## Defense Frontier Analysis of Quantum Cryptographic Systems

Applied Optics, Vol. 37, Issue 14, pp. 2869-2878 (1998)

http://dx.doi.org/10.1364/AO.37.002869

Acrobat PDF (261 KB)

### Abstract

When a quantum cryptographic system operates in the presence of background noise, security of the key can be recovered by a procedure called key distillation. A key-distillation scheme effective against so-called individual (bitwise-independent) eavesdropping attacks involves sacrifice of some of the data through privacy amplification. We derive the amount of data sacrifice sufficient to defend against individual eavesdropping attacks in both BB84 and B92 protocols and show in what sense the communication becomes secure as a result. We also compare the secrecy capacity of various quantum cryptosystems, taking into account data sacrifice during key distillation, and conclude that the BB84 protocol may offer better performance characteristics than the B92.

© 1998 Optical Society of America

**OCIS Codes**

(060.4510) Fiber optics and optical communications : Optical communications

(270.0270) Quantum optics : Quantum optics

**Citation**

Boris Slutsky, Ramesh Rao, Pan-Cheng Sun, Ljubiša Tancevski, and Shaya Fainman, "Defense Frontier Analysis of Quantum Cryptographic Systems," Appl. Opt. **37**, 2869-2878 (1998)

http://www.opticsinfobase.org/ao/abstract.cfm?URI=ao-37-14-2869

Sort: Year | Journal | Reset

### References

- C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, New York, 1984), pp. 175–179.
- A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
- C. H. Bennett, G. Brassard, and N. D. Mermin, “Quantum cryptography without Bell’s theorem,” Phys. Rev. Lett. 68, 557–559 (1992).
- C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, “Experimental quantum cryptography,” J. Cryptol. 5, 3–28 (1992).
- C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett. 68, 3121–3124 (1992).
- B. Slutsky, P. C. Sun, Y. Mazurenko, R. Rao, and Y. Fainaman, “Effect of channel imperfection on the secrecy capacity of a quantum cryptographic system,” J. Mod. Opt. 44, 953–961 (1997).
- E. Biham and T. Mor, “Security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 78, 2256–2259 (1997).
- E. Biham and T. Mor, “Bounds on information and the security of quantum cryptography,” Phys. Rev. Lett 79, 4034–4037 (1997).
- D. Mayers, “Quantum key distribution and string oblivious transfer in noisy channels,” in Advances in Cryptology, CRYPTO’96, N. Kobitz, ed., Vol. 1109 of Springer Lecture Notes in Computer Science Series (Springer, New York, 1996), pp. 343–357.
- Inconclusive bits are those whose value is not revealed with certainty by Bob’s measurement, for example, those measured in the wrong BB84 basis by Bob.1 Inconclusive bits are an integral feature of quantum cryptographic protocols, even in the absence of channel and detector imperfections.
- C. H. Bennett, G. Brassard, C. Crepeau, and U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41, 1915–1923 (1995).
- B. Huttner, N. Imoto, N. Gisin, and T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A 51, 1863–1869 (1995).
- H. Yuen, “Quantum amplifiers, quantum duplicators, and quantum cryptography,” Quantum Semiclass. Opt. 8, 939–949 (1996).
- This condition is unavoidable because a perfect single-photon state is fundamentally impossible to prepare (although a good approximation can be produced with phenomena such as parametric downconversion).
- Strictly speaking, the total number of multiphoton bit cells is a Gaussian random variable, and only its average and variance are determined. Still, based on these parameters, it can be bounded from above with any desired confidence level.
- C. Cachin and U. M. Maurer, “Linking information reconciliation and privacy amplification,” J. Cryptol. 10, 97–110 (1997).
- C. A. Fuchs and A. Peres, “Quantum-state disturbance versus information gain: uncertainty relations for quantum information,” Phys. Rev. A 53, 2038–2045 (1996).
- C. A. Fuchs, N. Gisin, R. B. Griffiths, C.-S. Niu, and A. Peres, “Optimal eavesdropping in quantum cryptography. I. Information bound and optimal strategy,” Phys. Rev. A 56, 1163–1172 (1997).
- B. Slutsky, R. Rao, P.-C. Sun, and Y. Fainman, “Security of quantum cryptography against individual attacks,” Phys. Rev. A (to be published).
- A. K. Ekert, B. Huttner, G. M. Palma, and A. Peres, “Eavesdropping on quantum cryptographical systems,” Phys. Rev. A 50, 1047–1056 (1994).
- Eve cannot use group information such as block checksums, revealed later in the protocol, because, by assumption, she must attack each bit independently of other bits.
- The B92 curves in Fig. 5 are qualitatively similar to those in Fig. 4 of Ref. 20, although the latter are computed based on a suboptimal family of eavesdropping strategies and with Shannon rather than Renyi entropy.
- Because individual bits are transmitted and received independently of one another, errors are distributed uniformly throughout raw data, regardless of the quantum cryptosystem used.

## Cited By |
Alert me when this paper is cited |

OSA is able to provide readers links to articles that cite this paper by participating in CrossRef's Cited-By Linking service. CrossRef includes content from more than 3000 publishers and societies. In addition to listing OSA journal articles that cite this paper, citing articles from other participating publishers will also be listed.

« Previous Article | Next Article »

OSA is a member of CrossRef.