On the security of αη: Response to 'some attacks on quantum-based cryptographic protocols'

Horace P. Yuen*, Ranjith Nair, Eric Corndorf, Gregory S. Kanter, Prem Kumar

*Corresponding author for this work

Research output: Contribution to journalArticle

17 Citations (Scopus)

Abstract

Lo and Ko in [1] have developed some attacks on the cryptosystem called αη [2], claiming that these attacks undermine the security of 077 for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on 'asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to "pull back" an argument valid only at n = ∞ into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a 'proof using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on αη as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for αη, we provide a description of relevant results in standard cryptography and in the design of αη to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.

Original languageEnglish (US)
Pages (from-to)561-582
Number of pages22
JournalQuantum Information and Computation
Volume6
Issue number7
StatePublished - Nov 1 2006

Fingerprint

Cryptographic Protocols
attack
Cryptography
Attack
cryptography
Quantum cryptography
orthogonality
Orthogonality
Optical communication
Valid
Quantum Cryptography
quantum cryptography
Security Proof
Optical Communication
Pullback
Cryptosystem
Coherent States
Encryption
Processing
optical communication

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Statistical and Nonlinear Physics
  • Nuclear and High Energy Physics
  • Mathematical Physics
  • Physics and Astronomy(all)
  • Computational Theory and Mathematics

Cite this

@article{b3dc29f55f034f75a25ee43592f9f896,
title = "On the security of αη: Response to 'some attacks on quantum-based cryptographic protocols'",
abstract = "Lo and Ko in [1] have developed some attacks on the cryptosystem called αη [2], claiming that these attacks undermine the security of 077 for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on 'asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to {"}pull back{"} an argument valid only at n = ∞ into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a 'proof using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on αη as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for αη, we provide a description of relevant results in standard cryptography and in the design of αη to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.",
author = "Yuen, {Horace P.} and Ranjith Nair and Eric Corndorf and Kanter, {Gregory S.} and Prem Kumar",
year = "2006",
month = "11",
day = "1",
language = "English (US)",
volume = "6",
pages = "561--582",
journal = "Quantum Information and Computation",
issn = "1533-7146",
publisher = "Rinton Press Inc.",
number = "7",

}

On the security of αη : Response to 'some attacks on quantum-based cryptographic protocols'. / Yuen, Horace P.; Nair, Ranjith; Corndorf, Eric; Kanter, Gregory S.; Kumar, Prem.

In: Quantum Information and Computation, Vol. 6, No. 7, 01.11.2006, p. 561-582.

Research output: Contribution to journalArticle

TY - JOUR

T1 - On the security of αη

T2 - Response to 'some attacks on quantum-based cryptographic protocols'

AU - Yuen, Horace P.

AU - Nair, Ranjith

AU - Corndorf, Eric

AU - Kanter, Gregory S.

AU - Kumar, Prem

PY - 2006/11/1

Y1 - 2006/11/1

N2 - Lo and Ko in [1] have developed some attacks on the cryptosystem called αη [2], claiming that these attacks undermine the security of 077 for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on 'asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to "pull back" an argument valid only at n = ∞ into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a 'proof using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on αη as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for αη, we provide a description of relevant results in standard cryptography and in the design of αη to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.

AB - Lo and Ko in [1] have developed some attacks on the cryptosystem called αη [2], claiming that these attacks undermine the security of 077 for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on 'asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to "pull back" an argument valid only at n = ∞ into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a 'proof using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on αη as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for αη, we provide a description of relevant results in standard cryptography and in the design of αη to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.

UR - http://www.scopus.com/inward/record.url?scp=33750723870&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750723870&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:33750723870

VL - 6

SP - 561

EP - 582

JO - Quantum Information and Computation

JF - Quantum Information and Computation

SN - 1533-7146

IS - 7

ER -