Rotem Liss

Walter O. Krawec, Rotem Liss, Tal Mor

Semiquantum key distribution (SQKD) allows two parties (Alice and Bob) to create a shared secret key, even if one of these parties (say, Alice) is classical. However, most SQKD protocols suffer from severe practical security problems when implemented using photons. The recently developed "Mirror protocol" [Boyer, Katz, Liss, and Mor, Phys. Rev. A 96, 062335 (2017)] is an experimentally feasible SQKD protocol overcoming those drawbacks. The Mirror protocol was proven robust (namely, it was proven secure against a limited class of attacks including all noiseless attacks), but its security in case some noise is allowed (natural or due to eavesdropping) has not been proved yet. Here we prove security of the Mirror protocol against a wide class of quantum attacks (the "collective attacks"), and we evaluate the allowed noise threshold and the resulting key rate.

Rotem Liss, Tal Mor

The "Bright Illumination" attack [Lydersen et al., Nat. Photon. 4, 686-689 (2010)] is a practical attack, fully implementable against quantum key distribution systems. In contrast to almost all developments in quantum information processing (for example, Shor's factorization algorithm, quantum teleportation, Bennett-Brassard (BB84) quantum key distribution, the "Photon-Number Splitting" attack, and many other examples), for which theory has been proposed decades before a proper implementation, the "Bright Illumination" attack preceded any sign or hint of a theoretical prediction. Here we explain how the "Reversed-Space" methodology of attacks, complementary to the notion of "quantum side-channel attacks" (which is analogous to a similar term in "classical" - namely, non-quantum - computer security), has missed the opportunity of predicting the "Bright Illumination" attack.

Michel Boyer, Rotem Liss, Tal Mor

A semiquantum key distribution (SQKD) protocol makes it possible for a quantum party and a classical party to generate a secret shared key. However, many existing SQKD protocols are not experimentally feasible in a secure way using current technology. An experimentally feasible SQKD protocol, "classical Alice with a controllable mirror" (the "Mirror protocol"), has recently been presented and proved completely robust, but it is more complicated than other SQKD protocols. Here we prove a simpler variant of the Mirror protocol (the "simplified Mirror protocol") to be completely non-robust by presenting two possible attacks against it. Our results show that the complexity of the Mirror protocol is at least partly necessary for achieving robustness.

Michel Boyer, Rotem Liss, Tal Mor

Quantum Cryptography uses the counter-intuitive properties of Quantum Mechanics for performing cryptographic tasks in a secure and reliable way. The Quantum Key Distribution (QKD) protocol BB84 has been proven secure against several important types of attacks: collective attacks and joint attacks. Here we analyze the security of a modified BB84 protocol, for which information is sent only in the z basis while testing is done in both the z and the x bases, against collective attacks. The proof follows the framework of a previous paper (Boyer, Gelles, and Mor, 2009), but it avoids a classical information-theoretical analysis and proves a fully composable security. We show that this modified BB84 protocol is as secure against collective attacks as the original BB84 protocol, and that it requires more bits for testing.

Michel Boyer, Rotem Liss, Tal Mor

The Quantum Key Distribution (QKD) protocol BB84 has been proven secure against several important types of attacks: the collective attacks and the joint attacks. Here we analyze the security of a modified BB84 protocol, for which information is sent only in the z basis while testing is done in both the z and the x bases, against collective attacks. The proof follows the framework of a previous paper (Boyer, Gelles, and Mor, 2009), but it avoids the classical information-theoretical analysis that caused problems with composability. We show that this modified BB84 protocol is as secure against collective attacks as the original BB84 protocol, and that it requires more bits for testing.

Michel Boyer, Matty Katz, Rotem Liss et al.

Quantum key distribution (QKD) protocols make it possible for two quantum parties to generate a secret shared key. Semiquantum key distribution (SQKD) protocols, such as "QKD with classical Bob" and "QKD with classical Alice" (that have both been proven robust), achieve this goal even if one of the parties is classical. However, existing SQKD protocols are not experimentally feasible with current technology. Here we suggest a new protocol, "Classical Alice with a controllable mirror", that can be experimentally implemented with current technology (using 4-level systems instead of qubits), and we prove it to be robust.