Article

# On the security of AlphaEta: Response to Some attacks on quantum-based cryptographic protocols'

10/2005;
Source: arXiv

ABSTRACT Lo and Ko in [1] have developed some attacks on the cryptosystem called AlphaEta [2], claiming that these attacks undermine the security of AlphaEta for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to pull back'' an argument valid only at n=infinity into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a proof' using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on AlphaEta as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for AlphaEta, we provide a description of relevant results in standard cryptography and in the design of AlphaEta to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.

0 0
·
0 Bookmarks
·
64 Views
• Source
##### Article: Some Attacks On Quantum-based Cryptographic Protocols
[hide abstract]
ABSTRACT: Quantum-based cryptographic protocols are often said to enjoy security guaranteed by the fundamental laws of physics. However, even carefully designed quantum-based cryptographic schemes may be susceptible to subtle attacks that are outside the original design. As an example, we give attacks against a recently proposed secure communication using mesoscopic coherent states'', which employs mesoscopic states, rather than single-photon states. Our attacks can be used either as a known-plaintext attack or in the case where the plaintext has not been randomized. One of our attacks requires beamsplitters and the replacement of a lossy channel by a lossless one. It is successful provided that the original loss in the channel is so big that Eve can obtain 2^k copies of what Bob receives, where k is the length of the seed key pre-shared by Alice and Bob. Substantial improvements over such an exhaustive key search attack can be made, whenever a key is reused. Furthermore, we remark that, under the same assumption of a known or non-random plaintext, Grover's exhaustive key search attack can be applied directly to "secure communication using mesoscopic coherent states", whenever the channel loss is more than 50 percent. Therefore, as far as information-theoretic security is concerned, optically amplified signals necessarily degrade the security of the proposed scheme, when the plaintext is known or non-random. Our attacks apply even if the mesoscopic scheme is used only for key generation with a subsequent use of the key for one-time-pad encryption.
10/2003;
• Source
##### Article: Secure communication using mesoscopic coherent states.
[hide abstract]
ABSTRACT: We demonstrate theoretically and experimentally that secure communication using intermediate-energy (mesoscopic) coherent states is possible. Our scheme is different from previous quantum cryptographic schemes in that a short secret key is explicitly used and in which quantum noise hides both the bit and the key. This encryption scheme allows optical amplification. New avenues are open to secure communications at high speeds in fiber-optic or free-space channels.
Physical Review Letters 07/2003; 90(22):227901. · 7.94 Impact Factor
• Source
##### Article: Reply to: 'Reply to: "Comment on: How much security does Y-00 protocol provide us?` " '
[hide abstract]
ABSTRACT: Nishioka et al claim in [1], elaborating on their earlier paper [2], that the direct encryption scheme called Y-00 [3,4] is equivalent to a classical non-random additive stream cipher, and thus offers no more security than the latter. In this paper, we show that this claim is false and that Y-00 may be considered equivalent to a \emph{random} cipher. We explain why a random cipher provides additional security compared to its nonrandom counterpart. Some criticisms in [1] on the use of Y-00 for key generation are also briefly responded to.
10/2005;