Security of Quantum Key Distribution Protocols – Ph.D. Thesis Seminar by Rotem Liss

Presented on 5 May 2021 at the Technion – Israel Institute of Technology (via Zoom) Abstract: The counter-intuitive features of quantum mechanics make it possible to solve problems and perform tasks that are beyond the abilities of non-quantum (classical) computers and communication devices. In particular, quantum key distribution (QKD) protocols allow two participants (Alice and Bob) to achieve the classically-impossible task of generating a secret shared key even if their adversary is computationally unlimited. Unfortunately, the security promises of QKD are true only in theory; practical implementations of QKD deviate from the theoretical protocols, and many of these deviations give rise to practical attacks. In this talk, we study the security properties of various QKD protocols in many practical settings: - First, we discuss practical attacks, and we show how an important practical attack (named "Bright Illumination") can be modeled as a theoretical "Reversed-Space" attack. - Then, we discuss practical security of semiquantum key distribution (SQKD) protocols, where either Alice or Bob is non-quantum (classical). We suggest a new SQKD protocol (the "Mirror protocol") which can be securely implemented, and we prove it robust and secure against a wide range of attacks (the "collective attacks"). - Finally, we study "composable security" of the first QKD protocol created by Bennett and Brassard (BB84). BB84 has its unconditional security proved against adversaries performing the most general attacks in a theoretical (idealized) setting. We generalize an algebraic security approach for BB84 to make it prove "composable security": namely, prove that the secret key remains secret even when Alice and Bob actually use it for cryptographic purposes. Overall, the research presented in this talk aims to enhance our understanding on how to bridge the gap between theory and practice in various sub-fields of QKD, and it may help construct realistic QKD implementations that can be proved truly and unconditionally secure. The talk is self-contained and requires no prior knowledge of quantum information. However, the technical parts of the talk assume prior knowledge of university-level linear algebra.