Cryptography: Quantum Key Distribution (QKD)

Cryptography
Quantum Key Distribution (QKD)

Quantum key distribution (QKD)

Quantum Key Distribution (QKD) uses quantum carriers to transmit keys over a confidential channel. After sharing the key, Alice and Bob perform a test to detect eavesdropping. If eavesdropping is detected, they discard the key; otherwise, they use it.

QKD security relies on the principle that any quantum measurement leaves a detectable trace, making eavesdropping detectable. Alice and Bob can use a public channel to communicate about the test.

Perfect Secrecy for One-Time Pad Cryptography

Protocols

Cryptography is the art of encrypting messages for secure communication between two parties, traditionally named Alice and Bob, such that an adversary, Eve, cannot decrypt intercepted messages.

Perfect secrecy for one-time pad cryptography

The one-time pad technique, uses identical encoding/decoding keys for secure communication between Alice and Bob. These keys, originally from punched tapes or pads, consist of random bits. Alice encrypts the message by adding the key bit to each message bit, and Bob decrypts by adding the same key bit to the encoded bit.

This method requires prior secure key exchange but allows the encoded message to be sent publicly, as Eve cannot decode it.

Claude Shannon mathematically proved the absolute security of the one-time pad, provided the key is at least as long as the message. If the key is shorter, the cipher becomes vulnerable to cryptanalysis.

The definition of conditional probability (the probability that an event AA occur given that BB occur) is:

P(BA)  =  P(AB)P(A)P(B \mid A) \;=\;\frac{P(A \cap B)}{P(A)}

If two events AA and BB satisfy:

P(AB)=P(A)P(B)P(A \cap B) = P(A)P(B)

then they are independent. Equivalently, for these independent events, using the above:

P(BA)=P(B)P(B \mid A) = P(B)

Shannon’s Perfect Secrecy theorem states that, for a message MM, a uniformly distributed key KK of the same length as MM, and ciphertext C=MKC = M \oplus K, we have:

P(M=mC=c)=P(M=m)m,cP(M = m | C = c) = P(M = m) \quad \forall m, c

Therefore, the ciphertext reveals no information about the message and the knowledge of the ciphertext never changes the probability that a given plaintext occurs.

Proof

Let MM, KK, CC be random variables with C=MKC = M \oplus K. For any specific mm and cc:

P(M=mC=c)=P(M=m,C=c)P(C=c)=P(M=m,MK=c)P(C=c)P(M = m \mid C = c) = \frac{P(M = m, C = c)}{P(C = c)} = \frac{P(M = m, M \oplus K = c)}{P(C = c)}

Since C=mKC = m \oplus K must equal cc, we have K=mcK = m \oplus c. By uniformity of KK:

P(M=m,K=mc)=P(M=m)P(K=mc)P(M = m, K = \, m \oplus c) = P(M = m)\,P(K = \, m \oplus c)

If MM and KK are independent, then

P(K=k)=1/K  kP(K = k) = 1/|K|\; \forall k where K|K| is the size of the key space. Likewise:

P(C=c)=mP(M=m)P(K=mc)=mP(M=m)1K=1KP(C = c) = \sum_{m^\prime} P(M = m^\prime)\,P(K = \, m^\prime \oplus c) = \sum_{m^\prime} P(M = m^\prime) \frac{1}{|K|} = \frac{1}{|K|}

Substituting:

P(M=mC=c)=P(M=m)1K1K=P(M=m).P(M = m \mid C = c) = \frac{P(M = m)\,\frac{1}{|K|}}{\frac{1}{|K|}} = P(M = m).

This shows the ciphertext provides no information about the message.

A one-time pad encryption scheme achieves perfect secrecy if and only if:

  1. The key is truly random
  2. The key is at least as long as the message
  3. The key is never reused

Protocols

BB84 protocol

Ekert protocol