Advanced unambiguous state discrimination attack and countermeasure strategy in a practical B92 QKD system

Even though unconditional security of B92 quantum key distribution (QKD) system is based on the assumption of perfect positive-operator-valued measures, practical B92 systems only utilize two projective measurements. Unfortunately, such implementation may degrade the security of the B92 QKD system due to Eve’s potential attack exploiting the imperfection of system. In this paper, we propose an advanced attack strategy with an unambiguous state discrimination (USD) measurement which makes practical B92 QKD systems insecure even under a lossless channel. In addition, we propose an effective countermeasure against the advanced USD attack model by monitoring double-click events. We further address a fundamental approach to make the B92 QKD system tolerable to attack strategies with USD measurements using a multi-qubit scheme.     

Improved key integrity checking for high-speed quantum key distribution using combinatorial group testing with strongly selective family design

Key integrity checking is a necessary process in practical quantum key distribution (QKD) to check whether there is any error bit escaped from the previous error correction procedure. The traditional single-hash method may become a bottleneck in high-speed QKD since it has to discard all the key bits even if just one error bit exists. In this paper, we propose an improved scheme using combinatorial group testing (CGT) based on strong selective family design to verify key integrity in fine granularity and consequently improve the total efficiency of key generation after the error correction procedure. Code shortening technique and parallel computing are also applied to enhance the scheme’s flexibility and to accelerate the computation. Experimental results show that the scheme can identify the rare error bits precisely and thus avoid dropping the great majority of correct bits, while the overhead is reasonable. For a $2^{20}$ -bit key, the disclosed information for public comparison is 800 bits (about 0.076 % of the key bits), reducing 256 bits when compared with the previous CGT scheme. Besides, with an Intel^® quad-cores CPU at 3.40 GHz and 8 GB RAM, the computational times are 3.0 and 6.3 ms for hashing and decoding, respectively, which are reasonable in real applications and will not cause significant latency in practical QKD systems.     

基于密钥中继的广域量子密钥网络路由方案

针对现有基于密钥中继的 QKD 网络路由方案存在适用范围有限、不能满足广域环境路由需求的问题,分析了广域 QKD 网络路由特点并提出了相应的路由需求,进而设计了基于虚链路的分域量子密钥网络路由方案。将广域 QKD 网络划分为多个小规模的密钥路由域,降低了域内密钥路由的复杂度,通过建立跨越密钥路由域的虚链路缩短了域间路由长度,从而提高了广域环境下密钥路由效率。理论分析表明,该方案具有路由更新收敛快、路由时延小、密钥资源消耗少的优点。     

Study on the security of the authentication scheme with key recycling in QKD

In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.     

Four-state quantum key distribution exploiting maximum mutual information measurement strategy

We propose a four-state quantum key distribution (QKD) scheme using generalized measurement of nonorthogonal states, the maximum mutual information measurement strategy. Then, we analyze the eavesdropping process in intercept–resend and photon number splitting attack scenes. Our analysis shows that in the intercept–resend and photon number splitting attack eavesdropping scenes, our scheme is more secure than BB84 protocol and has higher key generation rate which may be applied to high-density QKD.     

Identity based secure authentication scheme based on quantum key distribution for cloud computing

Identity theft is the most recurrent twenty-first century cybercrime. Thus, authentication is of utmost significance as the number of hackers who seek to intrigue into legitimate user’s account to obtain sensitive information is increasing. Identity based authentication operates to corroborate the identity of the user so that only the legitimate user gets access to the service. This paper proposes a quantum identity based authentication and key agreement scheme for cloud server architecture. Quantum cryptography based on the laws of quantum physics is a vital technology for securing privacy and confidentiality in the field of network security. A formal security analysis has been performed using AVISPA tool that confirms the security of the proposed scheme. The security analysis of the proposed protocol proves that it is robust against all security attacks. To confirm applicability of quantum key distribution in cloud computing, a practical long-distance entanglement-based QKD experiment has been proposed. This experiment confirms successful generation of shifted keys over distance of 100 km of optical fiber with a key rate of 4.11 bit/s and an error rate of 9.21 %.     

Multiple stochastic paths scheme on partially-trusted relay quantum key distribution network

Quantum key distribution (QKD) technology provides proven unconditional point-to-point security based on fundamental quantum physics. A QKD network also holds promise for secure multi-user communications over long distances at high-speed transmission rates. Although many schemes have been proposed so far, the trusted relay QKD network is still the most practical and flexible scenario. In reality, the insecurity of certain relay sections cannot be ignored, so to solve the fatal security problems of partially-trusted relay networks we suggest a multiple stochastic paths scheme. Its features are: (i) a safe probability model that may be more practical for real applications; (ii) a multi-path scheme with an upper bound for the overall safe probability; (iii) an adaptive stochastic routing algorithm to generate sufficient different paths and hidden routes. Simulation results for a typical partially-trusted relay QKD network show that this generalized scheme is effective. Supported by the National Fundamental Research Program of China (Grant No. 2006CB921900), the National Natural Science Foundation of China (Grant Nos. 60537020 and 60621064), the Knowledge Innovation Project of the Chinese Academy of Sciences, and the Chinese Academy of Sciences International Partnership Project     

Two-way QKD with single-photon-added coherent states

In this work we present a two-way quantum key distribution (QKD) scheme that uses single-photon-added coherent states and displacement operations. The first party randomly sends coherent states (CS) or single-photon-added coherent states (SPACS) to the second party. The latter sends back the same state it received. Both parties decide which kind of states they are receiving by detecting or not a photon on the received signal after displacement operations. The first party must determine whether its sent and received states are equal; otherwise, the case must be discarded. We are going to show that an eavesdropper provided with a beam splitter gets the same information in any of the non-discarded cases. The key can be obtained by assigning 0 to CS and 1 to SPACS in the non-discarded cases. This protocol guarantees keys’ security in the presence of a beam splitter attack even for states with a high number of photons in the sent signal. It also works in a lossy quantum channel, becoming a good bet for improving long-distance QKD.     

基于仲裁的SM9标识加密算法

SM9-IBE是我国于2016年发布的标识加密算法行业标准.标识加密算法以用户的标识(如邮件地址、身份证号等)作为公钥,从而降低系统管理用户密钥的复杂性.然而,标识加密算法的密钥撤销和更新问题却变得更加困难.此外,SM9算法的结构特殊使得已有技术无法完全适用于该算法.为此,本文提出一种基于仲裁的SM9标识加密算法,可快...     

Universally composable and customizable post-processing for practical quantum key distribution

In quantum key distribution (QKD), a secret key is generated between two distant parties by transmitting quantum states. Experimental measurements on the quantum states are then transformed to a secret key by classical post-processing. Here, we propose a construction framework in which QKD classical post-processing can be custom made. Though seemingly obvious, the concept of concatenating classical blocks to form a whole procedure does not automatically apply to the formation of a quantum cryptographic procedure since the security of the entire QKD procedure rests on the laws of quantum mechanics and classical blocks are originally designed and characterized without regard to any properties of these laws. Nevertheless, we justify such concept of concatenating classical blocks in constructing QKD classical post-processing procedures, along with a relation to the universal-composability-security parameter. Consequently, effects arising from an actual QKD experiment, such as those due to the finiteness of the number of signals used, can be dealt with by employing suitable post-processing blocks. Lastly, we use our proposed customizable framework to build a comprehensive generic recipe for classical post-processing that one can follow to derive a secret key from the measurement outcomes in an actual experiment.     

Tunable multi-party high-capacity quantum key distribution based on <Emphasis Type="Italic">m</Emphasis>-generalized Fibonacci sequences using golden coding

Practical communication settings for quantum key distribution (QKD) are very complex, and the number of participants should be tunable. Given these, we propose a tunable multi-party high-capacity QKD protocol based on m-generalized Fibonacci sequences and golden coding, where the number of participants can be adjusted adaptively by joining a new participant and revoking an old participant, combining two participant groups into one group. Meanwhile, we construct golden coding to achieve higher capability and fewer interactive communications.     

New scheme for measurement-device-independent quantum key distribution

We propose a new scheme for measurement-device-independent quantum key distribution (MDI-QKD) with a two-mode state source. In this scheme, the trigger state is split into different paths and detected at both senders; thus, four types of detection events can be obtained. Based on these events, the signal state is divided into four non-empty sets that can be used for parameter estimation and key extraction. Additionally, we carry out a performance analysis on the scheme with two-intensity (vacuum state and signal state) heralded single-photon sources. We also numerically study the statistical fluctuation in the actual system. Our simulations show that the error rate and the secure transmission distance of our two-intensity scheme are better than those of existing three- and four-intensity MDI-QKD schemes with different light sources. Considering statistical fluctuations, the maximum secure distance of our scheme can reach 344 km when the data length is 10¹³ and remains as long as 250 km when the data length is 10¹⁰. Moreover, our scheme improves the system performance and reduces the challenges of implementing the system.     

基于身份的一次性公钥分析与重构

针对一种基于身份一次性公钥的构造方案给出2种攻击方法,指出其是可伪造的。基于超奇异椭圆曲线并利用一般椭圆曲线签名算法对基于身份的一次性公钥方案进行重新构造,新的构造方案能够抵抗伪造性攻击,是安全高效的。由于用户每次可以使用不同的公钥,方案可用于解决Internet通信中的匿名认证问题,实现用户隐私的有效保护。     

可保证临时秘密泄漏安全的无证书签密方案

为了确保无证书签密方案能实现临时秘密泄漏安全性,提出了一种新的无需对运算的无证书签密方案.新签密方案将用户部分私钥、用户私有秘密和签密临时秘密分别对应到求解3个不同的CDH (computational Diffie-Hellman)问题,并采用散列函数将用户密钥、临时秘密和密文与用户身份绑定.表明了新方案不仅能实现数据的认证性、机密性,还能确保临时秘密泄漏安全性.对比分析结果表明,新方案的安全性更高,计算性能更优.此外,文中还指出文献[3]中签密方案不能抵抗临时秘密泄露攻击.     

The statistical fluctuation analysis for the measurement-device-independent quantum key distribution with heralded single-photon sources

In this paper, we carry out statistical fluctuation analysis for the new proposed measurement-device-independent quantum key distribution with heralded single-photon sources and further compare its performance with the mostly often used light sources, i.e., the weak coherent source. Due to a significantly lower probability for events with two photons present on the same side of the beam splitter in former than in latter, it gives drastically reduced quantum bit error rate in the X basis and can thus show splendid behavior in real-life implementations even when taking statistical fluctuations into account.     

Detecting relay attacks on RFID communication systems using quantum bits

RFID systems became widespread in variety of applications because of their simplicity in manufacturing and usability. In the province of critical infrastructure protection, RFID systems are usually employed to identify and track people, objects and vehicles that enter restricted areas. The most important vulnerability which is prevalent among all protocols employed in RFID systems is against relay attacks. Until now, to protect RFID systems against this kind of attack, the only approach is the utilization of distance-bounding protocols which are not applicable over low-cost devices such as RFID passive tags. This work presents a novel technique using emerging quantum technologies to detect relay attacks on RFID systems. Recently, it is demonstrated that quantum key distribution (QKD) can be implemented in a client–server scheme where client only requires an on-chip polarization rotator that may be integrated into a handheld device. Now we present our technique for a tag–reader scenario which needs similar resources as the mentioned QKD scheme. We argue that our technique requires less resources and provides lower probability of false alarm for the system, compared with distance-bounding protocols, and may pave the way to enhance the security of current RFID systems.

     

Reference-free-independent quantum key distribution immune to detector side channel attacks

Usually, a shared reference frame is indispensable for practical quantum key distribution (QKD) systems. As a result, most QKD systems need active alignment of reference frame due to the unknown and slowly variances of reference frame introduced by environment. Quite interestingly, reference-free-independent (RFI) QKD can generate secret-key bits without alignment of reference frame. However, RFI QKD may be still vulnerable to detector side channel attacks. Here, we propose a new RFI QKD protocol, in which all detector side channels are removed. Furthermore, our protocol can still tolerate unknown and slow variance of reference frame without active alignment. And a numerical simulation shows that long security distance is probable in this protocol.     

有效的基于身份的门限签名

门限签名是现代电子商务一种重要的数字签名。基于Hess签名的一个变体签名方案,提出了一个有效的基于身份的门限数字签名方案。为了提高方案的安全性,提出的方案利用Shamir秘密共享技术共享一个用户的私钥,而不是共享密钥生成中心的主密钥。利用Gennaro可模拟的思想,证明了提出的方案具有健壮性和不可伪造性,故提出的方案是安全的。与Cheng等人最近提出的方案相比,新方案具有更高的计算效率。     

The statistical fluctuation study of quantum key distribution in means of uncertainty principle

Laser defects in emitting single photon, photon signal attenuation and propagation of error cause our serious headaches in practical long-distance quantum key distribution (QKD) experiment for a long time. In this paper, we study the uncertainty principle in metrology and use this tool to analyze the statistical fluctuation of the number of received single photons, the yield of single photons and quantum bit error rate (QBER). After that we calculate the error between measured value and real value of every parameter, and concern the propagation error among all the measure values. We paraphrase the Gottesman–Lo–Lutkenhaus–Preskill (GLLP) formula in consideration of those parameters and generate the QKD simulation result. In this study, with the increase in coding photon length, the safe distribution distance is longer and longer. When the coding photon’s length is \(N = 10^{11}\), the safe distribution distance can be almost 118 km. It gives a lower bound of safe transmission distance than without uncertainty principle’s 127 km. So our study is in line with established theory, but we make it more realistic.