Dissertations / Theses on the topic 'Cryptographic key generation'

The argument of this thesis might be summed up as the exploitation of the noise to generate better noise. More specifically this work is about the possibility of exploiting classic noise to effectively transmit quantum information and measuring quantum noise to generate better quantum randomness. What do i mean by exploiting classical noise to transmit effectively quantum information? In this case I refer to the task of sending quantum bits through the atmosphere in order set up transmissions of quantum key distribution (QKD) and this will be the subject of Chapter 1 and Chapter 2. In the Quantum Communications framework, QKD represents a topic with challenging problems both theoretical and experimental. In principle QKD offers unconditional security, however practical realizations of it must face all the limitations of the real world. One of the main limitation are the losses introduced by real transmission channels. Losses cause errors and errors make the protocol less secure because an eavesdropper could try to hide his activity behind the losses. When this problem is addressed under a full theoretical point of view, one tries to model the effect of losses by means of unitary transforms which affect the qubits in average according a fixed level of link attenuation. However this approach is somehow limiting because if one has a high level of background noise and the losses are assumed in average constant, it could happen that the protocol might abort or not even start, being the predicted QBER to high. To address this problem and generate key when normally it would not be possible, we have proposed an adaptive real time selection (ARTS) scheme where transmissivity peaks are instantaneously detected. In fact, an additional resource may be introduced to estimate the link transmissivity in its intrinsic time scale with the use of an auxiliary classical laser beam co-propagating with the qubits but conveniently interleaved in time. In this way the link scintillation is monitored in real time and the selection of the time intervals of high channel transmissivity corresponding to a viable QBER for a positive key generation is made available. In Chapter 2 we present a demonstration of this protocol in conditions of losses equivalent to long distance and satellite links, and with a range of scintillation corresponding to moderate to severe weather. A useful criterion for the preselection of the low QBER interval is presented that employs a train of intense pulses propagating in the same path as the qubits, with parameters chosen such that its fluctuation in time reproduces that of the quantum communication. For what concern the content of Chapter 3 we describe a novel principle for true random number generator (TRNG) which is based on the observation that a coherent beam of light crossing a very long path with atmospheric turbulence may generate random and rapidly varying images. To implement our method in a proof of concept demonstrator, we have chosen a very long free space channel used in the last years for experiments in Quantum Communications at the Canary Islands. Here, after a propagation of 143 km at an altitude of the terminals of about 2400 m, the turbulence in the path is converted into a dynamical speckle at the receiver. The source of entropy is then the atmospheric turbulence. Indeed, for such a long path, a solution of the Navier-Stokes equations for the {atmospheric flow in which the beam propagates is out of reach. Several models are based on the Kolmogorov statistical theory, which parametrizes the repartition of kinetic energy as the interaction of decreasing size eddies. However, such models only provide a statistical description for the spot of the beam and its wandering and never an instantaneous prediction for the irradiance distribution. These are mainly ruled by temperature variations and by the wind and cause fluctuations in the air refractive index. For such reason, when a laser beam is sent across the atmosphere, this latter may be considered as a dynamic volumetric scatterer which distorts the beam wavefront. We will evaluate the experimental data to ensure that the images are uniform and independent. Moreover, we will assess that our method for the randomness extraction based on the combinatorial analysis is optimal in the context of Information Theory. In Chapter 5 we will present a new approach for what concerns the generation of random bits from quantum physical processes. Quantum Mechanics has been always regarded as a possible and valuable source of randomness, because of its intrinsic probabilistic Nature. However the typical paradigm is employed to extract random number from a quantum system it commonly assumes that the state of said system is pure. Such assumption, only in theory would lead to full and unpredictable randomness. The main issue however it is that in real implementations, such as in a laboratory or in some commercial device, it is hardly possible to forge a pure quantum state. One has then to deal with quantum state featuring some degree of mixedness. A mixed state however might be somehow correlated with some other system which is hold by an adversary, a quantum eavesdropper. In the extreme case of a full mixed state, practically one it is like if he is extracting random numbers from a classical state. In order to do that we will show how it is important to shift from a classical randomness estimator, such as the min-classical entropy H-min(Z) of a random variable Z to quantum ones such as the min-entropy conditioned on quantum side information E. We have devised an effective protocol based on the entropic uncertainty principle for the estimation of the min-conditional entropy. The entropic uncertainty principle lets one to take in account the information which is shared between multiple parties holding a multipartite quantum system and, more importantly, lets one to bound the information a party has on the system state after that it has been measured. We adapted such principle to the bipartite case where an user Alice, A, is supplied with a quantum system prepared by the provider Eve, E, who could be maliciously correlated to it. In principle then Eve might be able to predict all the outcomes of the measurements Alice performs on the basis Z in order to extract random numbers from the system. However we will show that if Alice randomly switches from the measurement basis to a basis X mutually unbiased to Z, she can lower bound the min entropy conditioned to the side information of Eve. In this way for Alice is possible to expand a small initial random seed in a much larger amount of trusted numbers. We present the results of an experimental demonstration of the protocol where random numbers passing the most rigorous classical tests of randomness were produced. In Chapter 6, we will provide a secure generation scheme for a continuos variable (CV) QRNG. Since random true random numbers are an invaluable resource for both the classical Information Technology and the uprising Quantum one, it is clear that to sustain the present and future even growing fluxes of data to encrypt it is necessary to devise quantum random number generators able to generate numbers in the rate of Gigabit or Terabit per second. In the Literature are given several examples of QRNG protocols which in theory could reach such limits. Typically, these are based on the exploitation of the quadratures of the electro-magnetic field, regarded as an infinite bosonic quantum system. The quadratures of the field can be measured with a well known measurement scheme, the so called homodyne detection scheme which, in principle, can yield an infinite band noise. Consequently the band of the random signal is limited only by the passband of the devices used to measure it. Photodiodes detectors work commonly in the GHz band, so if one sample the signal with an ADC enough fast, the Gigabit or Terabit rates can be easily reached. However, as in the case of discrete variable QRNG, the protocols that one can find in the Literature, do not properly consider the purity of the quantum state being measured. The idea has been to extend the discrete variable protocol of the previous Chapter, to the Continuous case. We will show how in the CV framework, not only the problem of the state purity is given but also the problem related to the precision of the measurements used to extract the randomness.<br>L'argomento di questa tesi può essere riassunto nella frase utilizzare il rumore classico per generare un migliore rumore quantistico. In particolare questa tesi riguarda da una parte la possibilita di sfruttare il rumore classico per trasmettere in modo efficace informazione quantistica, e dall'altra la misurazione del rumore classico per generare una migliore casualita quantistica. Nel primo caso ci si riferisce all'inviare bit quantistici attraverso l'atmosfera per creare trasmissioni allo scopo di distribuire chiavi crittografiche in modo quantistico (QKD) e questo sara oggetto di Capitolo 1 e Capitolo 2. Nel quadro delle comunicazioni quantistiche, la QKD è caratterizzata da notevoli difficolta sperimentali. Infatti, in linea di principio la QKD offre sicurezza incondizionata ma le sue realizzazioni pratiche devono affrontare tutti i limiti del mondo reale. Uno dei limiti principali sono le perdite introdotte dai canali di trasmissione. Le perdite causano errori e gli errori rendono il protocollo meno sicuro perché un avversario potrebbe camuffare la sua attivita di intercettazione utilizzando le perdite. Quando questo problema viene affrontato da un punto di vista teorico, si cerca di modellare l'effetto delle perdite mediante trasformazioni unitarie che trasformano i qubits in media secondo un livello fisso di attenuazione del canale. Tuttavia questo approccio è in qualche modo limitante, perché se si ha ha un elevato livello di rumore di fondo e le perdite si assumono costanti in media, potrebbe accadere che il protocollo possa abortire o peggio ancora, non iniziare, essendo il quantum bit error rate (QBER) oltre il limite (11\%) per la distribuzione sicura. Tuttavia, studiando e caratterizzando un canale ottico libero, si trova che il livello di perdite è tutt'altro che stabile e che la turbolenza induce variazioni di trasmissivita che seguono una statistica log-normale. Il punto pertanto è sfruttare questo rumore classico per generare chiave anche quando normalmente non sarebbe possibile. Per far ciò abbiamo ideato uno schema adattativo per la selezione in tempo reale (ARTS) degli istanti a basse perdite in cui vengono istantaneamente rilevati picchi di alta trasmissivita. A tal scopo, si utilizza un fascio laser classico ausiliario co-propagantesi con i qubit ma convenientemente inframezzato nel tempo. In questo modo la scintillazione viene monitorata in tempo reale e vengono selezionati gli intervalli di tempo che daranno luogo ad un QBER praticabile per una generazione di chiavi. Verra quindi presentato un criterio utile per la preselezione dell'intervallo di QBER basso in cui un treno di impulsi intensi si propaga nello stesso percorso dei qubits, con i parametri scelti in modo tale che la sua oscillazione nel tempo riproduce quello della comunicazione quantistica. Nel Capitolo 2 presentiamo quindi una dimostrazione ed i risultati di tale protocollo che è stato implementato presso l'arcipelago delle Canarie, tra l'isola di La Palma e quella di Tenerife: tali isole essendo separate da 143 km, costituiscono un ottimo teatro per testare la validita del protocollo in quanto le condizioni di distanza sono paragonabili a quelle satellitari e la gamma di scintillazione corrisponde quella che si avrebbe in ambiente con moderato maltempo in uno scenario di tipo urbano. Per quanto riguarda il contenuto del Capitolo 3 descriveremo un metodo innovativo per la generazione fisica di numeri casuali che si basa sulla constatazione che un fascio di luce coerente, attraversando un lungo percorso con turbolenza atmosferica da luogo ad immagini casuali e rapidamente variabili. Tale fenomeno è stato riscontrato a partire dai diversi esperimenti di comunicazione quantistica effettuati alle Isole Canarie, dove il fascio laser classico utilizzato per puntare i terminali, in fase di ricezione presentava un fronte d'onda completamente distorto rispetto al tipico profilo gaussiano. In particolare ciò che si osserva è un insieme di macchie chiare e scure che si evolvono geometricamente in modo casuale, il cosiddetto profilo dinamico a speckle. La fonte di tale entropia è quindi la turbolenza atmosferica. Infatti, per un canale di tale lunghezza, una soluzione delle equazioni di Navier-Stokes per il flusso atmosferico in cui si propaga il fascio è completamente fuori portata, sia analiticamente che per mezzo di metodi computazionali. Infatti i vari modelli di dinamica atmosferica sono basati sulla teoria statistica Kolmogorov, che parametrizza la ripartizione dell'energia cinetica come l'interazione di vortici d'aria di dimensioni decrescenti. Tuttavia, tali modelli forniscono solo una descrizione statistica per lo spot del fascio e delle sue eventuali deviazioni ma mai una previsione istantanea per la distribuzione dell' irraggiamento. Per tale motivo, quando un raggio laser viene inviato attraverso l'atmosfera, quest'ultima può essere considerato come un diffusore volumetrico dinamico che distorce il fronte d'onda del fascio. All'interno del Capitolo verranno presentati i dati sperimentali che assicurano che le immagini del fascio presentano le caratteristiche di impredicibilita tali per cui sia possibile numeri casuali genuini. Inoltre, verra presentato anche il metodo per l'estrazione della casualita basato sull'analisi combinatoria ed ottimale nel contesto della Teoria dell'Informazione. In Capitolo 5 presenteremo un nuovo approccio per quanto riguarda la generazione di bit casuali dai processi fisici quantistici. La Meccanica quantistica è stata sempre considerata come la migliore fonte di casualita, a causa della sua intrinseca natura probabilistica. Tuttavia il paradigma tipico impiegato per estrarre numeri casuali da un sistema quantistico assume che lo stato di detto sistema sia puro. Tale assunzione, in principio comporta una generazione in cui il risultato delle misure è complemente impredicibile secondo la legge di Born. Il problema principale tuttavia è che nelle implementazioni reali, come in un laboratorio o in qualche dispositivo commerciale, difficilmente è possibile creare uno stato quantico puro. Generalmente ciò che si ottiene è uno stato quantistico misto. Uno stato misto tuttavia potrebbe essere in qualche modo correlato con un altro sistema quantistico in possesso, eventualmente, di un avversario. Nel caso estremo di uno stato completamente misto, un generatore quantistico praticamente è equivalente ad un generatore che impiega un processo di fisica classica, che in principio è predicibile. Nel Capitolo, si mostrera quindi come sia necessario passare da un estimatore di casualita classico, come l' entropia minima classica $ H_ {min (Z) $ di una variabile casuale $ Z $ ad un estimatore che tenga conto di una informazione marginale $E$ di tipo quantistico, ovvero l'entropia minima condizionata $H_{min(Z|E)$. La entropia minima condizionata è una quantita fondamentale perchè consente di derivare quale sia il minimo contenuto di bit casuali estraibili dal sistema, in presenza di uno stato non puro. Abbiamo ideato un protocollo efficace basato sul principio di indeterminazione entropica per la stima dell'entropia min-condizionale. In generale, il principio di indeterminazione entropico consente di prendere in considerazione le informazioni che sono condivise tra più parti in possesso di un sistema quantistico tri-partitico e, soprattutto, consente di stimare il limite all'informazione che un partito ha sullo stato del sistema, dopo che è stato misurato. Abbiamo adattato tale principio al caso bipartito in cui un utente Alice, $A$, è dotato di un sistema quantistico che nel caso in studio ipotizziamo essere preparato dall'avversario stesso, Eve $E$, e che quindi potrebbe essere con esso correlato. Quindi, teoricamente Eve potrebbe essere in grado di prevedere tutti i risultati delle misurazioni che Alice esegue sulla sua parte di sistema, cioè potrebbe avere una conoscenza massima della variabile casuale $Z$ in cui si registrano i risultati delle misure nella base $\mathcal{Z$. Tuttavia mostreremo che se Alice casualmente misura il sistema in una base $\mathcal{X$ massimamente complementare a $\mathcal{Z$, Alice può inferire un limite inferiore l'entropia per $H_{min(Z|E)$. In questo modo per Alice, utilizzando tecniche della crittografia classeica, è possibile espandere un piccolo seme iniziale di casualita utilizzato per la scelta delle basi di misura, in una quantita molto maggiore di numeri sicuri. Presenteremo i risultati di una dimostrazione sperimentale del protocollo in cui sono stati prodotti numeri casuali che passano i più rigorosi test per la valutazione della casualita. Nel Capitolo 6, verra illustrato un sistema di generazione ultraveloce di numeri casuali per mezzo di variabili continue(CV) QRNG. Siccome numeri casuali genuini sono una preziosa risorsa sia per l'Information Technology classica che quella quantistica, è chiaro che per sostenere i flussi sempre crescenti di dati per la crittografia, è necessario mettere a punto generatori in grado di produrre streaming con rate da Gigabit o Terabit al secondo. In Letteratura sono riportati alcuni esempi di protocolli QRNG che potrebbero raggiungere tali limiti. In genere, questi si basano sulla misura dele quadrature del campo elettromagnetico che può essere considerato come un infinito sistema quantistico bosonico. Le quadrature del campo possono essere misurate con il cosiddetto sistema di rivelazione a omodina che, in linea di principio, può estrarre un segnale di rumore a banda infinita. Di conseguenza, la banda del segnale casuale viene ad essere limitata solo dalla banda passante dei dispositivi utilizzati per misurare. Siccome, rilevatori a fotodiodi lavorano comunemente nella banda delle decine dei GHz, se il segnale è campionato con un ADC sufficientemente veloce e con un elevato numero di bit di digitalizzazione, rate da Gigabit o Terabit sono facilmente raggiungibili. Tuttavia, come nel caso dei QRNG a variabili discrete, i protocolli che si hanno in Letteratura, non considerano adeguatamente la purezza dello stato quantistico da misurare. Nel L'idea è di estendere il protocollo a variabile discreta del capitolo precedente, al caso continuo. Mostreremo come nell'ambito CV, non solo sia abbia il problema della purezza dello stato ma anche il problema relativo alla precisione delle misure utilizzate su di esso. Proporremo e daremo i risultati sperimentali per un nuovo protocollo in grado di estrarre numeri casuali ad alto rate e con un elevato grado di sicurezza.

In dieser Doktorarbeit werden zwei Konzepte der Quanteninformationsverarbeitung realisiert. Der Quantenschlüsselaustausch ist revolutionär, weil er perfekte Sicherheit gewährleistet. Zahlreiche Quantenkryptografieprotokolle wurden schon untersucht. Zwei Probleme bestehen. Zum einen ist es sehr schwer, die Bedingungen herzustellen, die in den Annahmen für perfekte Sicherheit impliziert sind. Zum anderen sind die Reichweiten auf momentan etwa 200 km begrenzt, aufgrund des abnehmenden Signals gegenüber des konstanten Rauschens. Ein Experiment dieser Doktorarbeit beschäftigt sich mit dem ersten Problem. Insbesondere der übertragene Quantenzustands ist kritisch für die Sicherheit des Verfahrens. Es werden Einzelphotonen von Stickstoff- Fehlstellen-Zentren und zum ersten Mal von Silizium-Fehlstellen-Zentren für einen Quantenschlüsselaustausch mit Hilfe des BB84-Protokolls benutzt. Die Abweichung von idealen Einzelphotonenzuständen sowie deren Bedeutung für die Sicherheit werden analysiert. Die Übertragung von Quantenzuständen via Satellit könnte das Problem der begrenzten Reichweite lösen. Das neue Frequenz-Zeit- Protokoll eignet sich dafür besonders gut. Es wird während dieser Arbeit zum ersten Mal überhaupt implementiert. Umfangreiche Untersuchungen inklusive der Variation wesentlicher experimenteller Parameter geben Aufschluss über die Leistungsfähigkeit und Sicherheit des Protokolls. Außerdem werden elementare Bestandteile eines vollautomatischen Experiments zum Quantenschlüsselaustausch über Glasfasern in der sogenannten Time-bin-Implementierung mit autonomem Sender und Empfänger realisiert. Ein anderes Konzept der Quanteninformationsverarbeitung ist die Herstellung zufälliger Bitfolgen durch den Quantenzufall. Zufällige Bitfolgen haben zahlreiche Anwendungsgebiete in der Kryptografie und der Informatik. Die Realisierung eines Quantenzufallszahlengenerators mit mathematisch beschreibbarer und getesteter Zufälligkeit und hoher Bitrate wird ebenfalls beschrieben.<br>In this thesis, photonic quantum states are used for experimental realisations of two different concepts of quantum information processing. Quantum key distribution (QKD) is revolutionary because it is the only cryptographic scheme offering unconditional security. Two major problems prevail: Firstly, matching the conditions for unconditional security is challenging, secondly, long distance communication beyond 200 km is very demanding because an increasingly attenuated quantum state starts to fail the competition with constant noise. One experiment accomplished in this thesis is concerned with the first problem. The realisation of the actual quantum state is critical. Single photon states from nitrogen and for the first time also silicon vacancy defect centres are used for a QKD transmission under the BB84 (Bennett and Brassard 1984). The deviation of the used single photon states from the ideal state is thoroughly investigated and the information an eavesdropper obtains due to this deviation is analysed. Transmitting quantum states via satellites is a potential solution to the limited achievable distances in QKD. A novel protocol particularly suited for this is implemented for the first time in this thesis, the frequency-time (FT) protocol. The protocol is thoroughly investigated by varying the experimental parameters over a wide range and by evaluating the impact on the performance and the security. Finally, big steps towards a fully automated fibre-based BB84 QKD experiment in the time-bin implementation with autonomous sender and receiver units are accomplished. Another important concept using quantum mechanical properties as a resource is a quantum random number generator (QRNG). Random numbers are used for various applications in computing and cryptography. A QRNG supplying bits with high and quantifiable randomness at a record-breaking rate is reported and the statistical properties of the random output is thoroughly tested.

La sécurité des communications sans fil omniprésentes devient, ces dernières années, de plus en plus une exigence incontournable. Bien que la cryptographie symétrique assure largement la confidentialité des données, la difficulté concerne la génération et la distribution de clés secrètes. Récemment, des études indiquent que les caractéristiques inhérentes du canal de propagation peuvent être exploitées afin de consolider la sécurité. En particulier, le canal radio fournit en effet une source d'aléa commune à deux utilisateurs à partir de laquelle des clés secrètes peuvent être générées. Dans la présente dissertation, nous nous intéressons au processus de génération de clés secrètes (SKG), tout en reliant les propriétés du canal radio à la qualité des clés générées. D'abord nous développons un modèle du canal stochastique, traitant la sécurité du point de vue de l'espion, qui montre une mémoire de canal résiduelle bien au-delà d'une distance de quelques longueurs d'onde (scénarios spatialement non-stationnaires). Ensuite, nous exploitons les degrés de liberté (DOF) du canal et analysons leur impact sur la performance de SKG dans différentes conditions, tout en considérant des canaux plus réalistes en environnements extérieur et intérieur (respectivement grâce à des données déterministes simulées et à des mesures). Les résultats montrent que, même pour des bandes modérées (comme standardisées dans la norme IEEE 802.11), le seul DoF de fréquence ou de son association avec le DoF spatial est souvent suffisant pour générer des longues clés, à condition d'utiliser une méthode efficace de quantification des coefficients complexes du canal<br>Nowadays, the security of ubiquitous wireless communications becomes more and more a crucial requirement. Even though data is widely protected via symmetric ciphering keys, a well-known difficulty is the generation and distribution of such keys. In the recent years therefore, a set of works have addressed the exploitation of inherent characteristics of the fading propagation channel for security. In particular, secret keys could be generated from the wireless channel, considered as a shared source of randomness, available merely to a pair of communicating entities. ln the present dissertation, we are interested in the approach of secret key generation (SKG) from wireless channels, especially in relating the radio channel properties to the generated keys quality. We first develop a stochastic channel model, focusing on the security with respect to the eavesdropper side, which shows a residual channel memory weil beyond a few wavelengths distance (spatially nonstationary scenarios). Then, we analyze the channel degrees of freedom (DoF) and their impact on the SKG performance in different channel conditions, especially by considering more realistic channels in both outdoor and indoor environments (respectively through simulated ray tracing data and through measurements). The results show that, even for moderately wide band (such as standardized in IEEE 802.11), the sole frequency DOF or its association with the spatial DOF is often enough for generating long keys, provided an efficient quantization method of the complex channel coefficients is used

La sécurité des communications sans fil omniprésentes devient, ces dernières années, de plus en plus une exigence incontournable. Bien que la cryptographie symétrique assure largement la confidentialité des données, la difficulté concerne la génération et la distribution de clés secrètes. Récemment, des études indiquent que les caractéristiques inhérentes du canal de propagation peuvent être exploitées afin de consolider la sécurité. En particulier, le canal radio fournit en effet une source d'aléa commune à deux utilisateurs à partir de laquelle des clés secrètes peuvent être générées. Dans la présente dissertation, nous nous intéressons au processus de génération de clés secrètes (SKG), tout en reliant les propriétés du canal radio à la qualité des clés générées. D'abord nous développons un modèle du canal stochastique, traitant la sécurité du point de vue de l'espion, qui montre une mémoire de canal résiduelle bien au-delà d'une distance de quelques longueurs d'onde (scénarios spatialement non-stationnaires). Ensuite, nous exploitons les degrés de liberté (DOF) du canal et analysons leur impact sur la performance de SKG dans différentes conditions, tout en considérant des canaux plus réalistes en environnements extérieur et intérieur (respectivement grâce à des données déterministes simulées et à des mesures). Les résultats montrent que, même pour des bandes modérées (comme standardisées dans la norme IEEE 802.11), le seul DoF de fréquence ou de son association avec le DoF spatial est souvent suffisant pour générer des longues clés, à condition d'utiliser une méthode efficace de quantification des coefficients complexes du canal<br>Nowadays, the security of ubiquitous wireless communications becomes more and more a crucial requirement. Even though data is widely protected via symmetric ciphering keys, a well-known difficulty is the generation and distribution of such keys. In the recent years therefore, a set of works have addressed the exploitation of inherent characteristics of the fading propagation channel for security. In particular, secret keys could be generated from the wireless channel, considered as a shared source of randomness, available merely to a pair of communicating entities. ln the present dissertation, we are interested in the approach of secret key generation (SKG) from wireless channels, especially in relating the radio channel properties to the generated keys quality. We first develop a stochastic channel model, focusing on the security with respect to the eavesdropper side, which shows a residual channel memory weil beyond a few wavelengths distance (spatially nonstationary scenarios). Then, we analyze the channel degrees of freedom (DoF) and their impact on the SKG performance in different channel conditions, especially by considering more realistic channels in both outdoor and indoor environments (respectively through simulated ray tracing data and through measurements). The results show that, even for moderately wide band (such as standardized in IEEE 802.11), the sole frequency DOF or its association with the spatial DOF is often enough for generating long keys, provided an efficient quantization method of the complex channel coefficients is used

Cette thèse, financée par la DGA, est motivée par la problématique d’évaluation des TRNG pour des applications à très haut niveau de sécurité. Les standards actuels tels que AIS-31 n’étant pas suffisants pour ces types d’applications, la DGA propose une procédure complémentaire, validée sur les TRNG utilisant les oscillateurs en anneau (RO), qui vise à caractériser la source d’aléa des TRNG afin d’identifier les bruits électroniques présents dans celle-ci. Ces bruits se traduisent dans les circuits numériques par le jitter d’horloge générée dans les RO. Ils peuvent être caractérisés par leur densité spectrale de puissance reliée à la variance d’Allan temporelle qui permet, contrairement à la variance standard pourtant encore largement utilisée, de discriminer ces différents types de bruit (thermique, flicker principalement). Cette étude a servi de base à l’estimation de la part du jitter due au bruit thermique utilisé dans les modèles stochastiques décrivant la sortie des TRNG. Afin d’illustrer et de valider l’approche de certification DGA sur d’autres principes de TRNG que les RO, nous proposons une caractérisation de la PLL en tant que source d’aléa. Nous avons modélisé la PLL en termes de fonctions de transfert. Cette modélisation a conduit à l’identification de la source de bruit en sortie de la PLL, ainsi que de sa nature en fonction des paramètres physiques de la PLL. Cela a permis de proposer des recommandations quant au choix des paramètres afin de garantir une entropie maximale. Afin d’aider à la conception de ce type de TRNG, nous proposons également un outil de recherche des paramètres non physiques du générateur assurant le meilleur compromis sécurité/débit<br>This thesis, funded by the DGA, is motivated by the problem of evaluation of TRNG for applications with a very high level of security. As current standards such as AIS-31 are not sufficient for these types of applications, the DGA proposes a complementary procedure, validated on TRNG using ring oscillators (RO), which aims to characterize the source of randomness of TRNG in order to identify electronic noises present in it. These noises are manifested in the digital circuits by the clock jitter generated in the RO. They can be characterized by their power spectral density related to the time Allan variance which allows, unlike the standard variance which is still widely used, to discriminate these different types of noise (mainly thermal, flicker). This study was used as a basis for estimating the proportion of jitter due to thermal noise used in stochastic models describing the output of TRNG. In order to illustrate and validate the DGA certification approach on other principles of TRNG apart from RO, we propose a characterization of PLL as a source of randomness. We have modeled the PLL in terms of transfer functions. This modeling has led to the identification of the source of noise at the output of the PLL, as well as its nature as a function of the physical parameters of the PLL. This allowed us to propose recommendations on the choice of parameters to ensure maximum entropy. In order to help in the design of this type of TRNG, we also propose a tool to search for the non-physical parameters of the generator ensuring the best compromise between security and throughput

This thesis work is about the realization of hardware and software systems for Quantum Random Number Generation (QRNG) and Quantum Key Distribution (QKD). Such systems were developed to guarantee a full functionality for a broader investigation of these two cutting edge applications of Quantum Information field. The thesis describes in details both the hardware and the software that were developed for FPGA-CPU board, Time-to-Digital converter (TDC) devices and computers, along with QRNG and QKD specific applications and their results. Randy was the first FPGA-based QRNG device to be developed; it uses a light source attenuated to single-photon level and one single-photon avalanche diode (SPAD). From the sampling of the SPAD electrical signal, the device produces random numbers through dedicated generation protocols and through the Peres unbiasing algorithm in order to maximize the output generation bit rate. Furthermore, the device allows to generate real time random numbers. This feature is used for the time setting of electro-optical components for extending Wheeler’s delayed-choice experiment to space. The same techniques were applied to a second device, LinoSPAD; it combines an FPGA-chip and a CMOS-SPADs array. Moreover, in this device, a TDC improves the photon detection time accuracy. Along with a dedicated post-processing based on Zhou-Bruk algorithm, the TDC allowed to reach a final bit rate equivalent to 300 Mbit/s. As far as QKD systems are concerned, within the collaboration among the University of Padova, the Italian Space Agency (ASI) with the Matera Laser Ranging Observatory (MLRO) and the Chinese Academy of Sciences (CAS) a TDC device management software was developed. The project aim is to realize a quantum cryptographic key exchange between the Chinese satellite Micius and MLRO. The software was designed to manage the entire data acquisition synchronized with UTC time. Furthermore, another software was designed to deal with electro-optomechanical and electro-optical components. The software is aim at the time-variant compensation of the beam angular changes through the optical path. Once again, within a collaboration between ASI and University of Padova, a full free space QKD system over tenths of kilometers was developed. It required the design of various components. This work describes the QKD source along with the dedicated FPGA board design. Such board generates the electrical impulses to control the qubit laser along with the electro-optic phase and intensity modulators.<br>Il presente lavoro di tesi tratta la realizzazione di sistemi hardware e software per Quantum Random Number Generation (QRNG) e Quantum Key Distribution (QKD). Tali sistemi sono stati sviluppati al fine di garantire una completa funzionalità per l’investigazione a tutto campo di queste due applicazioni che ad oggi risultano essere le più promettenti nell’ambito della Quantum Information. Vengono presentati in dettaglio sia l’hardware sia i software utilizzati che sono stati sviluppati per schede FPGA-CPU, dispositivi di Time-to-Digital converter (TDC) e computer. Vengono inoltre descritte le applicazioni specifiche di QRNG e QKD assieme ai risultati ottenuti. Randy è stato il primo dispositivo QRNG sviluppato su scheda FPGA e utilizza una sorgente luminosa attenuata a singolo fotone e un single-photon avalanche diode (SPAD). A partire dal campionamento del segnale elettrico dello SPAD, il dispositivo produce numeri randomici tramite protocolli di generazione appositi e tramite l’applicazione dell’algoritmo di unbiasing di Peres per massimizzare il bit rate. Il dispositivo permette inoltre di generare numeri randomici in tempo reale. Questa caratteristica viene utilizzata per la gestione temporizzata di componenti elettro-ottici per l’estensione allo spazio dell’esperimento a scelta ritardata di Wheeler’s. Le stesse tecniche sono state in seguito applicate ad un secondo dispositivo, LinoSPAD, che integra un chip FPGA e un array di CMOS-SPAD. Tale dispositivo prevede inoltre un TDC per aumentare la precisione temporale di dectection dei fotoni. Questa caratteristica, unita all’uso di una procedure di post-processing appositamente sviluppata e basata sull’algoritmo di Zhou-Bruk, ha permesso di raggiungere un bit rate finale pari a 300 Mbit/s. Per quanto riguarda i sistemi QKD, all’interno di un progetto di collaborazione tra l’Università di Padova, l’Agenzia Spaziale Italiana (ASI) insieme al Matera Laser Ranging Observatory (MLRO) e la Chinese Academy of Sciences (CAS) è stato sviluppato un software di gestione di un dispositivo TDC. Il progetto prevede la realizzazione di uno scambio di chiave crittografica quantistica tra il satellite cinese Micius e l’osservatorio di Matera. Il software è stato progettato per la gestione dell’intera acquisizione dati sincronizzata al tempo UTC. Inoltre è stato sviluppato anche un software per la gestione di componenti elettro-optomeccanici e elettro-ottici atti alla compensazione tempo variante delle variazioni angolari del fascio nel percorso ottico. Sempre all’interno di una collaborazione tra ASI e Università di Padova, è stato sviluppato un sistema completo di QKD free space per distanze nell’ordine di decine di chilometri. Lo sviluppo del sistema ha richiesto la progettazione di molteplici componenti. In questo lavoro viene descritta la parte della sorgente QKD e quindi della progettazione della scheda FPGA dedicata. Tale scheda ha il compito di generare gli impulsi elettrici per il controllo del laser per la produzione dei qubit e per il controllo dei modulatori di fase e di intensità elettro-ottici.

碩士<br>國立成功大學<br>資訊工程學系碩博士班<br>91<br>The biometrics is to make use of in each living creature individual, can represent that individual, and make use of the not same characteristic in other individual. Reach the function that recognize. Such as fingerprint, iris, sound… etc. And in the computer systems, distinguish the user’s different, only have depend on whether ID and passwords form couples or not to decide. With time passed, intruders also develop lots of way or guessing passwords, to get data or personal privacy originally store in system. Enhancing the password systems. It also with the user''s keystroke dynamics at many researches Proved the user''s keystroke is a repeatable occurrence. And adding user''s keystroke dynamics in password system can use the minimum cost to get the biggest benefit. Besides, in addition to user recognizing, we make use of keystroke dynamics and its property of repeatable to record private key of the user. Only the user input his ID and password, system can restore the key that is not stored in the systems. Then provided for other uses, such as using the public key systems, signature ... etc.

Quantum cryptography is arguably the most successfully applied area of quantum information theory. In this work, We invsetigate the role of quantum indistinguishability in random number generation, quantum temporal correlations, quantum nonlocality and counterfactuality for quantum cryptography. We study quantum protocols for key distribution, and their security in the conventional setting, in the counterfactual paradigm, and finally also in the device-independent scenario as applied to prepare-and-measure schemes. We begin with the interplay of two essential non-classical features like quantum indeterminism and quantum indistinguishability via a process known as bosonic stimulation is discussed. It is observed that the process provides an efficient method for macroscopic extraction of quantum randomness. Next, we propose two counterfactual cryptographic protocols, in which a secret key bit is generated even without the physical transmission of a particle. The first protocol is semicounterfactual in the sense that only one of the key bits is generated using interaction-free measurement. This protocol departs fundamentally from the original counterfactual key distribution protocol in not encoding secret bits in terms of photon polarization. We discuss how the security in the protocol originates from quantum single-particle non-locality. The second protocol is designed for the crypto-task of certificate authorization, where a trusted third party authenticates an entity (e.g., bank) to a client. We analyze the security of both protocols under various general incoherent attack models. The next part of our work includes study of quantum temporal correlations. We consider the use of the Leggett-Garg inequalities for device-independent security appropriate for prepare-and-measure protocols subjected to the higher dimensional attack that would completely undermine standard BB84. In the last part, we introduce the novel concept of nonlocal subspaces constructed using the graph state formalism, and propose their application for quantum information splitting. In particular, we use the stabilizer formalism of graph states to construct degenerate Bell operators, whose eigenspace determines the nonlocal subspace, into which a quantum secret is encoded and shared among an authorized group of agents, or securely transmitted to a designated secret retriever. The security of our scheme arises from the monogamy of quantum correlations. The quantum violation of the Bell-type inequality here is to its algebraic maximum, making this approach inherently suitable for the device-independent scenario.

Quantum cryptography is arguably the most successfully applied area of quantum information theory. In this work, We invsetigate the role of quantum indistinguishability in random number generation, quantum temporal correlations, quantum nonlocality and counterfactuality for quantum cryptography. We study quantum protocols for key distribution, and their security in the conventional setting, in the counterfactual paradigm, and finally also in the device-independent scenario as applied to prepare-and-measure schemes. We begin with the interplay of two essential non-classical features like quantum indeterminism and quantum indistinguishability via a process known as bosonic stimulation is discussed. It is observed that the process provides an efficient method for macroscopic extraction of quantum randomness. Next, we propose two counterfactual cryptographic protocols, in which a secret key bit is generated even without the physical transmission of a particle. The first protocol is semicounterfactual in the sense that only one of the key bits is generated using interaction-free measurement. This protocol departs fundamentally from the original counterfactual key distribution protocol in not encoding secret bits in terms of photon polarization. We discuss how the security in the protocol originates from quantum single-particle non-locality. The second protocol is designed for the crypto-task of certificate authorization, where a trusted third party authenticates an entity (e.g., bank) to a client. We analyze the security of both protocols under various general incoherent attack models. The next part of our work includes study of quantum temporal correlations. We consider the use of the Leggett-Garg inequalities for device-independent security appropriate for prepare-and-measure protocols subjected to the higher dimensional attack that would completely undermine standard BB84. In the last part, we introduce the novel concept of nonlocal subspaces constructed using the graph state formalism, and propose their application for quantum information splitting. In particular, we use the stabilizer formalism of graph states to construct degenerate Bell operators, whose eigenspace determines the nonlocal subspace, into which a quantum secret is encoded and shared among an authorized group of agents, or securely transmitted to a designated secret retriever. The security of our scheme arises from the monogamy of quantum correlations. The quantum violation of the Bell-type inequality here is to its algebraic maximum, making this approach inherently suitable for the device-independent scenario.

by Yuen Ching Wah.<br>Thesis (M.Phil.)--Chinese University of Hong Kong, 1998.<br>Includes bibliographical references (leaves 61-[63]).<br>Abstract also in Chinese.<br>Chapter 1 --- Introduction --- p.1<br>Chapter 1.1 --- Why use cryptography? --- p.1<br>Chapter 1.2 --- Why is authentication important ？ --- p.2<br>Chapter 1.3 --- What is the relationship between authentication and digital sig- nature? --- p.3<br>Chapter 1.4 --- Why is random number important? --- p.3<br>Chapter 2 --- Background --- p.5<br>Chapter 2.1 --- Cryptography --- p.5<br>Chapter 2.1.1 --- Symmetric key cryptography --- p.5<br>Chapter 2.1.2 --- Asymmetric key cryptography --- p.7<br>Chapter 2.1.3 --- Authentication --- p.8<br>Chapter 2.2 --- Elliptic curve cryptography --- p.9<br>Chapter 2.2.1 --- Mathematical background for Elliptic curve cryptography --- p.10<br>Chapter 2.3 --- Pseudorandom number generator --- p.12<br>Chapter 2.3.1 --- Linear Congruential Generator --- p.13<br>Chapter 2.3.2 --- Inversive Congruential Generator --- p.13<br>Chapter 2.3.3 --- PN-sequence generator --- p.14<br>Chapter 2.4 --- Digital Signature Scheme --- p.14<br>Chapter 2.5 --- Babai's lattice vector algorithm --- p.16<br>Chapter 2.5.1 --- First Algorithm: Rounding Off --- p.17<br>Chapter 2.5.2 --- Second Algorithm: Nearest Plane --- p.17<br>Chapter 3 --- Several Digital Signature Schemes --- p.18<br>Chapter 3.1 --- DSA --- p.19<br>Chapter 3.2 --- Nyberg-Rueppel Digital Signature --- p.21<br>Chapter 3.3 --- EC.DSA --- p.23<br>Chapter 3.4 --- EC-Nyberg-Rueppel Digital Signature Scheme --- p.26<br>Chapter 4 --- Miscellaneous Digital Signature Schemes and their PRNG --- p.29<br>Chapter 4.1 --- DSA with LCG --- p.30<br>Chapter 4.2 --- DSA with PN-sequence --- p.33<br>Chapter 4.2.1 --- Solution --- p.35<br>Chapter 4.3 --- DSA with ICG --- p.39<br>Chapter 4.3.1 --- Solution --- p.40<br>Chapter 4.4 --- EC_DSA with PN-sequence --- p.43<br>Chapter 4.4.1 --- Solution --- p.44<br>Chapter 4.5 --- EC一DSA with LCG --- p.45<br>Chapter 4.5.1 --- Solution --- p.46<br>Chapter 4.6 --- EC-DSA with ICG --- p.46<br>Chapter 4.6.1 --- Solution --- p.47<br>Chapter 4.7 --- Nyberg-Rueppel Digital Signature with PN-sequence --- p.48<br>Chapter 4.7.1 --- Solution --- p.49<br>Chapter 4.8 --- Nyberg-Rueppel Digital Signature with LCG --- p.50<br>Chapter 4.8.1 --- Solution --- p.50<br>Chapter 4.9 --- Nyberg-Rueppel Digital Signature with ICG --- p.51<br>Chapter 4.9.1 --- Solution --- p.52<br>Chapter 4.10 --- EC- Nyberg-Rueppel Digital Signature with LCG --- p.53<br>Chapter 4.10.1 --- Solution --- p.54<br>Chapter 4.11 --- EC- Nyberg-Rueppel Digital Signature with PN-sequence --- p.55<br>Chapter 4.11.1 --- Solution --- p.56<br>Chapter 4.12 --- EC-Nyberg-Rueppel Digital Signature with ICG --- p.56<br>Chapter 4.12.1 --- Solution --- p.57<br>Chapter 5 --- Conclusion --- p.59<br>Bibliography --- p.61

Radio Frequency IDentification (RFID) provides a way to automate identification and to store information in individual RFID tags. These tags can be attached or embedded in an item to be identified and are read when they enter a RFID reader's antenna field. The Electronic Product Code (EPC) Class 1 Generation 2 (Gen2 for short) is a proper example of passive RFID technology. It represents the key component of an RFID architecture named EPCglobal network. However, if the tag carries more than just an identifier, the privacy of the tag holder may be violated. In this thesis, we deal with privacy issues in two levels of the EPCglobal network to only let authorized entities access private data. Our goal is to ensure that the data exchange from RFID tags to middleware and enterprise applications guarantees the privacy requirements, in environments where privacy control is paramount, e.g., home healthcare monitoring systems. The first part of this dissertation is dedicated to securing data exchange between RFID readers and passive tags. We provide a key establishment and derivation protocol for Gen2 systems, called KEDGEN2, to handle the flawed security model of the Gen2 tag memory access. KEDGEN2 achieves secure data exchange, based on a key generation model adapted to Gen2 tags. To prove the security of our model, we specify the protocol using the High Level Protocol Specification Language (HLPSL) and verify the expected security properties, using the Constraint-Logic based Attack Searcher (CL-AtSe) model checking tool. The current version of the protocol guarantees mutual authentication of participants and forward secrecy of the keys in the presence of active adversaries. It also guarantees backward secrecy with active adversaries bounded by limited communication range, which is consistent with typical RFID environments. As for derived keys, we propose adapting the Solitaire cipher, as a Pseudo-random Number Generator. To complement our approach, an additional filter is added and described in the second part of this dissertation. We focus on the collection of tag information through the RFID middleware component. The middleware is a central point that sits between RFID readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system at this point is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. We propose a privacy-enhanced approach as a part of the RFID middleware of the EPCglobal network, which does not interfere with the standard interface. Our approach is policy driven using some enhanced contextual concepts of the extended Role Based Access Control model. We use specifically, the PrivOrBAC privacy-aware model to store and manage privacy preferences, taking the declared purpose, the accuracy and the explicit consent, as privacy requirements. To show the feasibility of our approach, we provide a proof-of-concept prototype that we apply to the Fosstrak plateform, an open-source implementation of the EPCglobal specifications.