Although quantum key distribution is regarded as promising secure communication, security of Y00 protocol proposed by Yuen in 2000 for the affinity to conventional optical communication is not well-understood yet; its security has been evaluated only by the eavesdropper’s error probabilities of detecting individual signals or masking size, the number of hidden signal levels under quantum and classical noise. Our study is the first challenge of evaluating the guessing probabilities on shared secret keys for pseudorandom number generators in a simplified Y00 communication system based on quantum multiple hypotheses testing theory. The result is that even unlimitedly long known-plaintext attack only lets the eavesdropper guess the shared secret keys of limited lengths with a probability strictly <1. This study will give some insights for detailed future works on this quantum communication protocol.
The trace distance criterion for security of Quantum Key Distribution (QKD) has been widely perceived that its upperbound is the maximum failure probability in distributing an ideal quantum state that the quantum system shared by legitimate users is decoupled from the quantum system the eavesdropper possesses, therefore the eavesdropper would not obtain any hints on the key shared by the legitimate users no matter how much her measurement is optimal. However, there an arbitrariness in the definition of the trace distance with the decoupled quantum system the eavesdropper possesses as the previous work pointed out, and such an arbitrariness would be confusions in guaranteeing the security of QKD. In this work, from the framework of Bit-Error-Rate (BER) Guarantee discussed also in the previous work, such an arbitrariness is removed from the definition of the trace distance criterion by discussing the similarities and differences between the security of QKD and classical information-theoretic cryptography by Leftover Hash Lemma (LHL). However, in the previous work BER Guarantee was derived under the assumption that the eavesdropper launches the weakest class of attack, so-called “Individual Attacks.” Therefore, it is still unknown whether direct upper-bounding of the term would give tighter upper-bound in general, such as “Collective Attacks” or “Coherent Attacks”, compared to the upper-bound by LHL, as well as the secure-key generation rate. This study also revisits the security proof of QKD given by P. Shor and J. Preskill in 2000.
In 2007, it was found that Known-Plaintext-Attack would reveal whole the string of the distributed key by Quantum Key Distribution (QKD) when the part of the plaintext was known to the eavesdropper, Eve, under the mutual information security criterion between Eve and legitimate users, Alice and Bob. To overcome, the trace distance criterion was introduced in the paper that the distance between the distributed quantum state and the ideal quantum state with Eve’s quantum system decoupled from the quantum systems shared by Alice and Bob. On the other hand, Shor and Preskill proved in 2000 that entanglement-based QKDs are equivalent to prepare-and-measure QKDs, such as the first QKD, BB84. Their proof employed the mutual information criterion, therefore M. Koashi applied Shor-Preskill approach to the trace distance criterion in 2009. However, H. P. Yuen started criticisms on the security of QKDs from 2009, then completed his criticisms in 2016. He warned the security of QKDs are not sufficient. Furthermore, the trace distance would not provide “universal composability”, which is supposed to guarantee Independent and Identically Distributed (IID) keys. He also proposed a new security criterion “Bit-Error-Rate (BER) guarantee,” to evaluate the BER in the decoded message by Eve with her key close to the correct key. In this work, the author explains Yuen’s criticisms and shows an example of the BER guarantee on BB84. Furthermore, the study revisits whether Shor-Preskill security proof approach really worked.
In May 2014, a new quantum key distribution protocol named “Round Robin Differential-Phase-Shift Quantum Key
Distribution (RR DPS QKD)” was proposed. It has a special feature that the key consumption via privacy amplification is
a small constant because RR DPS QKD guarantees its security by information causality, not by information-disturbance
trade-off. Therefore, the authors claimed that RR DPS QKD systems does not need to monitor the disturbance by an
attacker in the quantum channel. However, this study shows that a modified Faked-State Attack (or so-called bright
illumination attack) can hack a RR DPS QKD system almost perfectly if it is implemented with realistic detectors even
information-causality guarantees the security of RR DPS QKD protocol. Therefore, this study also proposes a possible
Measurement-Device-Independent RR DPS QKD system to avoid the modified Faked-State Attack.
This study will test an interpretation in quantum key distribution (QKD) that trace distance between the distributed
quantum state and the ideal mixed state is a maximum failure probability of the protocol. Around 2004, this
interpretation was proposed and standardized to satisfy both of the key uniformity in the context of universal
composability and operational meaning of the failure probability of the key extraction. However, this proposal has not
been verified concretely yet for many years while H. P. Yuen and O. Hirota have thrown doubt on this interpretation
since 2009. To ascertain this interpretation, a physical random number generator was employed to evaluate key
uniformity in QKD. In this way, we calculated statistical distance which correspond to trace distance in quantum theory
after a quantum measurement is done, then we compared it with the failure probability whether universal composability
was obtained. As a result, the degree of statistical distance of the probability distribution of the physical random numbers
and the ideal uniformity was very large. It is also explained why trace distance is not suitable to guarantee the security in
QKD from the view point of quantum binary decision theory.
This paper presents the physical prevention probability of an Intensity-Shift-Keying (ISK) Y00 quantum stream cipher against a polarity inversion attack, where the attacker in the middle of the communication line intercepts legitimate sender’s messages and resends false messages to the legitimate receiver by inverting some of signal polarities. Message falsification is recognized as a major issue in the field of mathematical encryption. Therefore, the attack should also be studied in the field of physical encryption. Y00 protocol was proposed by H. P. Yuen in 2000 to hide even ciphertexts from eavesdroppers under quantum noise of coherent light. Theoretical and experimental analyses of encryption strength of Y00 systems have also been studied against eavesdropping. However, there were not many studies about active attacks like message falsifications. Recent studies showed that the present ISK Y00 systems, whose communication bases are paired signals, may prevent the attack under the Known-Plaintext-Attack. To enhance the probability against the attack, a quadruple-signal-based ISK Y00 system was proposed, whose signal bases are sets of 4 signals. This study shows the proposed system has a prevention probability of 0.66665 per signal, while One-Time Pad used in BB84 cannot prevent message falsification under Known-Plaintext-Attack since polarity inversion directly falsifies the message.
KEYWORDS: Modulation, Quantitative analysis, Data communications, Data acquisition, Computer security, Photonics, Defense systems, Information security, Current controlled current source, Atrial fibrillation
In any communication system, all data including encrypted data by the mathematical cipher are transmitted under the strict rule of the interface frame. Attacker can easily acquire the whole data the same as the data of legitimate users including the address, routing information and so on from the transmission line by tapping.
This is very risky, especially for the secret sharing data center operations. So to hide the whole data in the transmission line is very attractive to ensure the high security level. This can be realized by Y-00 type random cipher that the ciphertext of simple mathematical cipher by PRNG is randomized by quantum noise and it gives a masking effect against the attacker's security analysis. This paper clarifies quantitative properties on the masking effect in the random cipher by Y-00 protocol, and shows the fact that a scheme by the intensity modulation may provide the greatest masking effect, even if the attacker employs the universal heterodyne receiver.
The security in the next generation optical network which realizes "Cloud Computing System Service with data center" is one of the most important problems. In such a network, the encryption in physical layer which provide super security and small delay is a preferable.
It has to be applicable, however, to very high speed data because the basic link is operated at 2.5 Gbit/sec ~ 10 Gbit/sec. The quantum stream cipher by Yuen-2000 protocol (Y00) is a completely new type of random cipher, which can exceed the Shannon limit of the symmetric key cipher.
This paper extends some theoretical results on the security for quantum stream cipher such as Y00 protocol and generalized Y00. First, the conditions to exceed the Shannon limit are summarized.
We formulate a generalized secret capacity in the sense of wire tap channel supported by secret key to clarify a cipher exceeding the Shannon limit. The generalized secret capacities for space communication and fiber communication based on the generalized Y00 are given. When the relaxation of physical constraint or device limit of the eavesdropper is allowed, we point out that a cipher scheme exceeding the Shannon limit can be realized only by the conventional optical system.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.