BB84 Updated 2024-12-15 +Created 1970-01-01
View more
Does not require entangled particles, unlike E91 which does.
en.wikipedia.org/w/index.php?title=Quantum_key_distribution&oldid=1079513227#BB84_protocol:_Charles_H._Bennett_and_Gilles_Brassard_(1984) explains it well. Basically:
  • Alice and Bob randomly select a measurement basis of either 90 degrees and 45 degrees for each photon
  • Alice measures each photon. There are two possible results to either measurement basis: parallel or perpendicular, representing values 0 or 1. TODO understand better: weren't the possible results supposed to be pass or non-pass? She writes down the results, and sends the (now collapsed) photons forward to Bob.
  • Bob measures the photons and writes down the results
  • Alice and Bob communicate to one another their randomly chosen measurement bases over the unencrypted classic channel.
    This channel must be authenticated to prevent man-in-the-middle. The only way to do this authentication that makes sense is to use a pre-shared key to create message authentication codes. Using public-key cryptography for a digital signature would be pointless, since the only advantage of QKD is to avoid using public-key cryptography in the first place.
  • they drop all photons for which they picked different basis. The measurements of those which were in the same basis are the key. Because they are in the same basis, their results must always be the same in an ideal system.
  • if there is an eavesdropper on the line, the results of measurements on the same basis can differ.
    Unfortunately, this can also happen due to imperfections in the system.
    Alice and Bob must decide what level of error is above the system's imperfections and implies that an attacker is listening.
Read the full article
Diffie-Hellman key exchange Updated 2024-12-15 +Created 1970-01-01
View more
Based on the fact that we don't have a P algorithm for the discrete logarithm of the cyclic group as of 2020, but we do have an efficient algorithm for modular exponentiation. But nor do we have proof that one does not exist! Living on the edge as usual for public-key cryptography.
Read the full article
NP-hard cryptosystems Updated 2024-12-15 +Created 1970-01-01
View more
This is natural question because both integer factorization and discrete logarithm are the basis for the most popular public-key cryptography systems as of 2020 (RSA and Diffie-Hellman key exchange respectively), and both are NP-intermediate. Why not use something more provenly hard?
Read the full article
Quantum key distribution Updated 2024-12-15 +Created 1970-01-01
View more
Man-in-the-middle attack
quantumcomputing.stackexchange.com/questions/142/advantage-of-quantum-key-distribution-over-post-quantum-cryptography/25727#25727 Advantage of quantum key distribution over post-quantum cryptography has Ciro Santilli's comparison to classical encryption.
BB84 is a good first algorithm to look into.
Long story short:
  • QKD allows you to generate shared keys without public-key cryptography. You can then use thses shared keys
  • QKD requires authentication on a classical channel, exactly like a classical public-key cryptography forward secrecy would. The simplest way to do this is a with a pre-shared key, just like in classical public key cryptography. If that key is compromised at any point, your future messages can get man-in-the-middle'd, exactly like in classical cryptography.
QKD uses quantum mechanics stuff to allow sharing unsnoopable keys: you can detect any snooping and abort communication. Unsnoopability is guaranteed by the known laws of physics, up only to engineering imperfections.
Furthermore, it allows this key distribution without having to physically take a box by car somewhere: once the channel is established, e.g. optical fiber, you can just keep generating perfect keys from it. Otherwise it would be pointless, as you could just drive your one-time pad key every time.
However, the keys likely have a limited rate of generation, so you can't just one-time pad the entire message, except for small text messages. What you would then do is to use the shared key with symmetric encryption.
Therefore, this setup usually ultimately relies on the idea that we believe that symmetric encryption is safer than , even though there aren't mathematical safety proofs of either as of 2020.
Read the full article
RSA vs Diffie-Hellman Updated 2024-12-15 +Created 1970-01-01
View more
As its name indicates, Diffie-Hellman key exchange is a key exchange algorithm. TODO verify: this means that in order to transmit a message, both parties must first send data to one another to reach a shared secret key. For RSA on the other hand, you can just take the public key of the other party and send encrypted data to them, the receiver does not need to send you any data at any point.
Read the full article
Symmetric encryption Updated 2024-12-15 +Created 2024-10-12
View more
Symmetric encryption is a type of encryption where you use a password (also known as a "key") to encrypt your data, and then the same password to decrypt the data.
For example, this is the type of encryption that is used for encrypting the data in our smartphones and laptops with disk encryption.
This way, if your laptop gets stolen, the thief is not able to see your private photos without knowing your password, even though they are able to read every byte of your disk.
The downside is that that you have to type your password every time you want to login. This leads people to want to use shorter passwords, which in turn are more prone to password cracking.
The other main type of encryption is public-key cryptography.
The advantage of public-key cryptography is that it allows you to send secret messages to other people even an the attacker is able to capture the encrypted messages. This is for example what you want to do when sending a personal message to a friend over the Internet. Such encryption is especially crucial when using wireless communication such as Wi-Fi, where anyone nearby can capture the signals you send and receive, and would be able to read all your data if it weren't encrypted.
Easily sending encrypted messages over the Internet is not possible with symmetric encryption because for your friend to decrypt the message in that system, you'd need to send them the password, which the attacker would also be able to eavesdrop and then decrypt the message that follows using it. The problem of sharing a password with another person online is called key exchange.
Advanced Encryption Standard (AES) is one of the most popular families of symmetric encryption algorithms.
OpenSSL is a popular open source implementation of symmetric and public-key cryptography. A simple example of using OpenSSL for symmetric encryption from the command-line is:
echo 'Hello World!' > message.txt
openssl aes-256-cbc -a -salt -pbkdf2 -in message.txt -out message.txt.enc
This asks for a password, which we set as asdfqwer, and then produces a file message.txt.enc containing garbled text such that:
hd message.txt.enc
contains:
00000000  55 32 46 73 64 47 56 6b  58 31 38 58 48 65 2f 30  |U2FsdGVkX18XHe/0|
00000010  70 56 42 2b 70 45 6c 55  59 38 2b 54 38 7a 4e 34  |pVB+pElUY8+T8zN4|
00000020  4e 37 6d 52 2f 73 6d 4d  62 64 30 3d 0a           |N7mR/smMbd0=.|
0000002d
Then to decrypt:
openssl aes-256-cbc -d -a -pbkdf2 -in message.txt.enc -out message.new.txt
once again asks for your password and given the correct password produces a file message.new.txt containing the original message:
Hello World!
This was tested on Ubuntu 24.04, OpenSSL 3.0.13. See also: How to use OpenSSL to encrypt/decrypt files? on Stack Overflow.
There is no provably secure symmetric-key algorithm besides the one-time pad, which has the serious drawback of requiring the key to be as long as the message. This means that we believe that most encryption algorithms are secure because it is a hugely valuable target and no one has managed to crack them yet. But we don't have a mathematical proof that they are actually secure, so they could in theory be broken by new algorithms one day.
Read the full article