More questions about reality and the security of quantum protocols

My lecture today in my Quantum Cryptography course brought together several recent threads on this blog.  In particular, several interesting questions arose during the course of the lecture (I love having engaged and motivated students).  The questions arose from our discussion of the BB84 protocol and the No-Cloning theorem. Essentially: 1. Do Alice and Bob need to be people or can they be machines? and 2. In what instances can Eve impersonate Bob (or Alice, for that matter)?

1. One student remarked that after studying it via the homework, lecture, etc., it seemed as if the BB84 protocol’s success was directly linked to the need for a human on either end interpreting the results.  Essentially, she said, it seemed Alice and Bob had to be people as opposed to machines since it seems Eve might be able to fool Alice into thinking she’s really Bob if Alice was simply a machine.  So, while she couldn’t necessarily clone Alice’s state before sending it back on to Bob, she might be able to pretend to be Bob.  Notice that the answer to the first part of this question is at least partially related to the Chinese room argument I recently commented on.

2. After a bit of  classroom discussion, one of my colleagues in the chemistry department who is sitting in on my lectures, noted that this seemed to indicate two different situations.  So, if they’re all people, it is entirely possible for Eve to sneak up on Bob, slit his throat or take him hostage, and impersonate him.  Quantum mechanics can never get around basic human espionage.  But the question is, could there be a way for Eve to impersonate Bob (or perhaps Alice) without something quite as nefarious happening?  For instance, someone in class suggested making a copy of Bob’s (or Alice’s) computer.  Classically, this could be done (copying information off of a hard drive, for example) and is the basis of the argument many critics made concerning the use of quantum cryptography in the Swiss elections since, in this sense, copying a classical computer is essentially hacking.

In response to the latter, the answer would be different if the computers themselves were quantum.  The No-Cloning theorem basically says that it’s perfectly ok to copy states if they’re orthogonal to one another, but if they are they have classical analogues and so you’re not really doing anything unusual.  Because quantum computers make use of non-orthogonal states, the No-Cloning theorem implies you could never copy the hard drive of a quantum computer (at least perfectly). Note that it is potentially possible for a single qubit to be copied if you guess correctly (or already know) what state it is in. If you’re still not clear on this point, I would recommend Loepp & Wootters’ book Protecting Information.

So, Eve is left with only nefarious human means by which to obtain information from Alice and Bob.  That still does not answer the question of whether or not Alice and Bob must be humans or not (i.e. whether they can be computers), but I think this is a question that combines quantum information theory with questions of artificial intelligence.  Anyone out there got any thoughts on this subject?


5 Responses to “More questions about reality and the security of quantum protocols”

  1. You have hit upon an important issue here, but I don’t see what it has to do with Alice et. al. being people rather than machines. The BB84 protocol, as it is often presented in elementary treatments, is open to a “man-in-the-middle” attack. Basically, Eve intercepts both the classical and quantum channels between Alice and Bob and runs two BB84 protocols. When she is talking to Alice she plays the role of Bob and when she is talking to Bob she plays the role of Alice. Eve ends up establishing two different secret keys, one with Alice and one with Bob, and can decrypt any communication coming from Alice and re-encrypt it for Bob and they will be none the wiser.

    The missing step is to insist that the classical channel from Alice to Bob is an authenticated channel. This means that Alice has a guarantee that any classical communication received has come from Bob and vice versa. Authentication can be achieved via classical cryptographic protocols, but the catch is that Alice and Bob require a pre-established secret key to do so. However, it turns out that they can get away with using a secret key that is much shorter than the message they want to authenticate. Hence, a better name for quantum key distribution would be “quantum key expansion”, i.e. if Alice and Bob share a short secret key they can securely generate a much longer one. By setting aside some of they key they generate in the protocol for future rounds of authentication, they can generate a secure key as long as they like (provided the error rate of the channel is sufficiently low).

    I believe this answers the question, and has nothing to do with whether Alice, Bob and Eve are people or computers. In fact, they almost always are computers in practical cryptographic applications, so it would be very worrying if they had to be people.

    For a very careful and up to date treatment of the assumptions behind the security of QKD, I recommend Renato Renner’s Ph.D. thesis:

  2. quantummoxie Says:

    I have asked my student to log on and explain her question concerning humans v. machines, but I’ll explain how I interpreted it: if Alice and Bob are classical computers, they risk being remotely hacked whereas a human must be “locally” compromised (e.g. drugs, kidnapping, assassination, etc.). It is possible my student felt that some of the steps described in the BB84 protocol required Alice and Bob to be people (specifically the error correction steps), but this, of course, is not the case since, as you say, in practice it is computers that have performed these measurements. We’ll see what she has to say, however.
    Excellent point about the man-in-the-middle attacks, though, which is essentially the impersonation question my chemistry colleague was asking. The question that I have is how making Alice and Bob quantum computers changes things. I would think, for one, that they wouldn’t necessarily be remotely (perhaps locally?) hackable, though, since we are not sure what a quantum computing interface will look like yet, we may not know the answer to this for certain. Now, if they are quantum computers and Eve is classical, it is clear that Eve is at a serious disadvantage. But what if Eve is also a quantum computer?
    Thanks for the link to Renato’s thesis, by the way. Perhaps I’ll make parts of it required reading for my students.

  3. My question was this (lets hope I remembered it right) (make A, B and E, ppl):
    If A and B are have to do the error correction steps then there is no point to any QC, since people will always be hopelessly classical. This was answered.
    My next question follows as such — how does Alice know that it is communicating with Bob (if they aren’t human). I can’t think of a verification system that couldn’t be exploited. I guess it can be stated as if Eve doesn’t care about whether or not Bob gets the info, couldn’t she drop in and pretend to be Bob? How does Alice verify. How can a quantum computer tell another apart? Does it need a person to be able to tell them apart. I mean if Eve pretends to be Bob from the beginning…

    Also, what were you doing up at 1 am? And it isn’t Feb 18th yet.

  4. quantummoxie Says:

    I have the times here set to UT (essentially GMT). I have no idea why.

  5. […] A few months ago I posted a note about some comments made in the Quantum Cryptography course I was teaching.  Specifically it […]

Comment (obtuse, impolite, or otherwise "troll"-like comments may be deleted)

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: