M.Sc Student | Ran Gelles |
---|---|

Subject | On the Security of Theoretical and Realistic Quantum Key Distribution Schemes |

Department | Department of Computer Science |

Supervisor | Professor Mor Tal |

Full Thesis text |

Theoretical QKD protocols commonly rely on the use of qubits (quantum bits). In reality, however, due to practical limitations, the legitimate users are forced to employ a larger quantum (Hilbert) space, say a quhexit (quantum six-dimensional) space, or even a much larger quantum Hilbert space. Various attacks exploit these limitations. Although security can still be proved in some very special cases, a general framework that considers such realistic QKD protocols, as well as attacks on such protocols, is still missing.

We describe a general method of attacking realistic QKD protocols, which we call the `quantum-space attack'. The description is based on assessing the enlarged quantum space actually used by a protocol, the `quantum space of the protocol'. We show that this space is the effective space needed for attacking a protocol, hence this is the space needed for a general security analysis of the protocol.

The new method of analyzing the security of practical QKD scheme via the enlarged quantum space of the protocol is demonstrated for schemes in which the qubits are implemented by photons. This demonstration is highly relevant since many of the practical QKD systems nowadays are implemented via photons. Photonic QKD schemes are commonly implemented using a device named interferometer. The structure of such an interferometer inevitably causes the enlargement of the quantum space in use (for instance, by adding vacuum ancillas). This enlargement exposes the protocols to new kinds of attacks that have not yet been analyzed. We consider several QKD protocols that are implemented using interferometers. We analyze the enlarged space actually in use and define the requirements for their robustness.

The last topic of this research regards the QKD scheme in which Alice is "quantum" yet Bob is "classical", as recently published by Boyer, Kenigsberg and Mor. Here we analyze two protocols with this constraint, and prove their robustness: we show that any adversary attempt to obtain information, necessarily induces some errors that the legitimate users could notice. The first protocol is the one presented in the paper of Boyer et al, with an improved robustness proof, that is applicable to other scheme configurations, such as sending the qubits one by one. The second protocol is based on a protocol presented in a conference paper by Boyer et al, yet we extend and generalize it, remove several of its limitations, and prove its robustness.