On the security of Y-00 under fast correlation and other attacks on the key

Yuen, Horace P.; Nair, Ranjith

doi:10.1016/j.physleta.2006.12.033

Cited by 21 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Independently, a similar observation regarding the exposure of the key has been recently made by H. Yuen in [8] (and see also [6] and [7]). In [6,8], it is argued that a technique that is called Deliberate Signal Randomization (DSR) will serve to add information-theoretic security to the key.…”

supporting

confidence: 75%

“…In this paper, we show that αη has an additional disadvantage that current classical ciphers do not have: transmission of the "encrypted" states actually leaks information about the key to an eavesdropper, even if that eavesdropper has no information about the message. Such a weakness has been independently described briefly in [6], and in more depth in [7] and [8]; here, we calculate information loss and estimate a bound on the efficacy of explicit attacks such as [7]. In the remainder of this paper, we will describe the αη scheme, show that in practice there is no advantage created for Bob over Eve via quantum limits on measurement, and estimate how much information Eve can learn about the key from Alice's transmission.…”

mentioning

confidence: 94%

“…In [6,8], it is argued that a technique that is called Deliberate Signal Randomization (DSR) will serve to add information-theoretic security to the key. This technique simply involves Alice sending a random state in the half-plane around the state she would send under the non-DSR version given above.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Exposed-key weakness of αη

Ahn

Birnbaum

2007

Physics Letters A

View full text Add to dashboard Cite

The αη protocol given by Barbosa et al., PRL 90, 227901 (2003) claims to be a secure way of encrypting messages using mesoscopic coherent states. We show that transmission under αη exposes information about the secret key to an eavesdropper, and we estimate the rate at which an eavesdropper can learn about the key. We also consider the consequences of using further randomization to protect the key and how our analysis applies to this case. We conclude that αη is not informationally secure.PACS numbers: 03.67. Dd, 89.70.+c, 42.79.Sz Keywords: quantum encryption Encryption of sensitive data is an ubiquitous problem in military, commercial, and even personal communications. Quantum mechanics can be used to solve this problem by generating a key that can be proven to be unconditionally secure via the BB84 protocol (e.g., [1]); this key can then be securely used in a one-time pad. However, BB84 is difficult to implement and has relatively low bit rates compared to current data transmission rates [2]. To combat these disadvantages, another quantum encryption scheme which can send encrypted data at very high rates and which is easily implemented has been proposed in [3]. This protocol is often called the αη protocol or the Y − 00 protocol and purports to draw its security from confusing an eavesdropper Eve by using the uncertainty on any measurement she can make.The αη protocol has not been shown to be unconditionally secure as has BB84; indeed, the attack given in [4] (see also [5]) shows that at best the security of αη must be complexity-based, as are current classical ciphers. In this paper, we show that αη has an additional disadvantage that current classical ciphers do not have: transmission of the "encrypted" states actually leaks information about the key to an eavesdropper, even if that eavesdropper has no information about the message. Such a weakness has been independently described briefly in [6], and in more depth in [7] and [8]; here, we calculate information loss and estimate a bound on the efficacy of explicit attacks such as [7]. In the remainder of this paper, we will describe the αη scheme, show that in practice there is no advantage created for Bob over Eve via quantum limits on measurement, and estimate how much information Eve can learn about the key from Alice's transmission. We will also discuss a technique given in [9] and [6], Deliberate Signal Randomization, and how our analysis applies there.In the αη protocol, the symbols transmitted from Alice to Bob are physically encoded as mesoscopic coherent states (mean photon numbers N ∼ 10 − 10 5 ) of varying phase or polarization. Without loss of generality, we will consider the states to have the same polarization and amplitude, and varying phase. We will take the number of symbols to be M , and the code states to be |α(j) = |e 2πij/M √ N , where j ∈ {0, . . . M − 1}. The states to be sent are selected by the following technique:1. Starting with a key K of size L bits, use a pseudo-random number generator to produce * Electronic address: cahn@...

show abstract

supporting

confidence: 75%

mentioning

confidence: 94%

See 1 more Smart Citation

Exposed-key weakness of αη

Ahn

Birnbaum

2007

Physics Letters A

View full text Add to dashboard Cite

show abstract

“…The detailed analysis and estimation are shown in [2], [7], [6], [10] and so on. In many cases, the attack by Algorithm A is either a correlation attack or a fast correlation attack, and the target PRNG is an M sequence generator.…”

Section: Analytical Evaluationmentioning

confidence: 99%

Security Analysis of Generalized Confidential Modulation

Tanaka

2013

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

show abstract

“…Because of limited space, we omit the details of estimation of the abovementioned necessary costs. The detailed analysis and estimation are shown in [4], [11], [10], [17] and so on. In many cases, the attack by Algorithm A is eithera correlation attack or a fast correlation attack, and the target PRNG is anM sequence generator.…”

Section: Analytical Evaluationmentioning

confidence: 99%

Security Analysis of Generalized Confidentialmodulation for Quantum Communication

Tanaka¹

2013

IJCNC

View full text Add to dashboard Cite

We propose a new evaluation method for‘generalized confidential modulation(GCM)’ for quantum communication. Confidential modulation realizes a secret communication by using secret information formodulation and noise in a channel. Y-00 is one of the famous methods of GCM forquantum communication.The existing evaluation methods for GCM are based on stream ciphers. They can estimate its analyticalsecurity andthe evaluation depends on the security status of pseudo random number generator (PRNG)which controls the modulation. On the other hand,our method is based on mode of operation for blockciphers and clears the weaknesses from structural viewpoint. Using our method, we can compare thesecurity of different GCM structures. Our method ofsecurity evaluation and comparison does not dependon the security status of PRNG.From the results of ourevaluation, we conclude that the security of GCMislimited to computational security

show abstract

On the security of Y-00 under fast correlation and other attacks on the key

Cited by 21 publications

References 12 publications

Exposed-key weakness of αη

Exposed-key weakness of αη

Security Analysis of Generalized Confidential Modulation

Security Analysis of Generalized Confidentialmodulation for Quantum Communication

Contact Info

Product

Resources

About