Mosaics of combinatorial designs for information-theoretic security

We study security functions which can serve to establish semantic security for the two central problems of information-theoretic security: the wiretap channel, and privacy amplification for secret key generation. The security functions are functional forms of mosaics of combinatorial designs, more precisely, of group divisible designs and balanced incomplete block designs. Every member of a mosaic is associated with a unique color, and each color corresponds to a unique message or key value. Every block index of the mosaic corresponds to a public seed shared between the two trusted communicating parties. The seed set should be as small as possible. We give explicit examples which have an optimal or nearly optimal trade-off of seed length versus color (i.e., message or key) rate. We also derive bounds for the security performance of security functions given by functional forms of mosaics of designs.

Quantum-safe cryptography: crossroads of coding theory and cryptography

We present an overview of quantum-safe cryptography (QSC) with a focus on post-quantum cryptography (PQC) and information-theoretic security. From a cryptographic point of view, lattice and code-based schemes are among the most promising PQC solutions. Both approaches are based on the hardness of decoding problems of linear codes with different metrics. From an information-theoretic point of view, lattices and linear codes can be constructed to achieve certain secrecy quantities for wiretap channels as is intrinsically classical- and quantum-safe. Historically, coding theory and cryptography are intimately connected since Shannon’s pioneering studies but have somehow diverged later. QSC offers an opportunity to rebuild the synergy of the two areas, hopefully leading to further development beyond the NIST PQC standardization process. In this paper, we provide a survey of lattice and code designs that are believed to be quantum-safe in the area of cryptography or coding theory. The interplay and similarities between the two areas are discussed. We also conclude our understandings and prospects of future research after NIST PQC standardisation.

E - Capacity - Equivocation Region of Wiretap Channel

One of the problems of information - theoretic security concerns secure communication over a wiretap channel. The aim in the general wiretap channel model is to maximize the rate of the reliable communication from the source to the legitimate receiver, while keeping the confidential information as secret as possible from the wiretapper (eavesdropper). We introduce and investigate the E - capacity - equivocation region and the E - secrecy capacity function for the wiretap channel, which are, correspondingly, the generalizations of the capacity - equivocation region and secrecy - capacity studied by Csiszár and Körner (1978). The E - capacity equivocation region is the closure of the set of all achievable rate - reliability and equivocation pairs, where the rate - reliability function represents the optimal dependence of rate on the error probability exponent (reliability). By analogy with the notion of E - capacity, we consider the E - secrecy capacity function that for the given E is the maximum rate at which the message can be transmitted being kept perfectly secret from the wiretapper.

Computing secure key rates for quantum cryptography with untrusted devices

Device-independent quantum key distribution (DIQKD) provides the strongest form of secure key exchange, using only the input–output statistics of the devices to achieve information-theoretic security. Although the basic security principles of DIQKD are now well understood, it remains a technical challenge to derive reliable and robust security bounds for advanced DIQKD protocols that go beyond the previous results based on violations of the CHSH inequality. In this work, we present a framework based on semidefinite programming that gives reliable lower bounds on the asymptotic secret key rate of any QKD protocol using untrusted devices. In particular, our method can in principle be utilized to find achievable secret key rates for any DIQKD protocol, based on the full input–output probability distribution or any choice of Bell inequality. Our method also extends to other DI cryptographic tasks.

The attack strategy for a quantum key distribution protocol based on Bell’s theorem

A new eavesdropping strategy is proposed for the Quantum Key Distribution (QKD) protocol. This scheme represents a new kind of intercept/resend strategy based on Bell’s theorem. Quantum key distribution (QKD) provides the foremost reliable form of secure key exchange, using only the input-output statistics of the devices to realize information-theoretic security. In this paper, we present an improved QKD protocol that can simultaneously distribute the quantum secret key. We are already using the QKD protocol with simulated results matched completely with the theoretical concepts.

Device-independent quantum key distribution with random key basis

Device-independent quantum key distribution (DIQKD) is the art of using untrusted devices to distribute secret keys in an insecure network. It thus represents the ultimate form of cryptography, offering not only information-theoretic security against channel attacks, but also against attacks exploiting implementation loopholes. In recent years, much progress has been made towards realising the first DIQKD experiments, but current proposals are just out of reach of today’s loophole-free Bell experiments. Here, we significantly narrow the gap between the theory and practice of DIQKD with a simple variant of the original protocol based on the celebrated Clauser-Horne-Shimony-Holt (CHSH) Bell inequality. By using two randomly chosen key generating bases instead of one, we show that our protocol significantly improves over the original DIQKD protocol, enabling positive keys in the high noise regime for the first time. We also compute the finite-key security of the protocol for general attacks, showing that approximately 108–1010 measurement rounds are needed to achieve positive rates using state-of-the-art experimental parameters. Our proposed DIQKD protocol thus represents a highly promising path towards the first realisation of DIQKD in practice.

Photonic quantum data locking

Quantum data locking is a quantum phenomenon that allows us to encrypt a long message with a small secret key with information-theoretic security. This is in sharp contrast with classical information theory where, according to Shannon, the secret key needs to be at least as long as the message. Here we explore photonic architectures for quantum data locking, where information is encoded in multi-photon states and processed using multi-mode linear optics and photo-detection, with the goal of extending an initial secret key into a longer one. The secret key consumption depends on the number of modes and photons employed. In the no-collision limit, where the likelihood of photon bunching is suppressed, the key consumption is shown to be logarithmic in the dimensions of the system. Our protocol can be viewed as an application of the physics of Boson Sampling to quantum cryptography. Experimental realisations are challenging but feasible with state-of-the-art technology, as techniques recently used to demonstrate Boson Sampling can be adapted to our scheme (e.g., Phys. Rev. Lett. 123, 250503, 2019).

Secure Polar Coding for the Primitive Relay Wiretap Channel

With the emergence of wireless networks, cooperation for secrecy is recognized as an attractive way to establish secure communications. Departing from cryptographic techniques, secrecy can be provided by exploiting the wireless channel characteristics; that is, some error-correcting codes besides reliability have been shown to achieve information-theoretic security. In this paper, we propose a polar-coding-based technique for the primitive relay wiretap channel and show that this technique is suitable to provide information-theoretic security. Specifically, we integrate at the relay an additional functionality, which allows it to smartly decide whether it will cooperate or not based on the decoding detector result. In the case of cooperation, the relay operates in a decode-and-forward mode and assists the communication by transmitting a complementary message to the destination in order to correctly decode the initial source’s message. Otherwise, the communication is completed with direct transmission from source to the destination. Finally, we first prove that the proposed encoding scheme achieves weak secrecy, then, in order to overcome the obstacle of misaligned bits, we implement a double-chaining construction, which achieves strong secrecy.

Optimizing the decoy-state BB84 QKD protocol parameters

Quantum key distribution (QKD) protocols allow for information theoretically secure distribution of (classical) cryptographic key material. However, due to practical limitations the performance of QKD implementations is somewhat restricted. For this reason, it is crucial to find optimal protocol parameters, while guaranteeing information theoretic security. The performance of a QKD implementation is determined by the tightness of the underlying security analysis. In particular, the security analyses determines the key-rate, i.e., the amount of cryptographic key material that can be distributed per time unit. Nowadays, the security analyses of various QKD protocols are well understood. It is known that optimal protocol parameters, such as the number of decoy states and their intensities, can be found by solving a nonlinear optimization problem. The complexity of this optimization problem is typically handled by making a number of heuristic assumptions. For instance, the number of decoy states is restricted to only one or two, with one of the decoy intensities set to a fixed value, and vacuum states are ignored as they are assumed to contribute only marginally to the secure key-rate. These assumptions simplify the optimization problem and reduce the size of search space significantly. However, they also cause the security analysis to be non-tight, and thereby result in sub-optimal performance. In this work, we follow a more rigorous approach using both linear and nonlinear programs describing the optimization problem. Our approach, focusing on the decoy-state BB84 protocol, allows heuristic assumptions to be omitted, and therefore results in a tighter security analysis with better protocol parameters. We show an improved performance for the decoy-state BB84 QKD protocol, demonstrating that the heuristic assumptions typically made are too restrictive. Moreover, our improved optimization frameworks shows that the complexity of the performance optimization problem can also be handled without making heuristic assumptions, even with limited computational resources available.

On the Exact Analysis of an Idealized Quantum Switch

Protocols that exploit quantum communication technology offer two advantages: they can either extend or render feasible the capabilities of their classical counterparts, or they exhibit functionality entirely unachievable through classical means alone. For an example of the former, quantum key distribution protocols such as E91 [2] and BBM92 [1] can in principle yield information-theoretic security by using entanglement to generate secure key bits. These raw secret key bits can then be distilled into a one-time pad to encode messages sent between two parties. For an example of the latter, distributed quantum sensing frameworks such as [3] and [11] employ entanglement to overcome the standard quantum limit [4].