Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Send the Key in Cleartext: Halving Key Consumption while Preserving Unconditional Security in QKD Authentication

Claudia De Lazzari, Francesco Stocco, Edoardo Signorini, Giacomo Fregona, Fernando Chirici, Damiano Giani, Tommaso Occhipinti, Guglielmo Morgari, Alessandro Zavatta, Davide Bacco

Abstract

Quantum Key Distribution (QKD) protocols require Information-Theoretically Secure (ITS) authentication of the classical channel to preserve the unconditional security of the distilled key. Standard ITS schemes are based on one-time keys: once a key is used to authenticate a message, it must be discarded. Since QKD requires mutual authentication, two independent one-time keys are typically consumed per round, imposing a non-trivial overhead on the net secure key rate. In this work, we present the authentication-with-response scheme, a novel ITS authentication scheme based on $\varepsilon$-Almost Strongly Universal$_2$ ($\varepsilon$-ASU$_2$) functions, whose IT security can be established in the Universal Composability (UC) framework. The scheme achieves mutual authentication consuming a single one-time key per QKD round, halving key consumption compared to the state-of-the-art.

Send the Key in Cleartext: Halving Key Consumption while Preserving Unconditional Security in QKD Authentication

Abstract

Quantum Key Distribution (QKD) protocols require Information-Theoretically Secure (ITS) authentication of the classical channel to preserve the unconditional security of the distilled key. Standard ITS schemes are based on one-time keys: once a key is used to authenticate a message, it must be discarded. Since QKD requires mutual authentication, two independent one-time keys are typically consumed per round, imposing a non-trivial overhead on the net secure key rate. In this work, we present the authentication-with-response scheme, a novel ITS authentication scheme based on -Almost Strongly Universal (-ASU) functions, whose IT security can be established in the Universal Composability (UC) framework. The scheme achieves mutual authentication consuming a single one-time key per QKD round, halving key consumption compared to the state-of-the-art.

Paper Structure

This paper contains 23 sections, 2 theorems, 48 equations, 6 figures.

Table of Contents

  1. Introduction
  2. Related works and our contributions.
  3. Structure of the paper.
  4. Preliminaries
  5. Notation
  6. Authentication with Almost Strong Universal functions
  7. Authentication with Partially Known Keys
  8. Universal Composability Framework
  9. Authentication-with-response Scheme
  10. Scheme Functionalities
  11. Real Functionality
  12. Ideal Functionality
  13. Distinguisher
  14. Security Proof
  15. No tampering.
  16. ...and 8 more sections

Key Result

Theorem 1

Wegman and Carter's scheme based on $\varepsilon$-ASU2 functions, employed with an $\varepsilon'$-perfect authentication key $k$, is $\varepsilon+\varepsilon'$-secure.

Figures (6)

  • Figure 1: Ideal authentication functionality: Alice sends a message $m$ through the authenticated channel $\mathcal{A}$. Depending on Eve’s actions, either the message is delivered intact (Bob receives $m$) or the authentication protocol fails (Bob receives $\perp$).
  • Figure 2: Real authentication functionality: The secret key source delivers a shared secret key between Alice and Bob. Alice computes the tag $t=h_k(m)$ of a message $m$ and sends the pair $(m,h_k(m))$ along the insecure channel $\mathcal{C}$. Eve intercepts it and resends $(m',t')$. Bob receives $(m',t')$ and verify if $h_k(m')=t'$. If such verification succeeds, then the message $m'$ is accepted, otherwise it is rejected.
  • Figure 3: High level representation of the Authentication-with-response scheme.
  • Figure 4: Representation of the real functionality.
  • Figure 5: Representation of the ideal functionality.
  • ...and 1 more figures

Theorems & Definitions (7)

  • Definition 1: $\varepsilon$-ASU2 functions
  • Definition 2
  • Theorem 1: Abidin, Larsson
  • Theorem 2: Authentication-with-response
  • proof
  • Remark 1
  • Remark 2