I. Description of ULB/QuIC
ULC/QuIC is the Centre for Quantum Information and Communication at the Université Libre de Bruxelles has been active in quantum information sciences for more than ten years, with research contributions ranging from fundamental questions such as quantum measurement, quantum entanglement, or quantum nonlocality, to more information-flavored issues such as quantum communication, quantum cryptography, or quantum algorithms. It currently holds two patents, and has published numerous scientific papers among which two in the journal Nature, two in Nature Photonics, and one in Nature Communications. The list of publications of the ULB QulC Lab is available here.
II. Key persons in the project
Prof. Nicolas J Cerf was appointed as a professor at ULB in 1998, in charge of teaching information theory and quantum mechanics, and then founded the Centre for Quantum Information and Communication (QuIC). He has also been a Senior Research Fellow at the California Institute of Technology, and an invited Professor at the Massachusetts Institute of Technology. He authors more than 130 papers in peer-reviewed journals, including letters in some of the most prestigious journals (Physical Review Letters, Nature, Nature Photonics, and IEEE Transactions on Information Theory) as well as review articles (Reviews of Modern Physics, Progress in Optics). He is the co‐editor of a book devoted to continuous–‐variable quantum information, and has initiated, in 2002, a series of conferences especially devoted to this topic, which runs on an annual basis since then. He was elected a member of the Royal Academies for Science and the Arts of Belgium.
Dr. Evgueni Karpov defended his PhD in physics and mathematics in 1994 at the Institute of Macromolecular Compounds of the Russian Academy of Sciences (the PhD equivalence is confirmed by ULB). He has been working in the field of Quantum Information and Communication since 2005, when he joined the Centre for Quantum Information and Communication as a postdoctoral researcher. He acquired a research expertise in the field of quantum communications and information security. He studied the security of quantum key distribution protocols and information capacity of quantum channels. He implemented a secret key distribution protocol based on the use of a true random number generator and hash functions with the aim to us it for authentication. His current research interests include now the security of zero-knowledge password authentication protocols against both quantum and classical attacks. He is co‐author of about 60 publications.
III. Contributions to the project
High security requirements of cloud-based SaaS applications make a simple single-factor authentication with a static password not sufficient. The security of user authentication schemes is also improved by two-factor or multifactor authentication, which may include sending SMS with a confirmation code to user’s mobile phone, the use of ATM cards or smart cards or some biometric characteristics in addition to the password or PIN. In order avoid security breaches due to credentials theft users are also advised to have different passwords for each service and renew them regularly. At the same time SaaS providers are interested not to load customers with remembering multiple passwords. The Identity Management Systems are implemented that help users to authenticate themselves with a different password for each service, while having to remember only one password giving the access to IMS. Nevertheless the protection of user passwords is still a critical security issue. A basic level of password protection is realized by secured https protocol where the password is sent through the network in a ciphered form. A higher level of protection may be achieved by the protocols implementing Zero-knowledge proofs. They allow one party to prove the knowledge of the password without revealing it even to another party.
The security of cryptographic tools is based on computational complexity assumptions. Recent history shows examples when a rapid growth of computational power invalidated such assumptions making insecure widely used cipher codes. Eventual arrival of quantum computers threatens the security of public key cryptography based on RSA protocols. At the same time Quantum technologies propose cryptographic tools whose security does not rely upon computational complexity assumptions but is based on the laws of quantum physics. Our objective was to develop and study authentication protocols exploiting such schemes for improving security of cloud-based SaaS applications.
The Quantum password is an authentication scheme devised to protect password from eavesdropping during authentication. According to the protocol prover and verifier exchange weak optical pulses which obey the laws of quantum mechanics. The password is encoded in a sequence of quantum operations, which prover should perform on the received pulses before returning them to verifier. The security of the protocol is based on impossibility of measuring the quantum states without perturbing them and the impossibility of certain universal quantum operations. The protocol is known to be secure against a passive impersonation by malicious prover and its implementation is feasible with the current technology. We have studied the security of the protocol against the attacks by active prover and /or verifier trying to learn the password by interacting with laser pulses. We have found security flaws, however we also found a way of modification of the protocol, which allows detection of such attacks. If an attack is detected the security of the authentication scheme can be granted by refreshing the password at each authentication session. Such a possibility may be provided by our one-time password authentication scheme.
The quantum password protocol requires availability of sources of light working in the single-photon regime. This technology is well established for carrying out laboratory experiments. However, further miniaturization is required in order to use such type of sources in commercial systems. We studied a possibility of single photon generation by Vertical Cavity Surface Emitting Lasers. These semiconductor based sources of coherent light represent a well develop technology for optical communications. Their small size allows fabrication of arrays of VCSELs as optical chips. In our theoretical study we have developed the requirements for VCSEL’s design which can provide single photon generation rates sufficient for the purpose of authentication.
One-time password authentication with quantum randomness
Present realisations of quantum cryptographic protocols including our quantum password protocol usually need direct optical links between communicating parties. Hence changes in the network infrastructure may be need for their implementation, which impedes their use in practical, in particular, mobile applications. Quantum realizations of physical (true) random number generation require only local implementations of optical technologies. The applications using availability of unpredictable random numbers produced at a high rate work on existing infrastructure. We have devised a practical user authentication protocol based on the availability of fresh secret keys. The symmetric secret keys are developed by communicating parties with the help of a hybrid key distribution protocol which mixes the pre-shared secret with a stream of random numbers distributed via a public channel. The security of the protocol is provided by a strong permutation based hash function and a high-speed physical source of randomness. We used a realisation of SHA3 hash function KECCAK and a quantum random number generator Quantis. The pre-shared secret is permanently refreshed as new secret sequence is developed.
In our authentication protocol, the availability of fresh secret keys allows exchange of challenge and response strings without revealing the secrets used for authentication because only disposable tokens are sent via communication channels. The shared secret is being refreshed at each authentication session. We performed the security analysis against basic attacks on the on-time password scheme including password guessing, eavesdropping, replay, man-in-the-middle, small subgroup attack, and impersonation. At the moment no effective attack was identified.
Optimal quantum measurement
The security of cryptographic systems implementing quantum protocols strongly depends on the quality of the measurement devices and schemes. By studying measurements with coherent optical pulses in quantum regime we identified a set of optimal measurement schemes achieving the ultimate level of precision for given energy of the probe (see contribution P-8 at CEWQO2017, p.62). We expect that these results may serve in the development of new quantum cryptographic protocols with coherent states.