Using quantum key distribution for cryptographic purposes: A survey with real implementation problems
Abstract
Information security/information hiding has become the main concern of the current era, and the technique of cryptography is widely used for this purpose. Using various secret key agreement techniques, a secret cryptographic key is shared between the concerned parties for encryption and decryption of the data in cryptography. In this article, the characteristics of the various current key establishment methods are reviewed and compared. According to the Cryptography, a key establishment primitive, QKD (Quantum Key Distribution) does not provide a stand-alone security service on its own. Therefore, it is essential to analyze how QKD can be associated with other cryptographic primitives. Specifically, this research focuses on two general situations namely; the use of Quantum Key Distribution as a main renovation method for a symmetrical cipher over a point-to-point link and the use of QKD in a network that includes many users with the aim of providing any-to-any key establishment service.
Introduction
An organization heavily relay on the use of information technology (IT) products and services to run their routine activities. Guaranteeing the safety of these products and services is of the extreme importance for the success of the organization. Information infects idea orKnowledge in any form or medium that can be communicated between system entities. Information Security is the assurance of information and information systems from unauthorized access, use, confession, interruption, amendment, or demolition in order to ensure CIA(Confidentiality, Integrity, and Availability). Confidentiality is preserving authorized restrictions on information access and revelation.Integrity is to guarantee information non-repudiation and authenticity, guarding against offensive information alteration or destruction. Availabilityis the insurance of timely and reliable access to information by recipient.
The main feature of information security is information/data hiding, which is an act of securing information/data from any unauthorized access. The strategies of information hiding are Steganography, Watermarking and Cryptography. Steganography is derived from two Greek words, STEGANOS (Covered) and GRAPHIA (Writing). It is the science of writing secret messages in such a way that no irrespective user knows the existing of message. It is a practice of hiding a files, messages, images, or videos within another file, messages, images, or videos.A watermark is a form of text or image that is impressed onto another text or image which provides evidence of its accuracy. And the art of making this watermark is known as Watermarking.Cryptography is derived from a Greek word, KRYPTOS (Hidden Secrets). Cryptography is the practice of hiding information by converting a plain text into cipher text (a data that cannot be understood), known as encryption and the decryption is the reverse. It provides confidentiality, integrity, and availability. To encrypt the original message the plaintext and key (a secret data like password) are used and for Decryption cipher text and same key are used. The encrypted text can be transformed back into its original form by an authorized user who has the cryptographic key, through the decryption process.
Cryptography can be categories in Symmetric Key Cryptography and Asymmetric Key Cryptography.The computer sending an encrypted message uses a private key that is never shared (known only to the sender). A sending user first encrypts the message with the receiver’s public key and then again with the sender’s private (secret) key, and the receiving user decrypts the message, first using its secret key and then the sender’s public key, called Asymmetric Key Cryptography, also known as public-key cryptography in information security terms. Whereas in Symmetric Key Cryptography,A secret key is exchanged between the sender (to encrypt the plain text) and the receiver (to decrypt the cipher text) of a message. It is also referred as private-key,secret key, single key, shared key and one key cryptography and it should be very secure and it is very important.Symmetric key cryptography is further classified into Stream Cipher and Block cipher. Now the main practical challenge is how to secretly share the private keys between the concerned parties. Quantum Key Distribution (QKD) addresses this challenge by using quantum properties to secure the distribution of symmetric encryption keys. It works by sending photons, “quantum particles” of light, across an optical link. Two QKD appliances combined with link encryptors are connected through an optical fiber and continuously distribute key material. It mainly works with Symmetric Key Cryptography.
This article is to identify in which context QKD can be useful, in addition to the cryptographic primitives. The paper is organized as follows: In Section 2,I provided a survey of secret key agreement techniques, with brief justification. In Section 3, I made a comparative analysis of which key agreement scheme is best, I provided a survey of quantum signals as incorruptible couriers that takes information securely over a public insecure channel and then finally I discussed all the laws of physics that don’t take care of Problems at preparation and Problems at detection. In section 4, I gave my views on Challenges and future directions. In section 5, I gave my conclusion. And at last in section 6, I gave the references of my researched material.
Secret key agreement (performed in the case of QKD at the physical layer).
To protect the sensitive data, Cryptography techniques had kept themselves secret. This principle is called “cryptography by obscurity”. Now most of the recent cryptographic security systems are based on freely announced algorithms while their security completely lies in the use of secret keys in information security. Fundamental issue in cryptography is the distribution of keys among a set of valid users known as the secret key agreement problem.
To solve the secret key agreement problem between distant users, there are currently five families of cryptographic methods
- Classical ITS scheme
- Classical computationally secure public-key cryptography
- Classical computationally secure symmetric-key cryptographic schemes
- Quantum key distribution
- Trusted couriers
The below part contain show each of the above mentioned cryptographic families can provide solutions to the key agreement problem and the type of security that can be provided in each case.
Classical information-theoretically secure key agreement schemes
If the security of a crypto system derives entirely from information theory then it is information-theoretically secure (ITS). As it takes no unverified assumptions on the stiffness of mathematical problems. The expression “unconditional security” is more commonly used in the cryptographic literature, is a synonym of “information-theoretical security”.
To study Classical ITS Secret key Agreement (CITSKA), we need to go back to the fundamentals of information-theoretic security, Shannon’s notion of ideal secrecy builds. In previous research, it has been proved that the some channel codes guaranteeing both sturdiness to transmission errors, and a randomly small percentage of information seepage towards eavesdroppers on the communication channels. CITSKA is possible in the wire-tap configuration. Those are less strident than the channel the eavesdropper has access to. ITS secret key agreement is possible whenever two entities have in their custody associated strings of classical data that show more relationship between them than with any other string that could be in an eavesdropper’s possession. Previous researches established that CITSKA is possible in the bounded-storage model, in which the limited amount of data can only be stored by adversaries.
Classical public-key cryptography and secret key agreement
Public-key cryptography is based on solving some mathematical problems for which no competent algorithms exist. When long keys are used, it becomes unachievable for computing resources to solve these problems. A public-key cryptographic system depends on “provable computational security”. However their complexity may be polynomial as well as there is no proof the problems are intractable on which it is based.
In public-key algorithms, pair of two keys is required, a public and a private key. In these algorithms, anyone can encrypt the message using the public key, while only the intended recipient, in possession of the private key, can decrypt that message. This is referred to as asymmetric cryptography. Trusted third parties are often used for secret key agreement, therefore, authenticity is not guaranteed.
Classical computationally secure symmetric-key cryptography and secret key agreement
In Symmetric-key cryptography, both the sender and receiver share the same or exact secret key. Exclusively symmetric-key cryptographic primitives are used for secret key agreement. To build a secret key agreement primitive, the combination of a symmetric-key encryption scheme with a symmetric-key authentication scheme. A small secret key is initially shared, symmetrically, by sender and receiver, and then they can use a symmetric cipher to encrypt messages using that key. That pre-share preliminary quantity of secret keys is used for verification to perform secret key concurrence with symmetric primitives. Therefore it has to be called secret key expansion schemes more than secret key establishment schemes.
Quantum key agreement – quantum key distribution (QKD)
QKD invented in 1984 by both brilliant scientists Charles Bennett and Gilles Brassard. It is secret key agreement protocol to share secret key between two users that trust each other on publically insecure channel. It has been proved unconditionally secure in distinction to public-key cryptography. An important consequence is that it would remain secure even in the presence of a quantum computer. However, legitimate users without possessing themselves a quantum computer can perform completely secure QKD.
QKD can be deployed today for secure communication networks. It should be called quantum key agreement or quantum key establishment in information security. In the case of QKD, the “couriers” (quantum states of lights) traveling with the speed of light and on which eavesdropping can be detected with high statistical conviction.
As the figure below depicts that QKD link is constituted by the combination of a quantum channel and a classical channel is a point-to-point connection between two users, who want to share secret keys. And how an eavesdropper can be detected.
Trusted couriers key distribution (TCKD)
This method is well known since the primeval times. A trusted courier travels between the different planned users to distribute secret keys, without being intercepted or corrupted by any prospective opponent. This technique has been used in highly-sensitive environments such as government intelligence, or defense and secret agencies.
When implemented on large systems, trusted couriers become costly and unpractical, as it is sensitive to distance and other characteristics (danger, perturbations …) of the communication channel. Same as QKD, TCKD can also be used as a secret key agreement protocol.
Comparative analysis
Cryptographic algorithms play vital role in data protection it is considered as a backbone for secrecy of highly sensitive and classified data. The lifespan and performance of the devises depend upon the selection of suitable cryptographic algorithms because crypto algorithm directly affects both of them. There are various types of chippers that used for cryptography with their specific functionality, strengths and specifications.However, any cryptographic algorithm, you are working with, the main contest is to share the private keys between the concerned entities securely. I have already discussed five key agreement schemes and I found quantum key agreement-QKD the best one. The aim of writing this paper is to compare QKD key agreement scheme with other key agreement schemes.
Classical information theoretically secure key agreement is conceivable in the bounded-storage model, where the limited amount of data can only be stored by adversaries. While this limitation is overcome by QKD in which a large amount of data can be stored. I came to know that in Classical public-key cryptography and secret key agreement, authenticity is not guaranteed. Therefore, mostly trusted third parties are often used for secret key exchange. On the other hand QKD key agreement uses the quantum properties to exchange a secret information. In cryptography, using secure symmetric-key, and secret key agreement, a small secret key is initially shared, symmetrically, by sender and receiver that is a trivial task to do, as whole encryption, decryption is based on that key, it should be exchanged securely, while there is no secure way of sharing a secret key in it. QKD is the most secure strategy of exchanging secret key even on the public insecure channel. The Trusted courier’s key distribution is, however a secure way of exchanging key, but on large systems implementation, trusted couriers become costly and impractical. Reason behindthis is its sensitive to large distance and other characteristics (danger, perturbations…) of the communication channel. QKD couriers are not too much limited in distance and can be used easily on large systems implementation.
Quantum signals as incorruptible couriers
Although the unconditional security wasverified technically before,“security based on the laws of physics” used as the motto for selling of Quantum Key Distribution. It is understandable correctly, but it may go wrong, as it has often been usually spelled out as “security based only on the laws of physics”.For example, physics laws don’t keep somebody from perusing the results of a detector; in any case, if the antagonist approaches that information, security is plainly traded off! However, many individuals were simply diverted by the power of the slogan — reasonable enough, this doesn’t occur just with QKD.
On the wings of excitement, a few advertisers of QKD additionally figured out how to show that they were trying to exhibit the solution for (nearly) every task of secret communication. It might have dazzled a few sponsors. Notwithstanding, the primary outcome was to estrange an extraordinary portion of network of specialists in classical cryptography, who, new to quantum physics, however they maynot neglect to promote the overstatement. Luckily, a few specialists of QKD knew the real worth of their research, figured out how to re-inaugurate a constructive dialog. Both the intrigue and specialty character of Quantum Key Distribution are admitted today.
Indeed, the understanding of the specialty character of QKD quickly explains the role of the physics laws also. The SECOQC White Paper of 2007 credibly contended that Quantum Key Distributionis a type of “trusted courier”.It is a potential answer for those undertakings, for which a trusted courier might be valuable. For example, on the off chance that one can ensure that a one-time pad key has not been uncovered during its exchange, at that point the secret is ensured likewise later on: this is a big benefit over complexity-based schemes. Presently, as human based couriers, we are genuinely recognizable. Assume Alice makes a one-time pad key on her PC, copy it on a CD and endow to a human courier Charliethe task of carrying it to Bob. Alice ought to be sure that
- Her PC and Bob’s are not spilling data, independent from anyone else of through active hacking;
- Charlie is honest at the time of getting the key from Alice;
- During his movement from Alice to Bob, Charlie will not be corrupted nor let data break out unintentionally.
Supplanting Charlie with quantum couriers, one doesn’t need to be worry any longer: the physics laws promise it.At the end of this discussion, we are in no way, implying that QKD would be problematic as compare to classical cryptography. Actually, QKD has an advantage than classical strategies.
- All that the laws of physics don’t take care of
- Problems at preparation/ implementation of QKD
We start by looking at the requirement for a cautious evaluation of the characteristics of the courier. Here is a rundown of examples. Note that the vast majority of them allude to implementations with weak coherent pulses: most likely not on the grounds that they are much more regrettable than others, but since they have been inspected more thoroughly.
Challenges regarding implementation
- Lessened laser pulses can’tuse single photons, multi-photon components are significant.
- Lasers radiated progressive pulses are commonly not free, there are chances to have phase coherence.
- In the alleged “plug-and-play” executions (the ones picked for a couple commercial setups), photons do a round trip: Alice’s device must catch light, code it and then resend it. Be that as it may, at that point, one must accept that the photons that make a way Alice’s lab may have been set up by Eve.
- In constant factors QKD, if the local oscillator goes between Alice and Bob, the execution is totally insecure except if Bob is monitoring the intensity itself.
- In certain implementations, the various letters of the Quantum Key Distribution alphabet are set up by various light sources. Each source can have its unique fingerprint: for example, regardless of whether coding should be in polarization, various sources may have diverse spectra. Additionally, minor starting or temperature-dependent contrasts in the electric driving hardware of each source may go unobserved in ordinary operation or assembly of the setup, however positively leave a mature unique fingerprint in the communicated signal.
Proposed Solving Techniques
- Adjust the security proofs to take the results into account, or change the protocols, or obviously change the source.
- Adjust the security proofs (not done at the time of composing) or obviously change the source.
- Include lessening and dynamic phase randomization, at that point utilize an appropriate security proof.
- Include a beam-splitter and check its intensity.
- By chance solutions don’t exist there, one needs to illustrate the sources and bound the conceivable leakage of data.
Problems at detection of attacks
Give us now a chance to survey a few instances of the issues at the level of detection. One such problem (as a matter of fact, a narrative one) was worried in the absolute first demonstration test was presented by Bennett and collaborators: the Pockels cells used to choose the bases were created by high-voltage devices, which made a noticeable sound depending upon the premise or letter selection. Somebody used these words that the device gave “unconditional security against a deaf eavesdropper”: a joke… or then again a prophetic knowledge in the destiny of practical QKD?
Challenges regarding detection
- A case of outflow of classical data explores parasitic properties of detectors. It is realized that, upon detection, Silicon avalanche photodetectors radiate light because of hot carrier recombination. This light may emit out through the optical channel, uncovering that which detector has fired.
- In “plug-and-play” frameworks, as referenced, Alice’s device is available to get photons, before coding and re-sending them. The eavesdropper may execute a Trojan horse attack to test Alice’s phase modulator: send in light (say at an alternate wavelength) and gather it back, coded.
- Light fields (‘faked states’) can be created which force probably some of the normal detectors to deliver results looking like those corresponding to the detection of single photons. This might be misused to implement something like a third party attack.
- Photodetectors may likewise be manipulated to change their planning, to such an extent that the recognition time is corresponded with the detection result. A trial assessment of this leakage channel ended up knowing as the time-shift attack.
- Along these lines, communication of detection times (fundamental in any situation with a lossy communication channel) with a too high accuracy may expose significant data about the measurement results, simply due imbalanced electronic delays as well as detector parameter disperse.
Proposed Solving Techniques
- Another photograph diodes have been tried and no such back-flashing was detected (obviously, these examinations depend on the suspicion that the devices used to test for such radiation catch any sensibly accessible wavelength range).
- On the grounds that the arrangement includes attenuators, the extra light that is sent in ought to be quite intense; a relative detector is then included at the passageway of the setup, which ought to detect abnormally strong signals.
- Relies upon the details of the implementation.
- Watch that every one of the detectors has a similar timing statistics.
- Don’t uncover such a large number of digits of your detection times.
QKD Security
The security of QKD is based on quantum mechanics. Using quantum characteristics, a secret information is exchanged — such as a cryptographic key, — which can then be used for encryption, decryption of messages being transferred over a network channel. It is secure against the powerful eavesdroppers. An eavesdropper will inevitably leave detectable traces while attempting to intercept a quantum exchange. A QKD implementation typically includes the following components:
A fiber quantum channel to send quantum particles between the sender (Alice) and receiver (Bob). This channel needs not to be secured.
An authenticated public communication link between the two entities to perform post-processing steps and filter a correct secret key.
A protocol of exchanging key that exploits quantum properties to assure security by detecting eavesdropping or any errors.
Challenges and future directions
As shown by the discussions, I have conducted in this paper, QKD is used in combination with classical cryptographic techniques. To move forward towards larger adoption, QKD systems’ Security, as well their integrability into modern optical networks will play an important role in performances. Meanwhile paper is related to the cryptographic status of QKD, to maintain practical security of QKD is the main focus in current days and I will concentrate on these challenges, the interplay between classical and quantum cryptography is going to open interesting new perspectives and I will suggest some research topics on it.
Practical security of Quantum key distribution implementations and implementation loopholes
Physical side-channels
Rather breaking the theoretical foundations of a cryptographic system, to gain some secret information via unconventional channels such as heat dissipation, electromagnetic radiation, observation of computation time or power consumption, acoustic noise, for this purpose another “attack philosophy” is used to attack its implementation via loopholes.
Quantum hacking
When dealing with real implementations of Quantum key Distribution, the complete security can be challenged if there occur exploitation of some limitations can be to support side-channel attacks. This is called quantum hacking. In the past, it has become an main research field, where diverse types of attacks on Quantum Key Distribution implementations have been proposed and tested.
Conclusion
The main objective of this paper is to give an overview of the Quantum key distribution development (as a cryptographic technology), its use of key renewal to realize link encryption, its deployment at a network scale and to compare it with other cryptographic protocols by focusing on practical scenarios. Secret key agreement protocols are currently leading by QKD cryptographic technique for which the unconditional security can be formally established. Within quantum information science, Quantum cryptography has become a well-known academic topic, while Quantum key Distributiontrends have constantly moved forward in these factors: performance and reliability. It also provides some security advantage that could not be reached otherwise, such as the long-term confidentiality of QKD-established keys (when Quantum key distribution is combined with one-time-pad encryption).
Considering future developments of QKD, I believe that it can be useful from cross-disciplinary approaches on areas such as the study of side-channels in cryptographic hardware and the construction of ITS network protocols.
References
- Hao kong.J, Minn Ainn.L, Shooi Seng.K, “A comprehensive survey of modern symmetric cryptographic solutions for resource constrained environments,” journal of Network and Computer Applications, 2015.
- V, Kurtsiefer.C, “The black paper of quantum cryptography: Real implementation problems,” Theoretical Computer Science, 2014.
- Alléaume.R, Branciard.C, Bouda.J, Debuisschert.T, Dianati.M, Gisin.N, Godfrey.M, Länger.T, Lütkenhaus.N, Monyk.C, Painchault.P, Peev.M, Poppe.A, Pornin.T, Rarity.J, Renner.R, Ribordy.G, A.Zeilinger.A, “Using quantum key distribution for cryptographic purposes: A survey,” Theoretical Computer Science, 2014.
- R, Coretti.S, Garay.J, Zikas.V, “Probability Termination and Composability of Cryptographic Protocols,” journal of category July 2019, Volume 32.