The existing quantum cryptography is a classical cryptography in nature and basically insecure because of its classical (conventional) bits, classical encryption algorithm and classical (public) channel. A novel topic about successful communication between the legitimate users, Alice and Bob, is discussed with probability of solution uniqueness of Bob’s decryption equation. We find, by probabilistic analysis, that success of communication between Alice and Bob is probabilistic with a probability bigger than 1/2. It is also novel to define insecurity of the quantum cryptography by probability of solution uniqueness of the search equation of Eve, the eavesdropper. The probability of Eve’s success to find the plain-text of Alice (and Bob) is greater than 1/2, and so the quantum cryptography is seriously insecure.
Bennett and Brassard, Ekert and Bennett established the quantum cryptography by publishing the theoretical quantum key distribution (QKD) protocols, BB84, E91 and B92 [
Some authors (E. Biham, M. Boyer, P. O. Boykin, T. Mor and V. Roychowdhury; P. W. Shor and J. Preskill; D. Mayers; D. Gottesman and H.-K. Lo; H.-K. Lo, H. F. Chau and M. Ardehali; R. Renner, N. Gisin and B. Kraus; M. Boyer, R. Liss and T. Mor; H.-Y. Su) proved security of BB84 [
However, J.Z. Zhao argued that the previous proofs were neither unique nor exhaustive, which meant that proof of security of the theoretical QKD protocols was not completed or achieved [
This research shows, by probabilistic analysis, that the existing quantum cryptography is a classical cryptography in nature. Success of communication between the legitimate users, Alice and Bob, is probabilistic. The probability of success of searching for the plain-text by the eavesdropper, Eve, is bigger than 1/2, and so the quantum cryptography is seriously insecure.
Quantum cryptography based on the theoretical QKD protocols, BB84, E91 and B92, is a classical cryptography in nature because: [
1) The key, the plain-text and the cipher-text are classical ones because they are constructed by classical (conventional) bits;
2) The encryption algorithm is classical OTP (One-time Pad) encryption algorithm;
3) Alice sends the encryption algorithm and the cypher-text to Bob through the classical (public) channel.
The analysis below is valid for BB84, E91 and B92 protocols.
At the end of any theoretical QKD protocol, Alice encrypts her plain-text following the encryption equation
OTP ( k s , p t ) = C (1)
where OTP is the OTP (one-time pad) encryption algorithm [
Bob receives the cypher-text and the OTP encryption algorithm [
| P 〉 = 1 2 ( | 0 〉 + | 1 〉 ) ⊗ 1 2 ( | 0 〉 + | 1 〉 ) ⊗ ⋅ ⋅ ⋅ ⊗ 1 2 ( | 0 〉 + | 1 〉 ) = 1 2 n ( | 00 ⋅ ⋅ ⋅ 0 〉 + | 00 ⋅ ⋅ ⋅ 1 〉 + ⋅ ⋅ ⋅ + | 11 ⋅ ⋅ ⋅ 1 〉 ) = 1 N ∑ j = 0 N − 1 | p j 〉 (2)
for any theoretical QKD protocol, BB84, E91 and B92.
After that, Bob establishes his decryption equation
OTP ( k s , p j ) = C ( 0 ≤ j ≤ N − 1 ) , (3)
where OTP is the OTP encryption algorithm [
Bob’s decryption is to solve the decryption equation, Equation (3), to find the plain-text pt.
Eve intercepts the cipher-text and the encryption algorithm sent by Alice to Bob. She obtains the knowledge of the length of the key and the length of the plain-text, n, which is equivalent to the length of the cipher-text intercepted. Then Eve establishes the quantum state of the key, | K 〉 , superposition of N (N = 2n) states of | k i 〉 (of n bits):
| K 〉 = 1 2 ( | 0 〉 + | 1 〉 ) ⊗ 1 2 ( | 0 〉 + | 1 〉 ) ⊗ ⋅ ⋅ ⋅ ⊗ 1 2 ( | 0 〉 + | 1 〉 ) = 1 2 n ( | 00 ⋅ ⋅ ⋅ 0 〉 + | 00 ⋅ ⋅ ⋅ 1 〉 + ⋅ ⋅ ⋅ + | 11 ⋅ ⋅ ⋅ 1 〉 ) = 1 N ∑ i = 0 N − 1 | k i 〉 (4)
where n is the number of the bits of the key of any one of BB84, E91 and B92.
Eve also establishes the quantum state of the plain-text (2).
After that, Eve establishes her search equation
OTP ( k i , p j ) = C ( 0 ≤ i ≤ N − 1 , 0 ≤ j ≤ N − 1 ) (5)
where OTP is the OTP encryption algorithm [
Eve’s searching is to solve the search equation to find the plain-text pt.
ki: the bit string of the i-th component of the quantum state of the key;
pj: the bit string of the j-th component of the quantum state of the plain-text;
ks: the bit string of the key, whose value is set by Alice;
pt: the bit string of the plain-text, whose value is set by Alice;
C: the bit string of the cypher-text produced by Alice’s encryption;
q1: the probability of solution uniqueness of Bob’s decryption equation;
q2: the probability of solution uniqueness of Eve’s search equation.
There is no doubt that there exists at least one solution of Equation (3) because of Alice’s encrypting (Equation (1)). Furthermore, Equation (3) is probable to provide a unique solution for successful communication between Alice and Bob, though the maximum of solution multiplicity of Equation (3) may reach the big number N.
Suppose that the probability of uniqueness of solution of Equation (3) is q 1 ( q 1 < 1 ) , then the probability of double solution of the equation is q 1 2 … The total probability of all possible solutions of the equation should be 1. Then we have
1 = q 1 + q 1 2 + q 1 3 + ⋅ ⋅ ⋅ + q 1 N = q 1 ( 1 − q 1 N ) 1 − q 1 < q 1 1 − q 1 . (6)
It is from Equation (6) that
1 − q 1 < q 1 , (7)
then
q 1 > 1 2 . (8)
From Equation (8) we know that the probability of uniqueness of solution of Equation (3) is bigger than 1/2, that is, the probability of successful communication between Alice and Bob is bigger than 1/2. Solving Equation (3) is to search | P 〉 (expressed by Equation (2)) for the | p j 〉 whose bit string, pj, satisfies Equation (3). Bob can use Grover’s fast quantum mechanical algorithm for database search for his searching to find pt [
There is no doubt that there exists at least one solution of Equation (5) because of Alice’s encrypting (Equation (1)). Furthermore, Equation (5) is probable to give a unique solution for Eve’s successful search, though the maximum of solution multiplicity of Equation (5) may reach a big number N2.
Suppose that the probability of uniqueness of solution of Equation (5) is q 2 ( q 2 < 1 ) , then the probability of double solution of the equation is q 2 2 … The total probability of all possible solutions of the equation should be 1. Then we have
1 = q 2 + q 2 2 + q 2 3 + ⋅ ⋅ ⋅ + q 2 N 2 = q 2 ( 1 − q 2 N 2 ) 1 − q 2 < q 2 1 − q 2 . (9)
It is from Equation (9) that
1 − q 2 < q 2 , (10)
then
q 2 > 1 2 . (11)
From Equation (11) we know that the probability of uniqueness of solution of Equation (5) is bigger than 1/2, that is, the probability of Eve’s successful searching for the plain-text is bigger than 1/2.
Eve searches the quantum state of the plain-text (Equation (2)) for the plain-text by Grover’s fast quantum mechanical algorithm for database search. She succeeds as solution of the search equation, Equation (5), is unique:
1) Defining a function h ( k i , p j ) (using the search equation, Equation (5)):
h ( k i , p j ) = { 1 , OTP ( k i , p j ) = C 0 , OTP ( k i , p j ) ≠ C (12)
2) Repeating the following operations (a) and (b) for O ( N ) times (Grover Iteration) [
(a) Applying the oracle operation [
| p j 〉 → O ( − 1 ) h ( k i , p j ) | p j 〉 , (13)
where h ( k i , p j ) is the function defined by Equation (12).
(b) Performing Grover operation (in terms of inversion about average operation)
D | P 〉 , (14)
where the diffusion transform D can be implemented as
D = W R W , (15)
where W is the Walsh-Hadamard Transform Matrix and R is the phase rotation matrix [
3) Measuring the resulting state of | P 〉 gives | p t 〉 , the plan-text, with a probability of O ( 1 ) [
1) Success of communication between Alice and Bob is taken for granted so far in the theory of the theoretical QKD protocols, with a default probability 1. However, the research in this paper shows that success of communication between
Alice and Bob is probabilistic with a probability q 1 ( 1 2 < q 1 < 1 ) .
2) Eve’s interception and quantum computation are free of detection of Alice and Bob because the quantum transmission between them is not disturbed. Eve’s probability of successful searching for the plain-text is big ( 1 2 < q 2 < 1 ), and so the existing quantum cryptography based on the theoretical QKD protocols is seriously insecure.
3) The strategy of the existing quantum cryptography should be adjusted. P. Ndagijimana, F. Nahayo, M.K. Assogba, A.F.-X. Ametepe, and J. Shabani proposed a random number generation model using the thermal noise theory, intending to exploit the laws of quantum physics associated to basic principle of cryptology for the implementation of new cryptographic primitives, towards post-quantum cryptography [
The existing quantum cryptography based on the theoretical QKD protocols is a classical cryptography in nature. Successful communication between the legitimate users, Alice and Bob, is taken for granted so far in the theory of QKD, but proved probabilistic in this research. The probability of Eve’s successful searching for the plain-text is big, and so the quantum cryptography based on the theoretical QKD protocols is seriously insecure. Insecurity of the quantum cryptography is a logical result. Adjustment of the strategy of the existing quantum cryptography is necessary.
The author declares no conflicts of interest.
Zhao, J.Z. (2022) On Security of Quantum Cryptography by Probabilistic Analysis. Journal of Quantum Information Science, 12, 91-98. https://doi.org/10.4236/jqis.2022.124008