Secure communications and cryptography is as old as civilization itself. The Greek Spartans for instance would cipher their military messages and, for Chinese, just the act of writing the message constituted a secret message since almost no-one could read or write Chinese. Modern public key Cryptography until the mid 1980’s was founded on computational complexity of certain trap-door one-way functions that are easy to compute in one direction, but very difficult in the opposite direction. To a large extent computational complexity is still the lynchpin of modern cryptography, but the whole paradigm was revolutionized by introduction of Quantum Key Distribution (QKD) which is founded on fundamental laws of Physics. Indeed, to date, QKD is de-facto the most successful branch of Quantum Information Science (QIS) encompassing such areas as quantum computing which is still in its infancy. Modern QKD is fundamentally composed of a series of three steps that shall be explained later in the chapter: 1) data transmission over the error-prone quantum channel; 2) information reconciliation to allow the parties engaged in communication to have two identical copies of a message that may not be as secure as desired; and 3) privacy amplification that ensures the parties possess copies of messages about which the information that could have possibly be gleaned by the eavesdropper is below a desirable threshold. It is this sufficiently private and often much shorter message that can be used as the secret key to allow exchange of longer messages between the legitimate parties. Step-1 must be based on the laws of quantum physics, whereas step-2 and -3 either necessitate the use of quantum error correcting codes which are often complex or as is often done in practice, based on information exchange over a classical public channel. Objective of this chapter is to give a tutorial presentation and evaluation of QKD protocols at the systems level based on classical error-correcting codes. The QKD systems can provide perfect security (from the viewpoint of information theory) in the distribution of a cryptographic key. QKD systems and related protocols, under particular conditions, can use the classic channel coding techniques instead of quantum error-correcting codes, both for correcting errors that occurred during the exchange of a cryptographic key between two authorized users, and to allow privacy amplification, in order to make completely vain a possible intruder attempt. The secret key is transmitted over a quantum, and thus safe channel, characterized by very low transmission rates and high error rates. This channel is safe given the properties of a quantum system, where each measurement on the system perturbs the system itself, allowing the authorized users to detect the presence of any intruder. Moreover, as shown by accurate experimental studies, the communication channel used for quantum key exchange is not able to reach high levels of reliability (the Quantum Bit Error Rate - QBER - may have a high value), both because of the inherent characteristics of the system, and of the presence of a possible attacker. In order to obtain acceptable residual error rates, it is necessary to use a parallel classical and public channel, characterized by high transmission rates and low error rates, on which to transmit only the redundancy bits of systematic channel codes with performance possibly close to the capacity limit. Furthermore, since the more redundancy is added by the channel code, the more the corresponding information can be used to decipher the private message itself, it becomes necessary to design high-rate codes obtained by puncturing a low-rate mother code, possibly achieving a redundancy such that elements of the secret message cannot be uniquely determined from the redundancy itself.

Capacity-approaching Channel Codes for Discrete Variable Quantum Key Distribution (QKD) Applications / Maria Teresa Delgado, Alizo; Bari, Inam; Fred, Daneshgaran; Mesiti, Fabio; Mondin, Marina; Francesca, Vatta - In: Wireless Networks and Security / Shafiullah Khan, Al-Sakib Khan Pathan. - STAMPA. - Berlin : Springer Berlin Heidelberg, 2013. - ISBN 9783642361685. - pp. 423-456 [10.1007/978-3-642-36169-2_13]

### Capacity-approaching Channel Codes for Discrete Variable Quantum Key Distribution (QKD) Applications

#####
*BARI, INAM;MESITI, FABIO;MONDIN, Marina;*

##### 2013

#### Abstract

Secure communications and cryptography is as old as civilization itself. The Greek Spartans for instance would cipher their military messages and, for Chinese, just the act of writing the message constituted a secret message since almost no-one could read or write Chinese. Modern public key Cryptography until the mid 1980’s was founded on computational complexity of certain trap-door one-way functions that are easy to compute in one direction, but very difficult in the opposite direction. To a large extent computational complexity is still the lynchpin of modern cryptography, but the whole paradigm was revolutionized by introduction of Quantum Key Distribution (QKD) which is founded on fundamental laws of Physics. Indeed, to date, QKD is de-facto the most successful branch of Quantum Information Science (QIS) encompassing such areas as quantum computing which is still in its infancy. Modern QKD is fundamentally composed of a series of three steps that shall be explained later in the chapter: 1) data transmission over the error-prone quantum channel; 2) information reconciliation to allow the parties engaged in communication to have two identical copies of a message that may not be as secure as desired; and 3) privacy amplification that ensures the parties possess copies of messages about which the information that could have possibly be gleaned by the eavesdropper is below a desirable threshold. It is this sufficiently private and often much shorter message that can be used as the secret key to allow exchange of longer messages between the legitimate parties. Step-1 must be based on the laws of quantum physics, whereas step-2 and -3 either necessitate the use of quantum error correcting codes which are often complex or as is often done in practice, based on information exchange over a classical public channel. Objective of this chapter is to give a tutorial presentation and evaluation of QKD protocols at the systems level based on classical error-correcting codes. The QKD systems can provide perfect security (from the viewpoint of information theory) in the distribution of a cryptographic key. QKD systems and related protocols, under particular conditions, can use the classic channel coding techniques instead of quantum error-correcting codes, both for correcting errors that occurred during the exchange of a cryptographic key between two authorized users, and to allow privacy amplification, in order to make completely vain a possible intruder attempt. The secret key is transmitted over a quantum, and thus safe channel, characterized by very low transmission rates and high error rates. This channel is safe given the properties of a quantum system, where each measurement on the system perturbs the system itself, allowing the authorized users to detect the presence of any intruder. Moreover, as shown by accurate experimental studies, the communication channel used for quantum key exchange is not able to reach high levels of reliability (the Quantum Bit Error Rate - QBER - may have a high value), both because of the inherent characteristics of the system, and of the presence of a possible attacker. In order to obtain acceptable residual error rates, it is necessary to use a parallel classical and public channel, characterized by high transmission rates and low error rates, on which to transmit only the redundancy bits of systematic channel codes with performance possibly close to the capacity limit. Furthermore, since the more redundancy is added by the channel code, the more the corresponding information can be used to decipher the private message itself, it becomes necessary to design high-rate codes obtained by puncturing a low-rate mother code, possibly achieving a redundancy such that elements of the secret message cannot be uniquely determined from the redundancy itself.##### Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

`https://hdl.handle.net/11583/2562749`

##### Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo