Unconditional security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Tamaki, Kiyoshi; Lütkenhaus, Norbert

doi:10.1103/physreva.69.032316

Cited by 74 publications

(63 citation statements)

References 18 publications

(29 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nevertheless, it is possible to achieve unconditional secure key distribution over lossy channels by adapting the overlap of the input signal states. This protocol has been analyzed for lossless channels (Tamaki et al [2003b]) and for lossy channels (Tamaki and Lütkenhaus [2004]). There is no explicit closed formula for the key rate, for a detailed discussion see the original publications.…”

Section: Bennett 92 Protocol With Single Photonsmentioning

confidence: 99%

Quantum cryptography

2006

Self Cite

View full text Add to dashboard Cite

Section: Bennett 92 Protocol With Single Photonsmentioning

confidence: 99%

Quantum cryptography

2006

Self Cite

View full text Add to dashboard Cite

“…As long as the law of quantum mechanics is valid, an eavesdropper, Eve, cannot force Alice and Bob to accept a key on which she has a nonnegligible amount of information. A proof of such unconditional security was first provided by Mayers [1] for the BB84 protocol [2], followed by other proofs [3,4,5,6,7,8]. While a perfect single-photon source is assumed in the earlier proofs, recent proofs [5,6] cover the use of a weak laser pulse in a coherent state as a substitute for a single photon.…”

mentioning

confidence: 99%

“…With the above decomposition of Bob's measurement, we can prove the unconditional security by a method similar to the cases of qubit-based B92 protocols [7,8]. We introduce a protocol based on entanglement distillation [12], which is later shown to be equivalent to the real protocol.…”

mentioning

confidence: 99%

Unconditional Security of Coherent-State Quantum Key Distribution with a Strong Phase-Reference Pulse

2004

View full text Add to dashboard Cite

We prove the unconditional security of a quantum key distribution protocol in which bit values are encoded in the phase of a weak coherent-state pulse relative to a strong reference pulse. In contrast to implementations in which a weak pulse is used as a substitute for a single-photon source, the achievable key rate is found to decrease only linearly with the transmission of the channel.PACS numbers: 03.67.Dd 03.67.-a Quantum key distribution provides a way to distribute a secret key between two distant parties, Alice and Bob, even if the quantum channel between them suffers from small noises. As long as the law of quantum mechanics is valid, an eavesdropper, Eve, cannot force Alice and Bob to accept a key on which she has a nonnegligible amount of information. A proof of such unconditional security was first provided by Mayers [1] for the BB84 protocol [2], followed by other proofs [3,4,5,6,7,8]. While a perfect single-photon source is assumed in the earlier proofs, recent proofs [5,6] cover the use of a weak laser pulse in a coherent state as a substitute for a single photon. This is good news in the practical point of view, but comes with a price: the multiphoton components of the weak pulse allow Eve a so-called photon-number splitting attack [9,10]. In order to achieve the security under this attack, Alice must lower the amplitude of her weak pulse as the loss in the channel increases. As a result, there is a bound [10] on the achievable key rate which scales as O(η 2 ) with channel transmission η.

show abstract

“…More recently, unconditional security proofs based on the Shor-Preskill idea have been put forward for other protocols, e.g the six-state protocol [35], the Bennett two-state protocol in a qubit channel without [56] and with loss [58], the Bennett two-state protocol in the strong-phase reference version [33,59], and a recent protocol with spherical codes [9].…”

Section: Security Proofs and Their Application To Current Experimentsmentioning

confidence: 99%

Secret keys from quantum correlations

Lütkenhaus

2006

Informatik Forsch. Entw.

View full text Add to dashboard Cite

Quantum mechanics allows to create informationtheoretical secure key based only on observed data. We review the current status of the resulting field quantum key distribution. What does QKD achieve?It is the goal of quantum key distribution (QKD) to generate secret keys simultaneously for two distant parties, traditionally called Alice and Bob. The power of this procedure lies in the fact that the security of the resulting key can be proven explicitly. This proof can be made without assumptions about the power of an eavesdropper, called Eve, who is acting on the signals that are exchanged between the two parties. This is usually referred to as unconditional security, though some natural and unavoidable assumptions are being made: the eavesdropper cannot attack the sending and receiving devices themselves. For example, we assume that the eavesdropper cannot intrude into the devices to read off the physical setting of elements. In any physical realization it needs to be shown that these natural assumptions hold.The process of quantum key distribution utilizes a quantum and a classical channel connecting two parties. It is necessary to authenticate the communication on the public channel to avoid so-called man-in-the-middle attacks in which an eavesdropper impersonates the legitimate partner both in the quantum as in the classical channel. The authentication can be done unconditionally secure, for example by N. Lütkenhaus (u) the method of Wegman and Carter [64] which uses a short secret key to authenticate large messages. The overhead of the required secret key shows double logarithmic dependence on the length of messages. Nevertheless, the fact that both parties need to share initially some secret key turns the process of key distribution into a process that is more correctly termed "quantum key growing" or "quantum key expansion", though we will stick to the more familiar name quantum key distribution. It should be pointed out that key expansion with provable security of the resulting key is impossible within the framework of classical communication.Once the process of QKD is started, the key expansion can operate continuously. In each round it provides fresh key to the participants while authenticating the classical communication with part of the secret key from the previous round of key expansion. Note that for this purpose it is necessary that authentication and quantum key distribution are composable, which has been investigated and proven recently [3]. One can think about other methods to start the key distribution process rather than the Wegman and Carter methods with initially shared secret keys. The security of the alternative method can be based on assumptions about current technology. Indeed, once the initial message exchange is authenticated and the generated key has been accepted, then it is too late for an eavesdropper to break the initial authentication method. Therefore, one could imagine using complexity based authentication methods that are secure against technology available at the time when t...

show abstract

Unconditional security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Cited by 74 publications

References 18 publications

Quantum cryptography

Quantum cryptography

Unconditional Security of Coherent-State Quantum Key Distribution with a Strong Phase-Reference Pulse

Secret keys from quantum correlations

Contact Info

Product

Resources

About