![]() ![]() doit () 1 > ( OrthogonalBra ( n ) * OrthogonalKet ( n 1 )). There are two important points need to be noticed.> from import OrthogonalBra, OrthogonalKet > from sympy.abc import m, n > ( OrthogonalBra ( n ) * OrthogonalKet ( n )). To obtain the tightened upper bound value of the guessing probability in scheme 1, we need to choose an appropriate n 2 value. ![]() The guessing probability of ε k- secure key k with length n 1 is not larger than \(\frac)\). Let the final key generated by the QKD protocol be k the guessing probability of k is defined as the success probability of the attacker Eve guessing the final key via her measurement result and is denoted as p( k). We define the guessing probability: Definition 2 With this definition, we can say that the key k is ε k-secure or that its security level is ε k If key k is ε-secure, the security level of key k is εįor symbol clarity, we will use notation ε k for the security level of key k. We define the security level: Definition 1 Without any loss of generality, we consider the case of ε cor = ε in this article. The protocol is ε tol-secure if ε cor and ε satisfy ε cor ε ≤ ε tol, which means that it is ε tol-indistinguishable from a perfect protocol (which is correct and secret). Where ∥ ⋅ ∥ 1 denotes the trace norm, ρ U is the fully mixed state of Alice’s system. This shows that the trace distance criterion 2 can actually produce a much better result than what was assumed previously in the viewpoint of guessing probability. We show that the guessing probability is actually smaller than the existing bound values by many orders of magnitude if one takes the privacy amplification by Toeplitz matrix. Here, by applying the trace distance criterion 2, we find such tightened bound. However, the large value of the loose upper bound of the guessing probability does not indicate the insecurity of the final key 12 because the value is not achievable by Eve, and one can find a more tightened value for the upper bound of the guessing probability. Therefore, it is beneficial to find a more tightened upper bound of guessing probability.Īs an important criterion in cryptography, guessing probability alone cannot guarantee the security of the final key. In practice, it is not unusual to request a much smaller guessing probability such as 10 −100 or 10 −1000. The existing classical computer systems can easily crack such key. From the perspective of guessing probability, the security of the value 10 −9 is equivalent to that of a 30 perfect bits. For example, according to the existing result 11, the guessing probability of the ε-secure key is approximately 10 −9 if ε is approximately 10 −9. Consequently, some people questioned the security of QKD by relying on the prior art results of guessing probability 12. The existing prior art results cannot give them a satisfactory upper bound 11. However, in the real application of QKD projects, customers often ask the question of guessing probability. This makes the theoretical foundation for security of QKD crucially important. Because there are more rigorous security criterions, such as the trace distance 5, 6, which gives the composable security. There are few studies on the guessing probability of QKD. The guessing probability intuitively describes the probability that Eve can correctly guess the final key, which can reflect the number of guesses that Eve requires to obtain the final key. Specifically, the key generated by the QKD protocol is not based on the presumed hardness of mathematical problems thus, the eavesdropper Eve can only guess the final key via the measurement result of her probe. In a classical practical cryptosystem, the impact of guessing probability on security is very important 9, 10. This is why many studies choose trace distance for the security criterion 3, 4, 7, 8. It provides the universal composable security 5, 6, which can guarantee the security of key regardless of its application such as one-time pad (OTP). ![]() Trace distance is a very important security criterion 3, 4. Since then, the security of QKD has always been the central issue in the quantum cryptographic field 2. The first quantum key distribution (QKD) protocol has been proposed by Bennett and Brassard in 1984 the protocol was based on the fundamentals of quantum mechanics 1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |