【作者】 张盛；

【导师】 唐朝京；

【作者基本信息】 国防科学技术大学 ， 军队指挥学， 2012， 博士

【摘要】 量子信息学是近三十年来兴起的一门新型交叉学科，它的内容涉及到计算机科学、物理学以及数学等多门经典学科。量子信息学的特点是利用量子力学的基本原理实现信息编码、信息处理以及信息传输等任务。例如，量子力学与计算机科学结合便产生了量子计算机，量子计算机因其信息处理速度远远超过经典计算机，对现有的数学密码构成了严重的威胁。随着信息技术的不断普及，信息安全变得越来越重要，信息安全领域急需一种可以对抗量子计算机的新型密码，于是，量子密码由此而产生。量子密码是量子安全通信的理论基础，它的首要特征是具有无条件安全特性。换句话说，即使攻击者拥有无穷的计算资源，只要她不违背量子力学，便无法破解量子密码。与基于计算复杂度的数学密码相比，量子密码从物理本质上保证了信息安全，具体而言，它的安全建立在量子不可克隆原理与量子测不准原理两个最基本的量子力学基本原理之上，从理论上来讲，信道中的任何窃听行为都可以被量子密码检测到。到目前为止，量子密码与量子通信已经形成了相对成熟的理论体系。特别是量子密码，从1984年出现的第一个量子密钥分配协议到今天市场上出现的商用量子密钥分配系统，在不到三十年的时间里，各种新颖的量子密码理论和实现方案相继被提出。在可以预见的未来，以量子密码为核心的量子安全通信将成为人们日常生活的重要组成部分。到目前为止，量子安全通信领域仍然存在许多理论问题有待于进一步解决。例如，新型量子密码方案设计与安全性证明问题、实用的量子密码网络设计以及实际量子密码系统的安全问题等。为了进一步推动量子安全通信的理论发展与实用化进程，本文依托国家自然科学基金以及国防科技大学科研计划项目，从信息对抗的角度对量子安全通信的相关理论问题展开研究。信息对抗的内涵十分广泛，其中，信息保密与信息窃取是信息对抗的重要研究内容，二者构成了“防与攻”两个对立面。当信息对抗的概念延伸到量子领域，便产生了量子信息对抗。本文以量子密码以及针对量子密码的攻击为主线，重点研究了反事实量子密钥分配协议（QKD）设计与安全证明、基于连续变量的特殊量子密码协议设计与安全性分析、高效量子网络通信方案设计以及针对实际量子密码系统的攻击方案设计等理论问题。论文的主要研究内容包括：（1）反事实量子密钥分配与量子掷币反事实量子密钥分配（CQKD）是最近出现的新型量子密码。CQKD协议的特点是不需要传输信号光子，通信双方便可以建立绝对安全的密钥。这种违背传统思维的密钥分配方式具有直观意义上的安全，即密钥信息没有经过信道传输。与传统的QKD协议相比，CQKD协议先天具有抵抗光子分裂数攻击的安全优势。目前，CQKD的无条件安全性已经得到严格的数学证明，但是，由于已有的证明方案采用的是等效变换法，而该方案还没有对等效协议与原协议的等效性进行严格的证明，因此，该方案还有待于进一步完善。本文利用量子信息论的方法，对已有的CQKD协议进行了严格的安全性证明，解决了已有证明方案存在的缺陷。另外，提出了一种反事实量子确定性密钥分配方案，解决了现有方案只能分配随机密钥的问题，新方案的优势在于能够同时分配随机密钥与确定性密钥。量子掷币是量子密码的研究热点之一。掷币是密码原语之一，掷币协议可以在相互隔离且不信任的双方之间产生一个随机比特。虽然理论证明显示，无论是经典掷币协议还是量子掷币协议都不可能无条件安全。但是，与经典的掷币协议相比，量子掷币协议仍然具有先天的安全优势。到目前为止，大部分的量子掷币协议是单比特协议，即只产生一个比特值做为最终的掷币结果。然而，单比特量子掷币协议的问题在于无法在实际信道中达到应有的安全性。本文提出一种新的量子掷币方案，使得单比特量子掷币协议具有噪声容忍特性，大大提高了单比特量子掷币协议的实用性。（2）基于连续变量的量子密码协议利用压缩态，实现了一个四进制非高斯对称调制的量子密钥分配协议，与已有的多进制调制协议相比，该方案的安全性不会随着噪声的增加而出现严重衰减的现象，另外，该方案的效率明显高于二进制调制协议。利用压缩态，实现了一个同时具有身份认证与密钥分配功能的复合量子协议，该方案的最大特点是量子协议与量子协议的复合，在提高实用性的同时，兼顾了安全性，为量子密码协议的实用性研究提供了一种新的思路。（3）高效量子网络通信方案设计随着用户数量的增加，量子通信网络也会出现效率降低的问题。基于量子数据压缩算法以及Grover搜索算法，设计了一个高效的量子子网通信方案，该方案的最大特点是首次将量子计算中的加速算法用于量子通信，用于提高量子网络通信效率。另外，量子网络编码方案是提高量子通信效率的另一种有效方式，本文对已有的基于自由经典通信的量子网络编码方案进行了改进。一般而言，量子通信网络中存在大量的纠缠粒子对，利用这些纠缠对可以实施远程传态，因此，纠缠对实际上相当于一条隐形信道，本文设计的量子网络编码方案适用于任意分布隐形信道的量子通信网络，与已有方案相比，更具一般性。最后，基于实际应用场景，即秘密会议，设计了一种具有网络拓扑自适应特性的量子秘密会议通信方案，该方案由两个子方案构成，能够应用于不同网络拓扑结构的量子通信网络中。（4）实际量子密码系统安全分析实际量子密码系统安全分析是近年来最新出现的量子密码研究热点之一，其主要思路是首先寻找实际系统的漏洞，然后基于漏洞设计巧妙的攻击方法，并计算该攻击方法带来的误码率或者实际系统的密钥泄漏值，最后设计有效的方法弥补漏洞，从而改进实际量子密码系统的安全。本文的主要工作有：发现现有反事实量子密钥分配实现系统的一个漏洞，并基于该漏洞设计了一种特殊的量子特洛伊木马攻击方案，由于该攻击方案是利用量子反事实效应实现，因而比传统的特洛伊木马攻击更强，从理论上来讲，该方案可以实现在不扰动系统的前提下获取全部的密钥信息；另外，利用已经报道的雪崩二极管单光子探测器漏洞，设计了一种针对反事实量子密钥分配系统的时间变换攻击，该方案表明，探测器漏洞不仅影响传统的量子密钥分配系统安全性，同时也对反事实量子密码系统造成影响；最后，对最新报道的两种针对商用量子密钥分配系统的虚假信号攻击方案进行了改进，设计了一种新的虚假信号攻击方法，该方案利用了雪崩二极管的后脉冲效应先验知识对攻击所造成的误码率进行抑制，分析结果表明，该方案比现有方案更具隐蔽性和可实施性。更多还原

【Abstract】 Quantuminformationisanewly-bornmultidisciplinarysubject,whichcoversseveralclassicalareas,suchascomputerscience,physics,andmathematics. Themajordistinctionof quantum information is known as that tasks, e.g., the information coding, processingandtransmission, canbeachievedusingquantummechanics. Forinstance, quantumcom-puter, which is a combination of quantum mechanics and computer science, and is morepowerfulthanallknownclassicalcomputers,ismakingtroublesforexistingcryptographicsystems. With the popularization of information technology, the demand of informationsecurity is becoming increasingly intensive. Consequently, quantum cryptography wasinvented to meet the requirements.It is known that quantum cryptography，which provides fundamental principles forquantum secure communications, is unconditionally secure in theory. In other words, aneavesdropper,Eve,whoissupposedtobeonlyrestrictedbyquantumlaws,canneverbreakthe system even if she possesses unlimited computation resources. In contrast with math-ematical cryptography, which bases its security on computational complexities, quantumcryptography protects the information in nature, since their security is based on the quan-tum laws, i.e., quantum no-cloning theorem and quantum uncertainty principle. Theo-retically, any eavesdropping in the channel can be detected using quantum cryptography.Therefore, it is definite that quantum cryptography contributes to implementing securecommunications. Up to date, quantum cryptography and quantum communication haveemerged to be a relatively mature system in theory, especially for quantum cryptography,ithasonlybeennomorethan30yearssincethefirstquantumkeydistributionprotocolwasannounced, and now we are able to buy commercial products of quantum cryptographicsystem in the market. Also, various schemes of new protocols and implementations ofquantum cryptography were proposed during these years. Obviously, it can be expectedthat quantum cryptography is becoming one major part of people’s everyday-life in thecoming decades.Up to now, there are still many problems left for further investigations in quantumsecure communications. For example, it is worthy to further study how to devise newquantum cryptography protocols and prove their security, how to implement practical net- works in which quantum cryptography is applied, and how to ensure the security of prac-tical quantum cryptography systems. Motivated by the theoretical interests on quantumsecure communications and accelerating the progress of applying quantum technologiesin real life, also supported by the National Nature Science Foundation of China and theplanning projects of the National University of Defense Technology, this dissertation isdevoted to the investigations of above problems with a new prospect, i.e., informationcounter-working. Generally, information counter-working covers a wide range of topics,among which is the pairwise one, i.e., the information privacy and attacks. Naturally, anew notion, namely quantum information counter-working, is developed by extending theidea of information counter-working into quantum domain. Consequently, the central lineof this dissertation is the topic about quantum cryptography and the attacks on quantumcryptographic systems. Explicitly, it contains sub-topics on the protocols and securityproofs of counterfactual quantum cryptography, continuous-variables quantum cryptog-raphy, quantum communication schemes with high efficiency, and quantum hacking. Thecontributions read as follow:(1) Counterfactual quantum key distribution and quantum coin flippingAs a new paradigm of quantum cryptography, counterfactual quantum key distribu-tion enables two spacially separated parties to share a private key without transmitting anysignal particle. This counter-intuition immediately implies the security, i.e., no key travelsthrough the channel, thus, essentially exhibits security advantages, such as the immunityto the photon number splitting attacks. Existed proof on the security of this new paradigmseems to be unsatisfactory, since the equivalence between the original protocol and thetranslated one should be reconsidered. A new proof, which is more strict than the previ-ous one, is proposed in this dissertation using quantum informatics. At the same time, anew protocol, which outperforms the previous ones on that it produces deterministic keys,is announced.Quantumcoinflippingisanotherhottopicofquantumcryptography. Originally,coinflipping is a cryptographic primitive which allows two separated and untrusted partiesto generate a random bit. Although theoretical proofs have showed that unconditionalsecure coin flipping is impossible, quantum coin flipping does have an advantage overthe conventional one since the later one can be cracked by quantum computers. So far,mostquantumcoinflippingprotocolsareofsingle-shottype, inotherwords, mostofthem produces a single bit as the outcome. However, it should noticed that single-shot quantumcoin flipping protocols might be totally insecure in a real-life channel. To address thisproblem, a new single-shot quantum coin flipping protocol, which is noise-tolerant, isproposed.(2) Continuous-variable quantum cryptography protocolsA new quantum key distribution protocol based on squeezed states is announced, itdistinguishesothersfromthatthestatesaremodulatedwithfouralphabeticletterssymmet-rically, and the modulation is non-gaussian. Two advantages can be found: the securitydoes not degenerate fast with the increase of noise; The efficiency is higher than that ofthe binary-modulated protocols. At the same time, a composed quantum protocol of iden-tity authentication and key distribution is declared using squeezed states. It originates theidea of combining different quantum protocols to improve the practicability of quantumcryptography without any loss of security.(3) Quantum network communication protocols with high efficiencyWiththeincreaseofthenumberofnetworkusers,itisofmuchimportancetoimprovethe communication efficiency of quantum networks. Motivated by this idea, a new quan-tum subnet communication scheme with high efficiency is proposed using quantum datacompression and Grover searching algorithm. Remarkably, this new scheme contributesto bridging the quantum communication and quantum computing algorithms. Quantumnetwork coding is an alternative way to improve the communication efficiency, this dis-sertation has improved the very scheme on quantum network coding with free classicalcommunication. There may be thousands of entangled pairs, upon which quantum tele-portation is available, in a given quantum communication network. Intrinsically, theseentangled pairs are equivalent with hidden channels, the presented scheme is more gen-eral and outperforms the previous ones on the fact that it is still applicable to quantumnetworks with arbitrarily distributed hidden channels. In addition, a network-topology-adaptive quantum secret conference protocol with high efficiency is proposed based ontwo fundamental sub-protocols. Generally, this protocol can be applied to quantum net-works with different topologies.(4) Security analysis of practical quantum cryptography systemsRecently, the subject, namely the security analysis of practical Quantum cryptogra-phy systems, has become one of the hottest subject in quantum cryptography. It generally accomplishes the task of improving the security performance of practical quantum cryp-tography systems by amending their loopholes, which can be employed to launch specificattacks. Our work is presented as follow: First, we explore a new loophole existed in realimplementations of counterfactual quantum cryptography, and devise a new Trojan horseattack, namely the counterfactual attack, based on this new loophole. It is showed thatthe presented attack outperforms all known Trojan horse attacks on that the system can betotally broken even if the imperfection is slight enough. In other words, Eve can extractthe entire key without disturbing the system with our attack. Second, a new time-shift at-tack to real implementations of counterfactual quantum cryptography is announced basedon the reported loophole of avalanche photodiode detectors, it is showed that the reportedimperfection not only threatens the conventional quantum cryptography systems, but alsodegenerates the security of counterfactual ones. At last, a fake-state attack on commercialquantum cryptosystems is proposed, the presented attack is an improvement of two newlyreported attacks on commercial systems. It is showed that the quantum bit error rate canbe reduced using the knowledge of the afterpulsing effect of the avalanche photodiodedetectors. Therefore, the improved attack is more difficult to be detected and easier to beimplemented.更多还原