Abstract

When a quantum cryptographic system operates in the presence of background noise, security of the key can be recovered by a procedure called key distillation. A key-distillation scheme effective against so-called individual (bitwise-independent) eavesdropping attacks involves sacrifice of some of the data through privacy amplification. We derive the amount of data sacrifice sufficient to defend against individual eavesdropping attacks in both BB84 and B92 protocols and show in what sense the communication becomes secure as a result. We also compare the secrecy capacity of various quantum cryptosystems, taking into account data sacrifice during key distillation, and conclude that the BB84 protocol may offer better performance characteristics than the B92.

© 1998 Optical Society of America

PDF Article

References

  • View by:
  • |
  • |
  • |

  1. C. H. Bennett, G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, New York, 1984), pp. 175–179.
  2. A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
    [CrossRef] [PubMed]
  3. C. H. Bennett, G. Brassard, N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
    [CrossRef] [PubMed]
  4. C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
    [CrossRef]
  5. C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett. 68, 3121–3124 (1992).
    [CrossRef] [PubMed]
  6. B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
    [CrossRef]
  7. E. Biham, T. Mor, “Security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 78, 2256–2259 (1997).
    [CrossRef]
  8. E. Biham, T. Mor, “Bounds on information and the security of quantum cryptography,” Phys. Rev. Lett 79, 4034–4037 (1997).
    [CrossRef]
  9. D. Mayers, “Quantum key distribution and string oblivious transfer in noisy channels,” in Advances in Cryptology, CRYPTO’96, N. Kobitz, ed., Vol. 1109 of Springer Lecture Notes in Computer Science Series (Springer, New York, 1996), pp. 343–357.
  10. Inconclusive bits are those whose value is not revealed with certainty by Bob’s measurement, for example, those measured in the wrong BB84 basis by Bob.1 Inconclusive bits are an integral feature of quantum cryptographic protocols, even in the absence of channel and detector imperfections.
  11. C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
    [CrossRef]
  12. B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
    [CrossRef] [PubMed]
  13. H. Yuen, “Quantum amplifiers, quantum duplicators, and quantum cryptography,” Quantum Semiclass. Opt. 8, 939–949 (1996).
    [CrossRef]
  14. This condition is unavoidable because a perfect single-photon state is fundamentally impossible to prepare (although a good approximation can be produced with phenomena such as parametric downconversion).
  15. Strictly speaking, the total number of multiphoton bit cells is a Gaussian random variable, and only its average and variance are determined. Still, based on these parameters, it can be bounded from above with any desired confidence level.
  16. C. Cachin, U. M. Maurer, “Linking information reconciliation and privacy amplification,” J. Cryptol. 10, 97–110 (1997).
    [CrossRef]
  17. C. A. Fuchs, A. Peres, “Quantum-state disturbance versus information gain: uncertainty relations for quantum information,” Phys. Rev. A 53, 2038–2045 (1996).
    [CrossRef] [PubMed]
  18. C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
    [CrossRef]
  19. B. Slutsky, R. Rao, P.-C. Sun, Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).
  20. A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
    [CrossRef] [PubMed]
  21. Eve cannot use group information such as block checksums, revealed later in the protocol, because, by assumption, she must attack each bit independently of other bits.
  22. The B92 curves in Fig. 5 are qualitatively similar to those in Fig. 4 of Ref. 20, although the latter are computed based on a suboptimal family of eavesdropping strategies and with Shannon rather than Renyi entropy.
  23. Because individual bits are transmitted and received independently of one another, errors are distributed uniformly throughout raw data, regardless of the quantum cryptosystem used.

1997 (5)

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

E. Biham, T. Mor, “Security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 78, 2256–2259 (1997).
[CrossRef]

E. Biham, T. Mor, “Bounds on information and the security of quantum cryptography,” Phys. Rev. Lett 79, 4034–4037 (1997).
[CrossRef]

C. Cachin, U. M. Maurer, “Linking information reconciliation and privacy amplification,” J. Cryptol. 10, 97–110 (1997).
[CrossRef]

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

1996 (2)

C. A. Fuchs, A. Peres, “Quantum-state disturbance versus information gain: uncertainty relations for quantum information,” Phys. Rev. A 53, 2038–2045 (1996).
[CrossRef] [PubMed]

H. Yuen, “Quantum amplifiers, quantum duplicators, and quantum cryptography,” Quantum Semiclass. Opt. 8, 939–949 (1996).
[CrossRef]

1995 (2)

C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
[CrossRef]

B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
[CrossRef] [PubMed]

1994 (1)

A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
[CrossRef] [PubMed]

1992 (3)

C. H. Bennett, G. Brassard, N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
[CrossRef] [PubMed]

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett. 68, 3121–3124 (1992).
[CrossRef] [PubMed]

1991 (1)

A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
[CrossRef] [PubMed]

Bennett, C. H.

C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
[CrossRef]

C. H. Bennett, G. Brassard, N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
[CrossRef] [PubMed]

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett. 68, 3121–3124 (1992).
[CrossRef] [PubMed]

C. H. Bennett, G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, New York, 1984), pp. 175–179.

Bessette, F.

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

Biham, E.

E. Biham, T. Mor, “Security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 78, 2256–2259 (1997).
[CrossRef]

E. Biham, T. Mor, “Bounds on information and the security of quantum cryptography,” Phys. Rev. Lett 79, 4034–4037 (1997).
[CrossRef]

Brassard, G.

C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
[CrossRef]

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

C. H. Bennett, G. Brassard, N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
[CrossRef] [PubMed]

C. H. Bennett, G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, New York, 1984), pp. 175–179.

Cachin, C.

C. Cachin, U. M. Maurer, “Linking information reconciliation and privacy amplification,” J. Cryptol. 10, 97–110 (1997).
[CrossRef]

Crepeau, C.

C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
[CrossRef]

Ekert, A. K.

A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
[CrossRef] [PubMed]

A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
[CrossRef] [PubMed]

Fainaman, Y.

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

Fainman, Y.

B. Slutsky, R. Rao, P.-C. Sun, Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).

Fuchs, C. A.

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

C. A. Fuchs, A. Peres, “Quantum-state disturbance versus information gain: uncertainty relations for quantum information,” Phys. Rev. A 53, 2038–2045 (1996).
[CrossRef] [PubMed]

Gisin, N.

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
[CrossRef] [PubMed]

Griffiths, R. B.

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

Huttner, B.

B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
[CrossRef] [PubMed]

A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
[CrossRef] [PubMed]

Imoto, N.

B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
[CrossRef] [PubMed]

Maurer, U. M.

C. Cachin, U. M. Maurer, “Linking information reconciliation and privacy amplification,” J. Cryptol. 10, 97–110 (1997).
[CrossRef]

C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
[CrossRef]

Mayers, D.

D. Mayers, “Quantum key distribution and string oblivious transfer in noisy channels,” in Advances in Cryptology, CRYPTO’96, N. Kobitz, ed., Vol. 1109 of Springer Lecture Notes in Computer Science Series (Springer, New York, 1996), pp. 343–357.

Mazurenko, Y.

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

Mermin, N. D.

C. H. Bennett, G. Brassard, N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
[CrossRef] [PubMed]

Mor, T.

E. Biham, T. Mor, “Bounds on information and the security of quantum cryptography,” Phys. Rev. Lett 79, 4034–4037 (1997).
[CrossRef]

E. Biham, T. Mor, “Security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 78, 2256–2259 (1997).
[CrossRef]

B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
[CrossRef] [PubMed]

Niu, C.-S.

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

Palma, G. M.

A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
[CrossRef] [PubMed]

Peres, A.

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

C. A. Fuchs, A. Peres, “Quantum-state disturbance versus information gain: uncertainty relations for quantum information,” Phys. Rev. A 53, 2038–2045 (1996).
[CrossRef] [PubMed]

A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
[CrossRef] [PubMed]

Rao, R.

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

B. Slutsky, R. Rao, P.-C. Sun, Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).

Salvail, L.

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

Slutsky, B.

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

B. Slutsky, R. Rao, P.-C. Sun, Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).

Smolin, J.

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

Sun, P. C.

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

Sun, P.-C.

B. Slutsky, R. Rao, P.-C. Sun, Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).

Yuen, H.

H. Yuen, “Quantum amplifiers, quantum duplicators, and quantum cryptography,” Quantum Semiclass. Opt. 8, 939–949 (1996).
[CrossRef]

IEEE Trans. Inf. Theory (1)

C. H. Bennett, G. Brassard, C. Crepeau, U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
[CrossRef]

J. Cryptol. (2)

C. Cachin, U. M. Maurer, “Linking information reconciliation and privacy amplification,” J. Cryptol. 10, 97–110 (1997).
[CrossRef]

C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
[CrossRef]

J. Mod. Opt. (1)

B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
[CrossRef]

Phys. Rev. A (4)

C. A. Fuchs, A. Peres, “Quantum-state disturbance versus information gain: uncertainty relations for quantum information,” Phys. Rev. A 53, 2038–2045 (1996).
[CrossRef] [PubMed]

C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
[CrossRef]

B. Huttner, N. Imoto, N. Gisin, T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
[CrossRef] [PubMed]

A. K. Ekert, B. Huttner, G. M. Palma, A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
[CrossRef] [PubMed]

Phys. Rev. Lett (1)

E. Biham, T. Mor, “Bounds on information and the security of quantum cryptography,” Phys. Rev. Lett 79, 4034–4037 (1997).
[CrossRef]

Phys. Rev. Lett. (4)

E. Biham, T. Mor, “Security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 78, 2256–2259 (1997).
[CrossRef]

C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett. 68, 3121–3124 (1992).
[CrossRef] [PubMed]

A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
[CrossRef] [PubMed]

C. H. Bennett, G. Brassard, N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
[CrossRef] [PubMed]

Quantum Semiclass. Opt. (1)

H. Yuen, “Quantum amplifiers, quantum duplicators, and quantum cryptography,” Quantum Semiclass. Opt. 8, 939–949 (1996).
[CrossRef]

Other (9)

This condition is unavoidable because a perfect single-photon state is fundamentally impossible to prepare (although a good approximation can be produced with phenomena such as parametric downconversion).

Strictly speaking, the total number of multiphoton bit cells is a Gaussian random variable, and only its average and variance are determined. Still, based on these parameters, it can be bounded from above with any desired confidence level.

B. Slutsky, R. Rao, P.-C. Sun, Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).

D. Mayers, “Quantum key distribution and string oblivious transfer in noisy channels,” in Advances in Cryptology, CRYPTO’96, N. Kobitz, ed., Vol. 1109 of Springer Lecture Notes in Computer Science Series (Springer, New York, 1996), pp. 343–357.

Inconclusive bits are those whose value is not revealed with certainty by Bob’s measurement, for example, those measured in the wrong BB84 basis by Bob.1 Inconclusive bits are an integral feature of quantum cryptographic protocols, even in the absence of channel and detector imperfections.

Eve cannot use group information such as block checksums, revealed later in the protocol, because, by assumption, she must attack each bit independently of other bits.

The B92 curves in Fig. 5 are qualitatively similar to those in Fig. 4 of Ref. 20, although the latter are computed based on a suboptimal family of eavesdropping strategies and with Shannon rather than Renyi entropy.

Because individual bits are transmitted and received independently of one another, errors are distributed uniformly throughout raw data, regardless of the quantum cryptosystem used.

C. H. Bennett, G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, New York, 1984), pp. 175–179.

Cited By

OSA participates in CrossRef's Cited-By Linking service. Citing articles from OSA journals and other participating publishers are listed here.

Alert me when this article is cited.


Metrics