skip to main content

Explore Research Products in the NSF-PAR

Title: Increasing the Raw Key Rate in Energy-Time Entanglement Based Quantum Key Distribution
A Quantum Key Distribution (QKD) protocol describes how two remote parties can establish a secret key by communicating over a quantum and a public classical channel that both can be accessed by an eavesdropper. QKD protocols using energy-time entangled photon pairs are of growing practical interest because of their potential to provide a higher secure key rate over long distances by carrying multiple bits per entangled photon pair. We consider a system where information can be extracted by measuring random times of a sequence of entangled photon arrivals. Our goal is to maximize the utility of each such pair. We propose a discrete-time model for the photon arrival process, and establish a theoretical bound on the number of raw bits that can be generated under this model. We first analyze a well-known simple binning encoding scheme, and show that it generates a significantly lower information rate than what is theoretically possible. We then propose three adaptive schemes that increase the number of raw bits generated per photon, and compute and compare the information rates they offer. Moreover, the effect of public channel communication on the secret key rates of the proposed schemes is investigated.  more » « less
Award ID(s):
2007203
NSF-PAR ID:
10297994
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2020 54th Asilomar Conference on Signals, Systems, and Computers
Page Range / eLocation ID:
433 to 438
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ( , Quantum Science and Technology)
    Abstract

    Quantum key distribution (QKD) has established itself as a groundbreaking technology, showcasing inherent security features that are fundamentally proven. Qubit-based QKD protocols that rely on binary encoding encounter an inherent constraint related to the secret key capacity. This limitation restricts the maximum secret key capacity to one bit per photon. On the other hand, qudit-based QKD protocols have their advantages in scenarios where photons are scarce and noise is present, as they enable the transmission of more than one secret bit per photon. While proof-of-principle entangled-based qudit QKD systems have been successfully demonstrated over the years, the current limitation lies in the maximum distribution distance, which remains at 20 km fiber distance. Moreover, in these entangled high-dimensional QKD systems, the witness and distribution of quantum steering have not been shown before. Here we present a high-dimensional time-bin QKD protocol based on energy-time entanglement that generates a secure finite-length key capacity of 2.39 bit/coincidences and secure cryptographic finite-length keys at 0.24 Mbits s−1in a 50 km optical fiber link. Our system is built entirely using readily available commercial off-the-shelf components, and secured by nonlocal dispersion cancellation technique against collective Gaussian attacks. Furthermore, we set new records for witnessing both energy-time entanglement and quantum steering over different fiber distances. When operating with a quantum channel loss of 39 dB, our system retains its inherent characteristic of utilizing large-alphabet. This enables us to achieve a secure key rate of 0.30 kbits s−1and a secure key capacity of 1.10 bit/coincidences, considering finite-key effects. Our experimental results closely match the theoretical upper bound limit of secure cryptographic keys in high-dimensional time-bin QKD protocols (Moweret al2013Phys. Rev.A87062322; Zhanget al2014Phys. Rev. Lett.112120506), and outperform recent state-of-the-art qubit-based QKD protocols in terms of secure key throughput using commercial single-photon detectors (Wengerowskyet al2019Proc. Natl Acad. Sci.1166684; Wengerowskyet al2020npj Quantum Inf.65; Zhanget al2014Phys. Rev. Lett.112120506; Zhanget al2019Nat. Photon.13839; Liuet al2019Phys. Rev. Lett.122160501; Zhanget al2020Phys. Rev. Lett.125010502; Weiet al2020Phys. Rev.X10031030). The simple and robust entanglement-based high-dimensional time-bin protocol presented here provides potential for practical long-distance quantum steering and QKD with multiple secure bits-per-coincidence, and higher secure cryptographic keys compared to mature qubit-based QKD protocols.

     
    more » « less
  2. ; ; ; ; ; ; ; ; ; ; et al ( , npj Quantum Information)
    Abstract

    Qudit entanglement is an indispensable resource for quantum information processing since increasing dimensionality provides a pathway to higher capacity and increased noise resilience in quantum communications, and cluster-state quantum computations. In continuous-variable time–frequency entanglement, encoding multiple qubits per photon is only limited by the frequency correlation bandwidth and detection timing jitter. Here, we focus on the discrete-variable time–frequency entanglement in a biphoton frequency comb (BFC), generating by filtering the signal and idler outputs with a fiber Fabry–Pérot cavity with 45.32 GHz free-spectral range (FSR) and 1.56 GHz full-width-at-half-maximum (FWHM) from a continuous-wave (cw)-pumped type-II spontaneous parametric downconverter (SPDC). We generate a BFC whose time-binned/frequency-binned Hilbert space dimensionality is at least 324, based on the assumption of a pure state. Such BFC’s dimensionality doubles up to 648, after combining with its post-selected polarization entanglement, indicating a potential 6.28 bits/photon classical-information capacity. The BFC exhibits recurring Hong–Ou–Mandel (HOM) dips over 61 time bins with a maximum visibility of 98.4% without correction for accidental coincidences. In a post-selected measurement, it violates the Clauser–Horne–Shimony–Holt (CHSH) inequality for polarization entanglement by up to 18.5 standard deviations with anS-parameter of up to 2.771. It has Franson interference recurrences in 16 time bins with a maximum visibility of 96.1% without correction for accidental coincidences. From the zeroth- to the third-order Franson interference, we infer an entanglement of formation (Eof) up to 1.89 ± 0.03 ebits—where 2 ebits is the maximal entanglement for a 4 × 4 dimensional biphoton—as a lower bound on the 61 time-bin BFC’s high-dimensional entanglement. To further characterize time-binned/frequency-binned BFCs we obtain Schmidt mode decompositions of BFCs generated using cavities with 45.32, 15.15, and 5.03 GHz FSRs. These decompositions confirm the time–frequency scaling from Fourier-transform duality. Moreover, we present the theory of conjugate Franson interferometry—because it is characterized by the state’s joint-temporal intensity (JTI)—which can further help to distinguish between pure-state BFC and mixed state entangled frequency pairs, although the experimental implementation is challenging and not yet available. In summary, our BFC serves as a platform for high-dimensional quantum information processing and high-dimensional quantum key distribution (QKD).

     
    more » « less
  3. ; ; ; ; ( , IEEE 7th European Symposium on Security and Privacy (EuroS&P))
    Motivated by the rise of quantum computers, existing public-key cryptosystems are expected to be replaced by post-quantum schemes in the next decade in billions of devices. To facilitate the transition, NIST is running a standardization process which is currently in its final Round. Only three digital signature schemes are left in the competition, among which Dilithium and Falcon are the ones based on lattices. Besides security and performance, significant attention has been given to resistance against implementation attacks that target side-channel leakage or fault injection response. Classical fault attacks on signature schemes make use of pairs of faulty and correct signatures to recover the secret key which only works on deterministic schemes. To counter such attacks, Dilithium offers a randomized version which makes each signature unique, even when signing identical messages. In this work, we introduce a novel Signature Correction Attack which not only applies to the deterministic version but also to the randomized version of Dilithium and is effective even on constant-time implementations using AVX2 instructions. The Signature Correction Attack exploits the mathematical structure of Dilithium to recover the secret key bits by using faulty signatures and the public-key. It can work for any fault mechanism which can induce single bit-flips. For demonstration, we are using Rowhammer induced faults. Thus, our attack does not require any physical access or special privileges, and hence could be also implemented on shared cloud servers. Using Rowhammer attack, we inject bit flips into the secret key s1 of Dilithium, which results in incorrect signatures being generated by the signing algorithm. Since we can find the correct signature using our Signature Correction algorithm, we can use the difference between the correct and incorrect signatures to infer the location and value of the flipped bit without needing a correct and faulty pair. To quantify the reduction in the security level, we perform a thorough classical and quantum security analysis of Dilithium and successfully recover 1,851 bits out of 3,072 bits of secret key $s_{1}$ for security level 2. Fully recovered bits are used to reduce the dimension of the lattice whereas partially recovered coefficients are used to to reduce the norm of the secret key coefficients. Further analysis for both primal and dual attacks shows that the lattice strength against quantum attackers is reduced from 2128 to 281 while the strength against classical attackers is reduced from 2141 to 289. Hence, the Signature Correction Attack may be employed to achieve a practical attack on Dilithium (security level 2) as proposed in Round 3 of the NIST post-quantum standardization process. 
    more » « less
  4. ; ; ; ; ; ; ( , 2019 IEEE International Symposium on Information Theory (ISIT))
    Quantum cryptography provides absolute security against an all-powerful eavesdropper (Eve). However, in practice Eve's resources may be restricted to a limited aperture size so that she cannot collect all paraxial light without alerting the communicating parties (Alice and Bob). In this paper we study a quantum wiretap channel in which the connection from Alice to Eve is lossy, so that some of the transmitted quantum information is inaccessible to both Bob and Eve. For a pureloss channel under such restricted eavesdropping, we show that the key rates achievable with a two-mode squeezed vacuum state, heterodyne detection, and public classical communication assistance-given by the Hashing inequality-can exceed the secret key distillation capacity of the channel against an omnipotent eavesdropper. We report upper bounds on the key rates under the restricted eavesdropping model based on the relative entropy of entanglement, which closely match the achievable rates. For the pure-loss channel under restricted eavesdropping, we compare the secret-key rates of continuous-variable (CV) quantum key distribution (QKD) based on Gaussian-modulated coherent states and heterodyne detection with the discrete variable (DV) decoystate BB84 QKD protocol based on polarization qubits encoded in weak coherent laser pulses. 
    more » « less
  5. ; ( , Proceedings of the annual ACM-SIAM Symposium on Discrete Algorithms)
    We study common randomness where two parties have access to i.i.d. samples from a known random source, and wish to generate a shared random key using limited (or no) communication with the largest possible probability of agreement. This problem is at the core of secret key generation in cryptography, with connections to communication under uncertainty and locality sensitive hashing. We take the approach of treating correlated sources as a critical resource, and ask whether common randomness can be generated resource-efficiently. We consider two notable sources in this setup arising from correlated bits and correlated Gaussians. We design the first explicit schemes that use only a polynomial number of samples (in the key length) so that the players can generate shared keys that agree with constant probability using optimal communication. The best previously known schemes were both non-constructive and used an exponential number of samples. In the amortized setting, we characterize the largest achievable ratio of key length to communication in terms of the external and internal information costs, two well-studied quantities in theoretical computer science. In the relaxed setting where the two parties merely wish to improve the correlation between the generated keys of length k, we show that there are no interactive protocols using o(k) bits of communication having agreement probability even as small as 2–o(k). For the related communication problem where the players wish to compute a joint function f of their inputs using i.i.d samples from a known source, we give a simultaneous message passing protocol using 2O(c) bits where c is the interactive randomized public-coin communication complexity of f. This matches the lower bound shown previously while the best previously known upper bound was doubly exponential in c. Our schemes reveal a new connection between common randomness and unbiased error-correcting codes, e.g., dual-BCH codes and their analogues in Euclidean space. Read More: https://epubs.siam.org/doi/10.1137/1.9781611975031.120 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email