[Cryptography] Actually useful "quantum crypto" advance

Jerry Leichter leichter at lrw.com
Tue Dec 30 10:32:19 EST 2014


http://www.opticsinfobase.org/optica/abstract.cfm?uri=optica-1-6-421 (full text is available from there) describes "Quantum-secure authentication of a physical unclonable key".  This isn't quantum cryptography - it's a way of creating a physical key that can be easily verified but cannot be copied or simulated.

The key consists of zinc oxide nano particles spray-painted onto a surface.  This produces a huge number of small, randomly-oriented reflective particles.  While it's trivial to produce these, there is no known way to copy one (and good reason to believe that it can't be done).

A challenge is produced by sending light through an array of about 2000 pixels, each of which can be set independently to change the phase of the light by either 0 or pi.  The response is the reflection from the key is the response, and depends in a delicate way on the input settings and the exact orientation and position of the nano particles in the key.

Classically, you could record a whole bunch of challenge/response pairs, and then when the key is presented, pick a known challenge, find the expected response, and compare.  The problem is that anyone who steals the database can now play a man-in-the-middle game and return the right response for any challenge.

So now you use quantum mechanics.  By using very low intensity light for the challenges, you make the response "very quantum".  One effect of this is that it's impossible to actually read the challenge.  So how do you check it?  You arrange for response from the key to interfere with the expected response.  Physically, the two can be compared and you can tell if they match - even though you can't actually physically determine either, just the settings for arrays to create the challenge and the response.

If you choose a set of challenges that form a basis set, then you can construct new challenges as linear combinations of the members of the set, and the linearity of QM guarantees that the response is similarly a linear combination of the base responses.  So you can check any of a broad spectrum of challenges, but QM guarantees that even someone in possession of the full database cannot compute the right response, so cannot construct a fake key.  And no given challenge is likely ever to be repeated, so knowing legitimate responses from the key doesn't help.

They've done some work to show that blinding attacks that have worked against implementations of quantum crypto don't work here.  Interestingly, it appears that even a quantum computer - at least one with plausible properties - may not be sufficiently powerful to emulate a key.  Their discussion of this stuff is in the Supplement to the paper (linked right at the end).

Hardly the last word on the subject - more like one of the first - but clever stuff, actually implementing "thought experiments" by Bennett and Brassard and others going back to the '80's.  Unlike most quantum crypto - which arguably doesn't actually solve any new problems - this does give you something that doesn't exist classically:  Information that is accessible but cannot be copied.
                                                        -- Jerry



More information about the cryptography mailing list