Analysis and Comparison of Security Proofs of Quantum Key Distribution

碩士 === 國立臺灣大學 === 電機工程學研究所 === 106 === Quantum key distribution (QKD) allows two parties to have a shared secret key without relying on any computational assumption. While BB84 is the oldest QKD protocol, it is easy to implement and compatible with decoy-method, which makes it secure in the practica...

Full description

Bibliographic Details
Main Authors: Hao Chung, 鍾豪
Other Authors: 鄭振牟
Format: Others
Language:en_US
Published: 2018
Online Access:http://ndltd.ncl.edu.tw/handle/9pc3ky
Description
Summary:碩士 === 國立臺灣大學 === 電機工程學研究所 === 106 === Quantum key distribution (QKD) allows two parties to have a shared secret key without relying on any computational assumption. While BB84 is the oldest QKD protocol, it is easy to implement and compatible with decoy-method, which makes it secure in the practical world. In this thesis, we give a complete and self-contained security proof of BB84 protocol. By complete, we mean that we give a comprehensive introduction to all the building blocks of a security proof. We recall the formal security definition of QKD, analyze all the necesary assumptions and give a proof to show that BB84 attains the security definition. By self-contained, we mean that we analyze the security of BB84 step-by-step without outsourcing to other papers, except some mathematical facts whose proofs are not directly related to the main context. We believe that our treatment makes it easier to understand the security proof of QKD, especially for students and researchers from different backgrounds. Our work combines the proofs in [SP00] and [Koa09]. We reduce the security of BB84 to an entanglement-based protocol and describe the protocol by error correction codes, which were introduced in [SP00]. Then, we analyze the security of the entanglement-based protocol by uncertainty principle, which is the essential part of the proof in [Koa09]. Along the proof, we make two improvements. First, in cite{SP00}, the reduction is argued by the "equivalence" between two protocols. We formulate the notion of equivalence by an indistinguishable game, which fits the language of modern cryptography. We apply the new definition of equivalence to the proof and analyze the parameter loss in the reduction. Second, the proof in [Koa09] requires that the post-processing in the BB84 protocol must be encrypted by one-time pad. We remove this requirement and show that BB84 remains secure if the post-processing is done in public.