**INFORMATION ABOUT PROJECT,
SUPPORTED BY RUSSIAN SCIENCE FOUNDATION**

*The information is prepared on the basis of data from the information-analytical system RSF, informative part is represented in the author's edition. All rights belong to the authors, the use or reprinting of materials is permitted only with the prior consent of the authors. *

COMMON PART

Project Number18-71-00074

Project titleUsing pseudorandom number generators in quantum cryptography

Project LeadKronberg Dmitry

AffiliationSteklov Mathematical Institute of Russian Academy of Sciences,

Implementation period | 07.2018 - 06.2020 |

Research area 01 - MATHEMATICS, INFORMATICS, AND SYSTEM SCIENCES, 01-212 - Quantum data processing methods

Keywordsquantum cryptography, quantum technologies, pseudorandom number generators, quantum mechanics, quantum information

PROJECT CONTENT

Annotation

The goal of quantum cryptography is secret key distribution between two distant users, with the security of this key guaranteed by the fundamental laws of nature, not by the assumptions about computational power of an eavesdropper, as in classical cryptography. Protocols of quantum cryptography usually use mutually non-orthogonal quantum states, some of which are discarded during the communication session. The work is devoted to the use of pseudo-random generators to increase the speed of secret key generation in quantum cryptography. Until now, the question remains whether pseudo-random generators can provide at least some benefit in quantum cryptography without losing unconditional security. The possibility of improving the protocols of quantum cryptography with minor assumptions about the capabilities of the interceptor is considered.

Expected results

Quantum cryptography can provide unconditional security against any possible attacks, while classical cryptography relies on the assumption that it is impossible to solve a number of tasks by an interceptor in the foreseeable future, during which secrets are relevant. The project is supposed to answer the question of what can be expected under the assumption that the interceptor can not solve some computational tasks (first of all finding the "seed" of the pseudo-random sequence) over a time of the order of several minutes. This is a much weaker assumption than in classical cryptography, and the results can be claimed to ensure the rapid generation of a secret key by quantum methods.
It is planned to investigate the security of existing protocols of quantum cryptography which use pseudo-random number generators and propose new protocols that would increase the performance of quantum cryptography with the help of pseudo-random number generators. To date, the most famous of these protocols is Y-00, whose unconditional security has not yet been proven, and a number of attacks on which have not yet been considered. The proposition of new attacks on the Y-00 protocol, as well as the modification of some existing protocols of quantum cryptography, adding pseudorandomness to them, is an actual task that can significantly increase the speed and distance of key generation under very weak assumptions about the interceptor capabilities, compared to classical cryptography.

REPORTS

Annotation of the results obtained in 2019

The possibilities of using a number of practical limitations of eavesdropper in quantum cryptography were studied, such as the absence of a lossless channel, the inability to get the seed of pseudorandom sequence quickly (computational limitations), and the absence of perfect quantum memory.
It was shown that the assumption that the eavesdropper does not have a lossless channel cannot be used to significantly increase the key length, since in the presence of a communication line with less attenuation than legitimate users, the signal intensity that the eavesdropper can take without introducing additional losses, tends with increasing attenuation to the intensity of the initial states, as it happens in the presence of a perfect channel.
Under the assumption of the computational capabilities of the interceptor, the possibility of modifying a number of quantum key distribution protocols to increase the secret key generation rate was studied. The assumption was used that the interceptor cannot receive the seed of the pseudo-random sequence during the key generation session: in fact, this is the assumption that classical cryptographic systems, such as AES, operating in the mode of the pseudo-random sequence generator remain stable for several minutes, which looks more than a weak assumption in view of the fact that classical cryptography assumes the long-term security of such systems. It was proposed that legitimate users use pseudorandom sequences with a common initial key for setting the phase of the coherent state, known to the receiver at the time of measurement, but not known to the eavesdropper at the time of the attack. It was assumed that immediately after measuring the states by the receiver, the adversary could know the whole pseudo-random sequence, that is, a long security of the initial key was not required. Under such conditions, it is possible to significantly worsen the conditions for a series of attacks that require knowledge of the phase by an interceptor, which improves the key generation rate. Modifications of the Coherent one-way (COW), Differential phase shift (DPS), and strong reference B92 protocols were proposed, indicating attacks that lose effectiveness with this modification.
The assumption that the eavesdropper quantum memory is not perfect can also lead to an improvement in the key generation rate. The literature has already considered the assumption that the eavesdropper does not have quantum memory, and also made a proposal to delay the postprocessing of the key (basis reconciliation, error correction, privacy amplification) for the time during which the eavesdropper can store states in quantum memory. Within the framework of the project, a weakened version was considered: the eavesdropper has quantum memory and, in particular, can perform collective measurements, but at the same time it cannot hold states in its quantum memory for an arbitrarily long time, thus legitimate users can force the eavesdropper to perform measurements without waiting for the announcement of the bases and other information revealed during postprocessing of raw keys. For this case, a bound was obtained for the eavesdropper information through the one-shot capacity and, thus, it was shown that the eavesdropper extracts less information than in the general situation of having a perfect quantum memory.
The possibilities of scaling the approach with pseudo-random phase setting were also investigated: for example, the possibility of using a set of symmetric coherent states of high intensity divided into a large number of bases in quantum cryptography was considered. For such a set of states, a measurement was constructed that does not require knowledge of the basis at the time of measurement, but implies this knowledge afterwards. It is shown that such a measurement with an increase in the intensity of states gives almost complete information about the signal, regardless of the number of bases, which implies that the proposed configuration of states cannot be used to increase the signal intensity to large values.

Publications

**1.** *Avanesov A.S., Kronberg D.A.* **О квантовой криптографии на когерентных состояниях с использованием псевдослучайных генераторов** Квантовая электроника, 49 (10), 974-981 (year - 2019) https://doi.org/10.1070/QEL17054

**2.** *Avanesov A.S., Kronberg D.A.* **О возможностях использования практических ограничений перехватчика в квантовой криптографии** Квантовая электроника, 50 (5), 454–460 (year - 2020) https://doi.org/10.1070/QEL17286

**3.** *A. S. Avanesov, D. A. Kronberg* **On applying pseudorandom number generators in quantum cryptography with coherent states** AIP Conference Proceedings, 2241, 020026 (year - 2020) https://doi.org/10.1063/5.0011486

Annotation of the results obtained in 2018

A family of quantum key distribution protocols on symmetric coherent states was proposed, with an adjustable inner product of states within the basis and with the possibility of a pseudo-random basis choice.
The security of the protocol against unambiguous state discrimination (USD) attack and against a beam splitting attack was studied under the assumption that the eavesdropper knows pseudo-random sequence immediately after the communication session. Secret key generation rate has been found for arbitrary length of fiber line and optimal choice of inner product of the states within each basis.
The possibility of increasing the key generation rate under the assumptions about decoherence in eavesdropper's quantum memory was considered, as well as a combination of a pseudo-random and truly random basis choice to complicate the calculation of the pseudo-random sequence.
Two practical schemes for the implementation of the protocol family were proposed: with a fixed and arbitrary phase shift of states within each basis.

Publications

**1.** *Avanesov A.S., Kronberg D.A.* **О квантовой криптографии на когерентных состояниях с использованием псевдослучайных генераторов** Квантовая электроника, - (year - 2019)