Quantum-noise randomized ciphers

Nair, Ranjith; Yuen, Horace P.; Corndorf, Eric; Eguchi, Takami; Kumar, Prem

doi:10.1103/physreva.74.052309

Cited by 59 publications

(59 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A fast correlation attack (FCA) was presented that was shown to succeed by simulations for moderate signal levels when the ENC box in Y-00 is a LFSR (linear feedback shift register) of a few taps and length up to 32. Even though such Y-00 is already insecure against what we call assisted brute-force search [9] due to the small seed key size |K| ≤ 32, such FCA is of interest as it brings forth the whole issue of Y-00 seed key security against similar and other attacks.…”

Section: Introductionmentioning

confidence: 99%

On the security of Y-00 under fast correlation and other attacks on the key

Yuen

Nair

2007

Physics Letters A

Self Cite

View full text Add to dashboard Cite

The potential weakness of the Y-00 direct encryption protocol when the encryption box ENC is not chosen properly is demonstrated in a fast correlation attack by S. Donnet et al in Phys. Lett. A 356 (2006) 406-410. In this paper, we show how this weakness can be eliminated with a proper design of ENC. In particular, we present a Y-00 configuration that is more secure than AES under known-plaintext attack. It is also shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any ENC when proper deliberate signal randomization is employed. * yuen@ece.northwestern.edu

show abstract

Section: Introductionmentioning

confidence: 99%

On the security of Y-00 under fast correlation and other attacks on the key

Yuen

Nair

2007

Physics Letters A

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this paper, we show that αη has an additional disadvantage that current classical ciphers do not have: transmission of the "encrypted" states actually leaks information about the key to an eavesdropper, even if that eavesdropper has no information about the message. Such a weakness has been independently described briefly in [6], and in more depth in [7] and [8]; here, we calculate information loss and estimate a bound on the efficacy of explicit attacks such as [7]. In the remainder of this paper, we will describe the αη scheme, show that in practice there is no advantage created for Bob over Eve via quantum limits on measurement, and estimate how much information Eve can learn about the key from Alice's transmission.…”

mentioning

confidence: 99%

“…Another advantage of αη stated in [6] is that it gains some security due to the physical nature of the states being sent: it may in practice be difficult to perform the measurements needed to eavesdrop on a channel with this encoding. However, since an effective eavesdropping strategy is to employ a heterodyne or dual-homodyne measurement, we do not see a great difference in the practical difficulty of eavesdropping from the difficulty of the legitimate receiver, or from the receiver of any coherent communication system.…”

mentioning

confidence: 99%

“…In the remainder of this paper, we will describe the αη scheme, show that in practice there is no advantage created for Bob over Eve via quantum limits on measurement, and estimate how much information Eve can learn about the key from Alice's transmission. We will also discuss a technique given in [9] and [6], Deliberate Signal Randomization, and how our analysis applies there.…”

mentioning

confidence: 99%

“…In [6,8], it is argued that a technique that is called Deliberate Signal Randomization (DSR) will serve to add information-theoretic security to the key. This technique simply involves Alice sending a random state in the half-plane around the state she would send under the non-DSR version given above.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Exposed-key weakness of αη

Ahn

Birnbaum

2007

Physics Letters A

View full text Add to dashboard Cite

The αη protocol given by Barbosa et al., PRL 90, 227901 (2003) claims to be a secure way of encrypting messages using mesoscopic coherent states. We show that transmission under αη exposes information about the secret key to an eavesdropper, and we estimate the rate at which an eavesdropper can learn about the key. We also consider the consequences of using further randomization to protect the key and how our analysis applies to this case. We conclude that αη is not informationally secure.PACS numbers: 03.67. Dd, 89.70.+c, 42.79.Sz Keywords: quantum encryption Encryption of sensitive data is an ubiquitous problem in military, commercial, and even personal communications. Quantum mechanics can be used to solve this problem by generating a key that can be proven to be unconditionally secure via the BB84 protocol (e.g., [1]); this key can then be securely used in a one-time pad. However, BB84 is difficult to implement and has relatively low bit rates compared to current data transmission rates [2]. To combat these disadvantages, another quantum encryption scheme which can send encrypted data at very high rates and which is easily implemented has been proposed in [3]. This protocol is often called the αη protocol or the Y − 00 protocol and purports to draw its security from confusing an eavesdropper Eve by using the uncertainty on any measurement she can make.The αη protocol has not been shown to be unconditionally secure as has BB84; indeed, the attack given in [4] (see also [5]) shows that at best the security of αη must be complexity-based, as are current classical ciphers. In this paper, we show that αη has an additional disadvantage that current classical ciphers do not have: transmission of the "encrypted" states actually leaks information about the key to an eavesdropper, even if that eavesdropper has no information about the message. Such a weakness has been independently described briefly in [6], and in more depth in [7] and [8]; here, we calculate information loss and estimate a bound on the efficacy of explicit attacks such as [7]. In the remainder of this paper, we will describe the αη scheme, show that in practice there is no advantage created for Bob over Eve via quantum limits on measurement, and estimate how much information Eve can learn about the key from Alice's transmission. We will also discuss a technique given in [9] and [6], Deliberate Signal Randomization, and how our analysis applies there.In the αη protocol, the symbols transmitted from Alice to Bob are physically encoded as mesoscopic coherent states (mean photon numbers N ∼ 10 − 10 5 ) of varying phase or polarization. Without loss of generality, we will consider the states to have the same polarization and amplitude, and varying phase. We will take the number of symbols to be M , and the code states to be |α(j) = |e 2πij/M √ N , where j ∈ {0, . . . M − 1}. The states to be sent are selected by the following technique:1. Starting with a key K of size L bits, use a pseudo-random number generator to produce * Electronic address: cahn@...

show abstract