circular (left-circular or right-circular), and Diagonal (45 or 135)

Although there are three bases, only two bases are used in any given protocol for quantum cryptography. Photons can be measured to determine their orientation relative to one of these bases of polarization at a time. Classically, one would expect the photon to have a certain polarization, which can be measured but which is not changed by the measurement. Photons, however, are quantum objects, and in the quantum world an object can be considered to have a property only after you have measured it, and the type of measurement impacts the property that you find the object to have. This implies that a photon can only be considered to have a particular polarization after you measure it, and

17 Quantum Cryptography

that the basis you choose for the measurement will have an impact on the polarization that you find the photon to have. For example, if you send a photon through an apparatus to measure its orientation relative to a rectilinear coordinate system, you are asking the question, How is the photon oriented relative to a rectilinear coordinate system? You will find the photon is either vertically polarized or horizontally polarized -- there are only two possibilities. Suppose you measure this photon as horizontally polarized. Next you send this same photon through an apparatus to measure its orientation relative to a diagonal coordinate system. Now you are asking the question, How is the photon oriented relative to a diagonal coordinate system?, and you will find that the photon is 45 polarized or 135 polarized there are only two possibilities. The type of measurement does indeed have an impact on what property you find. This is in surprising contrast to the classical situation where something that is horizontally oriented would be expected to have a component in the diagonal direction. The fact that a horizontally-oriented photon may subsequently be measured to have a 45 polarization occurs because the state of horizontal polarization is actually a superposition of the two diagonal polarization states. All polarization states are actually superposition of other polarization states. It is important to note that once the diagonal measurement was made, all information about the previous property of horizontal polarization of the photon vanished. As a result it is impossible to determine a photons rectilinear and diagonal polarizations at the same time. This is analogous to the impossibility of specifying a particles position and momentum at the same time. More information about one results in less information about the other. The behavior of photons sent through a series of polarizer is illustrated below: LEGEND
+

= an apparatus that measures rectilinear polarization V = vertical polarization

18 Quantum Cryptography

H = horizontal polarization
O

= an apparatus that measures circular polarization L = left-circular polarization R = right-circular polarization

1. A photon is sent through a rectilinear (+) measurement apparatus. The photon has equal probability of being vertically or horizontally oriented. Photon 1 Photon 2
+ +

V V

2. A photon that is repeatedly sent through the same measurement apparatus will always give the same answer. Photon 1
+

Photon 2

3. A photon that was measured to be vertically polarized is sent through an apparatus to measure its circular polarization. The photon will come out either left-circular polarized OR right-circular polarized, with equal probability. V
O

OR

4. Analogous results would occur if a circularly-polarized photon was sent through a rectilinear measurement apparatus.

19 Quantum Cryptography

2.3 Quantum Cryptography Procedure The steps of the protocol are explained below, using the standard convention that Alice is the sender, Bob is the receiver, and Eve is the eavesdropper. Alice prepares photons randomly with either rectilinear or circular polarizations. Alice records the polarization of each photon and then sends it to Bob. Bob receives each photon and randomly measures its polarization according to the rectilinear or circular basis. He records the measurement type (basis used) and the resulting polarization measured. (It is important to remember that the polarization sent by Alice may not be the same polarization Bob finds if he does not use the same basis as Alice. Bob publicly tells Alice what the measurement types were, but not the results of his measurements. Alice publicly tells Bob which measurements were of the correct type. A correct measurement is the correct type of Bob used the same basis for measurement as Alice did for preparation. Alice and Bob each throw out the data from measurements that were not of the correct type, and convert the remaining data to a string of bits using a convention such as: left-circular = 0, right-circular = 1 horizontal = 0, vertical = 1

20 Quantum Cryptography

The following example data was generated assuming that Alice sends 12 photons and the detector never fails.

The string of bits now owned by Alice and Bob is: 1 0 0 1 0 1 0 1. This string of bits forms the secret key. In practice, the number of photons sent and the resulting length of the string of bits. But what if Eve has been eavesdropping on Alice and Bobs transmissions? To understand why eavesdropping does not compromise the security of keys developed using quantum cryptography, it is important to note that transmissions between Alice and Bob take place on two different types of channels. The photon transmissions are quantum in nature and occur on what will be called a quantum channel, such as optical fiber. The discussions between Alice and Bob about the types of measurements made occur on a classical channel, such as telephone or email. The properties of these two channels are very different. Eve can intercept information transmitted on the classical channel without being detected. Although this was a serious problem in previous modern cryptographic methods, it is not a problem in quantum cryptography. This is because in quantum cryptography protocols the only information Bob and Alice exchange on a classical channel is the type of measurements

21 Quantum Cryptography

they made, which tells Eve nothing about the results of the measurement, and therefore nothing about the key that was developed. Suppose Eve listens on the quantum channel. One way she may do this is by skimming some photons from the burst sent from Alice to Bob. Now Eve has photons that are identical in polarization to those received by Bob, but she has to randomly choose her own measurement type since she doesnt know what measurement type Bob is going to use. Therefore, about half the time she will choose a different basis than Bob for measurement. For example, suppose Alice sends a burst of circularly polarized photons, some of which are received by Eve and Bob. Eve decided to use the rectilinear basis for measurement, and Bob decides to use the circular basis. Alice and Bob keep the resulting data since they both used the same basis, but since Eve used the wrong basis, she doesnt know what their result was. Now suppose instead that Eve had decided to measure it according to the circular basis, but Bob decided to measure it according to the rectilinear basis. Here Eve would know the polarization that Alice sent, but since Bob did not choose the correct basis, Alice and Bob would throw the results out. As you can see, Eve will not end up with anything resembling the string of bits that Alice and Bob create. Another method Eve could use to eavesdrop on the quantum channel is to intercept the photons, measure them, and then send them on to Bob. When she chooses a different basis for measurement than Alice had used for preparation, she will change the photons polarization through the act of measurement, causing Bob to receive a photon that does not have the same polarization as that sent by Alice. For example, consider the following scenario. Alice sends a right-circularly polarized photon, which is intercepted by Eve. Eve measures it according to the rectilinear basis, finds it to be vertically polarized, and sends it on to Bob. Bob measures it according to the circular basis, and has an equal probability of finding it to be right-circularly polarized and left-circularly polarized. It is clear that this will introduce errors into Bobs final string of bits. Alice and Bob can detect these errors when they run

22 Quantum Cryptography

key validity check. Thus, although Eve could obtain some correct bits of the final key by intercepting photons, Alice and Bob will know that the security of their key has been compromised. In reality, detectors fail some of the time, there is noise in the channel, and Eve could be eavesdropping. All of these factors can cause Bob to end up with a different string of bits than Alice. Thus it is important for Alice and Bob to perform a key validity check to confirm that they have the same string of bits. They cannot compare the whole string of bits over a classical channel since this would compromise the security of their key. One approach is to compare a large random subset of their string of bits, assuming that if these match up, then the others that they are not comparing also match up and can be used as the key. The bits that they have compared are discarded, since this information was shared over a public channel and could have been intercepted. This technique is useful for detecting eavesdropping, since any activity by Eve would introduce a large number of errors. Another technique was developed. Using this technique, Alice and Bob agree on certain blocks of bits of their key and calculate and compare the parity of each block. If an oddnumber of errors exist, the parity calculated by Alice and Bob will be different. Alice and Bob check many overlapping blocks, and make smaller and smaller block sizes to find the errors. Each time a comparison is performed, Alice and Bob discard the last bit in the block. In this way, errors can be eliminated, and Alice and Bob can be sure that they have the same string of bits for use as the key.

23 Quantum Cryptography

Fully distrustful Protocol

3.1 Device Independent Protocol A quantum protocol is said to be device- independent if the reliability of its implementation can be guaranteed without making any assumptions regarding the internal workings of the underlying apparatus. The key idea is that the certification of a sufficient amount of nonlocality ensures that the underlying systems are quantum and entangled. In fact, a device-independent protocol, in principle, remains secure even if the devices were fabricated by an adversary. So far, device- independent protocols have been proposed for quantum key-distribution, random number generation, state estimation, and the selftesting of quantum computers.

3.2 Distrustful Protocol A protocol in which two parties do not trust each other. Anyone may try to cheat, so to ensure reliability, other party must be able to detect cheating. It is not a priori clear, whether the scope of the device- independent approach can be extended to cover cryptographic problems with distrustful parties. In particular, this setting presents us with a novel challenge: Whereas in device-independent quantum keydistribution Alice and Bob will cooperate to estimate the amount of non- locality present, for protocols in the distrustful cryptography model, honest parties can rely only on themselves. In many everyday scenarios (e.g. the use of credit cards on the internet, secure identification, digital signatures), we need to ensure security not only against an

24 Quantum Cryptography

eavesdropper, but crucially against malicious parties partaking in the protocol, i.e. when Alice and Bob do not trust each other. Many important results in quantum cryptography are related to the fundamental primitives in this setting: While, on the one hand, quantum weak coin flipping with arbitrarily small bias is possible, arbitrarily concealing and binding quantum bit-commitment is impossible. However, less secure but non-trivial bit - commitment has been shown to be possible with trusted devices.

3.3 Bit commitment Protocol It is a distrustful protocol. A bit-commitment protocol consists of two phases. Commit Phase Reveal phase

Commit Phase In the commit phase, Alice interacts with Bob in order to commit to a bit.

Reveal phase In the reveal phase, Alice reveals the value of the bit, possibly followed by some test that each party carries out to ensure that the other party has not cheated.

In the time between the two phases, which may be of any duration, no actions are taken. The security of a protocol is always analyzed under the assumption that one of the parties is honest.

25 Quantum Cryptography

We designate by = Probability that Alice reveals wrong bit value without being caught cheating = Probability that Bob knows value of bit before Reveal Phase The quantities Alices Control = Bobs Information Gain = A protocol with arbitrarily small arbitrarily small is called arbitrarily binding, while a protocol with

is called arbitrarily concealing.

Quantum mechanics does not allow for a protocol to be both arbitrarily binding and concealing at the same time. In fact, for a fair protocol, in the sense that The best known protocol gives = 1/4. = 1/2. = .

In contrast, in any classical protocol either Alice or Bob can cheat perfectly

3.4 Device Independence Formulation In our device-independent formulation, we assume that each honest party has one or several devices which are viewed as black boxes. Each box allows for a classical input (the index , and produces a classical output

designates the box). We make the assumption that the probabilities of the ( ),

outputs given the inputs for an honest party can be expressed as where inputting is some joint quantum state and in box and obtaining the outcome

is a POVM element corresponding to . Apart from this constraint we impose

no restrictions on the boxes behavior. In particular, we allow a dishonest party to choose

26 Quantum Cryptography

the state

(which she can entangle with her system) and the POVM elements

for the

other partys boxes. The above assumption amounts to the most general modeling of boxes that I. II. satisfy the laws of quantum theory, and Are such that the physical process yielding the output the input in box depends solely on

, i.e. the boxes cannot communicate with one another.

It is also implicit in our analysis that no unwanted information can enter or exit an honest partys laboratory. In a fully distrustful setting, where the devices too cannot be trusted, these conditions can be satisfied by shielding the boxes. In particular, it is not necessary to carry out measurements in space-like separated locations to guarantee II. as in fundamental tests of non-locality. This observation is important because relativistic causality is by itself sufficient for perfect bit-commitment and coin flipping. Hence, the fact that we do not rely on space-like measurements makes the conceptual implications of our work clearer and the quantum origin of the security evident.

3.5 Fully Distrustful Cryptography Our protocol is based on the Greenberger-Horne-Zeilinger (GHZ) paradox. We consider three boxes A, B, and C with binary inputs, and , respectively. , and , and outputs ,

The GHZ paradox consists of the fact that if the inputs satisfy

27 Quantum Cryptography

We can always have the outputs satisfy . This relation can be guaranteed if the three boxes implement measurements on a three qubit GHZ state

where

= 0 (1) corresponds to measuring

. In

contrast, for local boxes this relation can only be satisfied with

probability at most. The

nonlocal and pseudo-telepathic nature of the GHZ paradox the non-occurrence of certain input-output pairs that would necessarily occur in any local theory are key, both to ensure that when both parties are honest the protocol does not abort, and to ensure that a dishonest party always has a non-zero probability of being caught cheating. The protocol runs as follows. Alice has a box, A, and Bob has a pair of boxes, B and C. The three boxes are supposed to satisfy the GHZ paradox. Commit phase: Alice inputs into her box the value of the bit she wishes to commit to. Denote the input and output of her box by uniformly at random. If a = 0, she sends Bob a classical bit If a = 1, she sends Bob a classical bit Reveal phase: Alice sends Bob or as her commitment. and . Bob first checks whether and =1 inputs them into his two boxes and checks that the GHZ paradox is satisfied. If any of these tests fails then he aborts. If the parties are honest (and the boxes satisfy the GHZ paradox), then the protocol never aborts. To solve TSP, first we defined the structure of Hopfield network. In this network, we had n neurons (based on the number of cities). Also, we initialized the constant values of the network via relation , satisfying or and . She then selects a classical bit a

. He then randomly chooses a pair of inputs

28 Quantum Cryptography

3.6 Senders Control We consider the worst-case scenario, wherein (dishonest) Alice prepares (honest) Bobs boxes in any state she wants, possibly entangled with her own ancillary systems. Since the commit phase consists of Alice sending a classical bit c as a token of her commitment, without receiving any information from Bob, with no loss of generality we may assume that Alice decides on the value of c beforehand, and accordingly prepares Bobs boxes to maximize her control. Furthermore, since Alices winning probability is invariant under the relabeling, c c 1, 1, 1, no value of c is preferable, and we

assume that she sends c = 0. Suppose now that Alice wishes to reveal 0 (i.e. she sends = 0). She will then carry out to be sent. Bob will first = 0.

some operation on her systems in order to decide the value of check whether = 0 or = 0, and since

= 0 it follows that Alice must send

Subsequently, Bob finds that the GHZ paradox is satisfied whenever of inputs such that .

for a choice

On the other hand, suppose that Alice wishes to reveal 1. Then, (since Bob knows that in this case = 0 or

may take on any value

1 = 0), and hence, the only relevant test is = 1 for a choice of

the satisfaction of the GHZ paradox, i.e. whether inputs such that = .

3.1 Receivers Information Gain

Bobs most general strategy consists of sending Alice a box entangled with some ancillary system in his possession. Depending on the value of c he receives from Alice (which is uniformly random since Alice is honest), Bob carries out one of a pair of two-outcome measurements on his system. We denote Bobs binary input and output by where = 0( and ,

= 1) corresponds to the measurement he carries out when Alice sends

29 Quantum Cryptography

c = 0 (c = 1), and

=0(

= 1) corresponds to his guessing that Alice has committed to 0

(1). Bobs information gain is ( )

30 Quantum Cryptography

Conclusion

We can conclude that: 1. Quantum Cryptography provides an efficient cryptography technique that is future proof and reliable. Because it is not threatened by quantum computing, it is safe from fast brute-force attacks of fast computers of future. Also, intrusion detection makes it reliable. 2. Fully distrustful Quantum cryptography can be used to exchange keys between parties that do not trust each other and neither their apparatus. 3. As quantum cryptography allows detection of any eavesdropper, key exchange can be securely made, without threat of key being compromised during initial key exchange.

31 Quantum Cryptography

References

1. J. Silman, A. Chailloux, N. Aharon, I. Kerenidis, S. Pironio, and S. Massar, Fully Distrustful Quantum Cryptography, January 2011 [arXiv:1101.5086v2] 2. Gilles, Brassard; Crpeau, Claude; Richard, Jozsa; Langlois, Denis (1993). "A Quantum Bit Commitment Scheme Provably Unbreakable by both Parties". FOCS 1993. IEEE. pp. 362371. 3. Bernstein, Daniel J.; Buchmann, Johannes; Dahmen, Erik, eds. (2009). Post-quantum cryptography. Springer. ISBN 978-3-540-88701-0. 4. Damgrd, Ivan; Fehr, Serge; Salvail, Louis; Schaffner, Christian (2005). "Cryptography In the Bounded Quantum-Storage Model". FOCS 2005. IEEE. pp. 449458.