Quantum Key Distribution in the Classical Authenticated Key Exchange Framework

  • Michele Mosca
  • Douglas Stebila
  • Berkant Ustaoğlu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7932)


Key establishment is a crucial primitive for building secure channels in a multi-party setting. Without quantum mechanics, key establishment can only be done under the assumption that some computational problem is hard. Since digital communication can be easily eavesdropped and recorded, it is important to consider the secrecy of information anticipating future algorithmic and computational discoveries which could break the secrecy of past keys, violating the secrecy of the confidential channel.

Quantum key distribution (QKD) can be used generate secret keys that are secure against any future algorithmic or computational improvements. QKD protocols still require authentication of classical communication, although existing security proofs of QKD typically assume idealized authentication. It is generally considered folklore that QKD when used with computationally secure authentication is still secure against an unbounded adversary, provided the adversary did not break the authentication during the run of the protocol.

We describe a security model for quantum key distribution extending classical authenticated key exchange (AKE) security models. Using our model, we characterize the long-term security of the BB84 QKD protocol with computationally secure authentication against an eventually unbounded adversary. By basing our model on traditional AKE models, we can more readily compare the relative merits of various forms of QKD and existing classical AKE protocols. This comparison illustrates in which types of adversarial environments different quantum and classical key agreement protocols can be secure.


quantum key distribution authenticated key exchange cryptographic protocols security models 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)Google Scholar
  3. 3.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)Google Scholar
  4. 4.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols (extended abstract). In: Proc. 42nd Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE Press (2001)Google Scholar
  5. 5.
    Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proc. IEEE International Conf. on Computers, Systems and Signal Processing, pp. 175–179. IEEE (December 1984)Google Scholar
  6. 6.
    Ekert, A.K.: Quantum cryptography based on Bell’s theorem. Physical Review Letters 67, 661–663 (1991)Google Scholar
  7. 7.
    Biham, E., Huttner, B., Mor, T.: Quantum cryptographic network based on quantum memories. Physical Review A 54(4), 2651–2658 (1996)Google Scholar
  8. 8.
    Mayers, D.: Quantum key distribution and string oblivious transfer in noisy channels. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 343–357. Springer, Heidelberg (1996)Google Scholar
  9. 9.
    Lo, H.K., Chau, H.F.: Unconditional security of quantum key distribution over arbitrarily long distances. Science 283(5410), 2050–2056 (1999)Google Scholar
  10. 10.
    Biham, E., Boyer, M., Boykin, P.O., Mor, T., Roychowdhury, V.: A proof of the security of quantum key distribution (extended abstract). In: Proc. 32nd Annual ACM Symposium on the Theory of Computing (STOC), pp. 715–724. ACM Press (2000)Google Scholar
  11. 11.
    Shor, P., Preskill, J.: Simple proof of security of the BB84 quantum key distribution protocol. Physical Review Letters 85(2), 441–444 (2000)Google Scholar
  12. 12.
    Inamori, H.: Security of practical time-reversed EPR quantum key distribution. Algorithmica 34(4), 340–365 (2002)Google Scholar
  13. 13.
    Gottesman, D., Lo, H.K., Lütkenhaus, N., Preskill, J.: Security of quantum key distribution with imperfect devices. Quantum Information and Computation 4(5), 325–360 (2004)Google Scholar
  14. 14.
    Renner, R.: Security of Quantum Key Distribution. PhD thesis, Swiss Federal Institute of Technology Zürich (2005)Google Scholar
  15. 15.
    Paterson, K.G., Piper, F., Schack, R.: Quantum cryptography: A practical information security perspective. In: Zukowski, M., Kilin, S., Kowalik, J. (eds.) Proc. NATO Advanced Research Workshop on Quantum Communication and Security. NATO Science for Peace and Security Series, Sub-Series D: Information and Communication Security, vol. 11. IOS Press (2007),
  16. 16.
    Alléaume, R., Bouda, J., Branciard, C., Debuisschert, T., Dianati, M., Gisin, N., Godfrey, M., Grangier, P., Länger, T., Leverrier, A., Lütkenhaus, N., Painchault, P., Peev, M., Poppe, A., Pornin, T., Rarity, J., Renner, R., Ribordy, G., Riguidel, M., Salvail, L., Shields, A., Weinfurter, H., Zeilinger, A.: SECOQC white paper on quantum key distribution and cryptography (January 2007),
  17. 17.
    Stebila, D., Mosca, M., Lütkenhaus, N.: The case for quantum key distribution. In: Sergienko, A., Pascazio, S., Villoresi, P. (eds.) QuantumComm 2009. LNICST, vol. 36, pp. 283–296. Springer, Heidelberg (2010)Google Scholar
  18. 18.
    Ioannou, L.M., Mosca, M.: A new spin on quantum cryptography: Avoiding trapdoors and embracing public keys. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 255–274. Springer, Heidelberg (2011)Google Scholar
  19. 19.
    Unruh, D.: Everlasting quantum security. Cryptology ePrint Archive, Report 2012/177 (2012),
  20. 20.
    Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Designs, Codes and Cryptography 67(2), 245–269 (2013)Google Scholar
  21. 21.
    Cachin, C., Maurer, U.: Unconditional security against memory-bounded adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1297, pp. 292–306. Springer, Heidelberg (1997)Google Scholar
  22. 22.
    Müller-Quade, J., Unruh, D.: Long-term security and universal composability. Journal of Cryptology 23(4), 594–671 (2010)Google Scholar
  23. 23.
    Ustaoglu, B.: Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman protocols. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 183–197. Springer, Heidelberg (2009)Google Scholar
  24. 24.
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences 18(2), 143–154 (1979)Google Scholar
  25. 25.
    Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22(3), 265–279 (1981)Google Scholar
  26. 26.
    Ben-Or, M., Horodecki, M., Leung, D.W., Mayers, D., Oppenheim, J.: The universal composable security of quantum key distribution. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 386–406. Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Ben-Or, M., Mayers, D.: General security definition and composability for quantum & classical protocols (2004); arXiv:quant-ph/0409062.Google Scholar
  28. 28.
    Fehr, S., Schaffner, C.: Composing quantum protocols in a classical environment. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 350–367. Springer, Heidelberg (2009)Google Scholar
  29. 29.
    Unruh, D.: Simulatable security for quantum protocols arXiv:quant-ph/0409125. Extended abstract published as [31]Google Scholar
  30. 30.
    Unruh, D.: Universally composable quantum multi-party computation (full version) (October 2009); arXiv:0910.2912. Short version published as [31]Google Scholar
  31. 31.
    Unruh, D.: Universally composable quantum multi-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010)Google Scholar
  32. 32.
    Aharonov, D., Ben-Or, M., Eban, E.: Interactive proofs for quantum computations. In: Yao, A.C.C. (ed.) Proc. Innovations in Computer Science (ICS 2010), pp. 453–469 (October 2010)Google Scholar
  33. 33.
    Cremers, C.: Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK. In: Proc. 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), pp. 80–91. ACM (2011)Google Scholar
  34. 34.
    Mosca, M., Stebila, D., Ustaoğlu, B.: Quantum key distribution in the classical authenticated key exchange framework. Cryptology ePrint Archive, Report 2012/361 (2012),,
  35. 35.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer (2003)Google Scholar
  36. 36.
    Christandl, M., Renner, R., Ekert, A.: A generic security proof for quantum key distribution (February 2004),
  37. 37.
    Shoup, V.: Sequences of games: A tool for taming complexity in security proofs, (2006) (first version appeared in 2004)
  38. 38.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.A.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28(2), 119–134 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Michele Mosca
    • 1
    • 2
  • Douglas Stebila
    • 3
  • Berkant Ustaoğlu
    • 4
  1. 1.Institute for Quantum Computing and Dept. of Combinatorics & OptimizationUniversity of WaterlooWaterlooCanada
  2. 2.Perimeter Institute for Theoretical PhysicsWaterlooCanada
  3. 3.Information Security DisciplineQueensland University of TechnologyBrisbaneAustralia
  4. 4.Department of MathematicsIzmir Institute of TechnologyUrlaTurkey

Personalised recommendations