Quantum Key Distribution

Quantum Computing Group, IIT Roorkee

Anish Sharma and Krish Kapoor
Cryptography
• Its a technique used to secure information and communicating it to the intended user.

• Different algorithms are used to encrypt and decrypt data using mathematical tools.
 Suppose I have two parties Alice(sender) and
Bob (receiver) want to share information
without someone eavesdropping.

Secret Key If the same shared secret key is used to encrypt

and decrypt the plain text it is called symmetric
Cryptograph cryptography or shared key cryptography.
y
Symmetric cryptography also provides a degree
of authentication because data encrypted with
one symmetric key cannot be decrypted with
any other symmetric keygraphy.
Secret Key Cryptography
What is Ciphertext?
• Ciphertext is an encrypted or encoded information
of the original plaintext that is unreadable by a
human or computer without the proper cipher to
decrypt it.
• Symmetric key ciphers mainly divided into block
ciphers and stream ciphers
 One of the major problems with
secret-key cryptography is the
logistical issue of how to get the key
from one party to the other without
Flaws and allowing access to an attacker.
Advantage It is relatively fast channel to public
s key encryption as there is no
computationally intensive task to
decrypt the cipher.
 Asymmetric cryptography, also known as public-
key cryptography, is a process that uses a pair

Asymmetric of related keys -- one public key and one private

key -- to encrypt and decrypt a message and
protect it from unauthorized access or use.
key A public key is a cryptographic key that can be

cryptograph used by any person to encrypt a message so

that it can only be decrypted by the intended
recipient with their private key. A private key --
y also known as a secret key -- is shared only with
key's initiator.
•When someone wants to send an
encrypted message, they can pull the
intended recipient's public key from a
public directory and use it to encrypt
the message before sending it. The
recipient of the message can then
decrypt the message using their own
private key.
•If the sender encrypts the message using their private key, the message can be
decrypted only using that sender's public key, thus authenticating the sender. These
encryption and decryption processes happen automatically; users do not need to
physically lock and unlock the message.
•Increased data security is the primary benefit of asymmetric cryptography. It is the
most secure encryption process because users are never required to reveal or share
their private keys, thus decreasing the chances of a cybercriminal discovering a
user's private key during transmission.
 Uses of asymmetric key cryptography
• Asymmetric cryptography is typically used to authenticate data using
digital signatures. A digital signature is a mathematical technique used to
validate the authenticity and integrity of a message, software or digital
document. It is the digital equivalent of a handwritten signature or stamped
seal.
• Based on asymmetric cryptography, digital signatures can provide
assurances of evidence to the origin, identity and status of an electronic
document, transaction or message, as well as acknowledge informed
consent by the signer.
 Uses of asymmetric key cryptography
Asymmetric cryptography can also be applied to systems in which many users may
need to encrypt and decrypt messages, including:
• Encrypted email. A public key can be used to encrypt a message and a private
key can be used to decrypt it.
• SSL/TLS. Establishing encrypted links between websites and browsers also
makes use of asymmetric encryption.
• Cryptocurrencies. Bitcoin and other cryptocurrencies
rely on asymmetric cryptography. Users have public keys that everyone can see
and private keys that are kept secret. Bitcoin uses a cryptographic algorithm to
ensure only legitimate owners can spend the funds.
 Benefits :
• The key distribution problem is eliminated because there's no need for
exchanging keys.
• Security is increased since the private keys don't ever have to be
transmitted or revealed to anyone.
• The use of digital signatures is enabled so that a recipient can verify that a
message comes from a particular sender.
• It allows for nonrepudiation so the sender can't deny sending a message.
Quantum Entanglement
• In mathematical terms, when two
qubits can’t be written as tensor
product of their quantum state or they
can’t be defined independently as two
quantum states.
• If one knows the entangled state,
measuring one of the qubit of
entangled pair one can predict with
100% probability in which state the
other qubit will collapse (independent
of the spacial proximity).
Bell States(EPR
Pairs)
• Maximally Entangled quantum
states.
• They can also be used as
orthogonal basis for two qubit
system.
Creating Bell State
• Take a computational basis as the
input, and contains a Hadamard
gate and a CNOT gate . As an
example, the pictured quantum
circuit takes the two qubit input
00 and transforms it to the first
bell state.
Bell State Measurement
• The quantum circuit is Hermitian
adjoint of the circuit which created
bell state.
• It is used to measure the bell basis
in computational basis.
 Quantum Teleportation
• Quantum Teleportation is a way to transfer a unknown quantum state by
disassembling then reconstructing it by classical information and pair of
entangled state.
• It is not possible to do repeated measurement and find the probability of each
basis.
• As alice cant create multiple identical copy of her unknown quantum system(no
cloning theorem)
Quantum teleportation circuit
Protocol

• A Bell state is generated with one qubit with Alice and the
other with bob.
• Bell Measurement is performed by alice on her EPR pair and
the unknown quantum state this gives one of four outcomes
which can be as classical information.
• Usiing Classical channel the two bits are sent to bob (Time
consuming).
• At Bob hes EPR pair is in one of the four possible states by
classical bit he can predict which state is the original sent by
alice.
Bob qubit and
alice’s
measurement
Results • If classical bits is 00, then apply I gate.

• If classical bits is 01, then apply X gate.

• If classical bits is 10, then apply Z gate.

• If classical bits is 11, then apply XZ gate.

Why quantum?
While the advent of a feasible quantum computer would make current public key
cryptosystems obsolete and threaten key distribution protocols such as Diffie-
Hellman(Asymmetric key cryptography) , some of the same principles that
empower quantum computers also offer an unconditionally secure solution to the
key distribution problem. Moreover, quantum mechanics also provides the ability to
detect the presence of an eavesdropper who is attempting to learn the key, which is
a new feature in the field of cryptography. Because the research community has
been focused primarily on using quantum mechanics to enable secure key
distribution, quantum cryptography and quantum key distribution (QKD) are
generally synonymous in the literature.
Thus, our focus would be to go through the most fundamental quantum key
distribution protocols and their security from the perspective of a computer scientist
and not that of a quantum physicist.
 Quantum key distribution
Quantum key distribution (QKD) is a secure communication
method that implements a cryptographic protocol involving
components of quantum mechanics. It enables two parties to
produce a shared random secret key known only to them, which
then can be used to encrypt and decrypt messages. The process
of quantum key distribution is not to be confused with
quantum cryptography, as it is the best-known example of a
quantum-cryptographic task.
 BB84 protocol

This protocol, known as BB84 after its inventors and year of publication,
was originally described using photon polarization states to transmit the
information. However, any two pairs of conjugate states can be used for
the protocol, and many optical-fibre-based implementations described as
BB84 use phase encoded states. The sender (traditionally referred to as
Alice) and the receiver (Bob) are connected by a
quantum communication channel which allows quantum states to be
transmitted. In the case of photons this channel is generally either an
optical fibre or simply free space. In addition they communicate via a public
classical channel, for example using broadcast radio or the internet. The
protocol is designed with the assumption that an eavesdropper (referred to
as Eve) can interfere in any way with the quantum channel, while the
classical channel needs to be authenticated.
The security of the protocol comes from encoding the information in
non-orthogonal states. Quantum indeterminacy means that these states
cannot in general be measured without disturbing the original state (see
No-cloning theorem). BB84 uses two pairs of states, with each pair
conjugate to the other pair, and the two states within a pair orthogonal to
each other. Pairs of orthogonal states are referred to as a basis. The
usual polarization state pairs used are either the rectilinear basis of
vertical (0°) and horizontal (90°), the diagonal basis of 45° and 135° or
the circular basis of left- and right-handedness. Any two of these bases
are conjugate to each other, and so any two can be used in the protocol.
Below the rectilinear and diagonal bases are used.
According to quantum mechanics (particularly quantum indeterminacy),
no possible measurement distinguishes between the 4 different
polarization states, as they are not all orthogonal. The only possible
measurement is between any two orthogonal states (an orthonormal
basis). So, for example, measuring in the rectilinear basis gives a result
of horizontal or vertical. If the photon was created as horizontal or
vertical (as a rectilinear eigenstate) then this measures the correct
state, but if it was created as 45° or 135° (diagonal eigenstates) then
the rectilinear measurement instead returns either horizontal or vertical
at random. Furthermore, after this measurement the photon is polarized
in the state it was measured in (horizontal or vertical), with all
information about its initial polarization lost.
As Bob does not know the basis the photons were encoded in, all he
can do is to select a basis at random to measure in, either rectilinear or
diagonal. He does this for each photon he receives, recording the time,
measurement basis used and measurement result. After Bob has
measured all the photons, he communicates with Alice over the public
classical channel. Alice broadcasts the basis each photon was sent in,
and Bob the basis each was measured in. They both discard photon
measurements (bits) where Bob used a different basis, which is half on
average, leaving half the bits as a shared key.
To check for the presence of an eavesdropper, Alice and Bob now
compare a predetermined subset of their remaining bit strings. If a third
party (usually referred to as Eve, for "eavesdropper") has gained any
information about the photons' polarization, this introduces errors in
Bob's measurements. Other environmental conditions can cause errors
in a similar fashion. If more than p bits differ they abort the key and try
again, possibly with a different quantum channel, as the security of the
key cannot be guaranteed. p is chosen so that if the number of bits
known to Eve is less than this, privacy amplification can be used to
reduce Eve's knowledge of the key to an arbitrarily small amount at the
cost of reducing the length of the key.
The first step in BB84 is quantum transmission. Alice creates a
random bit (0 or 1) and then randomly selects one of her two
bases (rectilinear or diagonal in this case) to transmit it in. She
then prepares a photon polarization state depending both on the
bit value and basis, as shown in the adjacent table. So for example
a 0 is encoded in the rectilinear basis (+) as a vertical polarization
state, and a 1 is encoded in the diagonal basis (x) as a 135° state.
Alice then transmits a single photon in the state specified to Bob,
using the quantum channel. This process is then repeated from the
random bit stage, with Alice recording the state, basis and time of
each photon sent.
 B92 Protocol:
B92 protocol is a modified version of the BB84 protocol with the key
difference between the two being that while BB84 protocol uses four
different polarization states of photon, the B92 protocol uses two (one
from the rectilinear basis, conventionally H-polarization state and one
from the diagonal basis)
Device Independent Quantum Key Distribution(DIQKD)

DIQKD was first proposed by Mayers and Yao, building off of the BB84 protocol. They
presented that in DIQKD, the quantum device, which they refer to as the photon
source, be manufactured to come with tests that can be run by Alice and Bob to “self-
check” if their device is working properly. Such a test would only need to consider the
classical inputs and outputs in order to determine how much information is at risk of
being intercepted by Eve. A self checking, or “ideal” source would not have to be
characterized, and would therefore not be susceptible to implementation flaws.
Recent research has proposed using a Bell test to check that a device is working
properly. Bell’s theorem ensures that a device can create two outcomes that are
exclusively correlated, meaning that Eve could not intercept the results, without
making any assumptions about said device. This requires highly entangled states, and
a low quantum bit error rate. DIQKD presents difficulties in creating qubits that are in
such high quality entangled states, which makes it a challenge to realize
experimentally.
Twin Fields Quantum Key
Distribution(TFQKD):
Twin Fields Quantum Key Distribution (TFQKD) was introduced in 2018, and is a
version of DIQKD designed to overcome the fundamental rate-distance limit of
traditional quantum key distribution. The rate-distance limit, also known as the
rate-loss trade off, describes how as distance increases between Alice and Bob,
the rate of key generation decreases exponentially. In traditional QKD protocols,
this decay has been eliminated via the addition of physically secured relay nodes,
which can be placed along the quantum link with the intention of dividing it up into
several low-loss sections. Researchers have also recommended the use of
quantum repeaters, which when added to the relay nodes make it so that they no
longer need to be physically secured. Quantum repeaters, however, are difficult to
create and have yet to be implemented on a useful scale. TFQKD aims to bypass
the rate-distance limit without the use of quantum repeaters or relay nodes,
creating manageable levels of noise and a process that can be repeated much
more easily with today's existing technology.
The original protocol for TFQKD is as follows: Alice and Bob each have
a light source and one arm on an interferometer in their laboratories.
The light sources create two dim optical pulses with a randomly
phase pa or pb in the interval [0, 2π) and an encoding phase γa or γb.
The pulses are sent along a quantum to Charlie, a third party who can
be malicious or not. Charlie uses a beam splitter to overlap the two
pulses and perform a measurement. He has two detectors in his own
lab, one of which will light up if the bits are equal (00) or (11), and the
other when they are different (10, 01). Charlie will announce to Alice
and Bob which of the detectors lit up, at which point they publicly
reveal the phases p and γ. This is different from traditional QKD, in
which the phases used are never revealed.
 • There are two groups of measurement basis: Z−basis:
BZ={|0 〉 ,|1 〉 } and X−basis: BX={|+ 〉 ,|− 〉 }.
Alice and Bob randomly choose BZ or BX.
• the EPR pair |ᶲ+ 〉 =1/2(|00 〉 +|11 〉 ), sends the
E91 first particle of |ᶲ+>to Alice and second particle of |ᶲ+
> to Bob.
Protocol • They randomly chose measurement basis and
communicate each other basis through classical
channel.
 They divide measurement results in two:
Decoy Qubits(GD) – In which measurement
basis are different and Raw key Qubits(GK)
– Same measurement basis.
GD is used to detect eavesdropping, if there
E91 is bit error in GD then eve is present, and
Protocol the quantum channel is not safe and start a
new channel(by changing basis).
If the channel is safe, then GK can be used
and alice bob will have same
measurements.
Types of Attacks
• Intercept and resend
• Man in the middle attack
 Intercept and resend
The simplest type of possible attack is the intercept-resend
attack, where Eve measures the quantum states (photons)
sent by Alice and then sends replacement states to Bob,
prepared in the state she measures. In the BB84 protocol,
this produces errors in the key Alice and Bob share. As Eve
has no knowledge of the basis a state sent by Alice is
encoded in, she can only guess which basis to measure in, in
the same way as Bob. If she chooses correctly, she
measures the correct photon polarization state as sent by
Alice, and resends the correct state to Bob. However, if she
chooses incorrectly, the state she measures is random, and the state
sent to Bob cannot be the same as the state sent by Alice
 If Bob then measures this state in the same basis Alice sent, he too
gets a random result—as Eve has sent him a state in the opposite
basis—with a 50% chance of an erroneous result (instead of the
correct result he would get without the presence of Eve). The table
below shows an example of this type of attack.
 The probability Eve chooses the incorrect basis is 50% (assuming
Alice chooses randomly), and if Bob measures this intercepted
photon in the basis Alice sent he gets a random result, i.e., an
incorrect result with probability of 50%. The probability an
intercepted photon generates an error in the key string is then
50%*50%. If Alice and Bob publicly compare n of their key bits (thus
discarding them as key bits, as they are no longer secret) the
probability they find disagreement and identify the presence of Eve
is
Pd=1-(3/4)^n
So to detect an eavesdropper with probability Pd=0.999999999 Alice
and Bob need to compare n=72 key bits.
Man-in-the-middle attack
Quantum key distribution is vulnerable to a
man-in-the-middle attack when used without
authentication to the same extent as any classical
protocol, since no known principle of quantum
mechanics can distinguish friend from foe. As in the
classical case, Alice and Bob cannot authenticate
each other and establish a secure connection
without some means of verifying each other's
identities (such as an initial shared secret).
If Alice and Bob have an initial shared secret then they can
use an unconditionally secure authentication scheme (such
as Carter-Wegman) along with quantum key distribution to
exponentially expand this key, using a small amount of the
new key to authenticate the next session. Several methods
to create this initial shared secret have been proposed, for
example using a 3rd party or chaos theory. Nevertheless,
only "almost strongly universal" family of hash functions can
be used for unconditionally secure authentication .
References

•https://journals.sagepub.com/doi/epub/10.1177/1550147718778192
•https://medium.com/quantum-untangled/quantum-key-distribution-an
d-bb84-protocol-6f03cc6263c5
•https://www.cambridge.org/core/books/quantum-cryptography-and-sec
retkey-distillation/bb84-protocol/ADE897BE4AB74E6C15FB1D5A684469
DF
•https://en.wikipedia.org/wiki/Superdense_coding
•https://drive.google.com/drive/folders/1V3ilRcJLGrNqzskfDhVEEXLTpyf9
5pLM
•https://www.nature.com/articles/s41598-019-50290-1
•https://en.wikipedia.org/wiki/Quantum_key_distribution
•https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.67.661
•http://cs.uccs.edu/~cs691/crypto/BBBSS92.pdf
•https://www.techtarget.com/searchsecurity/definition/asymmetric-cryp
tography
Handles:

https://www.instagram.com/qcgiitr/

https://qcg.iitr.ac.in/

https://linktr.ee/qcgiitr