FPGA implementation of a quantum cryptography algorithm

Jaouadi Ikram 1 and Machhout Mohsen 2

1
University of Tunis El Manar, National Engineers School of Tunis,Communications Systems Department
e-mail: ikramjaouadi_2006@ yahoo.fr
2
Sciences Faculty of Monastir, Electronics and Microelectronics laboratory, Tunisia
e-mail: [email protected]

Abstract. Quantum cryptography is a process for developing a perfectly secret encryption key that can be used with any
classical encryption system. This paper presents a study of the EPR state protocol, the first continuous variable quantum key
distribution protocol. We propose an algorithm for this protocol and subsequently its implementation on FPGA (Field-
Programmable Gate Array). For the implementation, we used Xilinx's ISE System Edition tool as Software and Xilinx's
Artix7 Nexys4 DDR board as hardware.

Keywords : Communication Protocol, QKD, Security, Secret Key, FPGA Platform, EPR paradox, Bell's Inequality,
Quantum Cryptography.

1. Introduction
The first means of communication put in place by humans are accompanied by a need for confidentiality in the
information transmission. The first cryptographic systems appear around 200 before J.C[1]. Today, most
classical cryptographic systems rely on mathematical algorithms whose safety and robustness to cracking have
not been formally demonstrated. The computational complexity poses very little resistance to the increase in
computational power of computer systems.
In 1900, based on the quantum theory, M. Planck [2] showed that the emission and absorption of light can
only be in whole energy packets. He thus defined Planck's constant h, which quantifies the energy exchanges
between light and material. In 1905, Einstein was the first to introduce the quantification of radiant energy by
expressing light as grains, then explaining the photoelectric effect. In 1926, Newton then proposed the term
photon.
In 1925, Heisenberg unified the various approaches under the " Matrices Mechanics ", the base of quantum
mechanics, which was enriched in 1926 by the Schrödinger approach. The central purpose of this approach was a
complex-valued wave function, thus satisfying the equation that now bears his name [3].
The beginnings of quantum cryptography appeared in the late sixties in Stephen Wiesner's (unpublished)
article [4], in which he explains the importance of Heisenberg's uncertainty principle in coding currencies in
order to protect them from forgery. He then proposes the use of a multiplexer quantum channel interspersing two
messages so that reading one of them makes the other unreadable.
In 1979, Charles H. Bennett and Gilles Brassard returned to this work to design a secret key distribution
system based on quantum mechanics principles [5]. In 1983, Wiesner's article was finally published, the photon
would now be used for information transmission and not for storage.
Quantum cryptography is not a new cryptographic process. Indeed, it does not directly allow the
communication of intelligible messages but allows (mainly) the cryptographic key distribution, which often
leads to designate the quantum key distribution (QKD) by the more general term of quantum cryptography. It,
therefore, appears as a complement to classical cryptography, it meets the need for private key distribution. The
safety of this method is based on the laws of quantum mechanics and is considered unconditionally safe.
Quantum entanglement, a quantum mechanics astonishing phenomenon, revealed by Einstein and
Schrödinger in the 1930s, assumes that two particles, even distant ones, of a physical system have dependent
quantum states. Any measurement of one of these two particles affects the other. These entangled states seem to
contradict the locality principle.
Quantum entanglement was the base of two famous thought experiments proposed in 1935: the Schrödinger's
cat experiment [3] by Erwin Schrödinger, and the EPR experiment of Einstein, Podolsky, and Rosen [6].
Einstein, Podolsky, and Rosen then concluded that quantum mechanics is incomplete. They were based on the
fact that any quantum state measurement performed at a position A can't influence the measurement result of
this state at a position B (locality hypothesis) and that a quantum state has defined values regardless of its
measure (realism hypothesis). They ended by saying that the description of a quantum system can only be
completed with the use of hidden variables [7] whose role is to predetermine the measurement result of the
quantum states and subsequently solve the EPR paradox.
In 1964 and in order to quantify the debate between quantum mechanics and the notion of hidden variables,
J. Bell introduced a set of inequalities to check for any local and realistic theory [8]. The Bell's inequality test
implies that, at a time t, two detection systems A and B simultaneously perform measurements on the two
elements of an entangled quantum states pair. The Bell's inequalities verification is an important step in the
processing of information. These are relationships that entangled state measurements must respect.
Several quantum cryptography protocols are based on the principle of entangled photons, their security is
based on the properties of the latter. In 1991, Ekert proposed a QKD protocol based on the EPR paradox and on
Bell's inequalities [9]. In the next section, we will explain the principle of this protocol and propose an algorithm
to use for the implementation.

2. EPR protocol
It is a protocol whose states are correlated or entangled. In this protocol, the term EPR pairs is used to denote a
pair of states emitted at a time t. The EPR pairs may be pairs of particles separated at great distances. This
protocol also uses Bell's inequality verification for spy detection. The general architecture of an entangled
quantum cryptography system can be presented as follows:

Fig1. Synoptic diagram of an entangled QKD system

Our system emits pairs of particles in a particular state. The first part transmitted to Alice and the second to Bob.
Each of the two interlocutors has three measurement operators presented in the following table:
Table1 : MEASUREMENT BASES OF ALICE AND BOB

Alice Bob
𝐴1 = 𝑍 𝐵1 = 𝑍
𝑋+𝑍
𝐴2 = 𝑋 𝐵2 =
2
𝑍+𝑋 𝑍−𝑋
𝐴3 = 𝐵3 =
2 2
With

𝑍 = 0 0 − |1 1| (1)

and

𝑋 = 0 1 + |1 0| (2)

The EPR protocol, like any QKD protocol, uses two types of channels: a quantum channel and a classic channel.
Its algorithm can be described as follows:
2.1 First Phase: quantum channel transmission
At each instant t, an EPR pair is created. The first photon of this pair is transmitted to Alice while the second is
transmitted to Bob. On their part, Alice and Bob, each randomly and with equal probabilities select their operator
from Ai and Bi with i ∈ {1,3}. Depending on the chosen measurement operator, Alice and Bob proceed to
measure their received photons respectively. They reserve their measurement results as well as their choice of
measurement operators.
2.2 Second Phase: communication on the public channel
Step1: Separating data into two groups
In this step, Alice and Bob carry out a public discussion via a conventional channel to determine the set of bits
for which they have used the same measurement operators. Each separates his bit sequence into two groups. The
first group named "Raw Key" contains the set of bits measured with the same measurement operator Ai =
Bi . The second group named "Rejected Key" contains the rest of the bits, the bits for which Alice and Bob didn't
use the same measurement operator.
Step 2: Verifying Bell's Inequality and Spy Detection
Unlike other quantum communication protocols such as BB84 and B92, for the EPR protocol, nothing is
discarded. Indeed, the set "Rejected Key" is used to check the presence of the spy Eve and this through the test
of Bell inequalities. If these inequalities are violated, it is a sign of intrusion. Alice and Bob then proceed to a
discussion through the public channel to compare their rejected keys.
We will match to the set {A1 , A2 , A3 }the set {a, b, c}. Similarly for the set B1 , B2 , B3 the set a, b, c .
Let P(a, b) be the probability that two corresponding bits of the rejected keys of Alice and Bob are respectively
Alice's measurement result by the operator A1 and Bob's measurement result by the operator B2 . According to
the same reasoning we search for P a, c and P(b, c).

Bell's inequality can be noted by the following equation:

P a, b − P a, c ≤ 1 + P(b, c)
If the inequality is satisfied, no intrusion is detected and the communication is safe. Else, the system indicates
the presence of the spy. Recall that the quantum non-cloning theorem makes remarkable every movement of the
spy.
2.3 Third Phase: reconciliation and error correction
We take back the "Raw Key" in this step and always via the public channel. In this step, which is common
between various protocols, both interlocutors estimate the error rate QBER (Quantum Bit Error Rate) on their
"Raw Key" sequences. They then correct the transmission errors to ensure that the generated key is secret.
Several error correction algorithms are used [10]. To amplify the confidentiality of the key, the two interlocutors
can apply the parity check by adding a parity bit to their keys[11].
The EPR protocol uses an authenticated public channel, so the spy can't pretend to be one of the two
legitimate actors. Authentication is obviously possible by an appropriate algorithm. Therefore, the spy can't
perform an impersonation attack (Eve listening to the quantum and classical channels and pretending to be Bob).
In this paper, we did not deal with the behavior of the spy, because his modeling is subject to two major
difficulties. On the one hand, the particles transmitted to Alice and Bob by the EPR source are propagated on
two different quantum channels (see Figure 1), so the spy must make a global attack, rejected hypothesis. On the
other hand, the spy must be equipped with the same technology (Hardware) as the two interlocutors and behave
in the same way, an experimentally impossible requirement.

3. FPGA implementation of the protocol

For the EPR protocol implementation on FPGA, we used as hardware the Artix7-Nexys4 DDR card from Xilinx
[12] with a clock frequency of 100 Mhz. Both interlocutors are linked to the card via a USB link.
We simulated the behavior of the entangled photon source using a pseudo-RNG (Random Number
Generator). We have also integrated the EPR source into Alice, so only one quantum channel is used. The
pseudo-RNG is also used for the generation of polarization bases for both interlocutors instead of a true RNG.
For pseudo-random sequences generation, we used the LFSR (Linear Feedback Shift Register) algorithm.
Performed electronically, in the particular case of a sequence of 0 and 1, it is a shift register with linear
feedback, which means that the incoming bit is the result of an exclusive OR (XOR) between several bits of the
register. The recurrent sequence produced by an LFSR is necessarily periodic from a certain rank. LFSRs are
used in cryptography to generate sequences of pseudorandom numbers [13].
This algorithm was originally proposed in various algorithms (the Berlekamp-Massey algorithm, Fibonacci
algorithm, Galois algorithm). In our implementation, we opted to choose the Fibonacci algorithm which strictly
applies the definition of an LFSR. We implemented a 32-bit LFSR algorithm. (Appendix 1 is the simulation of
the 32-bits LFSR).
 However, it should be noted that the use of LFSRs in their original configuration became vulnerable to
mathematical attacks (a result demonstrated by the Berlekamp-Massey algorithm) [14][15]. Therefore, an LFSR
should never be used by itself as a key flow generator despite the fact that LFSRs are still used for their very low
implementation costs.
3.1 Implementation
Our system architecture is composed as follows: the two interlocutors are related to the same FPGA with a USB
link. The software behavior of each of the two interlocutors is controlled by a PC ensuring the exchanges with
the FPGA which is synchronized.

The two PCs are connected by an Ethernet link representing the authenticated classic channel. For the quantum
channel, it is represented by an optical fiber. We have integrated the EPR source at the transmitter, only one
detector is needed at the receiver. It's a balanced homodyne detector

Our system behavior can be described as follows:

 At each moment t, a pair of entangled photons is generated, one photon is for Alice and the other is
transmitted to Bob via the quantum channel.
 At each moment t, for Alice as for Bob, the FPGA generates a random sequence corresponding to the
choice of the measurement operators.
 Simultaneously, the two interlocutors proceed to measure each photon received by the corresponding
base. They then save their base choices as well as the measurement results in memory. Here we used FIFO
memories (First In First Out). The role of the quantum channel stops at this level.
 Via a classic channel, the two actors proceed to reconciliation. For continuous variable protocols such
as the EPR protocol, the reconciliation phase is preceded by a discretization of the data, that is to say that we
only take a part of received data. This is called slice reconciliation [16]. Bob then sends to Alice his base choices
for this extracted slice. They then estimate the error rate QBER (Quantum Bit Error Rate). The recovery of base
choices is made by access to the FIFO memory.
 Remember that for the EPR protocol nothing is useless. The reconciliation phase ends by dividing the
data into two groups: the raw keys (the raw keys of Alice and Bob corresponding to the conforming base
choices) and the Rejected Keys (the strings corresponding to the rest of the data). The results are obviously saved
in memory.
 Rejected Keys strings are used to verify Bell's inequality.
 We take back with the raw keys to correct the transmission errors in order to reduce the error rate. For
this phase, we used the algorithm of choosing randomly two identical blocks of the two raw keys. Alice and Bob
estimate the error rate on these blocks before deleting them. If the error rate is still high, they repeat the process,
if not they can generate the final key whose size will be smaller than that of the raw keys.
 One last step is to increase the confidentiality of the key. We have applied for this purpose a parity
check algorithm, we added to the final key the parity bit. The final key will then be an unconditional security.
(Appendix 2 presents the simulation of the EPR protocol starting form a distribution of 232 bits to generate a
secret key of 15bits) ).


3.2 Results and discussion

The following graph shows the evolution of QBER over time.

30 QBER

20

10

0
0 50 100 150
Time (ns)

Fig2. QBER evolution curve

As shown, the error rate is decreasing from 28% to reach 9% which reflects the effect of the correction of
transmission errors. In fact, it is a primordial phase in any quantum cryptography system whose main objective is
to increase the secret key rate.
We have set the threshold of the QBER to 10%. Once the QBER is less than this threshold, we can generate
the secret key, but without forgetting Bell's inequality test allowing the eavesdropping detection.
The following curve shows the generation evolution of the final key according to time

30
Key Generation
20
Bits/symbol

10

0
0 50 100 150
time (ns)

Fig3. Diagram of secret key generation evolution

As explained previously, for error correction, we applied a method of extracting a sub-block from the raw key.
These sub-blocks are subsequently deleted. The size of the final key is obviously less than the size of the raw
key.
Since we are manipulating a real-time system, the evolution of the secret key generation is related to the
process evolution over time. All the steps of the process run at the same rate. The establishment the final key
cannot be completed until the end of the process.
From a performance point of view, we can present the following table:
Table2: THE RATE OF USE OF THE HW COMPONENT LOGICAL BLOCK

Logic block Use

Used LUT-Flip Flop 7561
LUT 7399
FF register 513
IO Buffers 39
32 bits RAM memories 4

The values shown in this table reflect the sequential logic of our system. Indeed, each step is highly dependent
on the previous one, from which comes the need to use an FSM (Finite State Machine) to control this sequence
of events and the transition from one state to another. The use of Look Up Tables (LUTs) and Flip Flops is due
to the use of logical operators (XoR, Comparator, etc.) during the implementation of the system.

4. Conclusion
In this research work, we proposed an algorithm of the EPR protocol, the first quantum key distribution protocol
with entangled variables. We implemented this algorithm on an FPGA platform where we used the Nexys4 DDR
board.
We didn't talk about the eavesdropping strategy. We also used a pseudo-random number generator instead of a
true one. In principle we are working with continuous variables, but, as we explicated, we have to resort to
discrete variables once we attained reconciliation phase.
Quantum key distribution protocols using entangled variables take advantage of quantum mechanics
principles, especially quantum entanglement, to ensure the unconditional security of the communication process,
even in the presence of a spy.
Acknowledgment
This work is supported by Electronics and Microelectronics Laboratory, Sciences Faculty of Monastir-
Tunisia (code: LR99ES30) and National Engineering School of Tunis-Tunisia, Communication System
Department.
The first author thanks Mr. Tayari Lassaad, Master computer scientist of industrial systems at the Higher
Institute of Technological Studies Gabes-Tunisia, who provides Nexys4 board.

References
1. David Kahn, The Codebreakers: A Comprehensive History of Secret Communication from Ancient Times to the
Internet, Revised and Updated, New York, Scribner, 1996.
2. Josef SMOLKA, « PLANCK MAX - (1858-1947) », Encyclopædia Universalis [en ligne], viewed on December
07, 2017. URL: http://www.universalis.fr/encyclopedie/max-planck/
3. Erwin Schrödinger, Quantum physics and representation of the world. Le Seuil, coll. "Science Points", 1992, 184 p.
French translation of two popular articles: The current situation in quantum mechanics (1935), Science and humanism -
The physics of our time (1951).
4. Stephen Wiesner. Conjugate coding. Sigact News, 15(1) :78–88, 1983. Written around 1969-1970, this article was
published only in 1983.
5. Charles H. Bennett and Gilles Brassard. Quantum cryptography: public-key distribution and coin tossing. In
Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing pages 175–179. IEEE,
1984.
6. A. Einstein, B. Podolsky, N. Rosen, “Can quantum-mechanical description of physical reality be considered
complete ?”, Physical Review Letters, vol. 47, pp. 777-780, 1935.
7. J. S. Bell, Introduction to the hidden variable question, Proceedings of the International School of Physics Enrico
Fermi, Course IL, Foundations of Quantum Mechanics (1971), 171-181.
8. J. S. Bell, On the Einstein Podolsky Rosen Paradox, Physics 1 (1964), 195.
9. Artur K. Ekert : Quantum Cryptography Based on Bell’s Theorem. Phys. Rev. Lett., 67(6):661–663, August 1991.
10. Gilles Brassard and Louis Salvail. Secret-key reconciliation by public discussion. In Advances in cryptology –
Eurocrypt’93, number 765 in Lecture Notes in Computer Science, pages 411–423, New-York, 1993. Springer Verlag.
11. Charles H. Bennett, Gilles Brassard, Claude Crépeau, and Ueli M. Maurer. Generalized privacy amplification.
IEEE Transactions on Information Theory, 41(6) :1915– 1935, November 1995. Available at
http://www.crypto.ethz.ch/~maurer/publications.html.
12. https://reference.digilentinc.com/reference/programmable-logic/nexys-4-ddr/reference-manual
13. W. Liang et Jing Long, « A cryptographic algorithm based on Linear Feedback Shift Register », Computer
Application and System Modeling (ICCASM), 2010 International Conference on, 22-24 October 2010
14. M. Koutsoupia, E. Kalligeros and X. Kavousianos, LFSR-based test-data compression with self-stoppable seeds,
Design, Automation & Test in Europe Conference & Exhibition, 20-24 April 2009, p. 1482-1487 .
15. J.A. Reeds and J.A. Sloane, Shift Register Synthesis (Modulo m), SIAM Journal on Computing, August 1985, p.
505-513.
16. Gilles Van Assche, Jean Cardinal et Nicolas J. Cerf : Reconciliation of a Quantum-Distributed Gaussian Key. IEEE
Trans. Inf. Theory, 50(2):394–400, February 2004.
APPENDIX 1

Fig1. Simulation of 32-bits LFSR with ISim tool

APPENDIX 2

Fig2. Simulation of EPR protocol with ISim tool. We estimated the length of the final key to be 15 bits.