量子安全通信理论研究
|
摘要
量子信息学是近三十年来兴起的一门新型交叉学科,它的内容涉及到计算机科学、物理学以及数学等多门经典学科。量子信息学的特点是利用量子力学的基本原理实现信息编码、信息处理以及信息传输等任务。例如,量子力学与计算机科学结合便产生了量子计算机,量子计算机因其信息处理速度远远超过经典计算机,对现有的数学密码构成了严重的威胁。随着信息技术的不断普及,信息安全变得越来越重要,信息安全领域急需一种可以对抗量子计算机的新型密码,于是,量子密码由此而产生。
量子密码是量子安全通信的理论基础,它的首要特征是具有无条件安全特性。换句话说,即使攻击者拥有无穷的计算资源,只要她不违背量子力学,便无法破解量子密码。与基于计算复杂度的数学密码相比,量子密码从物理本质上保证了信息安全,具体而言,它的安全建立在量子不可克隆原理与量子测不准原理两个最基本的量子力学基本原理之上,从理论上来讲,信道中的任何窃听行为都可以被量子密码检测到。到目前为止,量子密码与量子通信已经形成了相对成熟的理论体系。特别是量子密码,从1984年出现的第一个量子密钥分配协议到今天市场上出现的商用量子密钥分配系统,在不到三十年的时间里,各种新颖的量子密码理论和实现方案相继被提出。在可以预见的未来,以量子密码为核心的量子安全通信将成为人们日常生活的重要组成部分。
到目前为止,量子安全通信领域仍然存在许多理论问题有待于进一步解决。例如,新型量子密码方案设计与安全性证明问题、实用的量子密码网络设计以及实际量子密码系统的安全问题等。为了进一步推动量子安全通信的理论发展与实用化进程,本文依托国家自然科学基金以及国防科技大学科研计划项目,从信息对抗的角度对量子安全通信的相关理论问题展开研究。信息对抗的内涵十分广泛,其中,信息保密与信息窃取是信息对抗的重要研究内容,二者构成了“防与攻”两个对立面。当信息对抗的概念延伸到量子领域,便产生了量子信息对抗。本文以量子密码以及针对量子密码的攻击为主线,重点研究了反事实量子密钥分配协议(QKD)设计与安全证明、基于连续变量的特殊量子密码协议设计与安全性分析、高效量子网络通信方案设计以及针对实际量子密码系统的攻击方案设计等理论问题。论文的主要研究内容包括:
(1)反事实量子密钥分配与量子掷币
反事实量子密钥分配(CQKD)是最近出现的新型量子密码。CQKD协议的特点是不需要传输信号光子,通信双方便可以建立绝对安全的密钥。这种违背传统思维的密钥分配方式具有直观意义上的安全,即密钥信息没有经过信道传输。与传统的QKD协议相比,CQKD协议先天具有抵抗光子分裂数攻击的安全优势。目前,CQKD的无条件安全性已经得到严格的数学证明,但是,由于已有的证明方案采用的是等效变换法,而该方案还没有对等效协议与原协议的等效性进行严格的证明,因此,该方案还有待于进一步完善。本文利用量子信息论的方法,对已有的CQKD协议进行了严格的安全性证明,解决了已有证明方案存在的缺陷。另外,提出了一种反事实量子确定性密钥分配方案,解决了现有方案只能分配随机密钥的问题,新方案的优势在于能够同时分配随机密钥与确定性密钥。
量子掷币是量子密码的研究热点之一。掷币是密码原语之一,掷币协议可以在相互隔离且不信任的双方之间产生一个随机比特。虽然理论证明显示,无论是经典掷币协议还是量子掷币协议都不可能无条件安全。但是,与经典的掷币协议相比,量子掷币协议仍然具有先天的安全优势。到目前为止,大部分的量子掷币协议是单比特协议,即只产生一个比特值做为最终的掷币结果。然而,单比特量子掷币协议的问题在于无法在实际信道中达到应有的安全性。本文提出一种新的量子掷币方案,使得单比特量子掷币协议具有噪声容忍特性,大大提高了单比特量子掷币协议的实用性。
(2)基于连续变量的量子密码协议
利用压缩态,实现了一个四进制非高斯对称调制的量子密钥分配协议,与已有的多进制调制协议相比,该方案的安全性不会随着噪声的增加而出现严重衰减的现象,另外,该方案的效率明显高于二进制调制协议。利用压缩态,实现了一个同时具有身份认证与密钥分配功能的复合量子协议,该方案的最大特点是量子协议与量子协议的复合,在提高实用性的同时,兼顾了安全性,为量子密码协议的实用性研究提供了一种新的思路。
(3)高效量子网络通信方案设计
随着用户数量的增加,量子通信网络也会出现效率降低的问题。基于量子数据压缩算法以及Grover搜索算法,设计了一个高效的量子子网通信方案,该方案的最大特点是首次将量子计算中的加速算法用于量子通信,用于提高量子网络通信效率。另外,量子网络编码方案是提高量子通信效率的另一种有效方式,本文对已有的基于自由经典通信的量子网络编码方案进行了改进。一般而言,量子通信网络中存在大量的纠缠粒子对,利用这些纠缠对可以实施远程传态,因此,纠缠对实际上相当于一条隐形信道,本文设计的量子网络编码方案适用于任意分布隐形信道的量子通信网络,与已有方案相比,更具一般性。最后,基于实际应用场景,即秘密会议,设计了一种具有网络拓扑自适应特性的量子秘密会议通信方案,该方案由两个子方案构成,能够应用于不同网络拓扑结构的量子通信网络中。
(4)实际量子密码系统安全分析
实际量子密码系统安全分析是近年来最新出现的量子密码研究热点之一,其主要思路是首先寻找实际系统的漏洞,然后基于漏洞设计巧妙的攻击方法,并计算该攻击方法带来的误码率或者实际系统的密钥泄漏值,最后设计有效的方法弥补漏洞,从而改进实际量子密码系统的安全。本文的主要工作有:发现现有反事实量子密钥分配实现系统的一个漏洞,并基于该漏洞设计了一种特殊的量子特洛伊木马攻击方案,由于该攻击方案是利用量子反事实效应实现,因而比传统的特洛伊木马攻击更强,从理论上来讲,该方案可以实现在不扰动系统的前提下获取全部的密钥信息;另外,利用已经报道的雪崩二极管单光子探测器漏洞,设计了一种针对反事实量子密钥分配系统的时间变换攻击,该方案表明,探测器漏洞不仅影响传统的量子密钥分配系统安全性,同时也对反事实量子密码系统造成影响;最后,对最新报道的两种针对商用量子密钥分配系统的虚假信号攻击方案进行了改进,设计了一种新的虚假信号攻击方法,该方案利用了雪崩二极管的后脉冲效应先验知识对攻击所造成的误码率进行抑制,分析结果表明,该方案比现有方案更具隐蔽性和可实施性。
Quantuminformationisanewly-bornmultidisciplinarysubject,whichcoversseveralclassicalareas,suchascomputerscience,physics,andmathematics. Themajordistinctionof quantum information is known as that tasks, e.g., the information coding, processingandtransmission, canbeachievedusingquantummechanics. Forinstance, quantumcom-puter, which is a combination of quantum mechanics and computer science, and is morepowerfulthanallknownclassicalcomputers,ismakingtroublesforexistingcryptographicsystems. With the popularization of information technology, the demand of informationsecurity is becoming increasingly intensive. Consequently, quantum cryptography wasinvented to meet the requirements.
It is known that quantum cryptography,which provides fundamental principles forquantum secure communications, is unconditionally secure in theory. In other words, aneavesdropper,Eve,whoissupposedtobeonlyrestrictedbyquantumlaws,canneverbreakthe system even if she possesses unlimited computation resources. In contrast with math-ematical cryptography, which bases its security on computational complexities, quantumcryptography protects the information in nature, since their security is based on the quan-tum laws, i.e., quantum no-cloning theorem and quantum uncertainty principle. Theo-retically, any eavesdropping in the channel can be detected using quantum cryptography.Therefore, it is definite that quantum cryptography contributes to implementing securecommunications. Up to date, quantum cryptography and quantum communication haveemerged to be a relatively mature system in theory, especially for quantum cryptography,ithasonlybeennomorethan30yearssincethefirstquantumkeydistributionprotocolwasannounced, and now we are able to buy commercial products of quantum cryptographicsystem in the market. Also, various schemes of new protocols and implementations ofquantum cryptography were proposed during these years. Obviously, it can be expectedthat quantum cryptography is becoming one major part of people's everyday-life in thecoming decades.
Up to now, there are still many problems left for further investigations in quantumsecure communications. For example, it is worthy to further study how to devise newquantum cryptography protocols and prove their security, how to implement practical net- works in which quantum cryptography is applied, and how to ensure the security of prac-tical quantum cryptography systems. Motivated by the theoretical interests on quantumsecure communications and accelerating the progress of applying quantum technologiesin real life, also supported by the National Nature Science Foundation of China and theplanning projects of the National University of Defense Technology, this dissertation isdevoted to the investigations of above problems with a new prospect, i.e., informationcounter-working. Generally, information counter-working covers a wide range of topics,among which is the pairwise one, i.e., the information privacy and attacks. Naturally, anew notion, namely quantum information counter-working, is developed by extending theidea of information counter-working into quantum domain. Consequently, the central lineof this dissertation is the topic about quantum cryptography and the attacks on quantumcryptographic systems. Explicitly, it contains sub-topics on the protocols and securityproofs of counterfactual quantum cryptography, continuous-variables quantum cryptog-raphy, quantum communication schemes with high efficiency, and quantum hacking. Thecontributions read as follow:
(1) Counterfactual quantum key distribution and quantum coin flipping
As a new paradigm of quantum cryptography, counterfactual quantum key distribu-tion enables two spacially separated parties to share a private key without transmitting anysignal particle. This counter-intuition immediately implies the security, i.e., no key travelsthrough the channel, thus, essentially exhibits security advantages, such as the immunityto the photon number splitting attacks. Existed proof on the security of this new paradigmseems to be unsatisfactory, since the equivalence between the original protocol and thetranslated one should be reconsidered. A new proof, which is more strict than the previ-ous one, is proposed in this dissertation using quantum informatics. At the same time, anew protocol, which outperforms the previous ones on that it produces deterministic keys,is announced.
Quantumcoinflippingisanotherhottopicofquantumcryptography. Originally,coinflipping is a cryptographic primitive which allows two separated and untrusted partiesto generate a random bit. Although theoretical proofs have showed that unconditionalsecure coin flipping is impossible, quantum coin flipping does have an advantage overthe conventional one since the later one can be cracked by quantum computers. So far,mostquantumcoinflippingprotocolsareofsingle-shottype, inotherwords, mostofthem produces a single bit as the outcome. However, it should noticed that single-shot quantumcoin flipping protocols might be totally insecure in a real-life channel. To address thisproblem, a new single-shot quantum coin flipping protocol, which is noise-tolerant, isproposed.
(2) Continuous-variable quantum cryptography protocols
A new quantum key distribution protocol based on squeezed states is announced, itdistinguishesothersfromthatthestatesaremodulatedwithfouralphabeticletterssymmet-rically, and the modulation is non-gaussian. Two advantages can be found: the securitydoes not degenerate fast with the increase of noise; The efficiency is higher than that ofthe binary-modulated protocols. At the same time, a composed quantum protocol of iden-tity authentication and key distribution is declared using squeezed states. It originates theidea of combining different quantum protocols to improve the practicability of quantumcryptography without any loss of security.
(3) Quantum network communication protocols with high efficiency
Withtheincreaseofthenumberofnetworkusers,itisofmuchimportancetoimprovethe communication efficiency of quantum networks. Motivated by this idea, a new quan-tum subnet communication scheme with high efficiency is proposed using quantum datacompression and Grover searching algorithm. Remarkably, this new scheme contributesto bridging the quantum communication and quantum computing algorithms. Quantumnetwork coding is an alternative way to improve the communication efficiency, this dis-sertation has improved the very scheme on quantum network coding with free classicalcommunication. There may be thousands of entangled pairs, upon which quantum tele-portation is available, in a given quantum communication network. Intrinsically, theseentangled pairs are equivalent with hidden channels, the presented scheme is more gen-eral and outperforms the previous ones on the fact that it is still applicable to quantumnetworks with arbitrarily distributed hidden channels. In addition, a network-topology-adaptive quantum secret conference protocol with high efficiency is proposed based ontwo fundamental sub-protocols. Generally, this protocol can be applied to quantum net-works with different topologies.
(4) Security analysis of practical quantum cryptography systems
Recently, the subject, namely the security analysis of practical Quantum cryptogra-phy systems, has become one of the hottest subject in quantum cryptography. It generally accomplishes the task of improving the security performance of practical quantum cryp-tography systems by amending their loopholes, which can be employed to launch specificattacks. Our work is presented as follow: First, we explore a new loophole existed in realimplementations of counterfactual quantum cryptography, and devise a new Trojan horseattack, namely the counterfactual attack, based on this new loophole. It is showed thatthe presented attack outperforms all known Trojan horse attacks on that the system can betotally broken even if the imperfection is slight enough. In other words, Eve can extractthe entire key without disturbing the system with our attack. Second, a new time-shift at-tack to real implementations of counterfactual quantum cryptography is announced basedon the reported loophole of avalanche photodiode detectors, it is showed that the reportedimperfection not only threatens the conventional quantum cryptography systems, but alsodegenerates the security of counterfactual ones. At last, a fake-state attack on commercialquantum cryptosystems is proposed, the presented attack is an improvement of two newlyreported attacks on commercial systems. It is showed that the quantum bit error rate canbe reduced using the knowledge of the afterpulsing effect of the avalanche photodiodedetectors. Therefore, the improved attack is more difficult to be detected and easier to beimplemented.
量子密码是量子安全通信的理论基础,它的首要特征是具有无条件安全特性。换句话说,即使攻击者拥有无穷的计算资源,只要她不违背量子力学,便无法破解量子密码。与基于计算复杂度的数学密码相比,量子密码从物理本质上保证了信息安全,具体而言,它的安全建立在量子不可克隆原理与量子测不准原理两个最基本的量子力学基本原理之上,从理论上来讲,信道中的任何窃听行为都可以被量子密码检测到。到目前为止,量子密码与量子通信已经形成了相对成熟的理论体系。特别是量子密码,从1984年出现的第一个量子密钥分配协议到今天市场上出现的商用量子密钥分配系统,在不到三十年的时间里,各种新颖的量子密码理论和实现方案相继被提出。在可以预见的未来,以量子密码为核心的量子安全通信将成为人们日常生活的重要组成部分。
到目前为止,量子安全通信领域仍然存在许多理论问题有待于进一步解决。例如,新型量子密码方案设计与安全性证明问题、实用的量子密码网络设计以及实际量子密码系统的安全问题等。为了进一步推动量子安全通信的理论发展与实用化进程,本文依托国家自然科学基金以及国防科技大学科研计划项目,从信息对抗的角度对量子安全通信的相关理论问题展开研究。信息对抗的内涵十分广泛,其中,信息保密与信息窃取是信息对抗的重要研究内容,二者构成了“防与攻”两个对立面。当信息对抗的概念延伸到量子领域,便产生了量子信息对抗。本文以量子密码以及针对量子密码的攻击为主线,重点研究了反事实量子密钥分配协议(QKD)设计与安全证明、基于连续变量的特殊量子密码协议设计与安全性分析、高效量子网络通信方案设计以及针对实际量子密码系统的攻击方案设计等理论问题。论文的主要研究内容包括:
(1)反事实量子密钥分配与量子掷币
反事实量子密钥分配(CQKD)是最近出现的新型量子密码。CQKD协议的特点是不需要传输信号光子,通信双方便可以建立绝对安全的密钥。这种违背传统思维的密钥分配方式具有直观意义上的安全,即密钥信息没有经过信道传输。与传统的QKD协议相比,CQKD协议先天具有抵抗光子分裂数攻击的安全优势。目前,CQKD的无条件安全性已经得到严格的数学证明,但是,由于已有的证明方案采用的是等效变换法,而该方案还没有对等效协议与原协议的等效性进行严格的证明,因此,该方案还有待于进一步完善。本文利用量子信息论的方法,对已有的CQKD协议进行了严格的安全性证明,解决了已有证明方案存在的缺陷。另外,提出了一种反事实量子确定性密钥分配方案,解决了现有方案只能分配随机密钥的问题,新方案的优势在于能够同时分配随机密钥与确定性密钥。
量子掷币是量子密码的研究热点之一。掷币是密码原语之一,掷币协议可以在相互隔离且不信任的双方之间产生一个随机比特。虽然理论证明显示,无论是经典掷币协议还是量子掷币协议都不可能无条件安全。但是,与经典的掷币协议相比,量子掷币协议仍然具有先天的安全优势。到目前为止,大部分的量子掷币协议是单比特协议,即只产生一个比特值做为最终的掷币结果。然而,单比特量子掷币协议的问题在于无法在实际信道中达到应有的安全性。本文提出一种新的量子掷币方案,使得单比特量子掷币协议具有噪声容忍特性,大大提高了单比特量子掷币协议的实用性。
(2)基于连续变量的量子密码协议
利用压缩态,实现了一个四进制非高斯对称调制的量子密钥分配协议,与已有的多进制调制协议相比,该方案的安全性不会随着噪声的增加而出现严重衰减的现象,另外,该方案的效率明显高于二进制调制协议。利用压缩态,实现了一个同时具有身份认证与密钥分配功能的复合量子协议,该方案的最大特点是量子协议与量子协议的复合,在提高实用性的同时,兼顾了安全性,为量子密码协议的实用性研究提供了一种新的思路。
(3)高效量子网络通信方案设计
随着用户数量的增加,量子通信网络也会出现效率降低的问题。基于量子数据压缩算法以及Grover搜索算法,设计了一个高效的量子子网通信方案,该方案的最大特点是首次将量子计算中的加速算法用于量子通信,用于提高量子网络通信效率。另外,量子网络编码方案是提高量子通信效率的另一种有效方式,本文对已有的基于自由经典通信的量子网络编码方案进行了改进。一般而言,量子通信网络中存在大量的纠缠粒子对,利用这些纠缠对可以实施远程传态,因此,纠缠对实际上相当于一条隐形信道,本文设计的量子网络编码方案适用于任意分布隐形信道的量子通信网络,与已有方案相比,更具一般性。最后,基于实际应用场景,即秘密会议,设计了一种具有网络拓扑自适应特性的量子秘密会议通信方案,该方案由两个子方案构成,能够应用于不同网络拓扑结构的量子通信网络中。
(4)实际量子密码系统安全分析
实际量子密码系统安全分析是近年来最新出现的量子密码研究热点之一,其主要思路是首先寻找实际系统的漏洞,然后基于漏洞设计巧妙的攻击方法,并计算该攻击方法带来的误码率或者实际系统的密钥泄漏值,最后设计有效的方法弥补漏洞,从而改进实际量子密码系统的安全。本文的主要工作有:发现现有反事实量子密钥分配实现系统的一个漏洞,并基于该漏洞设计了一种特殊的量子特洛伊木马攻击方案,由于该攻击方案是利用量子反事实效应实现,因而比传统的特洛伊木马攻击更强,从理论上来讲,该方案可以实现在不扰动系统的前提下获取全部的密钥信息;另外,利用已经报道的雪崩二极管单光子探测器漏洞,设计了一种针对反事实量子密钥分配系统的时间变换攻击,该方案表明,探测器漏洞不仅影响传统的量子密钥分配系统安全性,同时也对反事实量子密码系统造成影响;最后,对最新报道的两种针对商用量子密钥分配系统的虚假信号攻击方案进行了改进,设计了一种新的虚假信号攻击方法,该方案利用了雪崩二极管的后脉冲效应先验知识对攻击所造成的误码率进行抑制,分析结果表明,该方案比现有方案更具隐蔽性和可实施性。
Quantuminformationisanewly-bornmultidisciplinarysubject,whichcoversseveralclassicalareas,suchascomputerscience,physics,andmathematics. Themajordistinctionof quantum information is known as that tasks, e.g., the information coding, processingandtransmission, canbeachievedusingquantummechanics. Forinstance, quantumcom-puter, which is a combination of quantum mechanics and computer science, and is morepowerfulthanallknownclassicalcomputers,ismakingtroublesforexistingcryptographicsystems. With the popularization of information technology, the demand of informationsecurity is becoming increasingly intensive. Consequently, quantum cryptography wasinvented to meet the requirements.
It is known that quantum cryptography,which provides fundamental principles forquantum secure communications, is unconditionally secure in theory. In other words, aneavesdropper,Eve,whoissupposedtobeonlyrestrictedbyquantumlaws,canneverbreakthe system even if she possesses unlimited computation resources. In contrast with math-ematical cryptography, which bases its security on computational complexities, quantumcryptography protects the information in nature, since their security is based on the quan-tum laws, i.e., quantum no-cloning theorem and quantum uncertainty principle. Theo-retically, any eavesdropping in the channel can be detected using quantum cryptography.Therefore, it is definite that quantum cryptography contributes to implementing securecommunications. Up to date, quantum cryptography and quantum communication haveemerged to be a relatively mature system in theory, especially for quantum cryptography,ithasonlybeennomorethan30yearssincethefirstquantumkeydistributionprotocolwasannounced, and now we are able to buy commercial products of quantum cryptographicsystem in the market. Also, various schemes of new protocols and implementations ofquantum cryptography were proposed during these years. Obviously, it can be expectedthat quantum cryptography is becoming one major part of people's everyday-life in thecoming decades.
Up to now, there are still many problems left for further investigations in quantumsecure communications. For example, it is worthy to further study how to devise newquantum cryptography protocols and prove their security, how to implement practical net- works in which quantum cryptography is applied, and how to ensure the security of prac-tical quantum cryptography systems. Motivated by the theoretical interests on quantumsecure communications and accelerating the progress of applying quantum technologiesin real life, also supported by the National Nature Science Foundation of China and theplanning projects of the National University of Defense Technology, this dissertation isdevoted to the investigations of above problems with a new prospect, i.e., informationcounter-working. Generally, information counter-working covers a wide range of topics,among which is the pairwise one, i.e., the information privacy and attacks. Naturally, anew notion, namely quantum information counter-working, is developed by extending theidea of information counter-working into quantum domain. Consequently, the central lineof this dissertation is the topic about quantum cryptography and the attacks on quantumcryptographic systems. Explicitly, it contains sub-topics on the protocols and securityproofs of counterfactual quantum cryptography, continuous-variables quantum cryptog-raphy, quantum communication schemes with high efficiency, and quantum hacking. Thecontributions read as follow:
(1) Counterfactual quantum key distribution and quantum coin flipping
As a new paradigm of quantum cryptography, counterfactual quantum key distribu-tion enables two spacially separated parties to share a private key without transmitting anysignal particle. This counter-intuition immediately implies the security, i.e., no key travelsthrough the channel, thus, essentially exhibits security advantages, such as the immunityto the photon number splitting attacks. Existed proof on the security of this new paradigmseems to be unsatisfactory, since the equivalence between the original protocol and thetranslated one should be reconsidered. A new proof, which is more strict than the previ-ous one, is proposed in this dissertation using quantum informatics. At the same time, anew protocol, which outperforms the previous ones on that it produces deterministic keys,is announced.
Quantumcoinflippingisanotherhottopicofquantumcryptography. Originally,coinflipping is a cryptographic primitive which allows two separated and untrusted partiesto generate a random bit. Although theoretical proofs have showed that unconditionalsecure coin flipping is impossible, quantum coin flipping does have an advantage overthe conventional one since the later one can be cracked by quantum computers. So far,mostquantumcoinflippingprotocolsareofsingle-shottype, inotherwords, mostofthem produces a single bit as the outcome. However, it should noticed that single-shot quantumcoin flipping protocols might be totally insecure in a real-life channel. To address thisproblem, a new single-shot quantum coin flipping protocol, which is noise-tolerant, isproposed.
(2) Continuous-variable quantum cryptography protocols
A new quantum key distribution protocol based on squeezed states is announced, itdistinguishesothersfromthatthestatesaremodulatedwithfouralphabeticletterssymmet-rically, and the modulation is non-gaussian. Two advantages can be found: the securitydoes not degenerate fast with the increase of noise; The efficiency is higher than that ofthe binary-modulated protocols. At the same time, a composed quantum protocol of iden-tity authentication and key distribution is declared using squeezed states. It originates theidea of combining different quantum protocols to improve the practicability of quantumcryptography without any loss of security.
(3) Quantum network communication protocols with high efficiency
Withtheincreaseofthenumberofnetworkusers,itisofmuchimportancetoimprovethe communication efficiency of quantum networks. Motivated by this idea, a new quan-tum subnet communication scheme with high efficiency is proposed using quantum datacompression and Grover searching algorithm. Remarkably, this new scheme contributesto bridging the quantum communication and quantum computing algorithms. Quantumnetwork coding is an alternative way to improve the communication efficiency, this dis-sertation has improved the very scheme on quantum network coding with free classicalcommunication. There may be thousands of entangled pairs, upon which quantum tele-portation is available, in a given quantum communication network. Intrinsically, theseentangled pairs are equivalent with hidden channels, the presented scheme is more gen-eral and outperforms the previous ones on the fact that it is still applicable to quantumnetworks with arbitrarily distributed hidden channels. In addition, a network-topology-adaptive quantum secret conference protocol with high efficiency is proposed based ontwo fundamental sub-protocols. Generally, this protocol can be applied to quantum net-works with different topologies.
(4) Security analysis of practical quantum cryptography systems
Recently, the subject, namely the security analysis of practical Quantum cryptogra-phy systems, has become one of the hottest subject in quantum cryptography. It generally accomplishes the task of improving the security performance of practical quantum cryp-tography systems by amending their loopholes, which can be employed to launch specificattacks. Our work is presented as follow: First, we explore a new loophole existed in realimplementations of counterfactual quantum cryptography, and devise a new Trojan horseattack, namely the counterfactual attack, based on this new loophole. It is showed thatthe presented attack outperforms all known Trojan horse attacks on that the system can betotally broken even if the imperfection is slight enough. In other words, Eve can extractthe entire key without disturbing the system with our attack. Second, a new time-shift at-tack to real implementations of counterfactual quantum cryptography is announced basedon the reported loophole of avalanche photodiode detectors, it is showed that the reportedimperfection not only threatens the conventional quantum cryptography systems, but alsodegenerates the security of counterfactual ones. At last, a fake-state attack on commercialquantum cryptosystems is proposed, the presented attack is an improvement of two newlyreported attacks on commercial systems. It is showed that the quantum bit error rate canbe reduced using the knowledge of the afterpulsing effect of the avalanche photodiodedetectors. Therefore, the improved attack is more difficult to be detected and easier to beimplemented.
引文
[1] Shannon C. Communication theory of secrecy systems[M].AT&T,1949.
[2] Bennett C, Brassard G. Quantum cryptography: Public key distribution and cointossing[C]Proceedings of IEEE International Conference on Computers, Systemsand Signal Processing.1984:175.
[3] Ekert A K. Quantum cryptography based on Bell’s theorem[J]. Phys. Rev. Lett.,1991,67:661.
[4] Bennett C H. Quantum cryptography using any two nonorthogonal states[J]. Phys.Rev. Lett.,1992,68:3121.
[5] Bruβ D. Optimal Eavesdropping in Quantum Cryptography with Six States[J].Phys. Rev. Lett.,1998,81:3018.
[6] Inoue K. Differential Phase Shift Quantum Key Distribution[J]. Phys. Rev. Lett.,2002,89(3):037902.
[7] Takesue H, Diamanti E, Honjo T, et al. Differential phase shift quantum key dis-tribution experiment over105km fibre[J]. New J. Phys.,2005,7:232.
[8] Noh T G. Counterfactual Quantum Cryptography[J]. Phys. Rev. Lett.,2009,103:230501.
[9] Yin Z Q, Li H W, Chen W, et al. Security of counterfactual quantum cryptogra-phy[J]. Phys. Rev. A,2010,82:042335.
[10] Shor P W, Preskill J. Simple Proof of Security of the BB84Quantum Key Distri-bution Protocol[J]. Phys. Rev. Lett.,2000,85:441.
[11] Boyer M, Kenigsberg D, Mor T. Quantum Key Distribution with Classical Bob[J].Phys. Rev. Lett.,2007,99:140501.
[12] Boyer M, Gelles R, Kenigsberg D, et al. Semiquantum key distribution[J]. Phys.Rev. A,2009,79:032341.
[13] Barrett J, Hardy L, Kent A. No Signaling and Quantum Key Distribution[J]. Phys.Rev. Lett.,2005,95:010503.
[14] Acín A, Gisin N, Masanes L. From Bell’s Theorem to Secure Quantum KeyDistribution[J]. Phys. Rev. Lett.,2006,97:120405.
[15] H nggi E, Renner R, Wolf S. Efficient Device-Independent Quantum Key Distri-bution[C]EUROCRYPT2010, LNCS.6110.
[16] Townsend P, Rarity J, Tapster P. Single photon interference in10km long opticalfibre interferometer[J]. Electronics Letters,1993,29(7):634--635.
[17] Townsend P, Rarity J, Tapster P. Enhanced single photon fringe visibility in a10km-long prototype quantum cryptography channel[J]. Electronics Letters,1993,29(14):1291--1293.
[18] Townsend P. Secure key distribution system based on quantum cryptography[J].Electronics Letters,1994,30(10):809--811.
[19] Marand C, Townsend P. Quantum key distribution over distances as long as30km[J]. Optics Letters,1995,20(16):1695--1697.
[20] Townsend P. Quantum cryptography on optical fiber networks[C]Euro-Par’98Parallel Processing.1998:35--46.
[21] Muller A, Breguet J, Gisin N. Experimental demonstration of quantum cryptogra-phy using polarized photons in optical fibre over more than1km[J]. EPL (Euro-physics Letters),1993,23:383.
[22] Muller A, Zbinden H, Gisin N. Quantum cryptography over23km in installedunder-lake telecom fibre[J]. EPL (Europhysics Letters),1996,33:335.
[23] Stucki D, Gisin N, Guinnard O, et al. Quantum key distribution over67km with aplug&play system[J]. New Journal of Physics,2002,4:41.
[24] http://news.ustc.edu.cn/Article Show.asp?ArticleID=8038.
[25] Buttler W, Hughes R, Lamoreaux S, et al. Daylight quantum key distribution over1.6km[J]. Physical Review Letters,2000,84(24):5652--5655.
[26] MagiQ, QPN5505security gateway quantum key distribution sys-tem, specification sheet, http://web.archive.org/web/20050209013643orhttp://www.magiqtech.com/press/qpn.pdf.
[27] Clavis2, specification sheet, http://idquantique.com/images/stories/PDF/clavis2-quantum-key-distribution/clavis2-specs.pdf.
[28] Long G L, Liu X S. Theoretically ef?cient high-capacity quantum-key-distributionscheme[J]. Physical Review A,2002,65(3):032302.
[29] Bostr m K, Felbinger T. Deterministic secure direct communication using entan-glement[J]. Physical Review Letters,2002,89(18):187902.
[30] CaiQ. The“ping-pong”protocolcanbeattackedwithouteavesdropping[J]. Phys-ical review letters,2003,91(10):109801.
[31] Cai Q. Eavesdropping on the two-way quantum communication protocols withinvisible photons[J]. Physics Letters A,2006,351(1-2):23--25.
[32] DengF,LongG,LiuX. Two-stepquantumdirectcommunicationprotocolusingtheEinstein-Podolsky-Rosen pair block[J]. Physical Review A,2003,68(4):042317.
[33] Deng F, Long G. Secure direct communication with a quantum one-time pad[J].Physical Review A,2004,69(5):052319.
[34] Qing-Yu C, Bai-Wen L. Deterministic secure communication without using entan-glement[J]. Chinese Physics Letters,2004,21:601.
[35] Yan F, Zhang X. A scheme for secure direct communication using EPR pairs andteleportation[J]. TheEuropeanPhysicalJournalB-CondensedMatterandComplexSystems,2004,41(1):75--78.
[36] Wang C, Deng F, Li Y, et al. Quantum secure direct communication with high-dimension quantum superdense coding[J]. Physical Review A,2005,71(4):44305.
[37] Zhong-Xiao M, Zhan-Jun Z, Yong L. Deterministic secure direct communicationby using swapping quantum entanglement and local unitary operations[J]. ChinesePhysics Letters,2005,22:18.
[38] Lee H, Lim J, Yang H. Quantum direct communication with authentication[J].Physical Review A,2006,73(4):042305.
[39] Zhang Z, Liu J, Wang D, et al. Comment on“Quantum direct communicationwith authentication”[J]. Physical Review A,2007,75(2):026301.
[40] Liu W, Chen H, Li Z, et al. Efficient Many-to-One and One-to-Many Multi-party Quantum Secure Direct Dommunication with Authentication[C]InternationalConference on Intelligent Information Hiding and Multimedia Signal Processing.2008:1282--1285.
[41] Dong J, Teng J, Wang S. Multiparty Controlled Quantum Secure Direct Communi-cation of d-Dimensional Using GHZ state[C]Second International Symposium onIntelligent Information Technology Application.2008:551--555.
[42] Gao F, Qin S, Wen Q, et al. Cryptanalysis of multiparty controlled quantum securedirect communication using Greenberger-Horne-Zeilinger state[J]. Optics Com-munications,2010,283(1):192--195.
[43] Hillery M, Bu ek V, Berthiaume A. Quantum secret sharing[J]. Physical ReviewA,1999,59(3):1829.
[44] Tittel W, Zbinden H, Gisin N. Experimental demonstration of quantum secret shar-ing[J]. Physical Review A,2001,63(4):042301.
[45] Gottesman D. Theory of quantum secret sharing[J]. Physical Review A,2000,61(4):042311.
[46] Nascimento A, Mueller-Quade J, Imai H. Improving quantum secret-sharingschemes[J]. Physical Review A,2001,64(4):042311.
[47] Karlsson A, Koashi M, Imoto N. Quantum entanglement for secret sharing andsecret splitting[J]. Physical Review A,1999,59(1):162.
[48] Cleve R, Gottesman D, Lo H. How to share a quantum secret[J]. Physical ReviewLetters,1999,83(3):648--651.
[49] Karimipour V, Bagherinezhad S, Bahraminasab A. Entanglement swapping of gen-eralized cat states and secret sharing[J]. Arxiv preprint quant-ph/0112050,2001.
[50] Xiao L, Long G, Deng F, et al. Efficient multiparty quantum-secret-sharingschemes[J]. Physical Review A,2004,69(5):052307.
[51] Guo G, Guo G. Quantum secret sharing without entanglement[J]. Physics LettersA,2003,310(4):247--251.
[52] Deng F, Zhou H, Long G. Bidirectional quantum secret sharing and secret splittingwith polarized single photons[J]. Physics Letters A,2005,337(4-6):329--334.
[53] Zhang Z, Li Y, Man Z. Multiparty quantum secret sharing[J]. Physical Review A,2005,71(4):044301.
[54] Zhan-Jun Z, Zhong-Xiao M. Multiparty Quantum Secret Sharing of Key UsingPractical Faint Laser Pulses[J]. Chinese Physics Letters,2005,22:1588.
[55] Ping Z, Xi-Han L, Fu-Guo D, et al. Efficient Three-Party Quantum Secret Sharingwith Single Photons[J]. Chinese Physics Letters,2007,24:2181.
[56] Han L, Liu Y, Liu J, et al. Multiparty quantum secret sharing of secure direct com-munication using single photons[J]. Optics Communications,2008,281(9):2690--2694.
[57] Wang Y, Song H. Preparation of multi-atom specially entangled W-class state andsplitting quantum information[J]. Chinese Science Bulletin,2009,54(15):2599--2605.
[58] Yan F, Gao T. Quantum secret sharing between multiparty and multiparty withoutentanglement[J]. Physical Review A,2005,72(1):012304.
[59] Lian-Fang H, Yi-Min L, Hao Y, et al. Efficient Multiparty-to-Multiparty QuantumSecret Sharing via Continuous Variable Operations[J]. Chinese Physics Letters,2007,24:3312.
[60]高亭,闫凤利,李有成.用6个量子态实现的m方与n方之间的量子秘密共享[J].中国科学: G辑,2009(007):923--934.
[61]闫凤利,高亭,李有成.用4个量子态实现的多方与多方之间的量子秘密共享[J].中国科学: G辑,2008,38(003):241--249.
[62] Shi R, Huang L, Yang W, et al. Quantum secret sharing between multiparty andmultiparty with Bell states and Bell measurements[J]. SCIENCE CHINA Physics,Mechanics&Astronomy,2010,53(12):2238--2244.
[63] Blum M. Coin Flipping by Telephone: A Protocol for Solving Impossible Prob-lems[C]Advances in Cryptology: A Report on CRYPTO'81.1981:11--15.
[64] Aharonov D, Ta-Shma A, Vazirani U, et al. Quantum Bit Escrow[C]Proceedingsof32nd Annual ACM Symposium on Theory of Computing.2000:705--714.
[65] Ambainis A. A new protocol and lower bounds for quantum coin flipping[J]. J.Comput. Syst. Sci.,2004,68:398.
[66] Spekkens R W, Rudolph T. Degrees of concealment and bindingness in quantumbit commitment protocols[J]. Phys. Rev. A,2001,65:012310.
[67] Kitaev A, Original paper is unpublished, an explicit restatement can be found inRef.[68].
[68] Mochon C. Quantum weak coin flipping with arbitrarily small bias[J]. Arxivpreprint arXiv:0711.4114,2007.
[69] Chailloux A, Kerenidis I. Optimal quantum strong coin flipping[C]Proceedings of50thAnnualIEEESymposiumontheFoundationsofComputerScience.2009:527.
[70] Spekkens R W, Rudolph T. Quantum Protocol for Cheat-Sensitive Weak CoinFlipping[J]. Phys. Rev. Lett.,2002,89(22):227901.
[71] Mochon C. Quantum weak coinipping with bias of0.192[C]Proceedings of45thAnnual IEEE Symposium on the Foundations of Computer Science.2004:2.
[72] Mochon C. Large family of quantum weak coin-flipping protocols[J]. Phys. Rev.A,2005,72(2):022341.
[73] Ambainis A, Buhrman H, Dodis Y, et al. Multiparty quantum coin flip-ping[C]Proceedingsof19thAnnualIEEESymposiumonComputationalComplex-ity.2004:250.
[74] Ganz M. Quantum Leader Election[J]. Arxiv preprint arXiv:0910.4952,2009.
[75] Elliott C, Colvin A, Pearson D, et al. Current status of the DARPA quantum net-work[J]. Arxiv preprint quant-ph/0503058,2005.
[76] http://www.hfnl.ustc.edu.cn/2009/0831/1293.html.
[77] Chen T, Liang H, Liu Y, et al. Field test of a practical secure communica-tion network with decoy-state quantum cryptography[J]. Optics Express,2009,17(8):6540--6549.
[78] Resch K, Lindenthal M, Blauensteiner B, et al. Distributing entanglement and sin-gle photons through an intra-city, free-space quantum channel[J]. Optics Express,2005,13:202.
[79] Peng C, Yang T, Bao X, et al. Experimental free-space distribution of entan-gled photon pairs over13km: towards satellite-based global quantum commu-nication[J]. Physical review letters,2005,94(15):150501.
[80] Ursin R, Tiefenbacher F, Schmitt-Manderbach T, et al. Entanglement-based quan-tum communication over144km[J]. Nature Physics,2007,3(7):481--486.
[81] Shi Y, Soljanin E. On multicast in quantum networks[C]Information Sciences andSystems,200640th Annual Conference on.2006:871--876.
[82] Kobayashi H, Le Gall F, Nishimura H, et al. General scheme for perfect quantumnetwork coding with free classical communication[J]. Automata, Languages andProgramming,2009:622--633.
[83] Lütkenhaus. Security against individual attacks for realistic quantum key distribu-tion[J]. Phys. Rev. A,2000,61:052304.
[84] Gisin N, Fasel S, Kraus B, et al. Trojan-horse attacks on quantum-key-distributionsystems[J]. Phys. Rev. A,2006,73:022320.
[85] Wiechers C, Lydersen L, Wittmann C, et al. After-gate attack on a quantum cryp-tosystem[J]. New J. Phys.,2011,13:013043.
[86] Makarov V, Anisimov A, Skaar J. Effects of detector efficiency mismatch on se-curity of quantum cryptosystems[J]. Phys. Rev. A,2006,74(2):022313.
[87] Makarov V. Fakes states attack using detector efficiency mismatch on SARG04,Phase-time, DPSK, and Ekert protocols[J]. Quant. Info. Compu.,2008,8(6&7):0622.
[88] Fung C H F, Qi B, Tamaki K, et al. Time-shift attack in practical quantum cryp-tosystems[J]. Quantum Information and Computation,2007,7:073.
[89] Fung C H F, Qi B, Tamaki K, et al. Phase-remapping attack in practical quantum-key-distribution systems[J]. Phys. Rev. A,2007,75:032314.
[90] Xu F H, Qi B, Lo H K. Experimental demonstration of Phase-remapping attack inpractical quantum key distribution systems[J]. New J. Phys.,2010,12:113026.
[91] Lydersen L, Wiechers C, Wittmann C, et al. Hacking commercial quantum cryp-tographysystemsbytailoredbrightillumination[J]. NaturePhotonics,2010,4:686.
[92] BerlínG,BrassardG,BussièresF,etal. Fairloss-tolerantquantumcoinflipping[J].Phys. Rev. A,2009,80:062321.
[93] Bennett C H, Brassard G, Crépeau C, et al. Generalized privacy amplification[J].IEEE Trans. Info. Theor.,1995,41(6):1915.
[94] Slutsky B A, Rao R, Shun P C, et al. Security of quantum cryptography againstindividual attacks[J]. Phys. Rev. A,1998,57(4):2383(16).
[95] Kraus B, Gisin N, Renner R. Lower and Upper Bounds on the Secret-Key Rate forQuantumKeyDistributionProtocolsUsingOne-WayClassicalCommunication[J].Phys. Rev. Lett.,2005,95:080501.
[96] Sheridan L, Le T P, Scarani V. Finite-key security against coherent attacks in quan-tum key distribution[J]. New J. Phys.,2010,12:123019.
[97] Barrett J, Massar S. Quantum coin tossing and bit-string generation in the presenceof noise[J]. Phys. Rev. A,2004,69:022322.
[98] Aharon N, Massar S, Silman J. Family of loss-tolerant quantum coin-flipping pro-tocols[J]. Phys. Rev. A,2010,82:052307.
[99] Chailloux A. Improved Loss-Tolerant Quantum Coin Flipping[J]. arXiv:1009.0044.
[100] Spekkens R W, Rudolph T. Optimization of coherent attacks in Generalizationsof the BB84quantum bit commitment protocol[J]. Quantum Inf. Comput.,2002,2:66.
[101] Grosshans F, Assche G V, et al. Quantum key distribution using gaussian-modulated coherent states[J]. Nature,2003,421:238.
[102] Hillery M. Quantum cryptography with squeezed states[J]. Phys. Rev. A,2000,61:022309.
[103] Cerf N, Levy M, Assche G V. Quantum distribution of Gaussian keys usingsqueezed states[J]. Phys. Rev. A,2000,63:052311.
[104] Ralph T. Continuous variable quantum cryptography[J]. Phys. Rev. A,2000,61:010303(R).
[105] Ralph T. Security of continuous-variable quantum cryptography[J]. Phys. Rev. A,2000,62:062306.
[106] Navascués M, Bae J, Cirac J I, et al. Quantum Key Distillation from GaussianStates by Gaussian Operations[J]. Phys. Rev. Lett.,2005,94:010502.
[107] Tyc T, Sanders B C. How to share a continuous-variable quantum secret by opticalinterferometry[J]. Phys. Rev. A,2002,65:042310.
[108] Tyc T, Rowe D J, Sanders B C. Efficient sharing of a continuous-variable quantumsecret[J]. J. Phys. A: Math. Gen.,2003,36:7625.
[109] Dǔsek M, Haderka O, Hendrych M. Quantum identification system[J]. Phys. Rev.A,1999,60:149.
[110] Gottesman D. Uncloneable encryption[J]. Quantum Information and Computation,2003,3:581.
[111] Duligall J, Godfrey M, Harrison K A, et al. Low cost and compact quantum keydistribution[J]. New J. Phys.,2006,8:249.
[112] DamgaardI,FehrS,SalvailL,etal. SecureIdenti?cationandQKDintheBounded-Quantum-Storage Model[J]. CRYPTO2007LNCS,2007,4622:342.
[113] Shi B S, Li J, Liu J M, et al. Quantum key distribution and quantum authenticationbased on entangled state[J]. Phys. Lett. A,2001,281:83.
[114] Curty M, Santos D. Quantum authentication of classical messages[J]. Phys. Rev.A,2001,64:062309.
[115] Jouguet P, Kunz-Jacques S, Leverrier A. Long Distance Continuous-VariableQuantum Key Distribution with a Gaussian Modulation[J]. Arxiv preprintarXiv:1110.0100,2011.
[116] Cerf N, Iblisdir S, Assche G V. Cloning and Cryptography with Quantum Contin-uous Variables[J]. Eur. Phys. J. D,2002,18:211--218.
[117] Assche G V, Cardinal J, Cerf N. Reconciliation of aquantum distributed Gaussiankey[J]. IEEE Trans. Inform. Theory,2004,50:394.
[118] Bruβ. Optimal Eavesdropping in Quantum Cryptography with Six States[J]. Phys.Rev. Lett.,1998,81:3018.
[119] Bechmann-Pasquinucci H, Gisin N. Incoherent and coherent eavesdropping in thesix-state protocol of quantum cryptography[J]. Phys. Rev. A,1999,59:4238.
[120] Sych D V, Grishanin B A, Zadkov V N. Critical error rate of quantum-key-distribution protocols versus the size and dimensionality of the quantum alpha-bet[J]. Phys. Rev. A,2004,70:052331.
[121] Sych D V, Grishanin B A, Zadkov V N. Analysis of limiting information charac-teristics of quantum-cryptography protocols[J]. Quant. Electron.,2005,35:80.
[122] Sych D, Leuchs G. Coherentstate quantumkey distribution with multiletter phase-shift keying[J]. New J. Phys.,2010,12:053019.
[123] Ben-Or M, Horodecki M, Leung D W, et al. The Universal Composable Securityof Quantum Key Distribution[J]. TCC2005, LNCS,2005,3378:386.
[124] Müller-Quade J, Renner R. Composability in quantum cryptography[J]. New J.Phys.,2009,11:085006.
[125] Zeng G, Guo G. Quantum authentication protocol[J]. arXiv: quant-ph/0001046.
[126] T.C.Ralph. Security of continuous-variable quantum cryptography[J]. Phys. Rev.A,2000,62:062306.
[127] GroverLK. QuantumMechanicsHelpsinSearchingforaNeedleinaHaystack[J].Phys. Rev. Lett.,1997,79(2):325.
[128] Elitzur A C, Vaidman L. Quantum Mechanical Interaction-Free Measurements[J].Found. Phys.,1993,23:987.
[129] Vaidman L. Impossibility of the Counterfactual Computation for All Possible Out-comes[J]. Phys. Rev. Lett.,2007,98:160403.
[130] Shi Y Y, Soljanin E. On multicast in quantum networks[C]Proceedings of IEEE40th Annual Conference On Information Science and System.2006,2:871.
[131] Dougherty R, Zeger K. Nonreversibility and Equivalent Constructions ofMultiple-Unicast Networks[J]. IEEE Transactions on Information Theory,2006,52(11):5067.
[132] Leung D, Oppenheim J, Winter A. Quantum network communication: the butterflyand beyond[J]. IEEE Transactions on Information Theory,2010,56(7):3478.
[133] Ahlswede R, Cai N, Li S Y R, et al. Network Information Flow[J]. IEEE Transac-tions on Information Theory,2000,46(4):1204.
[134] HayashiM,IwamaK,NishimuraH,etal. Quantumnetworkcoding[C]Proceedingsof the24th annual conference on Theoretical aspects of computer science.2007:610--621.
[135] Hayashi M. Prior entanglement between senders enables perfect quantum networkcoding with modification[J]. Phys. Rev. A,2007,76:040301(R).
[136] Bennett C, Brassard G, Crepeau C, et al. Teleporting an unknown quantum stateviadualclassicalandEinstein-Podolsky-Rosenchannels[J]. Phys.Rev.Lett.,1993,70:1895.
[137] Ma S Y, Chen X B, Luo M X, et al. Probabilistic quantum network coding of M-qudit states over the butterfly network[J]. Optics Communications,2010,283:497.
[138] Kobayashi H, Gall F L, Nishimura H, et al. Perfect Quantum Network Com-munication Protocol Based on Classical Network Coding[J]. Arxiv preprintarXiv:0902.1299,2009.
[139] Kobayashi H, Gall F L, Nishimura H, et al. General Scheme for Perfect Quan-tum Network Coding with Free Classical Communication[J]. Arxiv preprintarXiv:0908.1457,2009.
[140] KobayashiH,GallFL,NishimuraH,etal. ConstructingQuantumNetworkCodingSchemes from Classical Nonlinear Protocols[J]. Arxiv preprint arXiv:1012.4583,2010.
[141] Bell J S. On the Einstein Podolsky Rosen paradox[J]. Physics,1964,1:195.
[142] Li X H, Li C Y, Deng F G, et al. Multiparty quantum remote secret conference[J].Chin. Phys. Lett.,2007,24:23.
[143] Gu B, Li C Q, Chen Y L. Multiparty quantum secret conference based on quantumencryption with pure entangled states[J]. Chin. Phys. B,2009,18:2137.
[144] Wang X B. Beating the Photon-Number-Splitting Attack in Practical QuantumCryptography[J]. Phys. Rev. Lett.,2005,94:230503.
[145] Lamas-Linares A, Kurtsiefer C. Breaking a quantum key distribution systemthrough a timing side channel[J]. Optics Express,2007,15(15):9388.
[146] Sun Y, Wen Q Y. Counterfactual quantum key distribution with high efficiency[J].Phys. Rev. A,2010,82:052318.
[147] Oh J, Antonelli C, Tur M, et al. Method for characterizing single photon detectors
in saturation regime by cw laser[J]. Opt. Exp.,2010,18(6):5906.
[2] Bennett C, Brassard G. Quantum cryptography: Public key distribution and cointossing[C]Proceedings of IEEE International Conference on Computers, Systemsand Signal Processing.1984:175.
[3] Ekert A K. Quantum cryptography based on Bell’s theorem[J]. Phys. Rev. Lett.,1991,67:661.
[4] Bennett C H. Quantum cryptography using any two nonorthogonal states[J]. Phys.Rev. Lett.,1992,68:3121.
[5] Bruβ D. Optimal Eavesdropping in Quantum Cryptography with Six States[J].Phys. Rev. Lett.,1998,81:3018.
[6] Inoue K. Differential Phase Shift Quantum Key Distribution[J]. Phys. Rev. Lett.,2002,89(3):037902.
[7] Takesue H, Diamanti E, Honjo T, et al. Differential phase shift quantum key dis-tribution experiment over105km fibre[J]. New J. Phys.,2005,7:232.
[8] Noh T G. Counterfactual Quantum Cryptography[J]. Phys. Rev. Lett.,2009,103:230501.
[9] Yin Z Q, Li H W, Chen W, et al. Security of counterfactual quantum cryptogra-phy[J]. Phys. Rev. A,2010,82:042335.
[10] Shor P W, Preskill J. Simple Proof of Security of the BB84Quantum Key Distri-bution Protocol[J]. Phys. Rev. Lett.,2000,85:441.
[11] Boyer M, Kenigsberg D, Mor T. Quantum Key Distribution with Classical Bob[J].Phys. Rev. Lett.,2007,99:140501.
[12] Boyer M, Gelles R, Kenigsberg D, et al. Semiquantum key distribution[J]. Phys.Rev. A,2009,79:032341.
[13] Barrett J, Hardy L, Kent A. No Signaling and Quantum Key Distribution[J]. Phys.Rev. Lett.,2005,95:010503.
[14] Acín A, Gisin N, Masanes L. From Bell’s Theorem to Secure Quantum KeyDistribution[J]. Phys. Rev. Lett.,2006,97:120405.
[15] H nggi E, Renner R, Wolf S. Efficient Device-Independent Quantum Key Distri-bution[C]EUROCRYPT2010, LNCS.6110.
[16] Townsend P, Rarity J, Tapster P. Single photon interference in10km long opticalfibre interferometer[J]. Electronics Letters,1993,29(7):634--635.
[17] Townsend P, Rarity J, Tapster P. Enhanced single photon fringe visibility in a10km-long prototype quantum cryptography channel[J]. Electronics Letters,1993,29(14):1291--1293.
[18] Townsend P. Secure key distribution system based on quantum cryptography[J].Electronics Letters,1994,30(10):809--811.
[19] Marand C, Townsend P. Quantum key distribution over distances as long as30km[J]. Optics Letters,1995,20(16):1695--1697.
[20] Townsend P. Quantum cryptography on optical fiber networks[C]Euro-Par’98Parallel Processing.1998:35--46.
[21] Muller A, Breguet J, Gisin N. Experimental demonstration of quantum cryptogra-phy using polarized photons in optical fibre over more than1km[J]. EPL (Euro-physics Letters),1993,23:383.
[22] Muller A, Zbinden H, Gisin N. Quantum cryptography over23km in installedunder-lake telecom fibre[J]. EPL (Europhysics Letters),1996,33:335.
[23] Stucki D, Gisin N, Guinnard O, et al. Quantum key distribution over67km with aplug&play system[J]. New Journal of Physics,2002,4:41.
[24] http://news.ustc.edu.cn/Article Show.asp?ArticleID=8038.
[25] Buttler W, Hughes R, Lamoreaux S, et al. Daylight quantum key distribution over1.6km[J]. Physical Review Letters,2000,84(24):5652--5655.
[26] MagiQ, QPN5505security gateway quantum key distribution sys-tem, specification sheet, http://web.archive.org/web/20050209013643orhttp://www.magiqtech.com/press/qpn.pdf.
[27] Clavis2, specification sheet, http://idquantique.com/images/stories/PDF/clavis2-quantum-key-distribution/clavis2-specs.pdf.
[28] Long G L, Liu X S. Theoretically ef?cient high-capacity quantum-key-distributionscheme[J]. Physical Review A,2002,65(3):032302.
[29] Bostr m K, Felbinger T. Deterministic secure direct communication using entan-glement[J]. Physical Review Letters,2002,89(18):187902.
[30] CaiQ. The“ping-pong”protocolcanbeattackedwithouteavesdropping[J]. Phys-ical review letters,2003,91(10):109801.
[31] Cai Q. Eavesdropping on the two-way quantum communication protocols withinvisible photons[J]. Physics Letters A,2006,351(1-2):23--25.
[32] DengF,LongG,LiuX. Two-stepquantumdirectcommunicationprotocolusingtheEinstein-Podolsky-Rosen pair block[J]. Physical Review A,2003,68(4):042317.
[33] Deng F, Long G. Secure direct communication with a quantum one-time pad[J].Physical Review A,2004,69(5):052319.
[34] Qing-Yu C, Bai-Wen L. Deterministic secure communication without using entan-glement[J]. Chinese Physics Letters,2004,21:601.
[35] Yan F, Zhang X. A scheme for secure direct communication using EPR pairs andteleportation[J]. TheEuropeanPhysicalJournalB-CondensedMatterandComplexSystems,2004,41(1):75--78.
[36] Wang C, Deng F, Li Y, et al. Quantum secure direct communication with high-dimension quantum superdense coding[J]. Physical Review A,2005,71(4):44305.
[37] Zhong-Xiao M, Zhan-Jun Z, Yong L. Deterministic secure direct communicationby using swapping quantum entanglement and local unitary operations[J]. ChinesePhysics Letters,2005,22:18.
[38] Lee H, Lim J, Yang H. Quantum direct communication with authentication[J].Physical Review A,2006,73(4):042305.
[39] Zhang Z, Liu J, Wang D, et al. Comment on“Quantum direct communicationwith authentication”[J]. Physical Review A,2007,75(2):026301.
[40] Liu W, Chen H, Li Z, et al. Efficient Many-to-One and One-to-Many Multi-party Quantum Secure Direct Dommunication with Authentication[C]InternationalConference on Intelligent Information Hiding and Multimedia Signal Processing.2008:1282--1285.
[41] Dong J, Teng J, Wang S. Multiparty Controlled Quantum Secure Direct Communi-cation of d-Dimensional Using GHZ state[C]Second International Symposium onIntelligent Information Technology Application.2008:551--555.
[42] Gao F, Qin S, Wen Q, et al. Cryptanalysis of multiparty controlled quantum securedirect communication using Greenberger-Horne-Zeilinger state[J]. Optics Com-munications,2010,283(1):192--195.
[43] Hillery M, Bu ek V, Berthiaume A. Quantum secret sharing[J]. Physical ReviewA,1999,59(3):1829.
[44] Tittel W, Zbinden H, Gisin N. Experimental demonstration of quantum secret shar-ing[J]. Physical Review A,2001,63(4):042301.
[45] Gottesman D. Theory of quantum secret sharing[J]. Physical Review A,2000,61(4):042311.
[46] Nascimento A, Mueller-Quade J, Imai H. Improving quantum secret-sharingschemes[J]. Physical Review A,2001,64(4):042311.
[47] Karlsson A, Koashi M, Imoto N. Quantum entanglement for secret sharing andsecret splitting[J]. Physical Review A,1999,59(1):162.
[48] Cleve R, Gottesman D, Lo H. How to share a quantum secret[J]. Physical ReviewLetters,1999,83(3):648--651.
[49] Karimipour V, Bagherinezhad S, Bahraminasab A. Entanglement swapping of gen-eralized cat states and secret sharing[J]. Arxiv preprint quant-ph/0112050,2001.
[50] Xiao L, Long G, Deng F, et al. Efficient multiparty quantum-secret-sharingschemes[J]. Physical Review A,2004,69(5):052307.
[51] Guo G, Guo G. Quantum secret sharing without entanglement[J]. Physics LettersA,2003,310(4):247--251.
[52] Deng F, Zhou H, Long G. Bidirectional quantum secret sharing and secret splittingwith polarized single photons[J]. Physics Letters A,2005,337(4-6):329--334.
[53] Zhang Z, Li Y, Man Z. Multiparty quantum secret sharing[J]. Physical Review A,2005,71(4):044301.
[54] Zhan-Jun Z, Zhong-Xiao M. Multiparty Quantum Secret Sharing of Key UsingPractical Faint Laser Pulses[J]. Chinese Physics Letters,2005,22:1588.
[55] Ping Z, Xi-Han L, Fu-Guo D, et al. Efficient Three-Party Quantum Secret Sharingwith Single Photons[J]. Chinese Physics Letters,2007,24:2181.
[56] Han L, Liu Y, Liu J, et al. Multiparty quantum secret sharing of secure direct com-munication using single photons[J]. Optics Communications,2008,281(9):2690--2694.
[57] Wang Y, Song H. Preparation of multi-atom specially entangled W-class state andsplitting quantum information[J]. Chinese Science Bulletin,2009,54(15):2599--2605.
[58] Yan F, Gao T. Quantum secret sharing between multiparty and multiparty withoutentanglement[J]. Physical Review A,2005,72(1):012304.
[59] Lian-Fang H, Yi-Min L, Hao Y, et al. Efficient Multiparty-to-Multiparty QuantumSecret Sharing via Continuous Variable Operations[J]. Chinese Physics Letters,2007,24:3312.
[60]高亭,闫凤利,李有成.用6个量子态实现的m方与n方之间的量子秘密共享[J].中国科学: G辑,2009(007):923--934.
[61]闫凤利,高亭,李有成.用4个量子态实现的多方与多方之间的量子秘密共享[J].中国科学: G辑,2008,38(003):241--249.
[62] Shi R, Huang L, Yang W, et al. Quantum secret sharing between multiparty andmultiparty with Bell states and Bell measurements[J]. SCIENCE CHINA Physics,Mechanics&Astronomy,2010,53(12):2238--2244.
[63] Blum M. Coin Flipping by Telephone: A Protocol for Solving Impossible Prob-lems[C]Advances in Cryptology: A Report on CRYPTO'81.1981:11--15.
[64] Aharonov D, Ta-Shma A, Vazirani U, et al. Quantum Bit Escrow[C]Proceedingsof32nd Annual ACM Symposium on Theory of Computing.2000:705--714.
[65] Ambainis A. A new protocol and lower bounds for quantum coin flipping[J]. J.Comput. Syst. Sci.,2004,68:398.
[66] Spekkens R W, Rudolph T. Degrees of concealment and bindingness in quantumbit commitment protocols[J]. Phys. Rev. A,2001,65:012310.
[67] Kitaev A, Original paper is unpublished, an explicit restatement can be found inRef.[68].
[68] Mochon C. Quantum weak coin flipping with arbitrarily small bias[J]. Arxivpreprint arXiv:0711.4114,2007.
[69] Chailloux A, Kerenidis I. Optimal quantum strong coin flipping[C]Proceedings of50thAnnualIEEESymposiumontheFoundationsofComputerScience.2009:527.
[70] Spekkens R W, Rudolph T. Quantum Protocol for Cheat-Sensitive Weak CoinFlipping[J]. Phys. Rev. Lett.,2002,89(22):227901.
[71] Mochon C. Quantum weak coinipping with bias of0.192[C]Proceedings of45thAnnual IEEE Symposium on the Foundations of Computer Science.2004:2.
[72] Mochon C. Large family of quantum weak coin-flipping protocols[J]. Phys. Rev.A,2005,72(2):022341.
[73] Ambainis A, Buhrman H, Dodis Y, et al. Multiparty quantum coin flip-ping[C]Proceedingsof19thAnnualIEEESymposiumonComputationalComplex-ity.2004:250.
[74] Ganz M. Quantum Leader Election[J]. Arxiv preprint arXiv:0910.4952,2009.
[75] Elliott C, Colvin A, Pearson D, et al. Current status of the DARPA quantum net-work[J]. Arxiv preprint quant-ph/0503058,2005.
[76] http://www.hfnl.ustc.edu.cn/2009/0831/1293.html.
[77] Chen T, Liang H, Liu Y, et al. Field test of a practical secure communica-tion network with decoy-state quantum cryptography[J]. Optics Express,2009,17(8):6540--6549.
[78] Resch K, Lindenthal M, Blauensteiner B, et al. Distributing entanglement and sin-gle photons through an intra-city, free-space quantum channel[J]. Optics Express,2005,13:202.
[79] Peng C, Yang T, Bao X, et al. Experimental free-space distribution of entan-gled photon pairs over13km: towards satellite-based global quantum commu-nication[J]. Physical review letters,2005,94(15):150501.
[80] Ursin R, Tiefenbacher F, Schmitt-Manderbach T, et al. Entanglement-based quan-tum communication over144km[J]. Nature Physics,2007,3(7):481--486.
[81] Shi Y, Soljanin E. On multicast in quantum networks[C]Information Sciences andSystems,200640th Annual Conference on.2006:871--876.
[82] Kobayashi H, Le Gall F, Nishimura H, et al. General scheme for perfect quantumnetwork coding with free classical communication[J]. Automata, Languages andProgramming,2009:622--633.
[83] Lütkenhaus. Security against individual attacks for realistic quantum key distribu-tion[J]. Phys. Rev. A,2000,61:052304.
[84] Gisin N, Fasel S, Kraus B, et al. Trojan-horse attacks on quantum-key-distributionsystems[J]. Phys. Rev. A,2006,73:022320.
[85] Wiechers C, Lydersen L, Wittmann C, et al. After-gate attack on a quantum cryp-tosystem[J]. New J. Phys.,2011,13:013043.
[86] Makarov V, Anisimov A, Skaar J. Effects of detector efficiency mismatch on se-curity of quantum cryptosystems[J]. Phys. Rev. A,2006,74(2):022313.
[87] Makarov V. Fakes states attack using detector efficiency mismatch on SARG04,Phase-time, DPSK, and Ekert protocols[J]. Quant. Info. Compu.,2008,8(6&7):0622.
[88] Fung C H F, Qi B, Tamaki K, et al. Time-shift attack in practical quantum cryp-tosystems[J]. Quantum Information and Computation,2007,7:073.
[89] Fung C H F, Qi B, Tamaki K, et al. Phase-remapping attack in practical quantum-key-distribution systems[J]. Phys. Rev. A,2007,75:032314.
[90] Xu F H, Qi B, Lo H K. Experimental demonstration of Phase-remapping attack inpractical quantum key distribution systems[J]. New J. Phys.,2010,12:113026.
[91] Lydersen L, Wiechers C, Wittmann C, et al. Hacking commercial quantum cryp-tographysystemsbytailoredbrightillumination[J]. NaturePhotonics,2010,4:686.
[92] BerlínG,BrassardG,BussièresF,etal. Fairloss-tolerantquantumcoinflipping[J].Phys. Rev. A,2009,80:062321.
[93] Bennett C H, Brassard G, Crépeau C, et al. Generalized privacy amplification[J].IEEE Trans. Info. Theor.,1995,41(6):1915.
[94] Slutsky B A, Rao R, Shun P C, et al. Security of quantum cryptography againstindividual attacks[J]. Phys. Rev. A,1998,57(4):2383(16).
[95] Kraus B, Gisin N, Renner R. Lower and Upper Bounds on the Secret-Key Rate forQuantumKeyDistributionProtocolsUsingOne-WayClassicalCommunication[J].Phys. Rev. Lett.,2005,95:080501.
[96] Sheridan L, Le T P, Scarani V. Finite-key security against coherent attacks in quan-tum key distribution[J]. New J. Phys.,2010,12:123019.
[97] Barrett J, Massar S. Quantum coin tossing and bit-string generation in the presenceof noise[J]. Phys. Rev. A,2004,69:022322.
[98] Aharon N, Massar S, Silman J. Family of loss-tolerant quantum coin-flipping pro-tocols[J]. Phys. Rev. A,2010,82:052307.
[99] Chailloux A. Improved Loss-Tolerant Quantum Coin Flipping[J]. arXiv:1009.0044.
[100] Spekkens R W, Rudolph T. Optimization of coherent attacks in Generalizationsof the BB84quantum bit commitment protocol[J]. Quantum Inf. Comput.,2002,2:66.
[101] Grosshans F, Assche G V, et al. Quantum key distribution using gaussian-modulated coherent states[J]. Nature,2003,421:238.
[102] Hillery M. Quantum cryptography with squeezed states[J]. Phys. Rev. A,2000,61:022309.
[103] Cerf N, Levy M, Assche G V. Quantum distribution of Gaussian keys usingsqueezed states[J]. Phys. Rev. A,2000,63:052311.
[104] Ralph T. Continuous variable quantum cryptography[J]. Phys. Rev. A,2000,61:010303(R).
[105] Ralph T. Security of continuous-variable quantum cryptography[J]. Phys. Rev. A,2000,62:062306.
[106] Navascués M, Bae J, Cirac J I, et al. Quantum Key Distillation from GaussianStates by Gaussian Operations[J]. Phys. Rev. Lett.,2005,94:010502.
[107] Tyc T, Sanders B C. How to share a continuous-variable quantum secret by opticalinterferometry[J]. Phys. Rev. A,2002,65:042310.
[108] Tyc T, Rowe D J, Sanders B C. Efficient sharing of a continuous-variable quantumsecret[J]. J. Phys. A: Math. Gen.,2003,36:7625.
[109] Dǔsek M, Haderka O, Hendrych M. Quantum identification system[J]. Phys. Rev.A,1999,60:149.
[110] Gottesman D. Uncloneable encryption[J]. Quantum Information and Computation,2003,3:581.
[111] Duligall J, Godfrey M, Harrison K A, et al. Low cost and compact quantum keydistribution[J]. New J. Phys.,2006,8:249.
[112] DamgaardI,FehrS,SalvailL,etal. SecureIdenti?cationandQKDintheBounded-Quantum-Storage Model[J]. CRYPTO2007LNCS,2007,4622:342.
[113] Shi B S, Li J, Liu J M, et al. Quantum key distribution and quantum authenticationbased on entangled state[J]. Phys. Lett. A,2001,281:83.
[114] Curty M, Santos D. Quantum authentication of classical messages[J]. Phys. Rev.A,2001,64:062309.
[115] Jouguet P, Kunz-Jacques S, Leverrier A. Long Distance Continuous-VariableQuantum Key Distribution with a Gaussian Modulation[J]. Arxiv preprintarXiv:1110.0100,2011.
[116] Cerf N, Iblisdir S, Assche G V. Cloning and Cryptography with Quantum Contin-uous Variables[J]. Eur. Phys. J. D,2002,18:211--218.
[117] Assche G V, Cardinal J, Cerf N. Reconciliation of aquantum distributed Gaussiankey[J]. IEEE Trans. Inform. Theory,2004,50:394.
[118] Bruβ. Optimal Eavesdropping in Quantum Cryptography with Six States[J]. Phys.Rev. Lett.,1998,81:3018.
[119] Bechmann-Pasquinucci H, Gisin N. Incoherent and coherent eavesdropping in thesix-state protocol of quantum cryptography[J]. Phys. Rev. A,1999,59:4238.
[120] Sych D V, Grishanin B A, Zadkov V N. Critical error rate of quantum-key-distribution protocols versus the size and dimensionality of the quantum alpha-bet[J]. Phys. Rev. A,2004,70:052331.
[121] Sych D V, Grishanin B A, Zadkov V N. Analysis of limiting information charac-teristics of quantum-cryptography protocols[J]. Quant. Electron.,2005,35:80.
[122] Sych D, Leuchs G. Coherentstate quantumkey distribution with multiletter phase-shift keying[J]. New J. Phys.,2010,12:053019.
[123] Ben-Or M, Horodecki M, Leung D W, et al. The Universal Composable Securityof Quantum Key Distribution[J]. TCC2005, LNCS,2005,3378:386.
[124] Müller-Quade J, Renner R. Composability in quantum cryptography[J]. New J.Phys.,2009,11:085006.
[125] Zeng G, Guo G. Quantum authentication protocol[J]. arXiv: quant-ph/0001046.
[126] T.C.Ralph. Security of continuous-variable quantum cryptography[J]. Phys. Rev.A,2000,62:062306.
[127] GroverLK. QuantumMechanicsHelpsinSearchingforaNeedleinaHaystack[J].Phys. Rev. Lett.,1997,79(2):325.
[128] Elitzur A C, Vaidman L. Quantum Mechanical Interaction-Free Measurements[J].Found. Phys.,1993,23:987.
[129] Vaidman L. Impossibility of the Counterfactual Computation for All Possible Out-comes[J]. Phys. Rev. Lett.,2007,98:160403.
[130] Shi Y Y, Soljanin E. On multicast in quantum networks[C]Proceedings of IEEE40th Annual Conference On Information Science and System.2006,2:871.
[131] Dougherty R, Zeger K. Nonreversibility and Equivalent Constructions ofMultiple-Unicast Networks[J]. IEEE Transactions on Information Theory,2006,52(11):5067.
[132] Leung D, Oppenheim J, Winter A. Quantum network communication: the butterflyand beyond[J]. IEEE Transactions on Information Theory,2010,56(7):3478.
[133] Ahlswede R, Cai N, Li S Y R, et al. Network Information Flow[J]. IEEE Transac-tions on Information Theory,2000,46(4):1204.
[134] HayashiM,IwamaK,NishimuraH,etal. Quantumnetworkcoding[C]Proceedingsof the24th annual conference on Theoretical aspects of computer science.2007:610--621.
[135] Hayashi M. Prior entanglement between senders enables perfect quantum networkcoding with modification[J]. Phys. Rev. A,2007,76:040301(R).
[136] Bennett C, Brassard G, Crepeau C, et al. Teleporting an unknown quantum stateviadualclassicalandEinstein-Podolsky-Rosenchannels[J]. Phys.Rev.Lett.,1993,70:1895.
[137] Ma S Y, Chen X B, Luo M X, et al. Probabilistic quantum network coding of M-qudit states over the butterfly network[J]. Optics Communications,2010,283:497.
[138] Kobayashi H, Gall F L, Nishimura H, et al. Perfect Quantum Network Com-munication Protocol Based on Classical Network Coding[J]. Arxiv preprintarXiv:0902.1299,2009.
[139] Kobayashi H, Gall F L, Nishimura H, et al. General Scheme for Perfect Quan-tum Network Coding with Free Classical Communication[J]. Arxiv preprintarXiv:0908.1457,2009.
[140] KobayashiH,GallFL,NishimuraH,etal. ConstructingQuantumNetworkCodingSchemes from Classical Nonlinear Protocols[J]. Arxiv preprint arXiv:1012.4583,2010.
[141] Bell J S. On the Einstein Podolsky Rosen paradox[J]. Physics,1964,1:195.
[142] Li X H, Li C Y, Deng F G, et al. Multiparty quantum remote secret conference[J].Chin. Phys. Lett.,2007,24:23.
[143] Gu B, Li C Q, Chen Y L. Multiparty quantum secret conference based on quantumencryption with pure entangled states[J]. Chin. Phys. B,2009,18:2137.
[144] Wang X B. Beating the Photon-Number-Splitting Attack in Practical QuantumCryptography[J]. Phys. Rev. Lett.,2005,94:230503.
[145] Lamas-Linares A, Kurtsiefer C. Breaking a quantum key distribution systemthrough a timing side channel[J]. Optics Express,2007,15(15):9388.
[146] Sun Y, Wen Q Y. Counterfactual quantum key distribution with high efficiency[J].Phys. Rev. A,2010,82:052318.
[147] Oh J, Antonelli C, Tur M, et al. Method for characterizing single photon detectors
in saturation regime by cw laser[J]. Opt. Exp.,2010,18(6):5906.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |