The core idea of a cipher is that any message can be transformed into any cipher (of the same length) by a pad, such that all transformations are equally likely. The one-time pad encryption scheme is provably unbreakable if the key is at least the size of the plaintext, the key is truly random, and the key is used only once. The requirement of only one time key usage makes the one-time pad impractical when the amount of date to be securely communicated is huge.
The more practical ciphers are the block ciphers, like Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), Advanced encryption Standard (AES), which operate on a block of message depending on the key size. A given key is reused for multiple message blocks. This makes the cipher prone to various kinds of attacks, like the cloning attack, cryptanalysis attack, chosen cipher-text/plaintext attack etc. The security of these ciphers depends mainly upon the strength of the key (randomness) and the algorithm used for encryption and decryption in terms of confusion and diffusion created.
The first completely secure quantum key distribution algorithm is known as the Bennet and Brassard (BB84) algorithm. A quantum algorithm was developed that can break the widely used Rivest Shamir Adleman (RSA) system, using quantum computers, with remarkable ease. Together the developments showed that a completely secure, efficient, and fast means of delivering confidential information is achievable using the laws of quantum mechanics and quantum computers. Ciphers based on quantum states, therefore, would be more appropriate because of the property that an unknown state cannot be copied. Hence, none of the attacks in classical cryptography would be applicable. In recent times there are many attempts and constructions for quantum ciphers. One such attempt was made using a quantum random number generator and half adder for encryption and transmit with the help of BB84 protocol.
The presently disclosed invention relates generally to ciphers used in cryptography for secure messaging. A quantum version of a cipher used in cryptography where the message to be communicated is encoded into the relative phase of a quantum state using the shared key is disclosed. The encoded quantum information carrying the message is actually sent to the recipient over a quantum channel, assuming the proper secrecy of shared key between peers. Described herein is a technique wherein a quantum version of a cipher is proposed, which utilizes the benefit of superior delivery efficiency provided by modern telecommunication, and snoop-detection capability of the BB84 algorithm. The quantum version exploits the fact that an unknown quantum state cannot be cloned and its relative phase cannot be measured. The message to be sent is encoded into a quantum state by altering the relative phase using a pre-established shared key, via BB84 or any other quantum key distribution protocol. The information transmitted is a quantum superposition state with uniform probability and relative phase distribution.
Other aspects and advantages of the invention will become apparent from the following drawings, detailed description, and claims, all of which illustrate the principles of the invention, by way of example only.
A more complete appreciation of the invention and many attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings. In the drawings, like reference characters generally refer to the same parts throughout the different views. Further, the drawings are not necessarily to scale, with emphasis instead generally being placed upon illustrating the principles of the invention.
The reverse process is also supported. The quantum computing element 110 of core network 108 receives a message and produces a quantum ciphered output based on phase inversion. This output is sent to quantum computing element 104 of base station 102 through coordination server 106 by way of an encrypted tunnel 112. Quantum computing element 104 converts the ciphered message based on phase inversion back to the original message. The presently described technique requires a pre-established shared key between the communicating parties, which can be achieved by the BB84 or similar QKD (Quantum Key Distribution) protocol. It is assumed that QKD is secured enough and it would be hard to know any information about key.
As shown in
The message m to be sent is first passed through a Hadamard transformation element 202 to create an equal superposition state. Next, the phase inversion 204 is applied to invert the key state phase. Finally, the multiple phase inversion transformation 206 (another Oracle) is applied to invert the phases of exactly half of the basis states. The outcome of this is an encrypted quantum state |ψc> with a uniform probability and relative phase distributions. The transmitted quantum state acts as a carrier for the message, analogous to the FM transmission, where the audio wave to be transmitted is encoded in the frequency of a high frequency carrier wave.
The recipient can apply the transformation to |ψc> in reverse, the multiple phase inversion 206 followed by the key phase inversion 204 and finally the Hadamard transformation 202, to retrieve the original message |m>208.
The Hadamard transformation, irrespective of the input, creates an equal superposition state, i.e. a uniform distribution of all possible n-qubit states of the message space, say M, of size
The phase inversion operator, (Λk), acts as an oracle and is defined as Λk=I−2|k><k|
where k is the quantum key state derived from the shared key k and I the identity operator.
The application of this operator on the input state |ψm>, creates a coupling between the input state and the key state.
This marking of the key state accomplishes the encoding. The application of the same operator retrieves the input state |ψm>,
The multiple phase inversion transformation, say Υk,d, performs phase inversion of multiple basis states as follows.
Now say,
where N=2n for n qubits.
and p∈N∪0, here N is set of natural numbers.
The transformation can be defined as
|ψc−Υk,d|ω′c
The distribution of inverted vs. non-inverted phase states (|ψc>, being the complete superposed states) will vary on each unique choice of key state and d. Hence, the guessing of the state distribution is not possible in this construction. It can be easily visualized that phases of half of the basis states will be inverted. ‘d’ can be uniquely defined for a given key and can be arrived at as part of the key exchange process.
The key state phase inversion operator, Λk, when applied to the state |ψm>, resulted in the inversion of the key state |k>. It can be rewritten as follows,
where |ψm-k)=|ψm−✓N|k> is the superposition of all the basis states, except the key state.
The probability of the phase inverted key state
and each of the remaining (N−1) non-inverted states (∀x ∈|x>, k∉x) be
The ratio of the probability of inverted and non-inverted states
is probabilistically indistinguishable in this case.
The adversary can only see the transmitted state as he/she has the power to apply Hadamard transform on the transmitted state. However, since the adversary does not know the shared key state |k>, Λk remains private, applying Hadamard transform cannot return back the original message state |ψm>. The adversary can only guess the construction of Λk in O(√{square root over (N)}) running time.
Alternatively, adversary can set up chosen plaintext attack by apply inversion against mean operator to check if it could leak some information, or can guess any inherent biasness.
The inversion against mean operator is defined as μm=(2|ψm><ψm|−I), where |ψm) is total state. The inner product of key state and total state is given by
The application of μm to the |ψ′c> will result in
Choosing one use case having message having all 0 i.e. |ψ0>=H⊗n(|00 . . . 0>). The equation can then be rewritten as:
To extract out non-inverted phase states, equations can be combined to get
The probability of the phase inverted state is therefore given by
and each of the remaining (N−1) non-inverted states
(∀x∈|x, k∉x)
by
Looking for the same probability ratio yields
which, for large N, will reduce to
It is noticed that there is a biasness of probability distribution between phase inverted state and non-inverted state. The adversary has the freedom to apply μ0 again on the output of first μ0 operation, if doing so, it will be observed from the below result that the encrypted transmitted state would be emerged.
With the repeated use of μ0, would emerge the above alternative pattern. Though, the adversary cannot be able to make out any useful information but it shows a little biasness in probability distribution of the inverted key states over rest of the individual (non-inverted) message states. This violates the Shannon's secrecy clause for encryption.
In order to solve the biasness problem, a user could phase invert M states and M>1. The objective is to show that if
the biasness can be eliminated and we could show the inverted phase states and the rest of the states will be indistinguishable.
Multiple phase inversion is actually a chain of single phase inversion of M times with the corresponding phase inversion states are |k1>, |k2>, . . . |km>, these states remain private between the communicating parties . . . .
similarly goes on up to M states and the final would look like
Without any loss of generality, this can be expressed as
Now, the probability of the M consolidated phase inverted key states is
and (N−M) non-inverted states
And the ratio
Which reduces to
Thus, there is no biasness in probability distribution between M phase inverted states with the rest of the non-inverted states. Since adversary does not know the shared key state |k>, Λk remains private, applying Hadamard transform on the transmitted message will not reveal any information. The adversary, however can chose to apply inversion against mean operator to launch ‘chosen plaintext attack’, taking the similar argumental approach as used during single phase inversion analysis (changing notation of ψm, to ψ0),
Since
to extract inverted and non-inverted phase states, equation 16 can be re-written as:
The probability of consolidated M phase inverted states is the
and for the N−M non-inverted states
The ratio of probabilities is thus
and when
it reduces to
With this construction, it can be shown that again, the relative probability distribution is not altered by no means and hence no biasness.
The above technique is secure against ‘chosen plaintext’ attack. Even if there will be single phase inversion, being phase inversion operator as private, key is safe to use O(√{square root over (N)}) times in a session. The transmitted message is an equal superposition state with some co-relation to the key k. Without the knowledge of the key nothing can be inferred about the message M. To make it completely hardened, approximately half of the total phases of the Hadamard transformed message state should be inverted.
An example of the method for producing a quantum cipher based on phase inversion includes the following steps:
Begin with the BB84 quantum key distribution (QKD) method to establish a shared key k and d between two communicating parties (A and B). Let the key state be |k>.
To each message, m∈M, ‘A’ will apply the Hadamard transform to create an equal superposition state |ψm>.
Apply the operator Λk to |ψm) to mark the key state.
Ψ′c=Λk|ψm>=|m>2|k>
Apply the multiple phase inversion operator Υk,d to invert phases of multiple basis states.
|ψc>=Υk,d|ψ′c>
Send the resulting encrypted quantum state |ψc> to ‘B’ using a quantum channel.
‘B’ will perform the reverse operation to retrieve the message m from |ψc).
Some applications of the proposed cipher construction are as follow. Anyone can utilize this algorithm to encode and send his/her signature (public identity) as the message. The intended peer can decode the signature and verify against the known one. Any tampering of the message would result in a different signature, i.e. only an entity with the share key in possession can generate the encoded signature. For authenticated encrypted message however, total message length will be 2n with one part of n bearing the identity for signature verification.
This can be used during quantum teleportation. ‘Alice’ no longer needs to use phone or email to communicate ‘Bob’ her state of operation. Instead, she can send the cipher to Bob and Bob can ‘decrypt’ to get the message what Alice had performed and act accordingly to get the teleported message. Thus, all classical entities involved in quantum teleportation can be eradicated.
This can be used to refresh the shared key established by the BB84 QKD. The newly generated random key |k1> can be communicated to the peer as a message in the cipher construction using the existing key |k>. Afterwards, |k1> will be the new key and will be used for next set of message encryption and decryption. In the whole process, BB84 QKD protocol is used only once.
The proposed quantum cipher is proved mathematically secured against known attacks (more relevant in the current context ‘chosen plaintext attack’) and can be versatile in application. The requirement of a well secure cipher, namely diffusion and confusion, is satisfied by the Hadamard and multiple phase inversion transformations respectively. The same idea can be extended and similar approach can be used for multi-party (multi peers) communication securely.
Although the methods above are described as separate embodiments, one of skill in the art would understand that it would be possible and desirable to combine several of the above methods into a single embodiment, or to combine disparate methods into a single embodiment. For example, all of the above methods could be combined. In the scenarios where multiple embodiments are described, the methods could be combined in sequential order, or in various orders as necessary.
In some embodiments, the software needed for implementing the methods and procedures described herein may be implemented in a high level procedural or an object-oriented language such as C, C++, C#, Python, Java, or Perl. The software may also be implemented in assembly language if desired. Packet processing implemented in a network device can include any processing determined by the context. For example, packet processing may involve high-level data link control (HDLC) framing, header compression, and/or encryption. In some embodiments, software that, when executed, causes a device to perform the methods described herein may be stored on a computer-readable medium such as read-only memory (ROM), programmable-read-only memory (PROM), electrically erasable programmable-read-only memory (EEPROM), flash memory, or a magnetic disk that is readable by a general or special purpose-processing unit to perform the processes described in this document. The processors can include any microprocessor (single or multiple core), system on chip (SoC), microcontroller, digital signal processor (DSP), graphics processing unit (GPU), or any other integrated circuit capable of processing instructions such as an x86 microprocessor.
The foregoing discussion discloses and describes merely exemplary embodiments of the present invention. In some embodiments, software that, when executed, causes a device to perform the methods described herein may be stored on a computer-readable medium such as a computer memory storage device, a hard disk, a flash drive, an optical disc, or the like. As will be understood by those skilled in the art, the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. For example, wireless network topology can also apply to wired networks, optical networks, and the like. Various components in the devices described herein may be added, removed, split across different devices, combined onto a single device, or substituted with those having the same or similar functionality.
Although the present disclosure has been described and illustrated in the foregoing example embodiments, it is understood that the present disclosure has been made only by way of example, and that numerous changes in the details of implementation of the disclosure may be made without departing from the spirit and scope of the disclosure, which is limited only by the claims which follow. Various components in the devices described herein may be added, removed, or substituted with those having the same or similar functionality. Various steps as described in the figures and specification may be added or removed from the processes described herein, and the steps described may be performed in an alternative order, consistent with the spirit of the invention. Features of one embodiment may be used in another embodiment. Other embodiments are within the following claims.
This application claims priority under 35 U.S.C. § 119(e) to U.S. Provisional Pat. App. No. 62/812,359, filed Mar. 1, 2019, titled “Quantum Cipher Based on Phase Inversion” which is hereby incorporated by reference in its entirety for all purposes. The present application hereby incorporates by reference U.S. Pat. App. Pub. Nos. US20110044285, US20140241316; WO Pat. App. Pub. No. WO2013145592A1; EP Pat. App. Pub. No. EP2773151A1; U.S. Pat. No. 8,879,416, “Heterogeneous Mesh Network and Multi-RAT Node Used Therein,” filed May 8, 2013; U.S. Pat. No. 8,867,418, “Methods of Incorporating an Ad Hoc Cellular Network Into a Fixed Cellular Network,” filed Feb. 18, 2014; U.S. patent application Ser. No. 14/777,246, “Methods of Enabling Base Station Functionality in a User Equipment,” filed Sep. 15, 2016; U.S. patent application Ser. No. 14/289,821, “Method of Connecting Security Gateway to Mesh Network,” filed May 29, 2014; U.S. patent application Ser. No. 14/642,544, “Federated X2 Gateway,” filed Mar. 9, 2015; U.S. patent application Ser. No. 14/711,293, “Multi-Egress Backhaul,” filed May 13, 2015; U.S. Pat. App. No. 62/375,341, “S2 Proxy for Multi-Architecture Virtualization,” filed Aug. 15, 2016; U.S. patent application Ser. No. 15/132,229, “MaxMesh: Mesh Backhaul Routing,” filed Apr. 18, 2016, each in its entirety for all purposes, having attorney docket numbers PWS-71700US01, 71710US01, 71717US01, 71721US01, 71756US01, 71762US01, 71819US00, and 71820US01, respectively. This application also hereby incorporates by reference in their entirety each of the following U.S. Pat. applications or Pat. App. Publications: US20150098387A1 (PWS-71731US01); US20170055186A1 (PWS-71815US01); US20170273134A1 (PWS-71850US01); US20170272330A1 (PWS-71850US02); and Ser. No. 15/713,584 (PWS-71850US03). This application also hereby incorporates by reference in their entirety U.S. patent application Ser. No. 16/424,479, “5G Interoperability Architecture,” filed May 28, 2019; and U.S. Provisional Pat. Application No. 62/804,209, “5G Native Architecture,” filed Feb. 11, 2019.
Number | Date | Country | |
---|---|---|---|
62812359 | Mar 2019 | US |