Quantum key distribution with several intercepts and resend attacks with partially non-orthogonal basis states

Optik 125 (2014) 624–627

Contents lists available at ScienceDirect

Optik journal homepage: www.elsevier.de/ijleo

Quantum key distribution with several intercepts and resend attacks with partially non-orthogonal basis states Mustapha Dehmani, Hamid Ez-Zahraouy ∗ , Abdelilah Benyoussef Laboratoire de Magnétisme et de Physique des Hautes Energies, Faculté des Sciences, Université Mohammed V-Agdal, Rabat, Morocco

a r t i c l e

i n f o

Article history: Received 10 February 2013 Accepted 22 June 2013

Keywords: Quantum cryptography Intercepts and resend attacks Non-orthogonal basis states Information Security

a b s t r a c t The effect of partially non-orthogonal basis states for several intercept and resend attacks of the Bennett–Brassard cryptographic protocol has been studied. The quantum error and the mutual information are computed for arbitrary angles  of the non-orthogonal basis states. It is found that the secure information depend strongly on the angle , the probability of intercepts and resend attack and the number of eavesdropper. Besides, it is found that for any eavesdroppers number N ≥ 2, the protocol is more secured for (/2) <  < (3/2), while for N = 1, the protocol is more secured for  = /2 or 3/2 which correspond to the totally orthogonal basis states. © 2013 Elsevier GmbH. All rights reserved.

1. Introduction In practice, all the protocols of quantum cryptography using photon as carriers of information, because they are relatively easy to produce, easy to handle and travel (very) quickly in optical fibers, while suffering little attenuation. There are as many protocols as properties on which encode information: polarization, amplitude, phase, frequency and time. Historically, the first protocol to be implemented is called BB84 [1]. The information is encoded in the polarization of single photons, choosing two non-independent polarization bases for safety. This protocol has undergone several variants [2,3], and has been implemented many times. E91, another protocol [4], designed by Artur Ekert, uses entangled states EPR polarization-encoded and was developed independently of BB84. Both protocols are generally considered the founding protocols of quantum cryptography. Other protocols use highly attenuated laser states, while performing a discrete measure (detectors or photon counters). Examples include protocols DPS (differential phase shift) [5], where the information is encoded in the successive phases of the pulses, but also the protocols to frequency coding [6–8], and protocols to temporal coding [9,10]. The quantum key distribution with several intercepts and resend attacks [11] and cloning attack [12] with orthogonal bases is studied in previous work. Also the channel effect on the quantum key distribution with several intercept and resend attacks is studied [13].

∗ Corresponding author. E-mail address: [email protected] (H. Ez-Zahraouy). 0030-4026/$ – see front matter © 2013 Elsevier GmbH. All rights reserved. http://dx.doi.org/10.1016/j.ijleo.2013.06.099

Moreover, for the SARG04 key-distribution protocol, an optimal attack of eavesdropper on the transmitted key is explicitly constructed for arbitrary angles between the basis states [14], and quantum key distribution in a single photon regime with nonorthogonal basis states is recently presented by Kronberg and Molotkov [15] where an explicit optimal attack on the distributed key has been constructed. Our aim in this paper is to study both effects partially nonorthogonal basis states and the multiple sequential intercept and resend attacks on the security of the BB84 quantum key distribution protocol. The paper is organized as follows. The protocol is detailed in Section 2. Section 3 is devoted to the results and discussion, while Section 4 is reserved for the conclusion. 2. The protocol 2.1. The model We consider a set of two bases states a and b:

⎛ |0a  = ⎝

cos

sin

⎞ 2

 2

⎛√ ⎞

2 2 |1b  = ⎝ √ 2 2

⎠

⎠,

⎛ |1a  = ⎝

cos

 ⎞

− sin

2

 2

⎠

⎛

√

2 2 and |0b  = ⎝ √ 2 − 2

⎞ ⎠,

(1)

M. Dehmani et al. / Optik 125 (2014) 624–627

|0a  = cos = cos

 2

 2

|0 + sin |0 − sin

2

 2

|1,

|1a 

|1

√ |0b  =

√ 2 2 |0 − |1, 2 2



(2)

√ |1b  =

√ 2 2 |0 + |1 2 2

(3)

In all the following we consider that those involved in communication operate using the bases {|0a  , |1a } and {|0b  , |1b }. It is clear that 0a |1a  = cos and 0b |1b  =0. Alice sends a sequence of photons to Bob while choosing randomly to send 1 or 0 by using one of the bases from a set of the bases {|0a  , |1a } and {|0b  , |1b }. Bob measures each photon by selecting random between two polarization analyzers. Between them are several eavesdroppers, which intercept some photons with probabilities ωi , measure the polarization by choosing randomly an arbitrary base which one is characterized by i . At the photons place which they do not measure, they put randomly 0 or 1 in their chains of bits. Then, Alice and Bob exchange in a traditional way the bases which they used; they remove in their chain of bits those exchanged in different bases. For studying the security of information exchanged between two honest parties Alice and Bob, we introduce the notion of mutual information and in this way we calculate the mutual information between Alice and Bob and the mutual information between Alice and every eavesdropper.

The direct reconciliation information between Alice and Bob is governed by the mutual information I(A, B) given by: I(A, B) = 1 + PAB (0/0)Log2 (PAB (0/0)) + PAB (1/0)Log2 (PAB (1/0)) (4) PAB (xB /xA ) is the conditional probability that Bob receives a photon polarized (xB = 0;1) with respect that Alice sends a photon polarized (xA = 0;1) This probability is given by: n

2n−k + 1

×

k 

2

(1 − ωij sin (ij ))

n 

2

ωil sin (il )

(5)

+ PAEm (1/0)Log2 (PAEm (1/0))

(7)

where, PAEm (xEm /xA ) is the conditional probability that the eavesdropper copies a photon polarized (xEm = 0; 1) using an arbitrary bases characterized by m with respect that Alice sends a photon polarized (xA = 0;1)

k=0

(10)

i=1,m

The error rate

or the error probability Perr is given by [13,16,17]: (11)Perr =

|PAB (xA , xB )|ωi =0 − PAB (xA , xB )|ωi =/ 0 |

xA ,xB

The secret information Is is an important parameter to study security of a quantum cryptography protocol and it is given by:

1 − (ωm /2)(1 + cos(m )) + 2

k 

i1 ,...,ik =1,m−1 j=1

(12)

The quantum error Qerr is the value of the error probability Perr for which I(A, B) = I(A, E). However, for Perr < Qerr , I(A, E) < I(A, B), while for Perr < Qerr , I(A, E) > I(A, B). In the particular case, where the eavesdropper communicate between them and try to intercept the same photon with identical probability and using an identical base (ωi = ω and i = , for i = 1, . . ., N), Eqs. (5) and (8) become, respectively



N 



1 ω PAB (0/0) = 1 + 1 − sin2 () 2 2



(13)



m−1 

1 ω ω PAEm (0/0) = 1 + (1 + cos()) 1 − (1 + cos()) 2 2 2

(14)

Perr =

1 2





1− 1−

N

ω sin2 () 2

(15)

3. Results and discussion

I(A, Em ) = 1 + PAEm (0/0)Log2 (PAEm (0/0))

2m−k+1

I(A, E) = Max [I(A, Ei )]

(6)

While the mutual information I(A, Em ) between Alice and the mth eavesdropper Em is written as:



In the case of many eavesdroppers the lost information between Alice and Bob corresponds to the maximum information copied by the entire eavesdroppers:

l=k+1

PAB (0/1) = PAB (1/0) = 1 − PAB (0/0)

m−1

2m−k + 1

(9)

And the error probability is given by:

i1 ,...,ik =1,n j=1

PAEm (0/0) = PAEm (1/1) =

PAEm (0/1) = PAEm (1/0) = 1 − PAEm (0/0)

2n−k+1

k=0



Fig. 1. Phase diagram in the space (, ω) showing the transition between secured and unsecured information.

Is = I(A, B) − I(A, E)

2.2. The mutual information

PAB (0/0) = PAB (1/1) =

625



1 − ωij

1 + cos(ij ) 2

 m

ωil

l=k+1

In this section we will start with the effect of one eavesdropper and we will examine the mutual information between Alice and Bob I(A,B) and the loosed information I(A,E). It should be noted that the totally orthogonal basis states corresponds to  = /2 or 3/2. The phase diagram (, ω) presented in Fig. 1 shows the transition line between secured and unsecured area in the presence of one eavesdropper. It is clear that the secure area depends strongly on the basis states angle  and the attack probability ω and if (/2) <  < (3/2) the information exchanged between Alice and Bob is secured (i.e. I(A, B) > I(A, E)) independently of the attack probability ω.

1 + cos(il ) 2

(8)

626

M. Dehmani et al. / Optik 125 (2014) 624–627

Fig. 2. The behavior of IS = I(A, B) − I(A, E) as a function of  for different values of ω. Fig. 5. The behavior of the quantum error as a function of  for different number of eavesdropper in the case where i =  and ωi = ω.

Table 1 Maximal quantum for different eavesdropper’s number as a function of basis states type. Eavesdropper number

Maximal Qerr for orthogonal basis states    = (/2) + k k ∈ 0, 1

Maximal Qerr for partially states non-orthogonal basis 

N=1 N=2 N = 10 N = 100

0.25 0.309 0.417 0.475

0.25 0.34 0.444 0.488

/ (/2) + k =

k∈

0, 1

Fig. 3. The behavior of the quantum error as a function of .

Also if ω < 0.89 the information exchanged between Alice and Bob is secured independently of base angle . The behavior of the secret information Is as a function of the angle  is given in Fig. 2 for several values of the attack probability ω. It is clear that Is reaches a maximum value (Is = 1) for ω = 0 and  = . Furthermore, the information is secured (Is > 0) for any attack probability ω < 0.89 independently of the value of the angle . The shape of the quantum error as a function of the basis states angle  is plotted in Fig. 3, indeed the most important result deduced from this figure is that for  = 0 to  = /2 the quantum error increase by increasing  and for  = 3/2 to  = 2 the quantum error decrease by increasing . We notice that the quantum error is maximal Qerr = 0.25 for  = /2 and  = 3/2 (orthogonal basis states). However the  quantum  error is not defined for 3 (/2) <  < (3/2) because ∀ ∈ I(A, B) > I(A, E) , 2 2 In the presence of many eavesdroppers we try to discuss the particular case in which we assume that eavesdroppers collaborate between them, in the sense to have, for example, identical basis states and identical probabilities of intercepting attacks (i = , ␻i = ␻, i = 1, . . ., N), it is found, on the one hand, that the secured area (i.e. the region where I(A, E) < I(A, B)) in phase diagram illustrated in Fig. 4, decrease by increasing the eavesdropper number

Table 2 Maximal quantum error and his ∗i=1,2 corresponding for different eavesdropper’s number.

∗1 ∗2 Qerr

N=1

N=2

N = 10

N = 100

0.5 1.5 0.25

0.617 1.383 0.34

0.783 1.217 0.444

0.911 1.089 0.488

and on the other hand Fig. 5 shows that the maximum values of the quantum error increase from Qerr = 0.25 for N = 1 at    = + k k ∈ 0, 1 to Qerr = 0.488 for N = 100. Also for N ≥ 0, 2 the quantum error with partially non-orthogonal basis states, if the case of  orthogonal (/2) <  < (3/2), is greater   than in 3 basis  states . This << i.e. ∀N≥2, Qerr > Qerr  = 2 2 2 clearly demonstrates that the QKD with partially non-orthogonal basis states ensures more security if (/2) <  < (3/2) compared to the orthogonal basis states. The results are summarized in Table 1. Moreover for any eavesdropper number N there exist two angles ∗1 (N, ω) and ∗2 (N, ω) = 2 − ∗1 (N, ω) such that the information is maximally secured for ∗1 (N, ω) ≤  ≤ ∗2 (N, ω), and it is shown that by increasing the eavesdropper number N, ∗1 increases and ∗2 decreases (i.e. lim (∗1 − ∗2 ) = 0). The results are summarized in N→+∞

Table 2. 4. Conclusion

Fig. 4. Phase diagram in the (, ω) plane for different eavesdroppers values numbers and showing the secured-unsecured transition.

We have studied the effects of the partially non-orthogonal basis states and sequential intercept and resend attacks on the mutual information between honest parties and the quantum error. We have shown that a transition between secured and unsecured information occurs, depending on the basis states angle , the attack probabilities ω, and the eavesdropper number N. Also for any eavesdropper number N ≥ 2, it is proved that the QKD with the partially non-orthogonal basis states ensures more security for (/2) <  < (3/2) compared to QKD with orthogonal basis states, in

M. Dehmani et al. / Optik 125 (2014) 624–627

the case where all eavesdroppers have the same basis states angle  and identical attack probabilities ω. References [1] C.H. Bennett, G. Brassard, Quantum cryptography: public key distribution and coin tossing, in: Proceedings of the IEEE International Conference on Computers Systems and Signal Processing, Bangalore, India, 1984, p. 175. [2] C.H. Bennett, Quantum cryptography using any two nonorthogonal states, Phys. Rev. Lett. 68 (1992) 3121–3124. [3] D. Bruss, Optimal eavesdropping in quantum cryptography with six states, Phys. Rev. Lett. 81 (1998) 3018–3021. [4] A.K. Ekert, Quantum cryptography based on Bell’s theorem, Phys. Rev. Lett. 67 (1991) 661–663. [5] K. Inoue, E. Waks, Y. Yamamoto, Differential phase shift quantum key distribution, Phys. Rev. Lett. 89 (2002) 037902. [6] P.C. Sun, Y. Mazurenko, Y. Fainman, Long-distance frequency-division interferometer for communication and quantum cryptography, Opt. Lett. 20 (1995) 1062–1063. [7] Y.T. Mazurenko, R. Giust, J.P. Goedgebuer, pectral coding for secure optical communications using refractive index dispersion, Opt. Commun. 133 (1997) 87–92.

627

[8] J.-M. Mérolla, Y. Mazurenko, J.-P. Goedgebuer, W.T. Rhodes, Single photon interference in sidebands of phase-modulated light for quantum cryptography, Phys. Rev. Lett. 82 (1999) 1656–1659. [9] T. Debuisschert, W. Boucher, Time coding protocols for quantum key distribution, Phys. Rev. A 70 (2004) 042306. [10] D. Stucki, N. Brunner, N. Gisin, V. Scarani, H. Zbinden, Fast and simple one-way quantum key distribution, Appl. Phys. Lett. 87 (2005) 194108. [11] H. Ez-Zahraouy, A. Benyoussef, Quantum key distribution with several intercepts and resend attacks, Int. J. Mod. Phys. B 23 (2009) 4755. [12] M. Dehmani, H. Ez-Zahraouy, A. Benyoussef, Quantum cryptography with several cloning attacks, J. Comput. Sci. 6 (2010) 684–688. [13] M. Dehmani, M. Errahmani, H. Ez-Zahraouy, A. Benyoussef, Quantum key distribution with several intercept–resend attacks via a depolarizing channel, Phys. Scr. 86 (2012) 015803. [14] D.A. Kronberg, S.N. Molotkov, Robustness of quantum cryptography: SARG04 key-distribution protocol, Laser Phys. 19 (4) (2009) 884–893. [15] D.A. Kronberg, S.N. Molotkov, Quantum key distribution in a single-photon regime with nonorthogonal basis states, JETP Lett. 89 (7) (2009) 370–376. [16] M. Daoud, H. Ez-Zahraouy, Three-dimensional quantum key distribution in the presence of several eavesdroppers, Phys. Scr. 84 (2011) 045018. [17] S. Agnolini, Contribution à l’étude et à la réalisation d’un système de distribution quantique de clef par codage en phase, Université Pierre et Marie Curie, Paris, 2007 (PhD thesis).