printlogo
http://www.ethz.ch/index_EN
First Annual Conference on Quantum Cryptography
 
Sitemap |
print
  

Secure device-independent quantum key distribution with causally independent measurement devices

poster-qcrypt-thumb

» download Poster or Flyer
» download Booklet

Sponsors

pauliohne

 

eth_logo_black

 

Logo_QSIT

 

Logo_nano-tera

 

CQT_Logo

 

Logo_IQC

 

Logo_IDQ

 

SNFlogo

 

dfg_logo_blau

Lluis Masanes (ICFO-Institut de Ciencies Fotoniques), Stefano Pironio (Université Libre de Bruxelles) and Antonio Acin (ICFO - Institute of Photonic Sciences, Barcelona, Spain)

 

A central problem in cryptography is the distribution among distant users of secret keys that can be used, e.g., for the secure encryption of messages. This task is impossible in classical cryptography unless assumptions are made on the computational power of the eavesdropper. Quantum key distribution (QKD), on the other hand, offers security against adversaries with unbounded computing power.

The ultimate level of security provided by QKD was made possible thanks to a change of paradigm. While in classical cryptography security relies on the hardness of certain mathematical problems, in QKD it relies on the fundamental laws of quantum physics. A side-effect of this change of paradigm, however, is that whereas the security of classical cryptography is based on the mathematical properties of the key itself --- how the key was actually generated in practice being, in principle, irrelevant to the security of the scheme --- in QKD, the security crucially depends on the physical properties of the key generation process, e.g., on the fact that the key was produced by measuring the polarization of a single-photon along well defined directions. But then, how can one asses the level of security provided by a real-life implementation of QKD, which will inevitably differs in inconspicuous ways from the idealized, theoretical description? Errors in the encoding of the signals of Alice, for instance, or features of the detectors not taken into account in the theoretical analysis can be exploited to break the security of real-life QKD schemes. Recent successful hacking attacks on commercial QKD products indeed exploit mismatches between the theoretical and practical realization of QKD protocols.

Device-independent QKD (DIQKD) aims at closing the gap between theoretical analyses and practical realizations of QKD by designing protocols whose security does not require a detailed characterization of the devices used to generate the secret key (such as, e.g., the dimension of the Hilbert space of the quantum signals or the type of measurements performed on them). This stronger form of cryptography is possible if it is based on the observation of a Bell inequality violation, which guarantees that the data produced by the quantum devices possess some amount of secrecy, independently of how exactly these data were generated. In some sense, DIQKD combines the advantages of classical and quantum cryptography: security against unbounded adversaries based on the law of quantum physics but which does not rely on the physical details of the generation process. A fully device-independent demonstration of QKD, however, still represents at present an experimental challenge.

In this work (see also Nature Communications 2, 238 (2011), also available at arXiv:1009.1567 and attached to this submission), we provide a general formalism for proving the security of DIQKD protocols. This is done in terms of the strongest notion of security, universally-composable security, according to which the secret key generated by the protocol is indistinguishable from an ideal secret key. In this paradigm, it is useful to quantify the adversary's knowledge by his probability of correctly guessing the raw key. An essential element of our analysis is a bound on the adversary's guessing probability as a function of the amount of violation of a Bell inequality, which can directly be estimated by Alice and Bob from their measurement statistics. This bound is independent of which systems and measurements are used by Alice and Bob, implying that our security proof is device-independent.

Compared to the security proofs, which is restricted to protocols based on the Clauser-Horne-Shimony-Holt (CHSH) inequality, our approach is completely general and can be applied to protocols based on arbitrary Bell inequalities. Furthermore, it is not limited to ``collective attacks'', but is valid against the most general attacks available to an eavesdropper. The DIQKD model that we consider, however, is partly restricted as it supposes that the measurement processes generating the different bits of the raw key are causally independent of each other (though they could be arbitrarily correlated). This independence condition is necessarily satisfied in a physical realization where the N bits of the raw key are generated by N separate pairs of devices used in parallel. Our analysis therefore shows that secure fully device-independent QKD is in principle possible. In a more practical realization in which a single pair of devices is used sequentially to generate the raw key, our measurement independence condition is satisfied if the devices have no internal memory, an assumption that may be justifiable in a variety of implementations. Note that our measurement independence condition and the level of security provided here is equivalent to the one considered in previous works by Masanes. The difference with respect to is that our proof does not rely only on the no-signalling principle but also on the validity of the quantum formalism. This results in much better key rates, comparable to those of standard QKD.

To conclude, DIQKD represents a promising new approach to the problem of secure key distribution using quantum resources. This work represents, at the moment of writing, the most advanced security proof for DIQKD. Our approach is based on a fundamental relation between the amount by which two quantum systems violate a Bell inequality and the unpredictability of their local measurement outcomes. Our techniques can be applied to any Bell inequality and exploit the constraints associated to the quantum formalism, which result in competitive secret-key rates.

 

Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne graphische Elemente dargestellt. Die Funktionalität der Website ist aber trotzdem gewährleistet. Wenn Sie diese Website regelmässig benutzen, empfehlen wir Ihnen, auf Ihrem Computer einen aktuellen Browser zu installieren. Weitere Informationen finden Sie auf
folgender Seite.

Important Note:
The content in this site is accessible to any browser or Internet device, however, some graphics will display correctly only in the newer versions of Netscape. To get the most out of our site we suggest you upgrade to a newer browser.
More information

© 2015 ETH Zurich | Imprint | Disclaimer | 2 August 2011
top