|Home | About | Journals | Submit | Contact Us | Français|
Quantum cryptography is commonly used to generate fresh secure keys with quantum signal transmission for instant use between two parties. However, research shows that the relatively low key generation rate hinders its practical use where a symmetric cryptography component consumes the shared key. That is, the security of the symmetric cryptography demands frequent rate of key updates, which leads to a higher consumption of the internal one-time-pad communication bandwidth, since it requires the length of the key to be as long as that of the secret. In order to alleviate these issues, we develop a matrix algorithm for fast and simple high-capacity quantum cryptography. Our scheme can achieve secure private communication with fresh keys generated from Fibonacci- and Lucas- valued orbital angular momentum (OAM) states for the seed to construct recursive Fibonacci and Lucas matrices. Moreover, the proposed matrix algorithm for quantum cryptography can ultimately be simplified to matrix multiplication, which is implemented and optimized in modern computers. Most importantly, considerably information capacity can be improved effectively and efficiently by the recursive property of Fibonacci and Lucas matrices, thereby avoiding the restriction of physical conditions, such as the communication bandwidth.
Quantum cryptography provides a feasible solution to the key generation and key management issues for one-time pad (OTP) encryption. Recall that for the classical implementation of OTP, a cryptographic key needs to be generated and distributed to the communicating parties via a secure channel and well ahead of the use of OTP. This constraint is no longer valid in the quantum setting. The randomness necessary to create and distribute a cryptographic key is readily obtained by the parties from observations of quantum signals exchanged between the parties. The quantum key distribution (QKD) provides a straightforward implementation of OTP which preserves its unconditional security1,2. However, most QKD protocols suffer from its relatively low rate of key generation, limiting its widespread applications in deployment. This is caused by the nature of quantum computing where it uses polarization to encode only one qubit for each photon. A costly remedy exists with little practical use–qutrit or ququart exploitation can be achieved by adding much more complications to the QKD apparatus.
This paper addresses the problem of efficient generation of cryptographic keys in QKD. This problem has been investigated by many researchers3,4,5. Zhou et al.3 present a four-intensity measurement-device-independent QKD protocol with a decoy state, which significantly improves the rate of key generation. This protocol works well if messages are not too long. Ma et al.4 argue that the rate of key generation for QKD can be increased by using an entanglement parametric down-conversion (PDC) source. Other methods aiming to improve the rate of key generation include information encoding using high-dimensional (HD) photonic degrees of freedom (such as position momentum6 and time energy7,8). At a practical level, however, it is difficult to increase the number of dimensions of the states encoded by phase over two, or at most, four.
Therefore, it is desirable to devise a more practical approach of encoding high dimensional states into a photon. On the one hand, spontaneous parametric down conversion (SPDC) is a simple way to produce squeezed and polarization-entangled light. On the other hand, recent advancements of orbital angular momentum (OAM) techniques are able to achieve faster generation of quantum states9, and to enable better control10 and easier integration with other systems11. First QKD protocols based on OAM have been proposed in refs 12, 13, 14. Based on these, Simon et al.15 propose Fibonacci-valued OAM states for high-capacity QKD protocols together with SPDC. Their protocols are easier and simpler to implement than existing SPDC and OAM protocols. However, the rate of key generation can be improved up to 4 times only, which is inadequate for any practical use. Also it is impossible to support long-distance transmission with lower error rate. This means that protocols trade transmission distances with error rates (the further the transmission distance the higher the error rate and vice versa).
It seems that achieving a considerable key rate with a small data size is rather challenging in practical settings. In this paper, we extend and enhance the use of the protocol of Simon et al.’s, by enabling each detected Fibonacci number to encode up to a decent number of secret key bits per transmitted entangled photon, while achieving transmission over longer distance with lower error rates. To be exact, we present an approach that uses matrices together with slightly modified QKD protocol15 to improve the rate of key generation. We observe that the conjugate relation (i.e., Ln+2=Fn+1+Fn−1) between Lucas and Fibonacci numbers16, can be used to reduce side channel information leakage at the key preparation stage and hence to increase the security of QKD protocols5. Our observation is valid due to the contribution by Simon et al.15 who have shown that both Fibonacci-valued and Lucas-valued states can also be generated passively by using a beam splitter or by monitoring the idler of a SPDC source.
We propose a quantum cryptography protocol that is based on Fibonacci and Lucas matrix coding. Our new protocol effectively addresses the problem of random key generation for OTP. In particular, our proposed QKD protocol have the following characteristics.
We illustrate how to use the Fibonacci and Lucas matrix coding to develop a new high-capacity QKD protocol. We also provide a security analysis of the new protocol.
According to the definitions of Fibonacci and Lucas numbers (for details, see Appendixes I and II), we discuss how they can be used to construct relevant Fibonacci matrices and Lucas matrices . Then we explore their basic properties. Finally we investigate the relation between and .
The process of creating a sequence of is iterative. We start from and then construct subsequent matrices Q2, Q3, …, Qp according to the following relations:
where Oij, i=j=1, 2, …, p−1 is a matrix of the dimension i×j with zero entries and Ii, i=1, 2, …, p−1 is an identity matrix of the order i. It is easy to show that the matrices satisfy the following relations:
According to Eq. (3), has its inverse, where p=0, 1, 2, 3, …. As explained in Appendix I, it is easy to find its inverse (see Eqs (26) and (27)). For example, the first four matrices and their inverses are shownin Table 1.
The Lucas matrix (for details, see Appendix II) R1 can be used to generate matrices of higher dimensions R2, R3, …, Rp according to the following recurrence:
where Oij, i=j=1, 2, …, p−1 is a zero matrix of the dimension i×j, and Ii, i=1, 2, …, p−1 is an identity matrix of order i. Matrices satisfy the following relations:
Let the plaintext be a sequence of integers: p1, p2, p3, p4, p5, p6, p7, p8, p9, …
These integers can be represented in the form of a square matrix M of order p+1, p=0, 1, 2, …. Note that the elements of M can be taken as an odd or even number of digits as we want. Therefore, the matrix encryption and decryption algorithms can be defined at a high level as follows19:
where K can be or , and K−1 is the inverse matrix of K.
To extend and enhance the framework of Simon et al.’s15, we use the Fibonacci and Lucas-valued OAM states detected in a transmission between Alice and Bob. The states are used to construct the Fibonacci matrix and the Lucas matrix as the key (see Figs 1 and and2).2). Note that here the Fibonacci and Lucas values reconstructed from Fibonacci and Lucas-valued OAM states are used as the seed for generating recursive matrices and in terms of the assumption given below. We take an advantage of the recurrence relation of Fibonacci and Lucas matrices to significantly improve the information capacity of entangled photons to carry more than 4 bits of a cryptographic key.
Assume that the order of the key matrix (the Fibonacci matrix or the Lucas matrix ) is determined by the quantum random number generators of Alice and Bob. The positions of Fibonacci and Lucas numbers in and are determined by the outcome of Fn mod 4 or Ln mod 4, respectively. For instance, if Fn=13, then Fn mod 4=13 mod 4=1. For Fn=8, Fn mod 4=8 mod 4=0. Note that the positions of the Fibonacci numbers 13 and 8 in the matrices are illustrated below:
The steps of our protocol are described below.
Step 1 Preparation of Fibonacci and Lucas-valued OAM states.
We slightly modify the experimental setup of Simon et al.’s15 (see Figs 1 and and2).2). Alice prepares Fibonacci and Lucas-valued OAM states and makes two-photon output states according to the following encoding
One photon of the entangled pair goes to the Alice laboratory and the other to the Bob laboratory. The selection of destination is random. Note that the main difference between our proposed protocol and Simon et al.’s15 is that we use the Fibonacci or Lucas values recovered from photons as a seed for constructing the Fibonacci matrix or the Lucas matrix . This trick improves the information capacity of photons considerably. We are free to select the proper pump values, say, 8, 11, 13, 18, 21, 29, 34, 47.
Step 2 Eavesdropping detection.
As in the Simon et al.’s protocol15, there are six possible cases that need to be considered for entangled photons that arrive at Alice’s and Bob’s laboratories. They are listed below.
Case I. Both photons go to C.
Case II. One photon goes to C and the other to D1.
Case III. One photon goes to C and the other to D2.
Case IV. Both photons go to D1.
Case V. Both photons go to D2.
One photon goes to D1 and the other to D2.
In order to determine the case and detect eavesdropping, Alice and Bob need to exchange classical information over a classical channel (the channel can be an unprotected broadcasting). Let us introduce three events encoded as 0, 01 and 10. The event 0 occurs when the entangled photon goes to C. The second 01 when it goes to D1 and the third encoded as 10 when it goes to D2. Assume that there exists an eavesdropper Eve who intercepts an entangled photon, which travels to Alice (or Bob). Clearly, Eve has no information of which type of a detection measurement (C, D1 or D2) takes place in Bob’s laboratory. So, Eve has to guess. Eve makes a mistake if the photon goes to
The Alice measurement is going to be erroneous with the probability of . Eve’s activity is detected by Alice when Alice and Bob compare their transcripts.
Step 3 Reconstruction of the seed for the key matrix.
After eavesdropping detection, if the error rate re is larger than the preset threshold r, Alice and Bob discard this communication and return to Steps 1–2. Otherwise, they can exchange classical bits to determine the correct Fibonacci number. Alice and Bob discard the trial if the exchanged classical bits (between Alice and Bob) satisfy one of the following three cases: (I) are both 01 (D1 sorters), (II) are both 10 (D2 sorters), (III) are 01 and 10 (D1 and D2 sorters), i.e., Cases IV-VI. If the exchanged classical messages are 0, 01 or 0, 10, Alice and Bob need to exchange one more classical message. That is, Alice or Bob need to exchange another classical bit 0 or 1, to let each other know that their trial is either Case II or Case III. This is sufficient for Alice (Bob) to know Bob’s (Alice’s) state.
If the exchanged classical bits between Alice and Bob are 0, they know the trial is Case I. They know each other’s value as the values can be identified from Eqs (9) and (10). In other words, Alice knows that the Bob Fibonacci number is one or two positions before her number (and vice versa, because the angular uncertainty principle links angular position and angular momentum ). However, this case is more complicated than Case II and Case III. To identify the correct OAM value, they need to exchange more classical messages. As we say in Step 1, the pump values of 8, 11, 13, 18, 21, 29, 34, 47 are used, so, the Fibonacci numbers encoded in the entangled photons can be 3, 5, 8, 13, 21, 34. As we can see the Fibonacci number is either even or odd, then, by prior agreement, for Alice, the classical bits 0, 1 are used to denote the first and second even Fibonacci numbers of 3, 5, 8, 13, 21, 34, while the classical bits 00, 01, 10, 11 are used to denote the first, second, third and fourth odd Fibonacci numbers of 3, 5, 8, 13, 21, 34 (see Table 2).
On receiving a classical bit from Alice, Bob can obtain the Alice Fibonacci number, because the number position is adjacent to the position of his Fibonacci number. Likewise, Bob sends the corresponding classical message to Alice in terms of Table 2, and Alice can also confirm the Bob Fibonacci number. That is to say that Alice and Bob are able to confirm to each other’s the detected numbers by exchanging classical information. For example, if Alice’s detected number is 3, then Alice sends the classical message 00 to Bob over the classical channel and Bob’s detected number is 8. So, Bob can obtain the seed 11, and Bob sends the classical message 00 to Alice over the classical channel. Alice can also obtain the seed 11.
Step 4 Cryptographic key generation with and
After the pump values of Fibonacci and Lucas numbers are determined by Alice and Bob, they can use them as the seed for the key matrix, i.e., the Fibonacci matrix or the Lucas matrix . The orders of and are determined by their quantum random number generators in their laboratories. If the obtained Fibonacci number is F4=5 and its matching order is 4, then the inverse of the matrix can be found in Table 1. The matrices can be used to perform basic cryptographic operations such as encryption and decryption. To illustrate them, consider the following example. Assume that a message is a sequence of integers
Integers of the message in Eq. (11) can be put as entries of matrices M1, M2, …, which is
According to Eq. (7), M can be encrypted as follows
According to his order and Equation (8), the cryptogram can be split and decrypted by using the inverse matrix, so Bob obtains
Step 5 Integrity verification
According to , , we obtain
The encryption defined by Fibonacci and Lucas matrices is an instance of symmetric-key cryptography. Fibonacci and Lucas matrices have the particular property, i.e., the recurrent property which helps us to know a Fibonacci or Lucas matrix with any one of Fibonacci or Lucas number in the matrix. We call the a Fibonacci or Lucas number the seed. As we know, for symmetrical cryptography, the main deficiency is the problem of key distribution. However, in our proposed protocol, the key is generated based on Simon et al.’s protocol15, which is quantum-resistant for enhanced security. That is, Fibonacci or Lucas cryptography can be combined with the quantum one-time-pad for unconditional security. Therefore, in this section, we provide a sufficient security analysis of why seeding the Fibonacci and Lucas matrices used to encrypt the message (and subsequent sending of it) does not increase Eve’s information about the secret key as follows.
Therefore, by seeding the Fibonacci and Lucas matrices used to encrypt the message to achieve fast and simple high-capacity quantum cryptography, our proposed protocol does not increase Eve’s information about the secret key.
In this section, we discuss the possibility to improve Simon et al.’s15 experimental setup for quantum cryptography based on the Fibonacci matrix and the Lucas matrix , which have more additional features to be obtained, including the higher transmission rates, no limit of communication bandwidths, the considerable information capacity, the selection property of Fibonacci or Lucas numbers, and the powerful detection and correction ability.
In 2013, Simon et al.15 proposed a high-capacity QKD by Fibonacci coding. In particular, with a Vogel spiral15 (which refers to the “Fibonacci angle”), they use a source of entangled Fibonacci-valued OAM states to prepare Fibonacci-valued entangled pairs, which then leave the spiral and enter the down-conversion crystal. Moreover, due to the conjugation relation between Lucas numbers and Fibonacci numbers, Simon et al.15 showed that Lucas-valued states can also be generated passively by using a beam splitter or by monitoring the idler of an SPDC source. In addition, the phases of signal photons are totally random due to the spontaneous feature of the SPDC process. This intrinsic phase randomization improves the security of the QKD system by making it immune to source attacks. Therefore, we improve the experimental setup in Simon et al.’s protocol to generate both Fibonacci- and Lucas-valued OAM states (see Figs 1 and and2,2, note that Simon et al.15 state that in the chosen operating range, it is easy to adjust the fraction of the values that fall on the Fibonacci or Lucas sequence), so that these nonorthogonal states naturally appear and randomly change with Fibonacci- and Lucas-valued entangled pairs.
Assume that the detection probabilities of the entangled photons in the state of Eqs (9) and (10) are independent. Let ξA, and ξB, be the detection efficiencies for a Fibonacci and Lucas entangled photon for Alice and Bob, respectively. Both ξA, and ξB, take into account the channel losses, detector efficiencies, coupling efficiencies, and losses inside the detector box. For a 2n-photon pair, the overall transmission rate is
Given that the channel loss is included in ξA, and ξB, , our method can be used to the SPDC source on either Alice’s (or Bob’s) side or between Alice and Bob.
Due to the recursive property of the Fibonacci matrix and the Lucas matrix , just one entangled photon can be used as the seed to distribute the entire key, i.e., the information capacity Ic can be even equal to the length of the key , i.e., . This is because the secret can be used to construct a matrix of any order.
Simon et al.’s15 protocol needs more Fibonacci or Lucas numbers to improve key capacity, however, the method is under the limit of orbital angular momentum and down-conversion bandwidths. Therefore, they cannot choose more proper Fibonacci or Lucas numbers to achieve longer distances and lower error rates simultaneously. Moreover, every entangled photon can only be used to encode at most four bits. So, a large number of entangled states should be prepared to establish the key. As a result, when the key is updated frequently with the purpose of security, one-time-pad communication bandwidth increases in a proportional way. However, our protocol improves the key capacity greatly by taking advantages of the recursive property of Fibonacci and Lucas matrices and the method of preparing entangled states by Simon et al.’s15 setup. Therefore, only a few entangled photons are needed to establish the key in practical settings. Therefore, our protocol is free from the limitation of orbital angular momentum and down-conversion bandwidths. Given this, in our protocol, the key can be established in a short time, and the frequent key update is free from the limitation of communication bandwidths.
Simon et al. used their experiments to come to the conclusion that if the pump values from smaller Fibonacci numbers are used, the photons can travel longer distances but at the expense of higher error rates. If, however, the pump values from larger Fibonacci numbers are used, then error rates reduced but maximal distances over which photons can travel are shorter. That is, to meet the requirements of available orbital angular momentum and down-conversion bandwidths and the longer distances and lower error rates, the proper pump values can be selected in our protocol, for example, Fibonacci numbers 8, 13, 21, 34 and Lucas numbers 11, 18, 29, 47. Therefore, the values carried by entangled photons are 3, 5, 8, 13, 21, 34.
An additional feature of our protocol is the error detection for the cipertext compared with the existing quantum cryptography, which can keep the integrity of the secret. Stakhov19 has proposed an error correction algorithm for Fibonacci coding. We present a brief description of this algorithm. For , , we can verify their integrity in terms of Eqs (15) or (16), i.e.,
If the transmitted matrix is E and the received matrix is E′, and E′ satisfies Eqs (15) or (16), then there are no errors. Otherwise, there exist errors. In this case, correction is needed, and Stakhov19 has shown that the correction ability of Fibonacci and matrix coding method is 93.33% and 99.80%, and when p is larger, the correction ability is higher than 99.80%, which exceeds all the other well-known correcting codes.
Because of the considerable information capacity, no limit of communication bandwidths, and the powerful detection and correction abilities, our protocol provides a practical secure way to share more private information with high photon-information efficiency in a short time. In realistic conditions, it is more applicable and feasible in a practical implementation with a slight modification of Simon et al.’s protocol. Table 3 compares the features of our proposed protocol with those of the most relevant quantum key distribution protocols in refs 1, 2 and 15. The comparison suggests that our protocol is more suitable for real-world applications.
We have developed a new quantum cryptosystem, i.e., quantum cryptography based on Fibonacci matrix and Lucas matrix , which employs technologies similar to Simon et al.’s protocol to overcome the previous limitations on communication bandwidths and demonstrate that the number of secret key bits per transmitted entangled photon can be increased up to the length of the key, which is well-over previous demonstrations that were limited to up to 4. Under realistic conditions, the proposed protocol also provides a practical secure way to share more private information with considerably high photon-information efficiency in a short time. Moreover, it can be fast and simple to implement technical realization.
Here, we introduce the method of Fibonacci matrix or Lucas matrix to quantum cryptography.
Let the initial message be a “digital signal” of integers: p1, p2, p3, p4, p5, p6, p7, p8, p9, …
Assume that we choose the first nine readings and form a 3×3 matrix P1, which is regarded as a plain text matrix.
And the key K, i.e., or is obtained by Steps 1–3 in the proposed protocol. In general, the cryptosystem consists of the plain text matrix P, the cipher text matrix C, and the key K
Then encryption and decryption algorithm is
Definition 1. (Fibonacci numbers)20 The sequence of Fibonacci numbers is defined by the recurrence relation
Clearly, the integers 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, … are members of Fibonacci sequences. Using the definition of Fibonacci numbers, one can prove that
According to Stakhov’s work19, we can write a Fibonacci Q-matrix of dimension 2 as follows:
Now, we can derive a relevant recurrence relation in the form:
Note that satisfies the following two properties:
The inverse matrix of is obtained as follows
Definition 2. (Lucas numbers)16 The Lucas numbers are defined as follows:
In particular, L0=2, L1=1, L2=3, L3=4, L4=7 … Moreover, Lucas numbers and Fibonacci numbers have a conjugate relation16 of the following form:
Let us define a 2×2 matrix R as
How to cite this article: Lai, H. et al. Fast and simple high-capacity quantum cryptography with error detection. Sci. Rep. 7, 46302; doi: 10.1038/srep46302 (2017).
Publisher's note: Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Hong Lai has been supported by the Fundamental Research Funds for the Central Universities (No. XDJK2016C043), the financial support in part by the 1000-Plan of Chongqing by Southwest University (No.SWU116007), and the Doctoral Program of Higher Education (No. SWU115091). Mingxing Luo is supportedby the National Natural Science Foundation of China (No. 61303039), Sichuan Youth Science and Technique Foundation (No.2017JQ0048) and CSC Scholarship. Josef Pieprzyk has been supported by National Science Centre, Poland, project registration number UMO-2014/15/B/ST6/05130. Jun Zhang is supported by the National Natural Science Foundation of China (No. 61401371). Shudong Li is supported by the National Natural Science Foundation of China Grant Nos 61262057, 61472433, 61662069).
The authors declare no competing financial interests.
Author Contributions L.H. proposed the theoretical method. L.H., L.M.X., P.J., Z.J. and P.L. wrote the manuscript text. O.M. and L.S.D. reviewed the manuscript.