Optimal eavesdropping on noisy states in quantum key distribution

2015

Quantum key distribution allows two parties, Alice and Bob to generate a secret key in the presence of an eavesdropper, Eve [Gisin N, Ribordy G, Tittel W and Zbinden H 2002 Rev. Mod. Phys. 74 145-195]. It promises the legitimate parties to exchange private information by means of provably-secure protocols. The security is based solely on the quantum mechanical laws of physics. Since quantum key distribution is at the level of implementation and since these protocols usually operate in some noisy channels, we investigate how the addition of noise in the communication channel affects the secret key generation rates. The effect of noise for four-state and six-state protocols has been already studied [Mertz M, Kampermann H, Shadman Z and Bruß D 2013 Phys. Rev. A 87(4) 042312]. Here, we investigate the behavior of the secret key when one adds some noise before classical processing for the two-state Bennett 1992 quantum key distribution protocol.

Journal of Physics A: Mathematical and Theoretical, 2011

We consider the security of the BB84, six-state and SARG04 quantum key distribution protocols when the eavesdropper doesn't have access to a quantum memory. In this case, Eve's most general strategy is to measure her ancilla with an appropriate POVM designed to take advantage of the post-measurement information that will be released during the sifting phase of the protocol. After an optimization on all the parameters accessible to Eve, our method provides us with new bounds for the security of six-state and SARG04 against a memoryless adversary. In particular, for the six-state protocol we show that the maximum QBER for which a secure key can be extracted is increased from 12.6% (for collective attacks) to 20.4% with the memoryless assumption.

Journal of Modern Optics, 1994

We analyse the information obtained by an eavesdropper during the various stages of a quantum cryptographic protocol associated with key distribution. We provide both an upper and a lower limit on the amount of information that may have leaked to the eavesdropper at the end of the key distribution procedure. These limits are restricted to intercept/resend eavesdropping strategies. The upper one is higher than has been estimated so far, and should be taken into account in order to guarantee the secrecy of the final key, which is subsequently obtained via the so-called privacy amplification .

Employing the fundamental laws of quantum physics, Quantum Key Distribution (QKD) promises the unconditionally secure distribution of cryptographic keys. However, in practical realisations, a QKD protocol is only secure, when the quantum bit error rate introduced by an eavesdropper unavoidably exceeds the system error rate. This condition guarantees that an eavesdropper cannot disguise his presence by simply replacing the original transmission line with a less faulty one. Unfortunately, this condition also limits the possible distance between the communicating parties, Alice and Bob, to a few hundred kilometers. To overcome this problem, we design a QKD protocol which allows Alice and Bob to distinguish system errors from eavesdropping errors. If they are able to identify the origin of their errors, they can detect eavesdropping even when the system error rate exceeds the eavesdropping error rate. To achieve this, the proposed protocol employs an alternative encoding of information in two-dimensional photon states. Errors manifest themselves as quantum bit and as index transmission errors with a distinct correlation between them in case of intercept-resend eavesdropping. As a result, Alice and Bob can tolerate lower eavesdropping and higher system errors without compromising their privacy.

Physical Review A, 2013

We compare the effect of different noise scenarios on the achievable rate of an ε-secure key for the BB84 and the six-state protocol. We study the situation where quantum noise is added deliberately, and investigate the remarkable benefit for the finite key rate. We compare our results to the known case of added classical noise and the asymptotic key rate, i.e. in the limit of infinitely many signals. As a complementary interpretation we show that under the realistic assumption that the noise which is unavoidably introduced by a real channel is not fully dedicated to the eavesdropper, the secret key rate increases significantly.

Physical Review A, 1997

We consider the Bennett-Brassard cryptographic scheme, which uses two conjugate quantum bases. An eavesdropper who attempts to obtain information on qubits sent in one of the bases causes a disturbance to qubits sent in the other basis. We derive an upper bound to the accessible information in one basis, for a given error rate in the conjugate basis. Independently fixing the error rate in the conjugate bases, we show that both bounds can be attained simultaneously by an optimal eavesdropping probe, consisting of two qubits. The qubits' interaction and their subsequent measurement are described explicitly. These results are combined to give an expression for the optimal information an eavesdropper can obtain for a given average disturbance when her interaction and measurements are performed signal by signal. Finally, the relation between quantum cryptography and violations of Bell's inequalities is discussed.

The effect of noise on various protocols of secure quantum communication has been studied. Specifically, we have investigated the effect of amplitude damping, phase damping, squeezed generalized amplitude damping, Pauli type as well as various collective noise models on the protocols of quantum key distribution, quantum key agreement, quantum secure direct quantum communication and quantum dialogue. From each type of protocol of secure quantum communication, we have chosen two protocols for our comparative study; one based on single qubit states and the other one on entangled states. The comparative study reported here has revealed that single-qubit-based schemes are generally found to perform better in the presence of amplitude damping, phase damping, squeezed generalized amplitude damping noises, while entanglement-based protocols turn out to be preferable in the presence of collective noises. It is also observed that the effect of noise entirely depends upon the number of rounds of quantum communication involved in a scheme of quantum communication. Further, it is observed that squeezing, a completely quantum mechanical resource present in the squeezed generalized amplitude channel, can be used in a beneficial way as it may yield higher fidelity compared to the corresponding zero squeezing case.

Nature Communications, 2013

In quantum key distribution implementations, each session is typically chosen long enough so that the secret key rate approaches its asymptotic limit. However, this choice may be constrained by the physical scenario, as in the perspective use with satellites, where the passage of one terminal over the other is restricted to a few minutes. Here we demonstrate experimentally the extraction of secure keys leveraging an optimal design of the prepare-andmeasure scheme, according to recent finite-key theoretical tight-bounds. The experiment is performed in different channel conditions, and assuming two distinct attack models: individual attacks, or general quantum attacks. The request on the number of exchanged qubits is then obtained as a function of the key size and of the ambient quantum bit error rate.

Physical Review Letters, 1996

Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacy-amplification techniques, the resulting schemes are difficult to analyse and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an 'entanglement purification' procedure which, because it requires only a few quantum Controlled-Not and singlequbit operations, could be implemented using technology that is currently being developed. The scheme allows an arbitrarily small bound to be placed on the information that any eavesdropper may extract from the encrypted 1 message. 89.70.+c, 03.65.Bz, 89.80.+h Typeset using REVT E X

2011

Quantum networks are communication networks in which adjacent nodes enjoy perfectly secure channels thanks to quantum key distribution (QKD). Drawing endto-end security from QKD-supported point-to-point security can be done by virtue of multipath transmission. This concept buys security at the cost of strongly connected networks and perfect routing. Particularly the latter is hard to ensure, since congestions or (passive) eavesdropping may cause QKD keybuffers to run empty, thus enforcing local re-routing of packets. Hence, the adversary may use eavesdropping not to extract information, but to redirect the information flow towards a relay-node that he controls. Such attacks can readily invalidate the stringent requirements of multipath transmission protocols and thus defeat any formal arguments for perfect secrecy. Moreover, this form of "indirect eavesdropping" seems to be unconsidered in the literature so far. We investigate whether or not unconditional security in a quantum network with nonreliable routing is possible. Using Markov-chains, we derive various sufficient criteria for retaining perfect secrecy under imperfect packet relay. In particular, we explicitly do not assume trusted relay or quantum repeaters available.