Phun with Photons 28 April 2005 CS 588

Phun with Photons 28 April 2005 CS 588 Spring 2005 David Evans CS 588 Lecture 22 http: //www. cs. virginia. edu/evans

Menu • Visual Cryptography • Quantum Computing (very briefly) • Cryptographic Hashing Attacks – Boyd and Isabelle CS 588 Lecture 22 2

Visual Cryptography • Can we quickly do a lot of XORs without a computer? • Yes: Key Ciphertext 0: 1: . 5 probability CS 588 Lecture 22 . 5 probability 3

Key + Ciphertext Key Ciphertext + + =0 =1 CS 588 Lecture 22 4

Perfect Cipher? Plaintext 0 Key Ciphertext 1. 5 probability CS 588 Lecture 22 . 5 probability 5

Perfect Cipher Plaintext 0 Key Ciphertext 1. 5 probability P (C = | M = 0) =. 5 = | M = 1) =. 5 CS 588 Lecture 22 6 Yes!

Authentication for remote voting Nathanael Paul, David Evans, Avi Rubin and Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. 6 April 2003 http: //www. cs. virginia. edu/evans/pubs/remote-voting. html • Remote voting offers convenience – 69% votes cast by mail in 2001 in state of Washington • Electronic voting is cheaper and faster – More secure? – New problems: virus, worm, spoofing, denial of service • Mutual authentication – Voter authenticated to server – Server authenticated to voter CS 588 Lecture 22 7

Doing Encryption without Computers • Can’t trust voters to have trustworthy computers – Viruses can tamper with their software • Need to do authentication in a way that doesn’t depend on correctness of user’s software • Lorenz cipher: use XOR to encrypt – Is there a way to do lots of XOR’s without a computer? CS 588 Lecture 22 8

Remote Voting System STEP 1 S keys Ek (k 1) Ek(k 2) … ki = … Ek(kn) STEP 2 Each voter is sent a key, ki Key: AQEGSDFASDF ki STEP 3 – if ki valid… STEP 4 ki = “AQEGSDFASDF” S CS 588 Lecture 22 client machine 9 client machine

Authentication by Transparency CS 588 Lecture 22 10

Quantum Cryptography CS 588 Lecture 22 11

Quantum Physics for Dummies • Light behaves like both a wave and a particle at the same time • A single photon is in many states at once • Can’t observe its state without forcing it into one state • Schrödinger’s Cat – Put a live cat in a box with cyanide vial that opens depending on quantum state – Cat is both dead and alive at the same time until you open the box CS 588 Lecture 22 12

Heisenberg’s Uncertainty Principle “We cannot know, as a matter of principle, the present in all its details. ” Werner Heisenberg, 1920 s If you can’t know all the details about something you can’t copy it. Bits are easy to copy; photons are impossible to copy. CS 588 Lecture 22 13

Quantum Cash Stephen Wiesner, late 60 s: “I didn’t get any support from my thesis advisor – he showed no interest in it at all. I showed it to several other people, and they all pulled a strange face, and went straight back to what they were already doing. ” (Quoted in Singh, The Code Book) CS 588 Lecture 22 14

Photon Polarity Photons have “spin”: V H +45º -45º Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons Horizontal filter: 100% of H photons 50% of +45º photons (become H photons) 50% of -45º photons (become H photons) 0% of V photons CS 588 Lecture 22 15

Photon Stream Can’t tell difference between V and +45º and – 45º photons Vertical filter: 100% of V photons 50% of +45º photons (become V photons) 50% of -45º photons (become V photons) 0% of H photons CS 588 Lecture 22 16

Quantum Cash $10000 Uncertainty Principal Bank $10000 Spinning Photons Unique ID 258309274917392 Richard Feynman Safecracker, Father of Quantum Computing $10000 CS 588 Lecture 22 In Dice We Trust 17 $10000

Bank Verifies Bill Unique ID 258309274917392 Spinning Photons Uncertainty Principal ID … Amount Photons … … 258309274917392 … $10000 … V-45 H+45+45 V … Bank aligns filters according to expected values. If photons on bill all pass through filters, the bill is valid. CS 588 Lecture 22 18

Counterfeiting Quantum Cash • To copy a bill, need to know the photons. • Counterfeiter can guess, but loses information. Physics says there is no way to measure the spins without knowing them! CS 588 Lecture 22 19

Perfect Security? • Bill photons: V (¼), +45 (¼), -45 (¼), H (¼) • Guess V-filter: passes 100% of V photons, ½ of +45 and ½ of -45 – p (M = V | passes V filter) =. 25 / (. 25 + (. 5 *. 25)) =. 25/. 5 =. 5 If photon passes, counterfeiter can guess it is a V photon, right ½ of the time. If photon doesn’t pass, guess it’s a H photon, right ½ of the time. – p (M = +45 | passes V filter) =. 25 • Actually a bit more complicated – can guess some photons wrong, and 50% chance bank won’t notice. CS 588 Lecture 22 20

Guessing One +45º Photon • Passes through V-filter (. 5) – Counterfeiter guesses V-photon – Passes through Banks +45 filter (. 5) –. 25 chance of getting it right • Doesn’t passes through V-filter (. 5) – Counterfeiter guesses H-photon – Passes through Banks +45 filter (. 5) –. 25 chance of getting it right • Probability of not getting caught =. 5 • Forge bill with 6 photons = 1/26; use more photons for more valuable bills. CS 588 Lecture 22 21

Quantum Key Distribution CS 588 Lecture 22 22

Quantum Key Distribution • Charles Bennett (1980 s) • Use quantum physics to transmit a key with perfect secrecy • Alice sends a stream of random photons • Bob selects random filters to try and guess photons • After, they communicate over insecure channel to figure out which bits were transmitted correctly CS 588 Lecture 22 23

Quantum Key Distribution 1. Alice generates a random sequence. Transmits: 0: or (Randomly pick H or – 45) 1: or (Randomly pick V or +45) 2. Bob randomly guesses filter: Rectilinear detector: recognizes H and V photons with 100% accuracy, randomly misrecognizes diagonal photons. Diagonal detector: recognizes -45 and +45 photons with 100% accuracy, randomly misrecognizes H and V photons. CS 588 Lecture 22 24

Detecting Photons • Bob picks the right detector: – 100% chance of correctly recognizing bit • Bob picks the wrong detector: – 50% chance of “guessing” bit • Bob can’t tell the difference • But, Alice can (since she picked the photon encoding) CS 588 Lecture 22 25

Finding Correct Guesses 3. Alice calls Bob over an insecure line, and tell him rectangular/diagonal for each bit. Bob tells Alice if he guessed right. They use the bits he guessed right on as the key. 4. Alice and Bob do some error checking (e. g. , use a checksum) to make sure they have the same key. CS 588 Lecture 22 26

What about Eve? • Eve can intercept the photon stream, and guess filters. • If she guesses right, she can resend the same photon. • If she guesses wrong, 50% chance she will send the wrong photon. • 50% chance Bob will guess the right filter on this photon, so 25% chance of error CS 588 Lecture 22 27

Eve is Caught • When Alice and Bob agree on which bits to use, Eve will have the wrong ones since she guesses different polarities. • Eve cannot eavesdrop without Alice and Bob noticing an unusually high error rate! CS 588 Lecture 22 28

Is this practical? CS 588 Lecture 22 29

http: //www. idquantique. com/ (Geneva, Switzerland) CS 588 Lecture 22 30

Movie Teaser 28 April 2005 CS 588 Lecture 22

What’s in the “Sneakers” Black Box? A Quantum Computer CS 588 Lecture 22 32

Quantum Computing • Feynman, 1982 • Quantum particles are in all possible states • Can try lots of possible computations at once with the same particles • In theory, can test all possible factorizations/keys/paths/etc. and get the right one! • In practice, major advances required before we can build it (unless the NSA knows something we don’t…): 7 -qubit computer – Adding another qubit is more than twice as hard CS 588 Lecture 22 33

Cryptographic Hashing Attacks CS 588 Lecture 22 34

Charge • Tuesday: – Project presentations • Order will be determined pseudorandomly – Reports due • Sneakers: send me email before Monday if you are coming CS 588 Lecture 22 35