On the security of AlphaEta: Response to `Some attacks on quantum-based cryptographic protocols'

Lo and Ko in [1] have developed some attacks on the cryptosystem called AlphaEta [2], claiming that these attacks undermine the security of AlphaEta for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on `asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to ``pull back'' an argument valid only at n=infinity into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a `proof' using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on AlphaEta as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for AlphaEta, we provide a description of relevant results in standard cryptography and in the design of AlphaEta to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.

[1]  James L. Massey,et al.  An Information-Theoretic Treatment of Homophonic Substitution , 1990, EUROCRYPT.

[2]  S. Lloyd,et al.  Classical capacity of the lossy bosonic channel: the exact solution. , 2003, Physical review letters.

[3]  P. Kumar,et al.  Quantum noise protected data encryption in a WDM network , 2005, IEEE Photonics Technology Letters.

[4]  H. Yuen,et al.  Secure communication using mesoscopic coherent states. , 2002, Physical review letters.

[5]  C. Helstrom Quantum detection and estimation theory , 1969 .

[6]  J. L. Massey,et al.  An introduction to contemporary cryptology , 1988, Proc. IEEE.

[7]  Horace P. Yuen KCQ: A New Approach to Quantum Cryptography I. General Principles and Qubit Key Generation , 2003 .

[8]  A J Shields,et al.  Comment on "secure communication using mesoscopic coherent states". , 2005, Physical review letters.

[9]  Christoph G. Günther,et al.  A Universal Algorithm for Homophonic Coding , 1988, EUROCRYPT.

[10]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[11]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[12]  Hideki Imai,et al.  How much security does Y-00 protocol provide us? , 2004 .

[13]  Hoi-Kwong Lo,et al.  Some attacks on quantum-based cryptographic protocols , 2005, Quantum Inf. Comput..

[14]  Eric Corndorf,et al.  Reply to: 'Reply to: "Comment on: `How much security does Y-00 protocol provide us?` " ' , 2005 .

[15]  Osamu Hirota,et al.  Quantum stream cipher by the Yuen 2000 protocol: Design and experiment by an intensity-modulation scheme , 2005 .