## Bounds on information and the security of quantum cryptography", manuscript (1997)

Venue: | Rev. Lett |

Citations: | 20 - 5 self |

### BibTeX

@ARTICLE{Biham97boundson,

author = {Eli Biham and Tal Mor},

title = {Bounds on information and the security of quantum cryptography", manuscript},

journal = {Rev. Lett},

year = {1997},

volume = {79},

pages = {4034--4037}

}

### OpenURL

### Abstract

Strong attacks against quantum key distribution use quantum memories and quantum gates to attack directly the final key. In this paper we extend a novel security result recently obtained, to demonstrate proofs of security against a wide class of such attacks. To reach this goal we calculate information-dependent reduced density matrices, we study the geometry of quantum mixed state, and we find bounds on the information leaked to an eavesdropper. Our result suggests that quantum cryptography is ultimately secure. Quantum cryptography (e.g. [1, 2]) suggests an information secure key distribution. It is based on the fact that non-orthogonal quantum states cannot be cloned, and any attempt to obtain information regarding these states necessarily disturbs them and induces noise. In principle, the legitimate users of a quantum key distribution scheme, Alice and Bob, should quit the protocol if they notice a noise. However, in real protocols, the channels and

### Citations

717 |
Quantum theory: Concepts and Methods
- Peres
- 1993
(Show Context)
Citation Context ...y. Bob’s reduced density matrices (rdms) are calculated from |Ψ〉〈Ψ| by tracing out Eve’s particle. This operation is usually denoted by ρB =Tr [|Ψ〉〈Ψ|], where the full formula is given by eq. 5.19 in =-=[13]-=- E (ρnm = � µν ρnν,mµδµν = � µ ρnµ,mµ). We denote this operation by ρB = � Tr (|Ψ〉〈Ψ|) E Î�,whereÎis two dimensional (δµν in eq. 5.19). From Bob’s matrices we find the error-rate, that is, the probabi... |

71 | Quantum privacy amplification and the security of quantum cryptography over noisy channels
- Deutsch, Ekert, et al.
- 1996
(Show Context)
Citation Context ...ification techniques by that time. Moreover, she doesn’t know which particles will be discarded in the error-estimation stage, and how the common bits will be reordered (similar intuition was used in =-=[12]-=- for similar purpose). Therefore, she cannot gain by searching or creating correlations between the transmitted particles; she better keeps one separate probe for each particle. In this paper we showe... |

24 | Security of quantum cryptography against collective attacks
- Biham, Mor
- 1997
(Show Context)
Citation Context ...inion see [4]); their security against sophisticated joint attacks, which use quantum memories, quantum gates, and delayed measurements to attack directly the final key, is only partially established =-=[5, 6, 7]-=-. In this work we extend the results of [7] much further. The first hints that privacy amplification might still be effective against such attacks were provided by Bennett, Mor and Smolin (BMS) [8]. S... |

2 |
26 Symp on the Theo
- Yao, Proc
- 1995
(Show Context)
Citation Context ...inion see [4]); their security against sophisticated joint attacks, which use quantum memories, quantum gates, and delayed measurements to attack directly the final key, is only partially established =-=[5, 6, 7]-=-. In this work we extend the results of [7] much further. The first hints that privacy amplification might still be effective against such attacks were provided by Bennett, Mor and Smolin (BMS) [8]. S... |

1 |
proved security in case of noisy channel and error free devices
- Deutsch
- 1996
(Show Context)
Citation Context ...inion see [4]); their security against sophisticated joint attacks, which use quantum memories, quantum gates, and delayed measurements to attack directly the final key, is only partially established =-=[5, 6, 7]-=-. In this work we extend the results of [7] much further. The first hints that privacy amplification might still be effective against such attacks were provided by Bennett, Mor and Smolin (BMS) [8]. S... |

1 |
The analysis suggested in [7] applies only when Alice sends errorcorrection data to Bob. It does not apply if bits are thrown away as in the error-correction of Bennett et
- al
- 1992
(Show Context)
Citation Context ...ce and Bob have an n-bit string. Alice and Bob choose the parity bit of that (full n-bit) string to be their secret bit, and Alice sends to Bob some parities of substrings as the error-correction data=-=[10]-=-. In [7] we calculated Eve’s density matrices for the parity bit while taking into account the error-correction data she has [11]. Then, we found Eve’s best strategy for measuring the probes and her o... |

1 |
it is easy to check that α is of order pe 1/2 if the EHPP attack is applied on various other states which are more sensitive to this specific eavesdropping attack. We emphasize this point to avoid the impression that the translucent attack we use later on
- However
(Show Context)
Citation Context ...lly with the length of the string n; e.g., for Hamming codes it is I(n, α) ≤ C(n)(2α) (n+1)/2 , (1) with C(n) = 2 ln2 √ � (n + 1). For a given error-rate, pe, the resultant angle π in the EHPP attack =-=[12]-=- is α = (tan 2 (2θ) pe) 1/4 , so that the information I(n, pe) is of the order of p (n+1)/8 e . In terms of quantum information theory this result (henceforth, the BM result) extends the BMS result to... |

1 |
The Parity Bit in Quantum Cryptography”, submitted to Phys
- Bennett, Mor, et al.
(Show Context)
Citation Context ... ultimately secure. The simplest privacy amplification technique chooses the final key as the parity of a large binary string. The optimal information on the parity bit of an n-bit string is obtained =-=[8]-=- by measuring all particles together (i.e., by projecting their state on a basis of entangled states). Yet, the information regarding the parity bit [8] is exponentially small with the length of the s... |