Using quantum key distribution for cryptographic purposes: A survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.

[1]  Renato Renner,et al.  Security of quantum key distribution , 2005, Ausgezeichnete Informatikdissertationen.

[2]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[3]  Guo Guangcan,et al.  Experimental Decoy State Quantum Key Distribution Over 120 km Fibre , 2008 .

[4]  V. Scarani,et al.  Device-independent security of quantum cryptography against collective attacks. , 2007, Physical review letters.

[5]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[6]  Todd M. Austin,et al.  Fault-based attack of RSA authentication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[7]  H. Weinfurter,et al.  Free-Space distribution of entanglement and single photons over 144 km , 2006, quant-ph/0607182.

[8]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[9]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[10]  V. Makarov Controlling passively quenched single photon detectors by bright light , 2007, 0707.3987.

[11]  Moti Yung,et al.  Perfectly secure message transmission , 1993, JACM.

[12]  Anthony Leverrier,et al.  Unconditional security proof of long-distance continuous-variable quantum key distribution with discrete modulation. , 2008, Physical review letters.

[13]  Stelvio Cimato,et al.  A unified model for unconditionally secure key distribution , 2006, J. Comput. Secur..

[14]  B. Baek,et al.  Ultra fast quantum key distribution over a 97 km installed telecom fiber with wavelength division multiplexing clock synchronization. , 2008, Optics express.

[15]  Sébastien Kunz-Jacques,et al.  Long Distance Continuous-Variable Quantum Key Distribution with a Gaussian Modulation , 2011, Physical Review A.

[16]  E. Diamanti,et al.  Field test of a continuous-variable quantum key distribution prototype , 2008, 0812.3292.

[17]  J. Cirac,et al.  Quantum repeaters based on entanglement purification , 1998, quant-ph/9808065.

[18]  Douglas R. Stinson Universal Hashing and Authentication Codes , 1991, CRYPTO.

[19]  Lov K. Grover Quantum Mechanics Helps in Searching for a Needle in a Haystack , 1997, quant-ph/9706033.

[20]  Ivan Damgård,et al.  Cryptography in the bounded quantum-storage model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[21]  G. Guo,et al.  Experimental Decoy Quantum Key Distribution Up To 130KM Fiber , 2007, 0704.2941.

[22]  Momtchil Peev,et al.  Security of trusted repeater quantum key distribution networks , 2009, J. Comput. Secur..

[23]  E. Diamanti,et al.  Topological optimization of quantum key distribution networks , 2009, 0903.0839.

[24]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[25]  Yi Zhao,et al.  Experimental quantum key distribution with decoy states. , 2006, Physical review letters.

[26]  Eli Biham,et al.  NESSIE D21 - Performance of Optimized Implementations of the NESSIE Primitives , 2003 .

[27]  Biham,et al.  Quantum cryptographic network based on quantum memories. , 1996, Physical review. A, Atomic, molecular, and optical physics.

[28]  Gilles Brassard,et al.  Strengths and Weaknesses of Quantum Computing , 1997, SIAM J. Comput..

[29]  A. H. de Sousa,et al.  Monitoring, Controlling and Configuring a Wireless Household-Electric Network through LabVIEW Remote Virtual Interface. , 2007 .

[30]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[31]  C. Elliott Building the quantum network* , 2002 .

[32]  Michele Mosca,et al.  Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search , 2013, PQCrypto.

[33]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[34]  Charles H. Bennett,et al.  Quantum cryptography without Bell's theorem. , 1992, Physical review letters.

[35]  B Baek,et al.  Long Distance Quantum Key Distribution in Optical Fiber , 2008, OFC/NFOEC 2008 - 2008 Conference on Optical Fiber Communication/National Fiber Optic Engineers Conference.

[36]  Gilles Brassard,et al.  Secret-Key Reconciliation by Public Discussion , 1994, EUROCRYPT.

[37]  Dorit Aharonov,et al.  A lattice problem in quantum NP , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[38]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[39]  Dag R. Hjelme,et al.  Faked states attack on quantum cryptosystems , 2005 .

[40]  V. Scarani,et al.  The security of practical quantum key distribution , 2008, 0802.4155.

[41]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[42]  Ingrid Verbauwhede,et al.  A 21.54 Gbits/s fully pipelined AES processor on FPGA , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[43]  Daniel R. Simon,et al.  On the power of quantum computation , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[44]  H. Bechmann-Pasquinucci,et al.  Quantum cryptography , 2001, quant-ph/0101098.

[45]  Shor,et al.  Simple proof of security of the BB84 quantum key distribution protocol , 2000, Physical review letters.

[46]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[47]  Lawrence H. Ozarow,et al.  Wire-tap channel II , 1984, AT&T Bell Lab. Tech. J..

[48]  Tanja Lange,et al.  Challenges for Cryptology Research in Europe for 2007-2013 and beyond , 2006 .

[49]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[50]  Dag Roar Hjelme,et al.  Large pulse attack as a method of conventional optical eavesdropping in quantum cryptography , 2001 .

[51]  Ekert,et al.  Eavesdropping on quantum-cryptographical systems. , 1994, Physical review. A, Atomic, molecular, and optical physics.

[52]  Jörn Müller-Quade,et al.  Composability in quantum cryptography , 2009, ArXiv.

[53]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[54]  P. Oscar Boykin,et al.  A Proof of the Security of Quantum Key Distribution , 1999, STOC '00.

[55]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[56]  Won-Young Hwang Quantum key distribution with high loss: toward global secure communication. , 2003, Physical review letters.

[57]  I. D. Ivanović How to differentiate between non-orthogonal states , 1987 .

[58]  John Preskill,et al.  Security of quantum key distribution with imperfect devices , 2002, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[59]  Chip Elliott,et al.  Current status of the DARPA Quantum Network , 2005 .

[60]  Oded Regev,et al.  Quantum computation and lattice problems , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[61]  G. Buller,et al.  Quantum key distribution system clocked at 2 GHz. , 2005, Optics express.

[62]  Kenneth G. Paterson,et al.  Why Quantum Cryptography , 2004 .

[63]  H. Weinfurter,et al.  A fast and compact quantum random number generator , 1999, quant-ph/9912118.

[64]  N. Gisin,et al.  From Bell's theorem to secure quantum key distribution. , 2005, Physical review letters.

[65]  Gerd Leuchs,et al.  Device calibration impacts security of quantum key distribution. , 2011, Physical review letters.

[66]  Oded Regev,et al.  New lattice based cryptographic constructions , 2003, STOC '03.

[67]  Philippe Grangier,et al.  Quantum physics: Count them all , 2001, Nature.

[68]  Z. Yuan,et al.  Quantum key distribution over 122 km of standard telecom fiber , 2004, quant-ph/0412171.

[69]  Barry C. Sanders,et al.  Distributed Relay Protocol for Probabilistic Information-Theoretic Security in a Randomly-Compromised Network , 2008, ICITS.

[70]  Gilles Brassard,et al.  Quantum cryptography: Public key distribution and coin tossing , 2014, Theor. Comput. Sci..

[71]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[72]  Fibirova Jana,et al.  Profit-Sharing – A Tool for Improving Productivity, Profitability and Competitiveness of Firms? , 2013 .

[73]  J. Dynes,et al.  Gigahertz decoy quantum key distribution with 1 Mbit/s secure key rate. , 2008, Optics express.

[74]  Vadim Makarov,et al.  Faked states attack using detector efficiency mismatch on SARG04, phase-time, DPSK, and Ekert protocols , 2007, Quantum Inf. Comput..

[75]  Mehrdad Dianati,et al.  Transport Layer Protocols for the Secoqc Quantum Key Distribution (QKD) Network , 2007 .

[76]  N. Gisin,et al.  Optical quantum random number generator , 1999, quant-ph/9907006.

[77]  Jörn Müller-Quade,et al.  On the Security and Composability of the One Time Pad , 2005, SOFSEM.

[78]  Gilles Van Assche,et al.  Quantum cryptography and secret-key distillation , 2006 .

[79]  David Elkouss,et al.  Key Reconciliation for High Performance Quantum Key Distribution , 2013, Scientific Reports.

[80]  Douglas Stebila,et al.  The Case for Quantum Key Distribution , 2009, QuantumComm.

[81]  Simon J. D. Phoenix,et al.  Design of quantum cryptography systems for passive optical networks , 1994 .

[82]  N. Cerf,et al.  Quantum key distribution using gaussian-modulated coherent states , 2003, Nature.

[83]  Gilles Brassard,et al.  Experimental quantum cryptography: the dawn of a new era for quantum cryptography: the experimental prototype is working] , 1989, SIGACT News.

[84]  Lada A. Adamic The Small World Web , 1999, ECDL.

[85]  N. Gisin,et al.  Quantum relays for long distance quantum cryptography , 2003, quant-ph/0311101.

[86]  P. Oscar Boykin,et al.  A Proof of the Security of Quantum Key Distribution , 1999, Symposium on the Theory of Computing.

[87]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[88]  Peter W. Shor,et al.  Algorithms for Quantum Computation: Discrete Log and Factoring (Extended Abstract) , 1994, FOCS 1994.

[89]  Renato Renner,et al.  Quantum cryptography with finite resources: unconditional security bound for discrete-variable protocols with one-way postprocessing. , 2007, Physical review letters.

[90]  Carles Padró,et al.  Bounds and Constructions for Unconditionally Secure Distributed Key Distribution Schemes for General Access Structures , 2001, ISC.

[91]  Cesare Barbieri,et al.  Quantum communications at ESA: Towards a space experiment on the ISS , 2008 .

[92]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[93]  M. Dušek,et al.  Chapter 5 - Quantum cryptography , 2006, quant-ph/0601207.

[94]  H. Weinfurter,et al.  Experimental Demonstration of Free-Space Decoy-State Quantum Key Distribution over 144 km , 2007, 2007 European Conference on Lasers and Electro-Optics and the International Quantum Electronics Conference.

[95]  J. Cirac,et al.  De Finetti representation theorem for infinite-dimensional quantum systems and applications to quantum cryptography. , 2008, Physical review letters.

[96]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[97]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[98]  C. G. Peterson,et al.  Long-distance quantum key distribution in optical fibre , 2006, quant-ph/0607177.

[99]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[100]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[101]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[102]  Yann Thoma,et al.  High speed coherent one-way quantum key distribution prototype , 2008 .

[103]  Sanders,et al.  Limitations on practical quantum cryptography , 2000, Physical review letters.

[104]  Carles Padró,et al.  Bounds and constructions for unconditionally secure distributed key distribution schemes for general access structures , 2001, Theor. Comput. Sci..

[105]  J. Skaar,et al.  Effects of detector efficiency mismatch on security of quantum cryptosystems , 2005, quant-ph/0511032.

[106]  Hai Xu,et al.  Experimental demonstration of an active quantum key distribution network with over gbps clock synchronization , 2007, IEEE Communications Letters.

[107]  Ueli Maurer,et al.  Cascade ciphers: The importance of being first , 1993, Journal of Cryptology.

[108]  Gilles Brassard,et al.  Quantum Cryptography , 2005, Encyclopedia of Cryptography and Security.

[109]  Christine Chen,et al.  Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems , 2007, 0704.3253.

[110]  Gilles Brassard,et al.  Experimental Quantum Cryptography , 1990, EUROCRYPT.

[111]  Xuemin Shen,et al.  Architecture and protocols of the future European quantum key distribution network , 2008, Secur. Commun. Networks.

[112]  Dominic Mayers,et al.  Unconditional security in quantum cryptography , 1998, JACM.

[113]  Yongge Wang,et al.  Perfectly Secure Message Transmission Revisited , 2002, IEEE Transactions on Information Theory.

[114]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[115]  Christian Kurtsiefer,et al.  Full-field implementation of a perfect eavesdropper on a quantum cryptography system. , 2010, Nature communications.

[116]  Douglas R. Stinson,et al.  On Unconditionally Secure Robust Distributed Key Distribution Centers , 2002, ASIACRYPT.

[117]  Nicolas Gisin,et al.  Linking Classical and Quantum Key Agreement: Is There "Bound Information"? , 2000, CRYPTO.

[118]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[119]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[120]  Christian Rechberger,et al.  ECRYPT Yearly Report on Algorithms and Keysizes (2007-2008) , 2008 .

[121]  Chip Elliott,et al.  Current status of the DARPA quantum network (Invited Paper) , 2005, SPIE Defense + Commercial Sensing.

[122]  Christoph Pacher,et al.  The SECOQC quantum key distribution network in Vienna , 2009, 2009 35th European Conference on Optical Communication.

[123]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[124]  A. Ferenczi,et al.  Calibration Attack and Defense in Continuous Variable Quantum Key Distribution , 2007, 2007 European Conference on Lasers and Electro-Optics and the International Quantum Electronics Conference.

[125]  P. D. Townsend,et al.  Quantum cryptography for multi-user passive optical networks , 1994 .