liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Attacks on quantum key distribution protocols that employ non-ITS authentication
Department of Safety & Security, AIT Austrian Institute of Technology, Austria.
Linköping University, Department of Electrical Engineering, Information Coding. Linköping University, The Institute of Technology.
Department of Safety & Security, AIT Austrian Institute of Technology, Austria.
Department of Safety & Security, AIT Austrian Institute of Technology, Austria.
Show others and affiliations
2016 (English)In: Quantum Information Processing, ISSN 1570-0755, E-ISSN 1573-1332, Vol. 15, no 1, 327-362 p.Article in journal (Refereed) Published
Abstract [en]

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols.

In this paper, we prove that the set of messages that collide with any given message under this authentication code contains with high probability a message that has small Hamming distance to any other given message. Based on this fact we present extended MITM attacks against different versions of BB84 QKD protocols using the addressed authentication code; for three protocols we describe every single action taken by the adversary. For all protocols the adversary can obtain complete knowledge of the key, and for most protocols her success probability in doing so approaches unity.

Since the attacks work against all authentication methods which allow to calculate colliding messages, the underlying building blocks of the presented attacks expose the potential pitfalls arising as a consequence of non-ITS authentication in QKDpostprocessing. We propose countermeasures, increasing the eavesdroppers demand for computational power, and also prove necessary and sufficient conditions for upgrading the discussed authentication code to the ITS level.

Place, publisher, year, edition, pages
Springer Publishing Company, 2016. Vol. 15, no 1, 327-362 p.
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:liu:diva-91260DOI: 10.1007/s11128-015-1160-4ISI: 000372876800020OAI: oai:DiVA.org:liu-91260DiVA: diva2:616697
Projects
ICG QC
Note

Vid tiden för disputation förelåg publikationen som manuskript

Funding agencies: Vienna Science and Technology Fund (WWTF) [ICT10-067]; Austrian Research Promotion Agency (FFG) [Bridge-2364544]

Available from: 2013-04-18 Created: 2013-04-18 Last updated: 2017-12-06Bibliographically approved
In thesis
1. Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions
Open this publication in new window or tab >>Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Quantum Key Distribution (QKD) is a secret key agreement technique that consists of two parts: quantum transmission and measurement on a quantum channel, and classical post-processing on a public communication channel. It enjoys provable unconditional security provided that the public communication channel is immutable. Otherwise, QKD is vulnerable to a man-in-the-middle attack. Immutable public communication channels, however, do not exist in practice. So we need to use authentication that implements the properties of an immutable channel as well as possible. One scheme that serves this purpose well is the Wegman-Carter authentication (WCA), which is built upon Almost Strongly Universal2 (ASU2) hashing. This scheme uses a new key in each authentication attempt to select a hash function from an ASU2 family, which is then used to generate the authentication tag for a message.

The main focus of this dissertation is on authentication in the context of QKD. We study ASU2 hash functions, security of QKD that employs a computationally secure authentication, and also security of authentication with a partially known key. Specifically, we study the following.

First, Universal hash functions and their constructions are reviewed, and as well as a new construction of ASU2 hash functions is presented. Second, security of QKD that employs a specific computationally secure authentication is studied. We present detailed attacks on various practical implementations of QKD that employs this authentication. We also provide countermeasures and prove necessary and sufficient conditions for upgrading the security of the authentication to the level of unconditional security. Third, Universal hash function based multiple authentication is studied. This uses a fixed ASU2 hash function followed by one-time pad encryption, to keep the hash function secret. We show that the one-time pad is necessary in every round for the authentication to be unconditionally secure. Lastly, we study security of the WCA scheme, in the case of a partially known authentication key. Here we prove tight information-theoretic security bounds and also analyse security using witness indistinguishability as used in the Universal Composability framework.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2013. 55 p.
Series
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1517
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-91265 (URN)978-91-7519-625-1 (ISBN)
Public defence
2013-05-17, Visionen, B-huset, Campus Valla, Linköpings universitet, Linköping, 13:15 (English)
Opponent
Supervisors
Projects
ICG QC
Available from: 2013-04-18 Created: 2013-04-18 Last updated: 2016-08-31Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Abidin, AysajanLarsson, Jan-Åke

Search in DiVA

By author/editor
Abidin, AysajanLarsson, Jan-Åke
By organisation
Information CodingThe Institute of Technology
In the same journal
Quantum Information Processing
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 425 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf