{"id":4113,"date":"2024-09-21T18:28:17","date_gmt":"2024-09-21T18:28:17","guid":{"rendered":"https:\/\/workhouse.sweetdishy.com\/?p=4113"},"modified":"2024-09-24T11:39:32","modified_gmt":"2024-09-24T11:39:32","slug":"security-of-cryptosystems-possible-attacks","status":"publish","type":"post","link":"https:\/\/workhouse.sweetdishy.com\/index.php\/2024\/09\/21\/security-of-cryptosystems-possible-attacks\/","title":{"rendered":"Security of cryptosystems: possible attacks"},"content":{"rendered":"\n<p>The vulnerability of any cryptosystem needs to be subjected to stringent<\/p>\n\n\n\n<p>tests before it can be implemented. In fact the very growth of new and e\ufb03cient<\/p>\n\n\n\n<p>cryptographic schemes depends a lot on the input of cryptanalysts, who make<\/p>\n\n\n\n<p>a thorough study of possible loopholes and susceptibility to attacks. A study<\/p>\n\n\n\n<p>of possible methods that endanger a system would require a book of its own.<\/p>\n\n\n\n<p>Possible attacks on a cryptosystem are<\/p>\n\n\n\n<p>1. Decoding: the most obvious of all \u2014 an eavesdropper intercepts the<\/p>\n\n\n\n<p>message and solves for the decoding keys<\/p>\n\n\n\n<p>2. Eavesdropping (the message is intercepted and decoded) if detected,<\/p>\n\n\n\n<p>means that the channel is insecure and needs protection or needs to be<\/p>\n\n\n\n<p>dropped altogether<\/p>\n\n\n\n<p>3. Man-in-the-middle or impersonation: an eavesdropper having access to<\/p>\n\n\n\n<p>the channel impersonates the sender and thus gets information about<\/p>\n\n\n\n<p>the decoding scheme, or else foils the communication. This is especially<\/p>\n\n\n\n<p>true when there is no means of authenticating the sender<\/p>\n\n\n\n<p>4. Denial of service: the eavesdropper is able to clog the communication<\/p>\n\n\n\n<p>channel or even cut it o\ufb00 physically and prevent the transmission of<\/p>\n\n\n\n<p>messages.<\/p>\n\n\n\n<p>5. Other attacks speci\ufb01c to the hardware and protocols being used.<\/p>\n\n\n\n<p>9.4 Quantum Key Distribution<\/p>\n\n\n\n<p>Quantum key distribution is potentially secure because of the fundamental<\/p>\n\n\n\n<p>properties of the quantum states used. The \ufb01rst schemes of quantum key<\/p>\n\n\n\n<p>distribution relied on the indistinguishability of non-orthogonal states and the<\/p>\n\n\n\n<p>no-cloning principle. Another reason why quantum key distribution has been<\/p>\n\n\n\n<p>such a resounding success is that the protocols are feasible and immediately<\/p>\n\n\n\n<p>implementable using available optical technology. Quanta of light, photons,<\/p>\n\n\n\n<p>are used to carry qubits. The two basis states are implemented by the two<\/p>\n\n\n\n<p>orthogonal states of polarization of the light. Various bases can be used to<\/p>\n\n\n\n<p>represent the polarization. Linearly polarized light in di\ufb00erent basis states<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/learning.oreilly.com\/api\/v2\/epubs\/urn:orm:book:9781482238129\/files\/bgd6.png\" width=\"449\" height=\"636\"><\/p>\n<\/blockquote>\n\n\n\n<p>Information and Communication 189<\/p>\n\n\n\n<p>can be easily produced by passing light through a polarizer with pass axis<\/p>\n\n\n\n<p>oriented along di\ufb00erent directions.<\/p>\n\n\n\n<p>-basis:<\/p>\n\n\n\n<p>|0i : horizontally polarized : |\u2194i (9.7a)<\/p>\n\n\n\n<p>|1i : vertically polarized : |li. (9.7b)<\/p>\n\n\n\n<p>H-basis:<\/p>\n\n\n\n<p>|+i = H|0i : polarized at + 45<\/p>\n\n\n\n<p>\u25e6<\/p>\n\n\n\n<p>: |<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>i (9.8a)<\/p>\n\n\n\n<p>|\u2212i = H|1i : polarized at \u2212 45<\/p>\n\n\n\n<p>\u25e6<\/p>\n\n\n\n<p>: |<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>i. (9.8b)<\/p>\n\n\n\n<p>The circular polarization basis is also sometimes used as it is easily produced<\/p>\n\n\n\n<p>by using quarter-wave plates in conjunction with polarizers.<\/p>\n\n\n\n<p>Y -basis:<\/p>\n\n\n\n<p>|ii = S|0i : right circular polarized : |\ue008i (9.9a)<\/p>\n\n\n\n<p>|\u2212ii = S|1i : left circular polarized : |\ue009i. (9.9b)<\/p>\n\n\n\n<p>These states are indicated on the Bloch sphere in Figure 9.7.<\/p>\n\n\n\n<p>FIGURE 9.7: Di\ufb00erent photon polarization states indicated on the Bloch<\/p>\n\n\n\n<p>sphere.<\/p>\n\n\n\n<p>If a bit is encoded in a photon prepared randomly in one of the states of<\/p>\n\n\n\n<p>Equations 9.7 and 9.8, can you \ufb01nd out which bit I have, without knowing my<\/p>\n\n\n\n<p>preparation basis? The answer is, not with certainty. The best you can do is<\/p>\n\n\n\n<p>to measure the photon in one of the 4 bases, chosen at random. What are the<\/p>\n\n\n\n<p>chances that you pick the right one?<\/p>\n\n\n\n<p>Say I prepared a |+i, which is the bit 1 encoded in the H basis. The<\/p>\n\n\n\n<p>probability of your choosing the right basis for measuring is 1\/2. If you chose<\/p>\n\n\n\n<p>the wrong basis, then the probability of your measuring a 1 is 1\/4. If I have a<\/p>\n\n\n\n<p>whole string of n bits encoded in this fashion, the probability that you guess<\/p>\n\n\n\n<p>right will be (1\/4)<\/p>\n\n\n\n<p>n<\/p>\n\n\n\n<p>which becomes exponentially tinier as n increases!<\/p>\n\n\n\n<p>Protocols for secure sharing of a random bit string between two parties<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>190 Introduction to Quantum Physics and Information Processing<\/p>\n\n\n\n<p>rely on this property of encoding. We will review a few of them here to show<\/p>\n\n\n\n<p>you how it works.<\/p>\n\n\n\n<p>9.4.1 BB84 protocol<\/p>\n\n\n\n<p>Due to C. Bennett and G. Brassard in 1984 [9], this protocol seeks to<\/p>\n\n\n\n<p>generate a perfectly random bit string that is shared by Alice and Bob. The<\/p>\n\n\n\n<p>beauty of the method is that the bit string does not exist until Bob measures<\/p>\n\n\n\n<p>the qubits Alice has transmitted to him. Thus the security of the shared string<\/p>\n\n\n\n<p>is guaranteed. The bits are randomly encoded either in the computational<\/p>\n\n\n\n<p>basis ( ) or in the H basis. The steps followed are:<\/p>\n\n\n\n<p>1. Alice produces a random bit string s<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>(for instance, by making quantum<\/p>\n\n\n\n<p>measurements on an unpolarized stream of qubits) of length l.<\/p>\n\n\n\n<p>2. She uses another random bit sequence m<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>to choose which polarization<\/p>\n\n\n\n<p>state to encode each bit in: if (m<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>)<\/p>\n\n\n\n<p>i<\/p>\n\n\n\n<p>= 0 and the H basis if (m<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>)<\/p>\n\n\n\n<p>i<\/p>\n\n\n\n<p>= 1.<\/p>\n\n\n\n<p>3. This encoded stream of photons is transmitted to Bob across a quantum<\/p>\n\n\n\n<p>channel. We label the state of the i<\/p>\n\n\n\n<p>th<\/p>\n\n\n\n<p>photon by |\u03c6<\/p>\n\n\n\n<p>i<\/p>\n\n\n\n<p>i.<\/p>\n\n\n\n<p>4. Bob now uses a random bit string m<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>to choose a basis for measuring<\/p>\n\n\n\n<p>each photon in this stream as it comes to him. He then has a string of<\/p>\n\n\n\n<p>measurement outcomes s<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>.<\/p>\n\n\n\n<p>5. After the measurements have been made, Alice announces her string m<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>over a public (insecure) channel.<\/p>\n\n\n\n<p>6. Bob discusses with her and they discard those bits of s<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>and s<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>for<\/p>\n\n\n\n<p>which the measuring bases do not match, i.e., those bit positions in<\/p>\n\n\n\n<p>m<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>that do not match with m<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>.<\/p>\n\n\n\n<p>7. The remaining bits, corresponding to the matching places, form a pos-<\/p>\n\n\n\n<p>sible shared key. On an average, there will be half the original number<\/p>\n\n\n\n<p>of bits in this set. a<\/p>\n\n\n\n<p>The probability of Bob choosing the same basis as Alice is one half, so they<\/p>\n\n\n\n<p>must start out with a string at least twice as long as the intended key. The<\/p>\n\n\n\n<p>security of this method hinges on the inability to unambiguously distinguish<\/p>\n\n\n\n<p>bits encoded in non-orthogonal bases.<\/p>\n\n\n\n<p>Example 9.4.1. An example of the BB84 protocol is shown below, with the<\/p>\n\n\n\n<p>shared key bits highlighted. Where the measurement bases are not the same,<\/p>\n\n\n\n<p>the state measured by Bob is left blank, as it could randomly be |0i or |1i.<\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/learning.oreilly.com\/api\/v2\/epubs\/urn:orm:book:9781482238129\/files\/bgd8.png\" width=\"685\" height=\"1031\"><\/p>\n\n\n\n<p>Information and Communication 191<\/p>\n\n\n\n<p>Index 1 2 3 4 5 6 7 8 9 10 11 12 13 14<\/p>\n\n\n\n<p>s<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>1 0 0 0 1 1 1 0 1 0 0 0 1 1<\/p>\n\n\n\n<p>m<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>0 1 1 0 1 1 1 0 1 1 0 0 0 1<\/p>\n\n\n\n<p>|\u03c6<\/p>\n\n\n\n<p>i<\/p>\n\n\n\n<p>i \u2194<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>\u2194 l l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>m<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>0 0 0 1 1 0 1 0 1 0 0 0 1 1<\/p>\n\n\n\n<p>s<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>1 0 1 0 1 1 1 0 1 1 0 0 1 1<\/p>\n\n\n\n<p>Candidate key k = 11101001<\/p>\n\n\n\n<p>What if there is an eavesdropper on the channel? Suppose Eve gains access<\/p>\n\n\n\n<p>to the qubits in the quantum channel. She cannot copy the qubits and then<\/p>\n\n\n\n<p>send them on their way to Bob, since the no-cloning theorem ensures she will<\/p>\n\n\n\n<p>not have faithful copies. She can, however, measure the qubits in her own<\/p>\n\n\n\n<p>choice of bases and then send them onward. In this situation, she has a 50%<\/p>\n\n\n\n<p>chance of choosing the same basis as Alice. When Bob measures the qubits<\/p>\n\n\n\n<p>again, he has a 50% chance of having chosen the same basis as Eve, so that<\/p>\n\n\n\n<p>on the whole he has only a 25% chance of agreeing with Alice\u2019s choice! But<\/p>\n\n\n\n<p>how does he discover that the channel security has been compromised?<\/p>\n\n\n\n<p>Alice and Bob decide to test this, by agreeing to compare a fraction of<\/p>\n\n\n\n<p>their shared bit string. They can do this over a public channel, and if they<\/p>\n\n\n\n<p>discover up to 25% mismatch then they know that the channel is suspect, and<\/p>\n\n\n\n<p>they will not use it for their communication.<\/p>\n\n\n\n<p>The protocol can be divided into three phases: \ufb01rst, the sending of the bit-<\/p>\n\n\n\n<p>stream encoded in a quantum channel and the measurements made by Bob;<\/p>\n\n\n\n<p>second, the public discussion of the data they obtain and third, the sifting,<\/p>\n\n\n\n<p>testing and authentication of their data. We will discuss the last two a little<\/p>\n\n\n\n<p>later.<\/p>\n\n\n\n<p>9.4.2 BB92 protocol<\/p>\n\n\n\n<p>The BB84 protocol was further re\ufb01ned in 1992 to use just two di\ufb00erent<\/p>\n\n\n\n<p>encoding states instead of four. The only two states Alice uses are |li and<\/p>\n\n\n\n<p>|<\/p>\n\n\n\n<p>l<\/p>\n\n\n\n<p>i. This is su\ufb03cient, since they are not orthogonal and cannot be reliably<\/p>\n\n\n\n<p>distinguished by the eavesdropped. The key steps are as follows:<\/p>\n\n\n\n<p>1. Alice creates a random bit string s<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>,<\/p>\n\n\n\n<p>2. She encodes a string 0\u2019s in photons polarized randomly in the or H<\/p>\n\n\n\n<p>basis according to the bits in s<\/p>\n\n\n\n<p>A<\/p>\n\n\n\n<p>.<\/p>\n\n\n\n<p>3. Bob chooses a random string s<\/p>\n\n\n\n<p>B<\/p>\n\n\n\n<p>according to the bits in which he chooses<\/p>\n\n\n\n<p>the basis or H to measure the photons. The measurement results form<\/p>\n\n\n\n<p>a string m<\/p>\n\n\n\n<p>B<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The vulnerability of any cryptosystem needs to be subjected to stringent tests before it can be implemented. In fact the very growth of new and e\ufb03cient cryptographic schemes depends a lot on the input of cryptanalysts, who make a thorough study of possible loopholes and susceptibility to attacks. A study of possible methods that endanger [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4043,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[498],"tags":[],"class_list":["post-4113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-and-communication"],"jetpack_featured_media_url":"https:\/\/workhouse.sweetdishy.com\/wp-content\/uploads\/2024\/09\/informative.png","_links":{"self":[{"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/posts\/4113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/comments?post=4113"}],"version-history":[{"count":2,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/posts\/4113\/revisions"}],"predecessor-version":[{"id":4582,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/posts\/4113\/revisions\/4582"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/media\/4043"}],"wp:attachment":[{"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/media?parent=4113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/categories?post=4113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/workhouse.sweetdishy.com\/index.php\/wp-json\/wp\/v2\/tags?post=4113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}