Sifting attacks in finite-size quantum key distribution
A central assumption in quantum key distribution (QKD) is that Eve has no knowledge about which rounds will be used for parameter estimation or key distillation. Here we show that this assumption is violated for iterative sifting , a sifting procedure that has been employed in some (but not all) of...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IOP Publishing
2016-01-01
|
Series: | New Journal of Physics |
Subjects: | |
Online Access: | https://doi.org/10.1088/1367-2630/18/5/053001 |
_version_ | 1797750943956074496 |
---|---|
author | Corsin Pfister Norbert Lütkenhaus Stephanie Wehner Patrick J Coles |
author_facet | Corsin Pfister Norbert Lütkenhaus Stephanie Wehner Patrick J Coles |
author_sort | Corsin Pfister |
collection | DOAJ |
description | A central assumption in quantum key distribution (QKD) is that Eve has no knowledge about which rounds will be used for parameter estimation or key distillation. Here we show that this assumption is violated for iterative sifting , a sifting procedure that has been employed in some (but not all) of the recently suggested QKD protocols in order to increase their efficiency. We show that iterative sifting leads to two security issues: (1) some rounds are more likely to be key rounds than others, (2) the public communication of past measurement choices changes this bias round by round. We analyze these two previously unnoticed problems, present eavesdropping strategies that exploit them, and find that the two problems are independent. We discuss some sifting protocols in the literature that are immune to these problems. While some of these would be inefficient replacements for iterative sifting, we find that the sifting subroutine of an asymptotically secure protocol suggested by Lo et al (2005 J. Cryptol. http://dx.doi.org/10.1007/s00145-004-0142-y 18 http://dx.doi.org/10.1007/s00145-004-0142-y ), which we call LCA sifting, has an efficiency on par with that of iterative sifting. One of our main results is to show that LCA sifting can be adapted to achieve secure sifting in the finite -key regime. More precisely, we combine LCA sifting with a certain parameter estimation protocol, and we prove the finite-key security of this combination. Hence we propose that LCA sifting should replace iterative sifting in future QKD implementations. More generally, we present two formal criteria for a sifting protocol that guarantee its finite-key security. Our criteria may guide the design of future protocols and inspire a more rigorous QKD analysis, which has neglected sifting-related attacks so far. |
first_indexed | 2024-03-12T16:40:08Z |
format | Article |
id | doaj.art-114d5cc8a732466794b89f408ddf88b9 |
institution | Directory Open Access Journal |
issn | 1367-2630 |
language | English |
last_indexed | 2024-03-12T16:40:08Z |
publishDate | 2016-01-01 |
publisher | IOP Publishing |
record_format | Article |
series | New Journal of Physics |
spelling | doaj.art-114d5cc8a732466794b89f408ddf88b92023-08-08T14:31:19ZengIOP PublishingNew Journal of Physics1367-26302016-01-0118505300110.1088/1367-2630/18/5/053001Sifting attacks in finite-size quantum key distributionCorsin Pfister0https://orcid.org/0000-0003-1295-8016Norbert Lütkenhaus1Stephanie Wehner2Patrick J Coles3QuTech, Delft University of Technology , Lorentzweg 1, 2628 CJ Delft, The Netherlands; Centre for Quantum Technologies , 3 Science Drive 2, 117543, SingaporeInstitute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo , N2L3G1 Waterloo, Ontario, CanadaQuTech, Delft University of Technology , Lorentzweg 1, 2628 CJ Delft, The Netherlands; Centre for Quantum Technologies , 3 Science Drive 2, 117543, SingaporeInstitute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo , N2L3G1 Waterloo, Ontario, CanadaA central assumption in quantum key distribution (QKD) is that Eve has no knowledge about which rounds will be used for parameter estimation or key distillation. Here we show that this assumption is violated for iterative sifting , a sifting procedure that has been employed in some (but not all) of the recently suggested QKD protocols in order to increase their efficiency. We show that iterative sifting leads to two security issues: (1) some rounds are more likely to be key rounds than others, (2) the public communication of past measurement choices changes this bias round by round. We analyze these two previously unnoticed problems, present eavesdropping strategies that exploit them, and find that the two problems are independent. We discuss some sifting protocols in the literature that are immune to these problems. While some of these would be inefficient replacements for iterative sifting, we find that the sifting subroutine of an asymptotically secure protocol suggested by Lo et al (2005 J. Cryptol. http://dx.doi.org/10.1007/s00145-004-0142-y 18 http://dx.doi.org/10.1007/s00145-004-0142-y ), which we call LCA sifting, has an efficiency on par with that of iterative sifting. One of our main results is to show that LCA sifting can be adapted to achieve secure sifting in the finite -key regime. More precisely, we combine LCA sifting with a certain parameter estimation protocol, and we prove the finite-key security of this combination. Hence we propose that LCA sifting should replace iterative sifting in future QKD implementations. More generally, we present two formal criteria for a sifting protocol that guarantee its finite-key security. Our criteria may guide the design of future protocols and inspire a more rigorous QKD analysis, which has neglected sifting-related attacks so far.https://doi.org/10.1088/1367-2630/18/5/053001quantum key distributionsecurity loopholequantum information |
spellingShingle | Corsin Pfister Norbert Lütkenhaus Stephanie Wehner Patrick J Coles Sifting attacks in finite-size quantum key distribution New Journal of Physics quantum key distribution security loophole quantum information |
title | Sifting attacks in finite-size quantum key distribution |
title_full | Sifting attacks in finite-size quantum key distribution |
title_fullStr | Sifting attacks in finite-size quantum key distribution |
title_full_unstemmed | Sifting attacks in finite-size quantum key distribution |
title_short | Sifting attacks in finite-size quantum key distribution |
title_sort | sifting attacks in finite size quantum key distribution |
topic | quantum key distribution security loophole quantum information |
url | https://doi.org/10.1088/1367-2630/18/5/053001 |
work_keys_str_mv | AT corsinpfister siftingattacksinfinitesizequantumkeydistribution AT norbertlutkenhaus siftingattacksinfinitesizequantumkeydistribution AT stephaniewehner siftingattacksinfinitesizequantumkeydistribution AT patrickjcoles siftingattacksinfinitesizequantumkeydistribution |