Please use this identifier to cite or link to this item: https://doi.org/10.1088/1367-2630/18/5/053001
Title: Sifting attacks in finite-size quantum key distribution
Authors: Pfister, C
Lütkenhaus, N
Wehner, S 
Coles, P.J
Keywords: Distillation
Efficiency
Life cycle
Parameter estimation
Quantum optics
Eavesdropping strategies
Finite size
Public communications
Quantum Information
Secure protocols
Security issues
Security loophole
Quantum cryptography
Issue Date: 2016
Publisher: Institute of Physics Publishing
Citation: Pfister, C, Lütkenhaus, N, Wehner, S, Coles, P.J (2016). Sifting attacks in finite-size quantum key distribution. New Journal of Physics 18 (5) : 53001. ScholarBank@NUS Repository. https://doi.org/10.1088/1367-2630/18/5/053001
Rights: Attribution 4.0 International
Abstract: A central assumption in quantum key distribution (QKD) is that Eve has no knowledge about which rounds will be used for parameter estimation or key distillation. Here we show that this assumption is violated for iterative sifting, a sifting procedure that has been employed in some (but not all) of the recently suggested QKD protocols in order to increase their efficiency. We show that iterative sifting leads to two security issues: (1) some rounds are more likely to be key rounds than others, (2) the public communication of past measurement choices changes this bias round by round. We analyze these two previously unnoticed problems, present eavesdropping strategies that exploit them, and find that the two problems are independent. We discuss some sifting protocols in the literature that are immune to these problems. While some of these would be inefficient replacements for iterative sifting, we find that the sifting subroutine of an asymptotically secure protocol suggested by Lo et al (2005 J. Cryptol. 18 133-65), which we call LCA sifting, has an efficiency on par with that of iterative sifting. One of our main results is to show that LCA sifting can be adapted to achieve secure sifting in the finite-key regime. More precisely, we combine LCA sifting with a certain parameter estimation protocol, and we prove the finite-key security of this combination. Hence we propose that LCA sifting should replace iterative sifting in future QKD implementations. More generally, we present two formal criteria for a sifting protocol that guarantee its finite-key security. Our criteria may guide the design of future protocols and inspire a more rigorous QKD analysis, which has neglected sifting-related attacks so far. © 2016 IOP Publishing Ltd and Deutsche Physikalische Gesellschaft.
Source Title: New Journal of Physics
URI: https://scholarbank.nus.edu.sg/handle/10635/179576
ISSN: 1367-2630
DOI: 10.1088/1367-2630/18/5/053001
Rights: Attribution 4.0 International
Appears in Collections:Elements
Staff Publications

Show full item record
Files in This Item:
File Description SizeFormatAccess SettingsVersion 
10_1088_1367-2630_18_5_053001.pdf1.96 MBAdobe PDF

OPEN

NoneView/Download

Google ScholarTM

Check

Altmetric


This item is licensed under a Creative Commons License Creative Commons