| From: | Adam Getchell <acgetche@****.UCDAVIS.EDU> |
|---|---|
| Subject: | Quantum cryptography - Technical Details |
| Date: | Tue, 9 Aug 1994 14:06:04 -0700 |
will post a longer summary of the article here. In a following article
(for those that don't want to bother with the details) I will describe
the implications and use of the system, in as non-technical a fashion as
I can manage.
All citations from "Quantum Cryptography", Charles H. Bennett,
Gilles Brassard and Artur K. Ekert in _Scientific American_, Volume 267,
No. 4, October 1992, pp. 50-57
Regarding the Vernam cipher:
"Around this time [WWI] Gilbert S. Vernam of American Telephone
and Telegraphy Company and Major Joseph O. Mauborgne of the U.S. Army
Signal Corps developed the first truly unbreakable code called the Vernam
cipher. One distinctive feature of the code is its need for a key that
is as long as the message being transmitted and is never reused to send
another message.(The Vernam cipher is also known as the one-time pad from
the practice of furnishing the key to spies in the form of a tear-off
pad, each sheet of which was to be used once and then carefully destroyed.)"
Regarding the workings of the Vernam cipher:
"When in 1967 the Bolivian army captured and executed the
revolutionary Che Guevara, they found on his body a worksheet showing how
he prepared a message for transmission to Cuban president Fidel Castro.
Guevara used the unbreakable cipher invented by Gilbert Vernam in 1918.
The letters of Guevara's message (in Spanish) were first translated into
one- and two-digit decimal numbers by a fixed rule, namely: {Example
follows} By itself this procedure would have provided virtually no
protection. The message digits were then strung together in convenient
five-digit blocks. They became the top line of each three-line group on
the worksheet. The middle line of each group is the key, a sequence of
random digits known only to Guevara and Castro.
"Next the message and key were added (without carries) to produce
a cryptogram, forming the bottom line of each three-line group. Because
of the addition of random key digits, this cryptogram is itself a random
decimal sequence, carrying no information about the original message,
except to someone who knows the key ... At the recieving end, Castro's
cipher office would have subtracted the same random key digits,
reconstructing the number sequence in the top row ... The key ... can be
a long random sequence of the binary digits 0 and 1, and the additons and
subractions would be carried out in base 2 by machine ..."
Regarding Public Key Cryptosystems:
"Public-key cryptosystems differ from all previous schemes in
that parties wishing to communicate do not need to agree on a secret key
beforehand. The idea of PKC is for a user, whom we shall call Alice, to
choose randomly a pair of mutually inverse transformations--to be used
for encryption and decryption; she then published the instructions for
performing encryption but not decryption. Another user, Bob, can then
use Alices's public-encryption algorithm to prepare a message that only
she can decrypt. Similiarly, anyone, including Alice, can use Bob's
public-encryption algothm to prepare a message that only he can decrypt.
This, Alice and Bob can converse secretly even though they share no
secret to begin with."
Regarding quantum channels:
"To construct a quantum channel, one needs a polarizing filter or
other means for the sender to prepare photons of selected polarizations
and a way for the reciever to measure the polarization of the
photons...the task is most conveniently done by a birefringent crystal
(such as calcite), which sends incident photons, depending on their
polarization, into one of two paths without absorbing any. {skip paragraph}
"Suppose Bob is told in advance that a given phton is polarized
in one of the two "rectilinear" directions, vertical (90 degrees) or
horizontal (0 degrees) without being informed ... he can reliably tell
which direction by sending the photon ... {into} a vertically oriented
calcite crystal and tow detectors, such as photomultiplier tubes, that
can record sigle photons. The calcite crystal directs the incoming
photon to the upper detector if it was horizontally polarized and to the
lower detector if it was vertically polarized. Such an apparatus is
useless for distinguishing diagonal (45- or 135-degree) photons, but
these can be reliably distinguished by a similiar apparatus ... rotated
45 degrees. The rotated apparatus, in turn, is useless for
distinguishing vertical from horizontal photons. According to the
uncertainty principle, these limitations apply not just to the particular
measuring apparatus described here but to any measuring device
whatsoever. Rectilinear and diagonal polarizations are complementary
properties in the sense that measuring either property necessarily
randomizes the other.
"We can now describe the simple scheme for quantum key
distribution that two of us (Bennet and Brassard) proposed in 1984 and
that we dubbed "BB84". The purpose of the scheme is for Alice and Bob to
exchange a secret random key that they can subsequently use, as in the
Vernam cipher, to send meaningful secret messages when the need arises...
First, Alice generates and sends Bob a sequence of photons whose
polarizations she has chosen at random to be either 0, 45, 90, or 135,
Bob receives the photons and, for each phton, decides randomly whether to
measure its rectilinear or diagonal polarization. Next, Bob announces
publicly, for each photon, which type of measurement he has made
(rectilinear or diagonal) but not the measurement result (for example, 0,
45, 90 or 135 degrees). Alice tells him publicly, for each photon,
whether he has made the right kind of measurement. Alice and Bob then
discard all cases in which Bob has made the wrong measurement or in which
his detectors have failed to register a photon at all (existing detectors
are not 100 percent efficient). If no one has eavesdropped on the
quantum channel, the remaining polarizations should be shared secret
information between Alice and Bob.
Alice and Bob next test for eavesdropping, for example, by
publicly comparing and discarding a randomly selected subset of their
polarization data ... Because of the uncertainty principle, Eve cannot
measure both rectilinear and diagonal polarizations of the same photon.
If, for example, she makes the wrong measurement, then, even if she
resends Bob a phton consistent with the result of her measurement, she
will have irretrievably randomized the polarization originally sent by
Alice. The net effect is to cause errors in one quarter of the bits in
Bob's data that have been subjected to eavesdropping."
Regarding QC and real-world concerns:
"The BB84 scheme was modified to produce a working quantum
cryptography apparatus at IBM. The modifications were necessary to deal
with practical problems such as noise in the detectors and the fact that
the prototype uses dim flashes of light instead of single
photons....
"[Q]uantum transmissions could be sent through several kilometers
of optical fiber. If cost and inconvenience were no concern, quantum
transmissions could be sent over arbitrarily great distances with
negligible losses through and evacuated straight pipe.
"...the prototype encodes each bit in a dim flash of light. This
introduces an new eavesdropping threat to the system: if Eve taps into
the beam by a device such as a half-silvered mirror, she will be able to
split each flash into two flashes of lesser intensity, reading one
herself while letting the other pass to Bob ... This attack can be
efffectively thwarted, at the cost of reducing the rate of data
transmission ... by having Alice send very dim flashes -- that is, an
intensity of less tan one photon per flash on the average.
"...Information on that key {transmission} may have leaked to Eve at
several stages. She may have gained information by splitting some
flashes, by directly measureing others (she cannot do this too often, as
it causes errors in Bob's data) and by listening to the public discussion
between Alice and Bob. Fortunately, Alice and Bob, because they know the
intensity of the light flashes and the number of errors found and
corrected, can estimate how much information might have leaked to Eve
through all these routes.
"By itself, such an impure key is almost worthless. If it were
used as a key for the Vernam cipher, for example, it might prove very
insecure if the most important part of the message happened to coincide
with a part of the key the eavesdropper knew. Fortunately, two of us
(Bennet and Brassard), in collaboration with Jean-Marc Robert (then a
student of Brassard), developed a mathematical technique known as privacy
amplification. Using this technique, Alice and Bob, through public
discussion, can take such a partly secret key and distill from it a
smaller amount of highly secret key, of which the eavesdropper is
unlikely to know even one bit."
(Whew! _That_ was some typing practice!)
+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
