Quantum key distribution (QKD) has established itself as a groundbreaking technology, showcasing inherent security features that are fundamentally proven. Qubit-based QKD protocols that rely on binary encoding encounter an inherent constraint related to the secret key capacity. This limitation restricts the maximum secret key capacity to one bit per photon. On the other hand, qudit-based QKD protocols have their advantages in scenarios where photons are scarce and noise is present, as they enable the transmission of more than one secret bit per photon. While proof-of-principle entangled-based qudit QKD systems have been successfully demonstrated over the years, the current limitation lies in the maximum distribution distance, which remains at 20 km fiber distance. Moreover, in these entangled high-dimensional QKD systems, the witness and distribution of quantum steering have not been shown before. Here we present a high-dimensional time-bin QKD protocol based on energy-time entanglement that generates a secure finite-length key capacity of 2.39 bit/coincidences and secure cryptographic finite-length keys at 0.24 Mbits s−1in a 50 km optical fiber link. Our system is built entirely using readily available commercial off-the-shelf components, and secured by nonlocal dispersion cancellation technique against collective Gaussian attacks. Furthermore, we set new records for witnessing both energy-time entanglement and quantum steering over different fiber distances. When operating with a quantum channel loss of 39 dB, our system retains its inherent characteristic of utilizing large-alphabet. This enables us to achieve a secure key rate of 0.30 kbits s−1and a secure key capacity of 1.10 bit/coincidences, considering finite-key effects. Our experimental results closely match the theoretical upper bound limit of secure cryptographic keys in high-dimensional time-bin QKD protocols (Mower
This content will become publicly available on July 8, 2025
Secure Archival is Hard... Really Hard
Archival systems are often tasked with storing highly valuable data that may be targeted by malicious actors. When the lifetime of the secret data is on the order of decades to centuries, the threat of improved cryptanalysis casts doubt on the long-term security of cryptographic techniques, which rely on hardness assumptions that are hard to prove over archival time scales. This threat makes the design of secure archival systems exceptionally difficult. Some archival systems turn a blind eye to this issue, hoping that current cryptographic techniques will not be broken; others often use techniques--—such as secret sharing—that are impractical at scale. This position paper sheds light on the core challenges behind building practically viable secure long-term archives; we identify promising research avenues towards this goal.
more »
« less
- PAR ID:
- 10525132
- Publisher / Repository:
- ACM
- Date Published:
- ISBN:
- 9798400706301
- Page Range / eLocation ID:
- 38 to 46
- Subject(s) / Keyword(s):
- Information systems -> Digital libraries and archives Computer systems organization -> Secondary storage organization Security and privacy -> Database and storage security Information-theoretic techniques Archival storage , encryption secret-sharing Harvest Now Decrypt Later information-theoretic security
- Format(s):
- Medium: X
- Location:
- Santa Clara CA USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
more » « less
Abstract et al 2013Phys. Rev. A87 062322; Zhanget al 2014Phys. Rev. Lett. 112 120506), and outperform recent state-of-the-art qubit-based QKD protocols in terms of secure key throughput using commercial single-photon detectors (Wengerowskyet al 2019Proc. Natl Acad. Sci. 116 6684; Wengerowskyet al 2020npj Quantum Inf. 6 5; Zhanget al 2014Phys. Rev. Lett. 112 120506; Zhanget al 2019Nat. Photon. 13 839; Liuet al 2019Phys. Rev. Lett. 122 160501; Zhanget al 2020Phys. Rev. Lett. 125 010502; Weiet al 2020Phys. Rev. X10 031030). The simple and robust entanglement-based high-dimensional time-bin protocol presented here provides potential for practical long-distance quantum steering and QKD with multiple secure bits-per-coincidence, and higher secure cryptographic keys compared to mature qubit-based QKD protocols. -
Ransomware has become a serious threat in the cyberspace. Existing software pattern-based malware detectors are specific for certain ransomware and may not capture new variants. Recognizing a common essential behavior of ransomware - employing local cryptographic software for malicious encryption and therefore leaving footprints on the victim machine's caches, this work proposes an anti-ransomware methodology, Ran$Net, based on hardware activities. It consists of a passive cache monitor to log suspicious cache activities, and a follow-on non-profiled deep learning analysis strategy to retrieve the secret cryptographic key from the timing traces generated by the monitor. We implement the first of its kind tool to combat an open-source ransomware and successfully recover the secret key.more » « less
-
As aspects of our daily lives become more interconnected with the emergence of the Internet of Things (IoT), it is imperative that our devices are reliable and secure from threats. Vulnerabilities of Wi-Fi Protected Access (WPA/WPA2) have been exposed in the past, motivating the use of multiple security techniques, even with the release of WPA3. Physical layer security leverages existing components of communication systems to enable methods of protecting devices that are well-suited for IoT applications. In this work, we provide a low-complexity technique for generating secret keys at the Physical layer to enable improved IoT security. We leverage the existing carrier frequency offset (CFO) and channel estimation components of Orthogonal Frequency Division Multiplexing (OFDM) receivers for an efficient approach. The key generation algorithm we propose focuses on the unique CFO and channel experienced between a pair of desired nodes, and to the best of our understanding, the combination of the features has not been examined previously for the purpose of secret key generation. Our techniques are appropriate for IoT devices, as they do not require extensive processing capabilities and are based on second order statistics. We obtain experimental results using USRP N210 software defined radios and analyze the performance of our methods in post-processing. Our techniques improve the capability of desired nodes to establish matching secret keys, while hindering the threat of an eavesdropper, and are useful for protecting future IoT devices.more » « less
-
null (Ed.)Recently, Quach, Wee and Wichs (FOCS 2018) proposed a new powerful cryptographic primitive called laconic function evaluation (LFE). Using an LFE scheme, Alice can compress a large circuit f into a small digest. Bob can encrypt some data x under this digest in a way that enables Alice to recover f(x) without learning anything else about Bob’s data. The laconic property requires that the size of the digest, the run-time of the encryption algorithm and the size of the ciphertext should be much smaller than the circuit-size of f. This new tool is motivated by an interesting application of “Bob-optimized” two-round secure two-party computation (2PC). In such a 2PC, Alice will get the final result thus the workload of Bob will be minimized. In this paper, we consider a “client-optimized” two-round secure multiparty computation, in which multiple clients provide inputs and enable a server to obtain final outputs while protecting privacy of each individual input. More importantly, we would also minimize the cost of each client. For this purpose, we propose multi-input laconic function evaluation (MI-LFE), and give a systematic study of it. It turns out that MI-LFE for general circuit is not easy. Specifically, we first show that the directly generalized version, i.e., the public-key MI-LFE implies virtual black-box obfuscation. Hence the public-key MI-LFE (for general circuits) is infeasible. This forces us to turn to secret key version of MI-LFE, in which encryption now needs to take a secret key. Next we show that secret-key MI-LFE also implies heavy cryptographic primitives including witness encryption for NP language and the indistinguishability obfuscation. On the positive side, we show that the secret-key MI-LFE can be constructed assuming indistinguishability obfuscation and learning with errors assumption. Our theoretical results suggest that we may have to explore relaxed versions of MI-LFE for meaningful new applications of “client-optimized” MPC and others.more » « less
-
Data security plays a crucial role in all areas of data transmission, processing, and storage. This paper considers security in eavesdropping attacks over wireless communication links in aeronautical telemetry systems. Data streams in these systems are often encrypted by traditional encryption algorithms such as the Advanced Encryption Standard (AES). Here, we propose a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system that can be coupled with modern encryption schemes. We consider a wiretap scenario where there are two telemetry links between a test article (TA) and a legitimate receiver, or ground station (GS). We show how these two links can be used to transmit both encrypted and unencrypted data streams while keeping both streams secure. A single eavesdropper is assumed who can tap into both links through its noisy channel. Since our scheme does not require encryption of the unencrypted data stream, the proposed scheme offers the ability to reduce the size of the required secret key while keeping the transmitted data secure.more » « less
