In this paper, we discuss the security of the differential-phase-shift quantum key distribution (DPSQKD) protocol by introducing an improved version of the so-called sequential attack, which was originally discussed by Waks et al. Our... more
In this paper, we discuss the security of the differential-phase-shift quantum key distribution (DPSQKD) protocol by introducing an improved version of the so-called sequential attack, which was originally discussed by Waks et al. Our attack differs from the original form of the sequential attack in that the attacker Eve modulates not only the phases but also the amplitude in the superposition of the single-photon states which she sends to the receiver. Concentrating especially on the "discretized gaussian" intensity modulation, we show that our attack is more effective than the individual attack, which had been the best attack up to present. As a result of this, the recent experiment with communication distance of 100km reported by Diamanti et al. turns out to be insecure. Moreover it can be shown that in a practical experimental setup which is commonly used today, the communication distance achievable by the DPSQKD protocol is less than 95km.
Research Interests:
Research Interests:
This article begins with a simple proof of the existence of squash operators compatible with the Bennett-Brassard 1984 (BB84) protocol that suits single-mode as well as multimode threshold detectors. The proof shows that, when a given... more
This article begins with a simple proof of the existence of squash operators compatible with the Bennett-Brassard 1984 (BB84) protocol that suits single-mode as well as multimode threshold detectors. The proof shows that, when a given detector is symmetric under cyclic group C4, and a certain observable associated with it has rank two as a matrix, then there always exists a corresponding squash operator. Next, we go on to investigate whether the above restriction of ``rank two'' can be eliminated; i.e., is cyclic symmetry alone sufficient to guarantee the existence of a squash operator? The motivation behind this question is that, if this were true, it would imply that one could realize a device-independent and unconditionally secure quantum key distribution protocol. However, the answer turns out to be negative, and moreover, one can instead prove a no-go theorem that any symmetry is, by itself, insufficient to guarantee the existence of a squash operator.
Research Interests:
In this paper, we rigorously prove the intuition that in security proofs for BB84 one may regard an incoming signal to Bob as a qubit state. From this result, it follows that all security proofs for BB84 based on a virtual qubit... more
In this paper, we rigorously prove the intuition that in security proofs for BB84 one may regard an incoming signal to Bob as a qubit state. From this result, it follows that all security proofs for BB84 based on a virtual qubit entanglement distillation protocol, which was originally proposed by Lo and Chau [H.-K. Lo and H. F. Chau, Science 283, 2050 (1999)], and Shor and Preskill [P. W. Shor and J. Preskill, Phys. Rev. Lett. 85, 441 (2000)], are all valid even if Bob's actual apparatus cannot distill a qubit state explicitly. As a consequence, especially, the well-known result that a higher bit error rate of 20% can be tolerated for BB84 protocol by using two-way classical communications is still valid even when Bob uses threshold detectors. Using the same technique, we also prove the security of the Bennett-Brassard-Mermin 1992 (BBM92) protocol where Alice and Bob both use threshold detectors.
Research Interests:
Quantum key distribution (QKD) is a way to securely expand the secret key to be used in One-time pad, and it is attracting great interest from not only theorists but also experimentalists or engineers who are aiming for the actual... more
Quantum key distribution (QKD) is a way to securely expand the secret key to be used in One-time pad, and it is attracting great interest from not only theorists but also experimentalists or engineers who are aiming for the actual implementations. In this paper, we review the theoretical aspect of QKD, especially we focus on its security proof, and we briefly mention the possible problems and future directions.
Research Interests:
A secure communication network with novel quantum key distribution systems in a metropolitan area (very center of Tokyo) is reported. Different QKD schemes are integrated to demonstrate key relay for secure TV conferencing over a distance... more
A secure communication network with novel quantum key distribution systems in a metropolitan area (very center of Tokyo) is reported. Different QKD schemes are integrated to demonstrate key relay for secure TV conferencing over a distance 45 km, stable long-term operation.
Research Interests:
In this paper, we introduce the concept of dual universality of hash functions and present its applications to quantum cryptography. We begin by establishing the one-to-one correspondence between a linear function family {\cal F} and a... more
In this paper, we introduce the concept of dual universality of hash functions and present its applications to quantum cryptography. We begin by establishing the one-to-one correspondence between a linear function family {\cal F} and a code family {\cal C}, and thereby defining \varepsilon-almost dual universal_2 hash functions, as a generalization of the conventional universal_2 hash functions. Then we show that this generalized (and thus broader) class of hash functions is in fact sufficient for the security of quantum cryptography. This result can be explained in two different formalisms. First, by noting its relation to the \delta-biased family introduced by Dodis and Smith, we demonstrate that Renner's two-universal hashing lemma is generalized to our class of hash functions. Next, we prove that the proof technique by Shor and Preskill can be applied to quantum key distribution (QKD) systems that use our generalized class of hash functions for privacy amplification. While Shor-Preskill formalism requires an implementer of a QKD system to explicitly construct a linear code of the Calderbank-Shor-Steane type, this result removes the existing difficulty of the construction a linear code of CSS code by replacing it by the combination of an ordinary classical error correcting code and our proposed hash function. We also show that a similar result applies to the quantum wire-tap channel. Finally we compare our results in the two formalisms and show that, in typical QKD scenarios, the Shor-Preskill--type argument gives better security bounds in terms of the trace distance and Holevo information, than the method based on the \delta-biased family.
Research Interests:
Quantum-bit-string commitment [<article>A. Kent, Phys. Rev. Lett. 90, 237901 (2003)</article>] (QBSC) is a variant of bit commitment (BC). In this paper, we propose a QBSC protocol that can be implemented using currently available... more
Quantum-bit-string commitment [<article>A. Kent, Phys. Rev. Lett. 90, 237901 (2003)</article>] (QBSC) is a variant of bit commitment (BC). In this paper, we propose a QBSC protocol that can be implemented using currently available technology and prove its security under the same security criteria as discussed by Kent. QBSC is a generalization of BC, but has slightly weaker requirements, and our proposed protocol is not intended to break the no-go theorem of quantum BC.
Research Interests:
ABSTRACT We explicitly construct random hash functions for privacy amplification that requires random seeds below the previous theoretical bound and allows efficient implementations. When the random seeds are not the uniform random... more
ABSTRACT We explicitly construct random hash functions for privacy amplification that requires random seeds below the previous theoretical bound and allows efficient implementations. When the random seeds are not the uniform random numbers, we evaluate the security parameter of the final keys with the above random hash function as well as the random hash function constructed by the modified Toeplitz matrix by using the minimum entropy of the random seeds. The key idea is the concept of dual universal_2 hash function, introduced in our previous paper.
Research Interests:
Research Interests:
Research Interests:
Abstract A novel secure communication network with quantum key distribution in a metropolitan area is reported. Different QKD schemes are integrated to demonstrate secure TV conferencing over a distance 45 km, stable long-term operation,... more
Abstract A novel secure communication network with quantum key distribution in a metropolitan area is reported. Different QKD schemes are integrated to demonstrate secure TV conferencing over a distance 45 km, stable long-term operation, and application to secure mobile phones.
Research Interests:
ABSTRACT We explicitly construct random hash functions for privacy amplification that requires random seeds below the previous theoretical bound and allows efficient implementations. When the random seeds are not the uniform random... more
ABSTRACT We explicitly construct random hash functions for privacy amplification that requires random seeds below the previous theoretical bound and allows efficient implementations. When the random seeds are not the uniform random numbers, we evaluate the security parameter of the final keys with the above random hash function as well as the random hash function constructed by the modified Toeplitz matrix by using the minimum entropy of the random seeds. The key idea is the concept of dual universal_2 hash function, introduced in our previous paper.
Research Interests:
Research Interests:
Research Interests:
ABSTRACT We study the security of quantum string commitment (QSC) protocols with group covariant encoding scheme. First we consider a class of QSC protocol, which is general enough to incorporate all the QSC protocols given in the... more
ABSTRACT We study the security of quantum string commitment (QSC) protocols with group covariant encoding scheme. First we consider a class of QSC protocol, which is general enough to incorporate all the QSC protocols given in the preceding literatures. Then among those protocols, we consider group covariant protocols and show that the exact upperbound on the binding condition can be calculated. Next using this result, we prove that for every irreducible representation of a finite group, there always exists a corresponding nontrivial QSC protocol which reaches a level of security impossible to achieve classically.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
We present a tight security analysis of the Bennett-Brassard 1984 protocol taking into account the finite size effect of key distillation, and achieving unconditional security. We begin by presenting a simple argument utilizing the normal... more
We present a tight security analysis of the Bennett-Brassard 1984 protocol taking into account the finite size effect of key distillation, and achieving unconditional security. We begin by presenting a simple argument utilizing the normal approximation of the hypergeometric function, and next show that a similarly tight bound can be obtained by a rigorous argument without relying on the normal approximation.
Research Interests:
Research Interests:
ABSTRACT We prove the security of quantum key distribution against the most general attacks which can be performed on the channel, by an eavesdropper who has unlimited computation abilities, and the full power allowed by the rules of... more
ABSTRACT We prove the security of quantum key distribution against the most general attacks which can be performed on the channel, by an eavesdropper who has unlimited computation abilities, and the full power allowed by the rules of classical and quantum physics. A key created that way can then be used to transmit secure messages in a way that their security is also unaffected in the future.
Research Interests:
ABSTRACT We propose an FPGA-based high-speed search system for cryptosystems that employ a passphrase-based security scheme. We first choose PGP as an example of such cryptosystems, clear several hurdles for high throughputs and manage to... more
ABSTRACT We propose an FPGA-based high-speed search system for cryptosystems that employ a passphrase-based security scheme. We first choose PGP as an example of such cryptosystems, clear several hurdles for high throughputs and manage to develop a high-speed search system for it. As a result we achieve a throughput of 1.1 × 105 passphrases per second, which is 38 times the speed of the fastest software. Furthermore we can do many flexible passphrase generations in addition to a simple brute force one because we assign the passphrase generation operation to software. In fact we implement a brute force and a dictionary-based ones, and get the same maximum throughput as above in both cases. We next consider the speed of passphrase generation in order to apply our system to other cryptosystems than PGP, and implement a hardware passphrase generator to achieve higher throughputs. In the PGP case, the very heavy iteration of hashing, 1025 times in our case, lowers the total throughput linearly, and makes the figure 1.1 × 105 suffice. In other cases without any such iteration structure, we have to generate even more passphrases, for example 108 per second. That can easily exceed the generation speed that software can offer and thus we conclude that it is now necessary to place the passphrase generation in hardware instead of in software.