1. Field of the Invention
The present invention relates to a method to combining a quantum authentication procedure with quantum key distribution protocol, and more particularly, to a user-authentication method for being suitable for a photon transmission based BB84 protocol and guaranteeing the unconditional security of the BB84 protocol.
2. Description of the Related Art
C. H. Bennett and G. Brassard devised BB84 quantum key distribution (hereinafter, referred to as QKD) protocol in 1984, and the quantum cryptography field has rapidly developed in the past 20 years. A core of a QKD protocol generates and shares a secret key for cryptography communication via a published communication channel by two users that are far away from each other and establishes the unconditional security for the shared secret key.
The existing cryptography system implements a secure key distribution protocol by using an asymmetrical key cryptography system but the security of the existing cryptography system has a limitation in securing only computational security due to mathematical complexity.
P. Shor published a specialized quantum algorithm that can solve prime factorization in polynomial time by using quantum fourier transformation, which verifies that the most widely used RSA cryptography system is theoretically not safe. The serial results highlighted the importance of the quantum cryptography. In particular, the fact that the QKD protocol can share the secret key while still providing unconditional security at 140 km or more via a free space and an optical fiber has been theoretically and experimentally verified. Further, the practical examples of the QKD protocol used for various applications such as electronic voting, commercial transaction between banks, military secret communication, etc., have been reported.
However, the main problem of the QKD protocol is that it cannot prevent the man-in-the-middle attack, especially when the authentication procedure for confirming the identity of the user participating in the key distribution protocol is not coupled with the QKD protocol. In this case, the attacker makes it possible to share a secret key with the rightful users, thereby concealing his/her identity from rightful users. The rightful users think that the secret key is shared with another rightful user and uses the secret key in the cipher text. Therefore, the attacker decrypts all communications transmitted between the rightful users hereinafter.
The quantum authentication scheme known up to now is largely classified into two schemes according to a kind of secret key that is previously shared by the users. One scheme previously shares a quantum entangled state and then, is used as a safe quantum channel itself. The other scheme uses a previously shared bit string as an authentication key to authenticate the user, similar to the existing cryptography. The assumption that the quantum entangled state is shared means that it does not allow the communication channels between the users to be interrupted from the entire external environment. Actually, since the communication channel is the intangible channel, there is no need to consider the possibility vulnerable to attack from the outside. However, this scheme necessarily demands that the quantum memory is capable of preserving the quantum entangled state for a long time and the quantum computation for error correction, but the possibility to actually implement the above will not happen in near future.
As a result, the photon transmission-based quantum authentication scheme is considered to be more practical. In this scheme, when the key is repeatedly used, it is difficult to maintain the security consecutively. Therefore, a scheme generally implemented is one that continuously replaces the secret key through QKD protocol. In this case, the method capable of organically coupling the user authentication scheme with the QKD protocol should be considered.
The current commercialized QKD protocol uses the existing authentication scheme and the security depends on the symmetrical key exchange by QKD protocol and the universality of hash functions. However, the length key string for authentication is entirely determined by the amount of transmitted classical messages. Therefore, it is important to reduce the length of required key string, because the amount of key generated by QKD protocol is very limited at a long distance.