Abstract
Quantum noise stream cipher (QNSC), where signal states are masked by intrinsic quantum noise to directly encrypt data, provides a physical layer security. This paper firstly discusses the security of the QNSC system under the assumption that eavesdropper is restricted to collective attacks. The maximum security capacity for the encrypted data, the running key, and the entire system is derived, respectively. Our simulation results allow a positive information capacity when data transmission distance is no more than 300 km for the number of bases \(M_\mathrm{{b}} = 31\) and any mean photon number \(\alpha ^2\) by assuming state-of-the-art technology. We find that the security of whole system depends on the security of running key for shorter distances. However, the security of whole system is related to the security of data for longer distances. Furthermore, it is important to improve security of data in QNSC system for longer distances. Besides, this new method proposes a concrete solution for physical encryption systems and paves the way for a wider implementation of the QNSC system.
Similar content being viewed by others
1 Introduction
With the rapid development of optical communication, more and more messages, such as personal privacy information, bank account, and confidential information, are transmitted through optical link. Protecting these messages from eavesdropping is a major challenge in optical communication. To cope with this problem, physical layer security based on physical effects has been attracted more and more attention. The physical effects, such as noise [1], chaos [2, 3], mode dependent loss (MDL) [4], and nonlinear effects, are used to encrypt data applying encryption based on physical layer security. In this way, eavesdroppers are faced with the arduous task of recording and storing accurate ciphertext under the impact of physical effects [5,6,7]. Thus, physical layer encryption has better security in comparison with traditional encryption method. Quantum noise stream cipher provides physical layer security, while being compatible with current networks, is getting more and more attention.
Quantum noise stream cipher (QNSC), also known as Y-00 protocol, was first proposed by Horace P. Yuen and achieves the data encryption and secure communication by expanding the influence of quantum noise on eavesdropper’s signal states [8]. Thanks to the intrinsic quantum noise from the coherent state, Eve cannot completely distinguish the adjacent signal states when encrypted signal is masked by quantum noise [9]. In addition, QNSC can achieve the physical layer security imposing less restriction compared with quantum key distribution protocols [10]. Many experiments have been reported for different modulation formats, such as phase shift-key (PSK) [11, 12], quadrature amplitude modulation (QAM) [13,14,15], and intensity shift-key (ISK) [16, 17]. However, it is under debate whether QNSC can have nonzero secure rate under the quantum attacks hypothesis, such as collective attacks [18, 19]. Furthermore, perfect security analysis of QNSC is complex since each symbol bit is encoded into the coherent state living in an infinite-dimensional Hilbert space [20,21,22]. By building the wire-tap channel model for both channels of the key and data, the security analysis of QNSC has been studied [23,24,25,26]. However, in its traditional and classical method of security analysis, the security capacity of data and key is overestimated by the state-of-the-art model. Eve has a better ability to obtain more useful information, even though the signals are masked by quantum noise, for example using collective attacks [27]. It is a major challenge to construct a security analysis of QNSC system against collective attacks.
In this paper, we investigate the security ability of QNSC based on PSK modulation under the collective attacks hypothesis. The same strategy could be applied to different modulation formats as well. The maximum security rate for the data, the running key, and the whole system is derived, respectively. Simulation results show that the QNSC can achieve nonzero secure rate, even if Eve has access to the quantum channel performing collective attacks on the system. QNSC system allows a positive information capacity when data transmission is no more than 300 km link for the number of bases \(M_\mathrm{{b}} = 31\) and any mean photon number \(\alpha ^2\). The security of the data is more vulnerable in comparison with the running key for longer distances in the QNSC system. Thus, it is important to improve the security of the data for longer distance. We believe that this security analysis can pave the way toward a perfect security analysis of QNSC system, under quantum mechanics.
2 The principle of QNSC based on PSK modulation in detail
First, the transmitter, Alice, has to share a K-bit seed key with Bob (the receiver) to generate the running key U by a linear feedback shift register (LFSR) or AES in stream cipher mode. Then, the running key U is divided into n sub-blocks u with M bit as bases. (The number of bases \(M_\mathrm{{b}}=2^M-1\).) According to the mapping rule, running key \(U=\left\{ u^1,u^2,...,u^n\right\} \) is used to encrypt the n-bit data \(X= \left\{ x^1,x^2,...,x^n\right\} \) to generate the encrypted data stream. The BPSK/QNSC signal is given as follows [11]:
where i is an imaginary unit and \(\alpha ^2\) is the intensity (mean photon number) of the coherent state. The \(\theta _m\) in Eq. (1) is the phase of the coherent state and is given as follows:
where \(\hbox {Dec}\)(u) represents decimal arithmetic on u and \(\oplus \) is binary XOR operation. Figure 1 shows the constellation of BPSK/QNSC system in phase space. By Eqs. (1), (2), and (3), the data bits 0 and 1 are mapped into phase space with different angles, as shown in Fig. 1a. Then, signal states are masked by quantum noise (shot noise) from laser when encrypted signals are modulated by phase modulator and laser, as shown in Fig. 1b. In the absence of running key U, eavesdropper, Eve, has to distinguish and record the signal states under the effects of quantum noise in transmission. Due to the small difference between adjacent signals masked by quantum noise, Eve cannot obtain accurate information. However, as a legal receiver, Bob, who shares the running key U with Alice at the beginning, only needs to detect binary signal states, as shown in Fig. 1c. So, compared with Eve, Bob can accurately recover signal states with a little effect of quantum noise. However, Eve has to distinguish the super-high-order signal states under the impact of quantum noise in Fig. 1b. It is difficult for Eve to eliminate the effects of quantum noise on signal states and then accurately distinguish adjacent signal states. So, based on quantum noise from the coherent state, QNSC system can directly encrypt data to provide physical layer security.
3 Security analysis of QNSC system under collective attacks
The data streams from Alice to Bob are schematically shown in Fig. 2. We find that the transmitted signal states \(\left| \phi _m\right\rangle \) contain not only information of data bits x but also information of the running key u in QNSC system. Firstly, the security of data bits x and running key u is discussed, respectively. Subsequently, the systematic security of QNSC system is derived. The systematic security of QNSC depends on the minimum between secret information rate of data bit x and secret information rate of running key u. In the QNSC system, the systematic security rate per bit, R, is given by [24]
where the \(R_\mathrm{{data}}\) and \(R_\mathrm{{key}}\) denote the secure rate of data bits x and running key u in QNSC, respectively.
We assume that Eve has a quantum computer and quantum memory to handle signal states from quantum channel. For collective attacks, Eve can utilize each probe state separately to interact with signal states. Then, Eve stores the probe states in a quantum memory and then performs the collective quantum measurement on probe states to get more information. And, there is no excess noise in the quantum channel and Eve’s measurement is limited only by quantum noise [28]. The transmission coefficient of the channel connecting Alice and Bob is \(\eta \) (\(\eta =10^{-\frac{\hbox {loss}}{10}}\)). Here, \(\hbox {loss}=0.2 \times d\). The loss of quantum channel is \(0.2\,\hbox {dB/km}\). Eve inserts the beam splitter into the quantum channel to intercept the \((1-\eta )\) signals and sends the partial \(\eta \) signal states to Bob by a lossless quantum channel. The quantum channel of data x is given as follows in Fig. 2.
The quantum channel of data bit x is binary discrete memoryless channel (DMC) because Alice and Bob have same running key u for each communication in QNSC. However, the quantum channel between Alice and Eve is not memoryless channel in a strict sense due to the application of LFSR and ASE for QNSC in practice. The correlation of running key u is every weak due to the influence of quantum noise. And, we can replace LFSR and ASE in QNSC with longer random running key if QNSC system does not provide high rate but achieves high security. So, we assume that the information Eve gets from channel is given as \(I(A,E)+\delta \), where \(\delta \) (\(\delta \ge 0\) and \(\delta \rightarrow 0\) due to quantum noise) is the information Eve obtains due to weak correlation of running key u. Here, \(\delta \) is a tiny constant and depends on the complexity of key expansion. (It is beyond our scope in this paper.) Furthermore, based on classical wire-tap channel model, this assumption has been discussed by Jiao and co-authors [24]. So, we mainly discuss the security capacity of data \(R_\mathrm{{data}}\) and running key \(R_\mathrm{{key}}\) with memoryless channel, and these are the maximum in QNSC system under this assumption. Besides, it also provides the reference to the design of key expansion in QNSC.
For given signal \(\left| \phi _m\right\rangle \) from Alice, Bob measures it by splitting the signal at a 50/50 beam splitter and measuring two conjugate quadrature \(\hat{x}\) and \(\hat{p}\) at the output ports by heterodyne detection. The received signal states are \(\left| \beta _m\right\rangle = \left| \beta _x+i\beta _p\right\rangle \) when measurement results are \(\beta _x\) and \(\beta _p\). The conditional probability density to measure the state \(\left| \beta \right\rangle \) when a state \(\left| \phi _m\right\rangle \) has been sent is
After the measurement of \(\left| \beta \right\rangle \), the conditional probability \(p(\phi _l|\beta )\) can be calculated when state \(\left| \phi _l\right\rangle \) was sent initially by Eq. (6) and Bayes theorem
where the transmitted signal states are uniformly distributed.
After measuring transmitted signal states, Bob decodes the measured states to get a value. When \(\phi _l=\phi _m\) in Eqs. (6) and (7), Bob can correctly decode the data. Otherwise, Bob cannot correctly decode the data. Bob shares the seed key with Alice, and the quantum channel connecting Alice and Bob for data is binary DMC. Thus, the conditional density \(p(\beta |\phi _{l})\) can be simplified as follows:
Finally, the amount of information transmitted from Alice to Bob on data x is given as follows:
where H(B) and H(B|A) are the Shannon entropy and conditional entropy, respectively.
The information that Eve may extract is given by the Holevo quantity under collective attacks [27]. For data x, the Holevo information between Alice and Eve is given as follows:
where \(\rho _E = \sum _{k}p_k \rho _{E|k}\) and \(S(\rho ) =-\hbox {Tr}\left\{ \rho \log (\rho )\right\} \) is the von Neumann entropy. The \(\rho \) is the quantum density operator and \(\rho =p_m\left| \phi _m\right\rangle \left\langle \phi _m\right| \) for any pure states \(\left| \phi _m\right\rangle \), where \(p_m\) is the probability of pure states \(\left| \phi _m\right\rangle \). According to the attack model, Eve’s states conditioned on Alice’s preparation are
Therefore, when transmitted data x is 0, the density operator \(\rho _{E|0}^{x}\) for Eve’s signal state is
where \(k=2m\) and density matrix \(\rho _{E|0}^{x}\) is Eve’s state conditioned on preparation of data bit 0. To calculate the von Neumann entropy of density operator \(\rho _{E|0}^{x}\), the eigenvalues of density operator \(\rho _{E|0}^{x}\) have to be derived. Based on orthogonal basis \(\left| \xi _n\right\rangle \), symmetric states \(\left| \epsilon _k\right\rangle \) can be expressed as follows [29, 30]:
The density matrix \(\rho _{E|0}^{x}\) can be diagonalized by the orthogonal basis \(\left| \xi _n\right\rangle \) as follows:
where the coefficients \(|a_n|^2\) in Eq. (14) can be obtained as follows:
Finally, the von Neumann entropy of density operator \(\rho _{E|0}^{x}\) results
When transmitted data is 1, the density operator \(\rho _{E|1}^{x}\) is given as follows:
where density matrix \(\rho _{E|1}^{x}\) is Eve’s state conditioned on preparation of data bit state 1. The signal states are symmetric. So, the density operator \(\rho _{E|1}^{x}\) can also be diagonalized by the orthogonal basis \(\left| \zeta _{n}\right\rangle \) in the same way. The coefficients \(|b_n|^2\) are given as follows (see “Appendix” for the diagonalization of density operator \(\rho _{E|0}^{x}\) and \(\rho _{E|1}^{x}\), respectively):
So, the von Neumann entropy of density operator \(\rho _{E|1}^{x}\) is
Next, we calculate the density operator \(\rho _{E}^{x}\) for data. Because data 0 and 1 are random, the density operator \(\rho _{E}^{x}\) is
where the density operator \(\rho _E\) is the mixture of symmetrical pure states, and it can be diagonalized by the same way. We define that the orthogonal basis of density operator \(\rho _E^{x}\) is given by \(\left| \omega _n\right\rangle \). We have (see “Appendix” in detail)
The von Neumann entropy \(S(\rho _{E}^{x})\) can be calculated as follows:
Finally, by Eqs. (16), (19), and (22), the Holevo information of data x can be derived as follows:
where \(p_k=\frac{1}{2}\).
According to Eqs. (9) and (23), the security capacity of data per bit, \(R_\mathrm{{data}}\), under collective attacks is given as follows:
The transmitted signal states \(\left| \phi _m\right\rangle \) also contain the information of the running key u. Thus, Eve can obtain information of the running key by intercepting the quantum channel. Next, the security capacity of running key \(R_\mathrm{{key}}\) is derived. The information transmission of running key u is shown in Fig. 2. Bob has the same running key u with Alice. Thus, the mutual information between Alice and Bob on running key u is given as \(I(A,B)^{u}=1\). (Here, the base-\(M_\mathrm{{b}}\) is used for logarithmic operations. If we use base-2, it should be \(I(A,B)^{u} =\log _2 M_\mathrm{{b}} \).) Thus, we only need to consider Eve’s information on running key u. When Eve has access to quantum channel, the density operator for different bases u is given as follows:
where \(\rho _{E|u}^{u}\) is the Eve’s state conditioned on preparation of running key u. The overlap between states \(\left| \varepsilon _{(0/1,u)}\right\rangle \) and \(\left| \varepsilon _{(1/0,u+M_\mathrm{{b}})}\right\rangle \) can be written as \(\gamma ^2\) (\(\gamma =e^{-\alpha _E^2}\)). So, the \(S(\rho _{E|u}^{u})\) can be expressed as follows:
The Holevo information of running key u is given as follows:
where \( \rho _{E}^{u} = p_u\sum _u\rho _{E|u}^{u} = \rho _{E}^{x} \) and \( p_u = \frac{1}{M_\mathrm{{b}}} \).
Finally, the security capacity of running key per bit, \( R_\mathrm{{key}} \), under collective attacks is given as follows:
where the \( |c_n|^2 \) is calculated by Eq. (21). So, we can calculate the security capacity of data \(R_\mathrm{{data}}\) and running key \(R_\mathrm{{key}}\) by Eqs. (24) and (28), respectively. Then, we can obtain the systematic security capacity \(R=\min \left\{ R_\mathrm{{data}},R_\mathrm{{key}}\right\} \) for QNSC system.
4 Results and discussion
Based on the above discussion, the security capacity of data \(R_\mathrm{{data}}\), running key \(R_\mathrm{{key}}\), and systematic security capacity R depends on the parameters \(|a_n|^2\), \(|b_n|^2\), \(|c_n|^2\), and \(\gamma \). These parameters are related to the mean photon number \(\alpha ^2\), the number of bases \(M_\mathrm{{b}}\), and transmission distance d (km). In this section, we present and discuss the security capacity of data \(R_\mathrm{{data}}\) and running key \(R_\mathrm{{key}}\), as a function of the transmission distance d, with the mean photon number \(\alpha ^2\) and for different numbers of bases \(M_\mathrm{{b}}\). Furthermore, systematic security capacity of QNSC R is also evaluated for given parameters. Here, the transmission distance between Alice and Bob is defined as d (km). The loss of quantum channel is fixed to 0.2 dB/km. There is no excess noise in the quantum channel, i.e., only quantum noise is considered in our analysis. We fixed the detection efficiency of the receiver, Bob, to be 100\(\%\).
4.1 The security capacity of data \(R_\mathrm{{data}}\)
In Fig. 3, we report the security capacity of data \(R_\mathrm{{data}}\), as a function of the transmission distance d (km), with different mean photon numbers \(\alpha ^2\) and for three different numbers of bases \(M_\mathrm{{b}}\). In Fig. 3a, \(R_\mathrm{{data}}\) is close to 1 at the beginning and then exponentially drops for \(\alpha ^2>1\) when the transmission distance d increases. Compared Fig. 3b with Fig. 3c, the \(R_\mathrm{{data}}\) increases with the increases of the number of bases \(M_\mathrm{{b}}\). So, the transmission distance d and security capacity \(R_\mathrm{{data}}\) can be improved by increasing the number of bases \(M_\mathrm{{b}}\). The number of bases \(M_\mathrm{{b}}\) depends on the resolution of analog-to-digital converter (ADC) and digital-to-analog converter (DAC). Recently, an experiment with the maximum value of bases \(2^{17}\) has been reported in paper [11]. The \(R_\mathrm{{data}}\) exponentially drops for \(\alpha ^2 \le 1\) when transmission distance d increases, in Fig. 3d. Due to the impact of quantum noise, Bob is not able to accurately measure received signal states \(\left| \phi _m\right\rangle \) when the mean photon number \(\alpha ^2\) is lower than 1 in Fig. 3a, d. Therefore, setting an appropriate photon \(\alpha ^2\) can improve the security capacity \(R_\mathrm{{data}}\).
As discussed above, the mean photon number \(\alpha ^2\) are other main factor affecting security and transmission distance in QNSC system. So, we evaluate the security capacity \(R_\mathrm{{data}}\) as a function of the mean photon number \(\alpha ^2\), with different numbers of bases \(M_\mathrm{{b}}\) and for four different distances d (km) in Fig. 4. As the mean photon number \(\alpha ^2\) increases, security capacity \(R_\mathrm{{data}}\) grows and then reaches the maximum in Fig. 4a. When the photons \(\alpha ^2\) increase, the security capacity \(R_\mathrm{{data}}\) decreases after reaching the maximum. Figure 4b, c shows that the maximum security capacity \(R_\mathrm{{data}}\) increases as the number of bases \(M_\mathrm{{b}}\) increases for fixed mean photon number \(\alpha ^2\). However, with the increases in transmission distance between Alice and Bob d, the maximum security capacity of data \(R_\mathrm{{data}}\) decreases by comparing Fig. 4b with Fig. 4c. In the case of a transmission distance d longer than 200 km and the number of bases is 127(255), the security capacity \(R_\mathrm{{data}}\) linearly increases and then reaches maximum as photon number \(\alpha ^2\) increases in Fig. 4c, d. The maximum security capacity of data \(R_\mathrm{{data}}\) mainly depends on photon number \(\alpha ^2\) when transmission distance d and resolution of ADC are fixed. Thus, it is important to set an appropriate input optical power in the optical fiber for the fixed distance d and the number of bases \(M_\mathrm{{b}}\).
4.2 The security capacity of running key \(R_\mathrm{{key}}\)
Figure 5 shows that security capacity of running key \(R_\mathrm{{key}}\) varies with different transmission distances d and the number of bases \(M_\mathrm{{b}}\). As transmission distances d increase, the \(R_\mathrm{{key}}\) decreases and then reaches minimum in Fig. 5a. When security capacity of running key \(R_\mathrm{{key}}\) reaches minimum, the \(R_\mathrm{{key}}\) remains almost constant as transmission distances d increase in Fig. 5a. Compared Fig. 5a with Fig. 5b, the minimum of \(R_\mathrm{{key}}\) decreases as the distances d increase. Besides, the minimum value of \(R_\mathrm{{key}}\) goes down when photon number \(\alpha ^2\) increases in Fig. 5b. The relation between security capacity \(R_\mathrm{{key}}\) and the number of bases \(M_\mathrm{{b}}\) is reported for different transmission distances d in Fig. 5c, d. According to our model, the maximum security capacity of key \(R_\mathrm{{key}}\) can be achieved by decreasing transmission distances d. Thus, we discuss the maximum \(R_\mathrm{{key}}\) for \(d = 1\)km in Fig. 5c. As the number of photons \(\alpha ^2\) increases, the maximum security capacity \(R_\mathrm{{key}}\) decreases in Fig. 5c. However, maximum \(R_\mathrm{{key}}\) increases with the increase of the the number of bases \(M_\mathrm{{b}}\). For fixed distances d, the minimum \(R_\mathrm{{key}}\) decreases as the photon \(\alpha ^2\) increases in Fig. 5d. In order to work in longer distance, large photons \(\alpha ^2\) are necessary. However, Eve can obtain more information when photons \(\alpha ^2\) are larger. So, the trade-off between photon number \(\alpha ^2\) and transmission distances d has to be considered for fixed bases \(M_\mathrm{{b}}\) in deployment of QNSC system.
4.3 The systematic security capacity of QNSC system
The systematic security capacity R is discussed as a function of mean photon number \(\alpha ^2\), with four distances d and for different numbers of bases \(M_\mathrm{{b}}\) in Fig. 6. The security capacity R of whole system is decided by the minimum between data capacity \(R_\mathrm{{data}}\) and running key capacity \(R_\mathrm{{key}}\), as shown in Eq.4. When the mean photon number \(\alpha ^2\) is small, the security capacity R mainly depends on the security capacity of data \(R_\mathrm{{data}}\) in Fig. 6a, b. However, with the increases of photons \(\alpha ^2\), security capacity R is bounded by the security capacity of running key \(R_\mathrm{{key}}\). Thus, when transmission distance d is fixed and shorter, the systematic security capacity R increases and then reaches the maximum as the photons \(\alpha ^2\) increase. After reaching the maximum, systematic security capacity R decreases when the photons \(\alpha ^2\) increase. For fixed bases \(M_\mathrm{{b}}\), the maximum R decreases when transmission distances d increase, as seen by comparison of Fig. 6a, b. The security capacity R totally depends on the security of data \(R_\mathrm{{data}}\) for fewer bases in Fig. 6c, d. In Fig. 6d, for \(M_\mathrm{{b}} = 31\) and any mean photon number \(\alpha ^2\), the sysmetric security capacity R depends on the security capacity of data \(R_\mathrm{{data}}\) and the security capacity of data \(R_\mathrm{{data}}\) is close to zero. So, the maximum transmission distance is no more than 300 km for given parameters.
Based on the above discussion, it is possible for QNSC system to provide the security by quantum noise even though Eve intercepts the system through collective attacks. The maximum security rate that QNSC can provide under collective attacks is associated with the number of photons \(\alpha ^2\) and the number of bases \(M_\mathrm{{b}}\). The number of bases \(M_\mathrm{{b}}\) is determined by the resolution of ADC and DAC. Thus, in order to improve the security of QNSC, we can decrease the number of photons per signal state for fixed bases \(M_\mathrm{{b}}\). However, decreasing photons \(\alpha ^2\) will decrease the transmission distance d of QNSC system. We have to consider the trade-off between security rate and transmission distance in deployment of QNSC system. The maximum security capacity can be obtained when the correlation between running key u is zero. However, to obtain higher transmission rate, the key expansion has to be used for QNSC system in practice. Due to weak correlation between running key u from key expansion, the maximum security capacity for data \(R_\mathrm{{data}}\), running key \(R_\mathrm{{key}}\), and whole system R decreases. However, if the \(\delta \) is larger than whole system R, QNSC system will be unsafe under collective attacks. Thus, our analysis also provides the reference to design of key expansion in QNSC system.
5 Conclusions
This paper evaluates the security performance of QNSC against collective attacks. We derive the maximum secure rate of data x and running key u under such hypothesis. The maximum security capacity for data x, running key u, and whole system is discussed for different parameters, such as distance d, mean photon number \(\alpha ^{2}\), and the number of bases \(M_\mathrm{{b}}\). The results show that QNSC system can achieve nonzero secure rate even if Eve intercepts useful information by collective attacks when data transmission distance is no more than 300 km for the number of bases \(M_\mathrm{{b}}=31\) and any mean photon number \(\alpha ^2\). For shorter distance, security capacity of the whole system is mainly bounded by the security capacity of the running key. However, the security of the system is limited by security of data when transmission distance is longer. So, protecting the security of data from eavesdropping is important for longer distance in QNSC system. Our work will pave the way for a better security analysis of the Y-00 protocol.
References
Wohlgemuth, E., Yoffe, Y., Yeminy, T., Zalevsky, Z., Sadot, D.: Demonstration of coherent stealthy and encrypted transmission for data center interconnection. Opt. Express 26(6), 7638–7645 (2018)
Zhang, Wei, Zhang, Chongfu, Chen, Chen, Zhang, Huijuan, Jin, Wei, Qiu, K.: Hybrid chaotic confusion and diffusion for physical layer security in OFDM-PON. IEEE Photonics J. 9(2), 1–10 (2017)
Zhang, W., Zhang, C., Chen, C., Qiu, K.: Experimental demonstration of security-enhanced OFDMA-PON using chaotic constellation transformation and pilot-aided secure key agreement. J. Lightwave Technol. 35(9), 1524–1530 (2017)
Guan, Kyle, Cho, Junho, Winzer, P.J.: Physical layer security in fiber-optic MIMO-SDM systems: an overview. Opt. Commun. 408, 31–41 (2018)
Fok, M.P., Prucnal, P.R.: All-optical encryption based on interleaved waveband switching modulation for optical network security. Opt. Lett. 34(9), 1315–1317 (2009)
Argyris, Apostolos, Syvridis, Dimitris, Larger, Laurent, Annovazzi-Lodi, Valerio, Colet, Pere, Fischer, Ingo, Garcia-Ojalvo, Jordi, Mirasso, Claudio R., Pesquera, Luis, Shore, K.Alan: Chaos-based communications at high bit rates using commercial fibre-optic links. Nature 438(7066), 343–346 (2005)
Syvridis, D., Argyris, A., Bogris, A.: Chaos-based communications at high bit rates using commercial fibre-optic links. Opt. Transm. Switch. Subsyst. IV 5353, 63531K (2006)
Yuen, H.P.: KCQ: a new approach to quantum cryptography I. General principles and key generation. arXiv preprint (2003). arXiv:quant-ph/0311061
Kanter, G.S.: Secure optical communications. In: Conference on Lasers and Electro-Optics, CFC3 (2010)
Pirandola, Stefano, Andersen, Ulrik L., Banchi, Leonardo, Berta, Mario, Bunandar, Darius, Colbeck, Roger, Englund, Dirk, Gehring, Tobias, Lupo, Cosmo, Ottaviani, Carlo, et al.: Advances in quantum cryptography. Adv. Opt. Photonics 12(4), 1012–1236 (2020)
Tanizawa, K., Futami, F.: Digital coherent PSK Y-00 quantum stream cipher with 2 17 randomized phase levels. Opt. Express 27(2), 1071–1079 (2019)
Tanizawa, K., Futami, F.: Digital coherent 20-Gbit/s DP-PSK Y-00 quantum stream cipher transmission over 800-km SSMF. OFC (2019)
Futami, F., Guan, K., Gripp, J., Kato, K., Tanizawa, K., Chandrasekhar, S., Winzer, P.J.: Y-00 quantum stream cipher overlay in a coherent 256-Gbit/s polarization multiplexed 16-QAM WDM system. Opt. Express 25(26), 33338–33349 (2017)
Nakazawa, M., Yoshida, M., Hirooka, T., Kasai, K.: QAM quantum stream cipher using digital coherent optical transmission. Opt. Express 22(4), 4098–4107 (2014)
Nakazawa, M., Yoshida, M., Hirooka, T., Kasai, K., Hirano, T., Ichikawa, T., Namiki, R.: QAM quantum noise stream cipher transmission over 100 km with continuous variable quantum key distribution. IEEE J. Quantum Elect. 53(4), 1–16 (2017)
Futami, F., Tanizawa, K., Kato, K., Hirota, O.: 1000-km transmission of 1.5-Gb/s Y-00 quantum stream cipher using 4096-level intensity modulation signals. CLEO, pp. 1–2 (2019)
Futami, F., Hirota, O.: Masking of 4096-level intensity modulation signals by noises for secure communication employing Y-00 cipher protocol. In: 37th European Conference and Exhibition on Optical Communication, pp. 1–3 (2011)
Nishioka, T., Hasegawa, T., Ishizuka, H., Imafuku, K., Imai, H.: How much security does Y-00 protocol provide us? Phys. Lett. A 327(1), 28–32 (2004)
Yuen, H.P., Kumar, P., Corndorf, E., Nair, R.: Comment on:‘How much security does Y-00 protocol provide us?’[Phys. Lett. A 327, 28 (2004)]. Phys. Lett. A 346(1-3), 1–6 (2005)
Yuen, H.P., Kumar, P., Corndorf, E., Nair, R.: Security of Y-00 and similar quantum cryptographic protocols. arXiv preprint (2004). arXiv:quant-ph/0407067
Cozzolino, D., Da, L.B., Bacco, D., Oxenløwe, L.K.: High-dimensional quantum communication: benefits, progress, and future challenges. Adv. Quantum Technol. 2(12), 1900038 (2019)
Iwakoshi, T.: Analysis of Y00 protocol under quantum generalization of a fast correlation attack: toward information-theoretic security. IEEE Access 8, 23417–23426 (2020)
Mihaljević, M.J.: Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach. Phys. Rev. A 75(5), 052334 (2007)
Jiao, H., Pu, T., Zheng, J., Xiang, P., Fang, T.: Physical-layer security analysis of a quantum-noise randomized cipher based on the wire-tap channel model. Opt. Express 25(10), 10947–10960 (2017)
Tan, Y., Pu, T., Zhou, H., Zheng, J., Su, G.: Performance analysis of physical-layer security in ISK quantum-noise randomized cipher based on wiretap channel. Opt. Commun. 461, 125151 (2020)
Jiao, H., Pu, T., Xiang, P., Zheng, J., Fang, T., Zhu, H.: Physical-layer security analysis of PSK quantum-noise randomized cipher in optically amplified links. Quantum Inf. Process. 16(8), 189 (2017)
Biham, E., Boyer, M., Brassard, G., Van, D., Graaf, J., Mor, T.: Security of quantum key distribution against all collective attacks. Algorithmica 34(4), 372–388 (2002)
Jiao, Haisong, Tao, Pu, Zheng, Jilin, Zhou, Hua, Lin, Lu, Xiang, Peng, Zhao, Jiyong, Wang, W.: Semi-quantum noise randomized data encryption based on an amplified spontaneous emission light source. Opt. Express 26(9), 11587–11598 (2018)
Chefles, A., Barnett, S.: Optimum unambiguous discrimination between linearly independent symmetric states. Phys. Lett. A 250(4–6), 223–229 (1998)
Sych, D., Leuchs, G.: Coherent state quantum key distribution with multi letter phase-shift keying. New J. Phys. 12(5), 153019 (2010)
Acknowledgements
This work was supported by CSC Funding and by NSFC (Grant No. 61831003).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix: Symmetric states and diagonalization of symmetric coherent states in QNSC
Appendix: Symmetric states and diagonalization of symmetric coherent states in QNSC
In this section, we derive Eqs. (15), (18), and (21). First, we simply introduce the definition of symmetric states. A set of quantum states \(\left| \psi _j\right\rangle \) spanning a Hilbert space H is symmetric if there exists a unitary transformation \(\hat{U}\) on such that [29, 30]
The unitary operator \(\hat{U}\) can be expanded as follows:
where \(\left\langle \gamma _k|\gamma _{k'}\right\rangle =\delta _{kk'}\).
According to Eqs. (29) and (30), the real angles \(\theta _k\) are given by
where \(f_k\) is an integer satisfying \(0\le f_k\le n-1\).
Clearly, we can expand \(\left| \phi _0\right\rangle \) as
By Eqs. (31) and (32), the any states \(\left| \phi _j\right\rangle \) are given by
The quantum states \(\left| \phi _j\right\rangle \) are the linear independence. So, all of the coefficients \( c_k\) are nonzero.
According to linear independence, we have
Based on the definition of symmetric states, the signal states of QNSC in Eq. (12) are expressed as
where \(\left| \xi _n\right\rangle \) is orthogonal basis in Hilbert space. The coefficients \(a_n\) satisfy \(\sum _{n}|a_n|^2=1\). The density matrix in Eq. (14) can be diagonalized by the orthogonal basis \(\left| \xi _n\right\rangle \).
The von Neumann entropy of density matrix \(\rho _{E|0}^{x}\) is related to its eigenvalues. Thus, we have to calculate the value of \(|a_n|^2\). The coefficients \(|a_n|^2\) are derived by
By solving Eq. (38) for different values k, we find that
Finally, the von Neumann entropy of density operator \(\rho _{E|0}^{x}\) for data can be calculated as follows:
When transmitted data x is 1, signal states are symmetric. So, based on the orthogonal basis \(\left| \zeta _n\right\rangle \), density matrix \(\rho _{E|1}^{x}\) can be expressed as follows:
where \(\left| \varepsilon _k\right\rangle = \left| \sqrt{(1-\eta )} \alpha e^{i\frac{\pi }{M_\mathrm{{b}}}(2k+1)}\right\rangle \). So, the density matrix \(\rho _{E|1}^{x}\) can be diagonalized by the orthogonal basis \(\left| \zeta _n\right\rangle \) by the same way. The coefficients \(|b_n|^2\) are given as follows:
So, we have
The signal states are mixture of Alice’s preparation states with equal probability. So, the density operator \(\rho _E\) is given as follows:
where \(\left| \varepsilon _{k} \right\rangle =\left| \sqrt{(1-\eta )} \alpha e^{i\frac{\pi }{M_\mathrm{{b}}}k}\right\rangle \). By Eq. (44), the density matrix \(\rho _{E}^{x}\) is also the mixture of symmetric states. Applying property of symmetric states, it can be
where \(\left| \omega _n\right\rangle \) is the orthogonal basis in the states space.
By the same way, the coefficients \(|c_n|^2\) are given as follows:
So, the coefficients \(|c_n|^2\) can be derived
Rights and permissions
About this article
Cite this article
Wang, K., Zhang, J. The security of quantum noise stream cipher against collective attacks. Quantum Inf Process 20, 241 (2021). https://doi.org/10.1007/s11128-021-03169-y
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-021-03169-y