No Arabic abstract
Quantum computing technologies pose a significant threat to the currently employed public-key cryptography protocols. In this paper, we discuss the impact of the quantum threat on public key infrastructures (PKIs), which are used as a part of security systems for protecting production environments. We analyze security issues of existing models with a focus on requirements for a fast transition to post-quantum solutions. Although our primary focus is on the attacks with quantum computing, we also discuss some security issues that are not directly related to the used cryptographic algorithms but are essential for the overall security of the PKI. We attempt to provide a set of security recommendations regarding the PKI from the viewpoints of attacks with quantum computers.
Non-malleability is an important security property for public-key encryption (PKE). Its significance is due to the fundamental unachievability of integrity and authenticity guarantees in this setting, rendering it the strongest integrity-like property achievable using only PKE, without digital signatures. In this work, we generalize this notion to the setting of quantum public-key encryption. Overcoming the notorious recording barrier known from generalizing other integrity-like security notions to quantum encryption, we generalize one of the equivalent classical definitions, comparison-based non-malleability, and show how it can be fulfilled. In addition, we explore one-time non-malleability notions for symmetric-key encryption from the literature by defining plaintext and ciphertext variants and by characterizing their relation.
Quantum key distribution (QKD) gradually has become a crucial element of practical secure communication. In different scenarios, the security analysis of genuine QKD systems is complicated. A universal secret key rate calculation method, used for realistic factors such as multiple degrees of freedom encoding, asymmetric protocol structures, equipment flaws, environmental noise, and so on, is still lacking. Based on the correlations of statistical data, we propose a security analysis method without restriction on encoding schemes. This method makes a trade-off between applicability and accuracy, which can effectively analyze various existing QKD systems. We illustrate its ability by analyzing source flaws and a high-dimensional asymmetric protocol. Results imply that our method can give tighter bounds than the Gottesman-Lo-Lutkenhaus-Preskill (GLLP) analysis and is beneficial to analyze protocols with complex encoding structures. Our work has the potential to become a reference standard for the security analysis of practical QKD.
We prove the security of theoretical quantum key distribution against the most general attacks which can be performed on the channel, by an eavesdropper who has unlimited computation abilities, and the full power allowed by the rules of classical and quantum physics. A key created that way can then be used to transmit secure messages such that their security is also unaffected in the future.
We describe systems and methods for the deployment of global quantum key distribution (QKD) networks covering transoceanic, long-haul, metro, and access segments of the network. A comparative study of the state-of-the-art QKD technologies is carried out, including both terrestrial QKD via optical fibers and free-space optics, as well as spaceborne solutions via satellites. We compare the pros and cons of various existing QKD technologies, including channel loss, potential interference, distance, connection topology, deployment cost and requirements, as well as application scenarios. Technical selection criteria and deployment requirements are developed for various different QKD solutions in each segment of networks. For example, optical fiber-based QKD is suitable for access networks due to its limited distance and compatibility with point-to-multipoint (P2MP) topology; with the help of trusted relays, it can be extended to long-haul and metro networks. Spaceborne QKD on the other hand, has much smaller channel loss and extended transmission distance, which can be used for transoceanic and long-haul networks exploiting satellite-based trusted relays.
Quantum key distribution (QKD) enables unconditionally secure communication between distinct parties using a quantum channel and an authentic public channel. Reducing the portion of quantum-generated secret keys, that is consumed during the authentication procedure, is of significant importance for improving the performance of QKD systems. In the present work, we develop a lightweight authentication protocol for QKD based on a `ping-pong scheme of authenticity check for QKD. An important feature of this scheme is that the only one authentication tag is generated and transmitted during each of the QKD post-processing rounds. For the tag generation purpose, we design an unconditionally secure procedure based on the concept of key recycling. The procedure is based on the combination of almost universal$_2$ polynomial hashing, XOR universal$_2$ Toeplitz hashing, and one-time pad (OTP) encryption. We demonstrate how to minimize both the length of the recycled key and the size of the authentication key, that is required for OTP encryption. As a result, in real case scenarios, the portion of quantum-generated secret keys that is consumed for the authentication purposes is below 1%. Finally, we provide a security analysis of the full quantum key growing process in the framework of universally composable security.