[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2020211954A1 - Device and method for performing information reconciliation in a quantum key distribution system - Google Patents

Device and method for performing information reconciliation in a quantum key distribution system Download PDF

Info

Publication number
WO2020211954A1
WO2020211954A1 PCT/EP2019/060182 EP2019060182W WO2020211954A1 WO 2020211954 A1 WO2020211954 A1 WO 2020211954A1 EP 2019060182 W EP2019060182 W EP 2019060182W WO 2020211954 A1 WO2020211954 A1 WO 2020211954A1
Authority
WO
WIPO (PCT)
Prior art keywords
error correction
correction codeword
qkd
positions
codeword
Prior art date
Application number
PCT/EP2019/060182
Other languages
French (fr)
Inventor
Fred Chi Hang FUNG
Jesús MARTINEZ-MATEO
Vicente MARTIN
Original Assignee
Huawei Technologies Duesseldorf Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Duesseldorf Gmbh filed Critical Huawei Technologies Duesseldorf Gmbh
Priority to CN201980091276.6A priority Critical patent/CN113396556B/en
Priority to PCT/EP2019/060182 priority patent/WO2020211954A1/en
Publication of WO2020211954A1 publication Critical patent/WO2020211954A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Definitions

  • the present invention generally relates to the field of the Quantum Key Distribution (QKD). More specifically, the present invention relates to a device and a method for efficiently performing information reconciliation in the QKD. The invention also relates to devices and methods that generate a secret key based on the QKD.
  • QKD Quantum Key Distribution
  • QKD post-processing is a process performed on a classical computing device, which transforms a raw key to a final secret key. It generally, it comprises three main steps: parameter estimation, information reconciliation, and privacy amplification.
  • a device that performs the post processing uses an error correction code that is optimized for this operating condition. For example, it may be necessary or at least (highly) desirable to choose an error correction code with a maximum error correcting capability that matches the operating condition. This is, because the performance of the QKD (particularly Continuous- Variable (CV)-QKD) is sensitive to the error correction efficiency of the error correction code for the current operation.
  • CV Continuous- Variable
  • each error correction code is optimized for one SNR.
  • an error correction code may be chosen, which is the most efficient for correcting errors in the data strings characterized by the given SNR.
  • the conventional devices and methods have also the disadvantage that they require (too) many error correction codes to be designed, stored and deployed.
  • the length of the error correction codewords can be large, and this entails a large parity- check matrix or generator matrix to describe the error correction code, which have to be stored and loaded during operation.
  • embodiments of the present invention aim at improving the conventional devices and methods. It is an objective to post-process data in the QKD with smooth operation even under SNR variations.
  • a first aspect of the invention provides a device for performing information reconciliation in a QKD, system, the device being configured to obtain QKD data; obtain an initial error correction codeword; determine, based on a SNR and/or BER of the QKD data, a number of punctures N > 0 to be performed on the initial error correction codeword; and generate an output error correction codeword by puncturing the initial error correction codeword at N positions.
  • the device may be (or may be incorporated in) the transmitting device and/or the receiving device in the QKD system.
  • the device may comprise hardware and software.
  • the hardware may comprise analog or digital circuitry, or both analog and digital circuitry.
  • the digital circuitry may comprise components such as application-specific integrated circuits (ASICs), field-programmable arrays (FPGAs), digital signal processors (DSPs), or multi-purpose processors.
  • the device comprises one or more processors and a non volatile memory connected to the one or more processors.
  • the non-volatile memory may carry executable program code, which, when executed by the one or more processors, causes the device to perform the operations or methods described herein.
  • one standalone device may be provided for each of the transmitting device and the receiving device of the QKD system.
  • the device may be a part of the transmitting device and of the receiving device of the QKD system.
  • the (initial) error correction code may include a plurality of codewords which hereinafter are referred to as (initial) error correction codewords.
  • the initial error correction codeword may be punctured and one or more output error correction codewords may be generated. The number of the punctured positions may be determined based on the SNR and/or BER of the QKD data.
  • the error correction code may be used for correcting errors.
  • the number of the punctured positions may be determined based on a characteristic of the initial error correction code.
  • each additional punctured bit may change the code rate slightly, and this may allow to have a more fine-grained adaptation of the code rate to the current operating SNR.
  • a specific output error correction code may be generated for each SNR.
  • the N positions are randomly selected.
  • the puncturing of the error correction codeword may be performed in random positions.
  • the output error correction codeword is generated based on dynamic puncturing, in particular, on-the-fly puncturing.
  • the device is further configured to determine the SNR/BER of the QKD data.
  • the device may determine the SNR/BER of the QKD data. Moreover, based on the determined SNR/BER of the QKD data, the number of punctures may be determined, and the output error correction codeword may be generated, which may be specific to the determined SNR/BER of the QKD data.
  • the initial error correction codeword is based on a systematic code comprising a parity-check matrix including information bits and parity bits.
  • puncturing the initial error correction codeword comprises extracting N bits from the initial error correction codeword, in particular from the parity bits, wherein the N positions of the extracted N bits correspond to positions within an identity matrix of the parity-check matrix.
  • the device is further configured to provide the N positions of the puncturing to another device.
  • the device is further configured to compute a syndrome based on the parity-check matrix; and provide the computed syndrome to the other device.
  • the device is further configured to generate random data; and fill the N punctured positions by the generated random data.
  • the non-punctured positions of the initial error correction codeword are associated with the QKD data.
  • the number of punctures, N is further determined based on a characteristic of an error correction code.
  • the device is further configured to perform privacy amplification based on the generated output error correction codeword.
  • performing the privacy amplification comprises generating a secret key based on the generated output error correction codeword.
  • a second aspect of the invention provides a method for performing information reconciliation in a Quantum Key Distribution, QKD, system, the method comprising: obtaining QKD data; obtaining an initial error correction codeword; determining, based on a Signal to Noise Ratio, SNR, and/or Bit Error Rate, BER, of the QKD data, a number of punctures N > 0 to be performed on the initial error correction codeword; and generating an output error correction codeword by puncturing the initial error correction codeword at N positions.
  • QKD Quantum Key Distribution
  • the N positions are randomly selected.
  • the method further comprising: determining the SNR/BER of the QKD data.
  • the initial error correction codeword is based on a systematic code comprising a parity-check matrix including information bits and parity bits.
  • the method further comprising: extracting N bits from the initial error correction codeword, in particular from the parity bits, wherein the N positions of the extracted N bits correspond to positions within an identity matrix of the parity-check matrix.
  • the method further comprising: providing the N positions of the puncturing to another device.
  • the method further comprising: computing a syndrome based on the parity-check matrix; and providing the computed syndrome to the other device.
  • the method further comprising: generating random data; and filling the N punctured positions by the generated random data.
  • non-punctured positions of the initial error correction codeword are associated with the QKD data.
  • the number of punctures, N is further determined based on a characteristic of an error correction code.
  • the method further comprising: performing privacy amplification based on the generated output error correction codeword.
  • performing the privacy amplification comprises generating a secret key based on the generated output error correction codeword.
  • a third aspect of the invention provides a computer program product including computer program code, which, when executed by a processor, causes the method according to the second aspect to be performed.
  • the error correction codewords can be adapted on the fly.
  • FIG. 1 is a schematic view of a device for performing information reconciliation in a QKD system, according to an embodiment of the present invention.
  • FIG. 2 is a schematic view of generating an output error correction codeword by puncturing the initial error correction codeword.
  • FIG. 3 is a schematic view of generating an output error correction codeword by puncturing the initial error correction codeword at parity bits.
  • FIG. 4 is a flowchart of a method for generating an output error correction codeword by puncturing the initial error correction codeword, according to an embodiment of the present invention.
  • FIG. 5 is a schematic view of generating an output error correction codeword by puncturing and further filling the punctured positions by random data.
  • FIG. 6 is a schematic view of generating an output error correction codeword by puncturing and marking the punctured positions.
  • FIG. 7 is a flowchart of a method for generating an output error correction codeword by puncturing in the positions within an identity matrix of a parity-check matrix, according to an embodiment of the present invention.
  • FIG. 8 is a flowchart of a method for generating an output error correction codeword using binary DV-QKD data, according to an embodiment of the present invention.
  • FIG. 9 is a flowchart of a method for performing information reconciliation in a QKD system, according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of a method including QKD post-processing, according to prior art.
  • FIG. 10 is a flowchart of a QKD post processing procedure 1000.
  • a transmitting device 1200 (corresponding to the user Alice) generates quantum states, and further transmits the quantum states to a receiving device 1100 (corresponding to the user Bob), in the presence of an eavesdropper 1300 (corresponding to Eve).
  • the terms“transmitting device” and “Alice” will be used interchangeably.
  • the terms“receiving device” and“Bob” will be used interchangeably.
  • the receiving device 1100 further measures the transmitted quantum states. Moreover, the transmitting device 1200 and the receiving device 1100 may further generate the raw keys based on their corresponding quantum states and/or the measurement results of them.
  • the transmitting device 1200 may perform the QKD post-processing (i.e., S1201 in FIG. 10) and/or the receiving device 1100 may perform the QKD post-processing (i.e., SI 101 in FIG. 10).
  • Alice and Bob estimate the properties of the quantum channel, which allow them to infer how much error is in the raw key, and how much information about the raw key has been leaked to Eve.
  • Alice and Bob correct the differences in their keys to arrive at matching keys. In most cases, only one of them performs error correction on one’s key to match the other’s key.
  • Alice and Bob perform a length-shortening operation that is specially designed to remove Eve’s information on the key.
  • the present invention is particularly related to the information reconciliation.
  • the privacy amplification may be performed and a secret key may be generated.
  • the information reconciliation scheme illustrated in FIG. 10 is based on a reverse reconciliation, in which, the error correction information is sent by Bob to Alice so that Alice corrects her string to match Bob’s string.
  • the QKD can also work with direction reconciliation in which the error correction information is sent by Alice to Bob so that Bob corrects his string to match Alice’s string, without limiting the present disclosure to a specific reconciliation procedure.
  • FIG. 1 is a schematic view of a device 100 for performing information reconciliation in a QKD system 1, according to an embodiment of the present invention.
  • the device 100 may comprise processing circuitry (not shown) configured to perform, conduct or initiate the various operations of the device 100 described herein.
  • the processing circuitry may comprise hardware and software.
  • the hardware may comprise analog circuitry or digital circuitry, or both analog and digital circuitry.
  • the digital circuitry may comprise components such as application- specific integrated circuits (ASICs), field-programmable arrays (FPGAs), digital signal processors (DSPs), or multi-purpose processors.
  • the processing circuitry comprises one or more processors and a non-transitory memory connected to the one or more processors.
  • the non-transitory memory may carry executable program code which, when executed by the one or more processors, causes the device 100 to perform, conduct or initiate the operations or methods described herein.
  • the QKD system 1 may be a Continues- Variable (CV) QKD system or a Discrete Variables (DV) QKD system.
  • CV Continues- Variable
  • DV Discrete Variables
  • the device 100 is configured to obtain QKD data 101.
  • the QKD data 101 may be CV-QKD data or DV-QKD data.
  • the device 100 is further configured to obtain an initial error correction codeword 102.
  • the device 100 is further configured to determine, based on a SNR and/or BER of the QKD data 101, a number of punctures N > 0 to be performed on the initial error correction codeword 102.
  • the device 100 is further configured to generate an output error correction codeword 103 by puncturing the initial error correction codeword 102 at N positions.
  • the device 100 may generate the output error correction codeword based on the random puncturing of the initial error correction codeword. Moreover, in some embodiments, the device 100 may further puncture a generated (i.e., currently punctured) output error correction codeword and further generate another error correction codeword. In other words, in some embodiments, an output error correction codeword may be used as an initial error correction codeword, or the like. Hence, in some embodiments, the device 100 may dynamically construct an error correction codeword that adapts to the current operating SNR/BER. Reference is made to FIG. 2, which is a schematic view of generating an output error correction codeword 103 by puncturing the initial error correction codeword 102.
  • a generic codeword which represents an initial error correction codeword 102, in which the redundancy for error correction is spread out over all the bits of the codeword.
  • the initial error correction codeword 102 has a predetermined structure including n bits and comprises bits representing message information (also hereinafter referred to as information bits) and parity information (also hereinafter referred to as parity bits).
  • the device 100 may puncture the initial error correction codeword 102 at random positions. Moreover, the device 100 may determine the number of punctures N to be performed, e.g., the device 100 may select N bits to be punctured. Additionally, the device 100 generates the output error correction codeword 103.
  • the output error correction codeword 103 includes (n-N) bits and comprises bits representing information bits and parity bits.
  • FIG. 3 is a schematic view of generating an output error correction codeword 103 by puncturing the initial error correction codeword 102 at parity bits 302.
  • the error correction codeword 102 may be based on a systematic code. Moreover, the error correction codeword 102, which may have a clear separation between the information bits 301 (e.g., which represent the original uncoded message) and the parity bits 302 (e.g., which are the redundancy added for protection against noise).
  • the device 100 may perform puncturing on the initial error correction codeword 102, for example, by extracting N bits from the initial error correction codeword 102, in particular from the parity bits 302.
  • the N positions of the extracted N bits may correspond to positions within an identity matrix of the parity-check matrix.
  • a better performance may be achieved, when the puncturing is performed on the parity bits 302 and not on the information bits 301.
  • a decoding may be performed, which may take into account the punctured positions.
  • FIG. 4 is a flowchart of a method 400 for generating an output error correction codeword 103 by puncturing the initial error correction codeword 102.
  • the device 100 may be, or may be incorporated in, the transmitting device and/or the receiving device.
  • the device 100 is the receiving device (Bob) and performs the steps 401 to 407 of the method 400.
  • Bob i.e., the device 100, also the receiving device
  • Alice the transmitting device 110
  • An error correction codeword 102 of the code is associated with a code word length of “n” and a message length“k”, with a code rate“k/n”.
  • the error correction code may correct errors up to a certain SNR/BER.
  • Bob and Alice determine the SNR and/or BER of their QKD data 101.
  • Bob i.e., the device 100 determines the N number of punctured positions based on the determined value of the SNR and/or BER (determined in step 402).
  • the device 100 (Bob) randomly selects the punctured positions (e.g., to be performed on the error correction codeword 102).
  • Bob informs Alice about the selected positions.
  • Bob may send a message to Alice, the message may include the randomly selected punctured positions, number of the punctures, etc. Furthermore, Alice obtains the punctured positions.
  • Bob generates the (output) error correction codewords 103 for further error correction. It is assumed that Bob’s QKD data is already in binary form. This may be done by some mapping. Moreover, Alice may also form her word. For example, Alice and Bob may form their error correction codewords 103 by filling in the non-punctured positions with their respective QKD data 101 in the same order. Bob additionally fills in the N punctured positions with random data generated by the device 100. Alice simply marks the N punctured positions.
  • Bob computes a syndrome by multiplying the parity-check matrix with his generated output error correction codewords 103, and sends the syndrome to Alice.
  • Alice receives the computed syndrome from Bob, performs decoding of her noisy word taking into account the N punctured positions. For example, with a soft decoding, the probability for a punctured bit may be initialized to be unbiased between 0 and 1. If the decoding succeeds without error, she may obtain a codeword that is the same as Bob’s.
  • Alice and Bob perform privacy amplification on their obtained matching string in order to generate the final secret key.
  • n bits corresponding to the whole codeword are produced.
  • the key length obtained from the n— N QKD signals is according to Eq. (1): n— (n— k)— (n— N )I E Eq. (1) hence, the key rate per QKD signal is according to Eq. (2): k/ (n— N) — l E Eq. (2) where the first term can be recognized as the rate of the punctured error correction code (i.e., the code that includes the output error correction codeword).
  • the party who calculates the syndrome (in this case Bob or the device 100) is assumed to have the QKD data in binary.
  • the (raw) QKD data may not be binary, e.g., as in the CV-QKD data.
  • some mapping procedure may be applied in order to convert the non-binary QKD data to form binary data.
  • FIG. 5 is a schematic view of generating an output error correction codeword by initially puncturing and further filling the punctured positions by random data 501.
  • an initial error correction codeword 102 is obtained, in which the redundancy for error correction is spread out over all the bits of the codeword.
  • the device 100 may puncture the initial error correction codeword 102 at random positions. Moreover, the device 100 may determine number of punctures N to be performed, e.g., the device 100 may select /V bits to be punctured. Additionally, the device 100 generates the output error correction codeword 103.
  • the device 100 further generates random data 501 and fills the punctured positions by the random data 501. Hence, the device 100 generates the output error correction codewords 503 based the generated output error correction codeword 103 in which the punctured positions are filled with its (locally) generated random data 501, and the non-punctured positions indicates the binary QKD data 101.
  • FIG. 6 is a schematic view of generating an output error correction codeword 103 by puncturing and marking the punctured positions.
  • an initial error correction codeword 102 is obtained, in which the redundancy for error correction is spread out over all the bits of the codeword.
  • the device 100 selects A bits to be punctured, further perform puncturing on the initial error correction codeword 102 and generates the output error correction codeword 103.
  • the device 100 further generates the output error correction codeword 603 based on the (generated) output error correction codeword 103.
  • the positions that the puncturing is performed are marked as punctured and the non-punctured positions indicates the non-binary QKD data 101 (i.e., ...0.3, -1.9, 3.4, 5.8, -3.1, -2.5, .
  • FIG. 7 is a flowchart a method 700 for generating an output error correction codeword 103 by puncturing in the positions within an identity matrix of a parity- check matrix, according to an embodiment of the present invention.
  • the device 100 is the receiving device (Bob) and performs the steps 701 to 708 of the method 700.
  • Bob i.e., the device 100, also the receiving device
  • Alice the transmitting device 110
  • an initial (e.g., forward) error correction code which is described by a parity- check matrix.
  • the parity-check matrix in is the systematic form, according to Eq. (3):
  • Bob and Alice determine the SNR and/or BER of their QKD data 101.
  • Bob i.e., the device 100 determines the N number of punctured positions based on the determined value of the SNR and/or BER (determined in step 702).
  • the device 100 randomly selects the punctured positions (e.g., to be performed on an initial error correction codeword 102).
  • Bob informs Alice about the selected positions, and Alice obtains the punctured positions.
  • Bob (and also Alice) obtains a new parity-check matrix.
  • the punctured bits are chosen to correspond to the positions within the identity matrix of the parity-check matrix.
  • a new parity-check matrix is formed by removing the rows that contain the punctured bits. Note that, only one row should contain a particular punctured bit, due to the systematic structure described in above. For example, suppose the punctured positions are 2 and 4 (with the start index being 1) and the parity-check matrix is
  • Bob (device 100) also removes the columns corresponding to the punctured positions as they are all zeros anyway (which means they are unused). Bob obtains H' according to: )
  • Bob forms his codeword with QKD data, based on the H'. For example, here the length of the codeword is 6 and the syndrome length is 2.
  • Bob computes a syndrome using the parity-check matrix, and sends the syndrome to Alice.
  • Alice receives the computed syndrome from Bob, performs decoding of her word. Alice in this case decodes her word using this new code (H') without caring about the punctured positions, as the punctured bits have already taken into consideration when forming the new code H'.
  • Alice and Bob perform privacy amplification on their obtained matching string in order to generate the final secret key.
  • FIG. 8 is a flowchart of a method 800 for generating an output error correction codeword using binary DV-QKD data, according to an embodiment of the present invention.
  • the QKD system is based on a DV-QKD system in which Alice’s and Bob’s QKD key bits are binary, without limiting the present invention.
  • the device 100 is the transmitting device (Alice) and performs the steps 801 to 807 of the method 800.
  • Alice i.e., the device 100, also the transmitting device
  • Bob the receiving device 110
  • Alice and Bob determine the SNR and/or BER of their QKD data 101.
  • Alice determines the N number of punctured positions based on the determined value of the SNR and/or BER (determined in step 802).
  • Alice the device 100 randomly selects the punctured positions (e.g., to be performed on the error correction codeword 102).
  • Alice randomly selects a codeword of length n (e.g., as an initial error correction codeword) in the original code (i.e., the agreed forward error correction code).
  • Alice punctures the codeword accordingly.
  • Alice performs XOR operation (Exclusive or) with the QKD data at non-punctured positions. She takes n— N QKD key bits and performs XOR with the punctured codeword, disregarding the punctured positions. Moreover, Alice sends the resultant string of length n— N to Bob.
  • Bob obtains the corresponding n— N QKD key bits of his own and performs XOR with the string he receives from Alice. If there is no difference between Alice’s QKD key bits and Bob’s QKD key bits, the calculation should result in the punctured codeword (i.e., the generated output error correction codeword). However, if there is a difference, the result is a noisy version of the punctured codeword (i.e., the generated output error correction codeword). In any case, Bob decodes the result using a decoder for the error correction codeword taking into account the punctured positions. If the decoding succeeds without error, Bob obtains the initial error correction codeword selected by Alice randomly.
  • Alice and Bob perform privacy amplification on their obtained matching codeword in order to generate the final secret key.
  • FIG. 9 shows a method 900 according to an embodiment of the invention for performing information reconciliation in a QKD system.
  • the method 900 may be carried out by the device 100 (and/or the device 110), as it described above.
  • the method 900 comprises a step 901 of obtaining QKD data 101.
  • the method 900 further comprises a step 902 of obtaining an initial error correction codeword 102.
  • the method 900 further comprises a step 903 of determining, based on a SNR and/or BER of the QKD data 101, a number of punctures N > 0 to be performed on the initial error correction codeword 102.
  • the method 900 further comprises a step 904 of generating an output error correction codeword 103 by puncturing the initial error correction codeword 102 at N positions.
  • the present invention has been described in conjunction with various embodiments as examples as well as implementations. However, other variations can be understood and effected by those persons skilled in the art and practicing the claimed invention, from the studies of the drawings, this disclosure and the independent claims.
  • the word “comprising” does not exclude other elements or steps and the indefinite article“a” or“an” does not exclude a plurality.
  • a single element or other unit may fulfill the functions of several entities or items recited in the claims.
  • the mere fact that certain measures are recited in the mutual different dependent claims does not indicate that a combination of these measures cannot be used in an advantageous implementation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Error Detection And Correction (AREA)

Abstract

A device for performing information reconciliation in a Quantum Key Distribution (QKD) system is proposed. The device obtains QKD data. The device further obtains an initial error correction codeword; determines, based on a Signal to Noise Ratio (SNR) and/or Bit Error Rate (BER) of the QKD data, a number of punctures N ≥ 0 to be performed on the initial error correction codeword; and generates an output error correction codeword by puncturing the initial error correction codeword at N positions. Data in the QKD can thus be smoothly processed even under SNR variations.

Description

DEVICE AND METHOD FOR PERFORMING INFORMATION RECONCILIATION IN A QUANTUM KEY DISTRIBUTION SYSTEM
TECHNICAL FIELD
The present invention generally relates to the field of the Quantum Key Distribution (QKD). More specifically, the present invention relates to a device and a method for efficiently performing information reconciliation in the QKD. The invention also relates to devices and methods that generate a secret key based on the QKD.
BACKGROUND
Conventional QKD post-processing is a process performed on a classical computing device, which transforms a raw key to a final secret key. It generally, it comprises three main steps: parameter estimation, information reconciliation, and privacy amplification.
In the conventional QKD, based on the signal quality of the QKD data, such as the SNR or BER, a device that performs the post processing uses an error correction code that is optimized for this operating condition. For example, it may be necessary or at least (highly) desirable to choose an error correction code with a maximum error correcting capability that matches the operating condition. This is, because the performance of the QKD (particularly Continuous- Variable (CV)-QKD) is sensitive to the error correction efficiency of the error correction code for the current operation.
However, conventional QKD devices and methods have the disadvantage that the key generation rate may drop drastically as the efficiency decreases, which may occur, for example, when the error correction code applied can correct more errors than actually occur in operation. Furthermore, an error correction code optimized for a particular SNR is inefficient to correct data with a higher SNR value (i.e., having a better signal quality). In addition, the higher the SNR, the less efficient it becomes. Thus, it is not desirable to use one error correction code for a large range of operating region (e.g., in the naive way).
Moreover, in order to maintain a good key generation rate over such a large range, multiple error correction codes are often used in the QKD, wherein each error correction code is optimized for one SNR. During the QKD operation, by knowing the SNR that the transmitting device and the receiving device are experiencing, an error correction code may be chosen, which is the most efficient for correcting errors in the data strings characterized by the given SNR.
However, the conventional devices and methods have also the disadvantage that they require (too) many error correction codes to be designed, stored and deployed. In addition, for a low SNR, the length of the error correction codewords can be large, and this entails a large parity- check matrix or generator matrix to describe the error correction code, which have to be stored and loaded during operation.
SUMMARY
In view of the above-mentioned disadvantages, embodiments of the present invention aim at improving the conventional devices and methods. It is an objective to post-process data in the QKD with smooth operation even under SNR variations.
The objective is achieved by embodiments of the invention as provided in the appended independent claims. Advantageous implementations of embodiments of the invention are further defined in the dependent claims.
A first aspect of the invention provides a device for performing information reconciliation in a QKD, system, the device being configured to obtain QKD data; obtain an initial error correction codeword; determine, based on a SNR and/or BER of the QKD data, a number of punctures N > 0 to be performed on the initial error correction codeword; and generate an output error correction codeword by puncturing the initial error correction codeword at N positions.
The device may be (or may be incorporated in) the transmitting device and/or the receiving device in the QKD system. The device may comprise hardware and software. The hardware may comprise analog or digital circuitry, or both analog and digital circuitry. The digital circuitry may comprise components such as application-specific integrated circuits (ASICs), field-programmable arrays (FPGAs), digital signal processors (DSPs), or multi-purpose processors. In some embodiments, the device comprises one or more processors and a non volatile memory connected to the one or more processors. The non-volatile memory may carry executable program code, which, when executed by the one or more processors, causes the device to perform the operations or methods described herein. In some embodiments, one standalone device may be provided for each of the transmitting device and the receiving device of the QKD system. In some embodiments, the device may be a part of the transmitting device and of the receiving device of the QKD system.
Moreover, in some embodiments, only one error correction code (or only a small number of error correction codes) serves as the initial error correction code. The (initial) error correction code may include a plurality of codewords which hereinafter are referred to as (initial) error correction codewords. Furthermore, the initial error correction codeword may be punctured and one or more output error correction codewords may be generated. The number of the punctured positions may be determined based on the SNR and/or BER of the QKD data. Moreover, in some embodiments, the error correction code may be used for correcting errors.
In addition, in some embodiments, the number of the punctured positions may be determined based on a characteristic of the initial error correction code.
Moreover, for low SNR, the length of the error correction codeword is usually large. Because of that, each additional punctured bit may change the code rate slightly, and this may allow to have a more fine-grained adaptation of the code rate to the current operating SNR. Hence, in some embodiments, for each SNR, a specific output error correction code may be generated.
In an implementation form of the first aspect, the N positions are randomly selected.
For example, the puncturing of the error correction codeword may be performed in random positions.
In a further implementation form of the first aspect, the output error correction codeword is generated based on dynamic puncturing, in particular, on-the-fly puncturing.
This is beneficial, since the output error correction codeword may be adapted on the fly, and there is no need to store multiple error correction codes in the QKD devices. This saves storage space. It also eliminates the design process to precompute puncturing patterns, since random puncturing patterns are used. In a further implementation form of the first aspect, the device is further configured to determine the SNR/BER of the QKD data.
This is beneficial, since the device may determine the SNR/BER of the QKD data. Moreover, based on the determined SNR/BER of the QKD data, the number of punctures may be determined, and the output error correction codeword may be generated, which may be specific to the determined SNR/BER of the QKD data.
In a further implementation form of the first aspect, the initial error correction codeword is based on a systematic code comprising a parity-check matrix including information bits and parity bits.
In a further implementation form of the first aspect, puncturing the initial error correction codeword comprises extracting N bits from the initial error correction codeword, in particular from the parity bits, wherein the N positions of the extracted N bits correspond to positions within an identity matrix of the parity-check matrix.
In a further implementation form of the first aspect, the device is further configured to provide the N positions of the puncturing to another device.
In a further implementation form of the first aspect, the device is further configured to compute a syndrome based on the parity-check matrix; and provide the computed syndrome to the other device.
In a further implementation form of the first aspect, the device is further configured to generate random data; and fill the N punctured positions by the generated random data.
In a further implementation form of the first aspect, the non-punctured positions of the initial error correction codeword are associated with the QKD data.
In a further implementation form of the first aspect, the number of punctures, N, is further determined based on a characteristic of an error correction code. In a further implementation form of the first aspect, the device is further configured to perform privacy amplification based on the generated output error correction codeword.
In a further implementation form of the first aspect, performing the privacy amplification comprises generating a secret key based on the generated output error correction codeword.
A second aspect of the invention provides a method for performing information reconciliation in a Quantum Key Distribution, QKD, system, the method comprising: obtaining QKD data; obtaining an initial error correction codeword; determining, based on a Signal to Noise Ratio, SNR, and/or Bit Error Rate, BER, of the QKD data, a number of punctures N > 0 to be performed on the initial error correction codeword; and generating an output error correction codeword by puncturing the initial error correction codeword at N positions.
In an implementation form of the second aspect, the N positions are randomly selected.
In a further implementation form of the second aspect, the method further comprising: generating the output error correction codeword, based on dynamic puncturing, in particular, on-the-fly puncturing.
In a further implementation form of the second aspect, the method further comprising: determining the SNR/BER of the QKD data.
In a further implementation form of the second aspect, the initial error correction codeword is based on a systematic code comprising a parity-check matrix including information bits and parity bits.
In a further implementation form of the second aspect, the method further comprising: extracting N bits from the initial error correction codeword, in particular from the parity bits, wherein the N positions of the extracted N bits correspond to positions within an identity matrix of the parity-check matrix.
In a further implementation form of the second aspect, the method further comprising: providing the N positions of the puncturing to another device. In a further implementation form of the second aspect, the method further comprising: computing a syndrome based on the parity-check matrix; and providing the computed syndrome to the other device.
In a further implementation form of the second aspect, the method further comprising: generating random data; and filling the N punctured positions by the generated random data.
In a further implementation form of the second aspect, non-punctured positions of the initial error correction codeword are associated with the QKD data.
In a further implementation form of the second aspect, the number of punctures, N, is further determined based on a characteristic of an error correction code.
In a further implementation form of the second aspect, the method further comprising: performing privacy amplification based on the generated output error correction codeword.
In a further implementation form of the second aspect, performing the privacy amplification comprises generating a secret key based on the generated output error correction codeword.
A third aspect of the invention provides a computer program product including computer program code, which, when executed by a processor, causes the method according to the second aspect to be performed.
The main advantages of embodiments of the invention, as described by the aspects and implementation forms above, can be summarized as follows:
• The error correction codewords can be adapted on the fly.
• The need for storing multiple error correction codes (or reducing the number of stored error correction codes) in the QKD devices is eliminated. Therefore, storage space is saved.
• The design process to precompute puncturing patterns is eliminated, since random puncturing patterns are used. It has to be noted that all devices, elements, units and means described in the present application could be implemented in the software or hardware elements or any kind of combination thereof. All steps which are performed by the various entities described in the present application as well as the functionalities described to be performed by the various entities are intended to mean that the respective entity is adapted to or configured to perform the respective steps and functionalities. Even if, in the following description of specific embodiments, a specific functionality or step to be performed by external entities is not reflected in the description of a specific detailed element of that entity which performs that specific step or functionality, it should be clear for a skilled person that these methods and functionalities can be implemented in respective software or hardware elements, or any kind of combination thereof.
BRIEF DESCRIPTION OF DRAWINGS
The above described aspects and implementation forms of the present invention will be explained in the following description of more specific embodiments in relation to the enclosed drawings, in which
FIG. 1 is a schematic view of a device for performing information reconciliation in a QKD system, according to an embodiment of the present invention.
FIG. 2 is a schematic view of generating an output error correction codeword by puncturing the initial error correction codeword.
FIG. 3 is a schematic view of generating an output error correction codeword by puncturing the initial error correction codeword at parity bits.
FIG. 4 is a flowchart of a method for generating an output error correction codeword by puncturing the initial error correction codeword, according to an embodiment of the present invention.
FIG. 5 is a schematic view of generating an output error correction codeword by puncturing and further filling the punctured positions by random data.
FIG. 6 is a schematic view of generating an output error correction codeword by puncturing and marking the punctured positions. FIG. 7 is a flowchart of a method for generating an output error correction codeword by puncturing in the positions within an identity matrix of a parity-check matrix, according to an embodiment of the present invention.
FIG. 8 is a flowchart of a method for generating an output error correction codeword using binary DV-QKD data, according to an embodiment of the present invention.
FIG. 9 is a flowchart of a method for performing information reconciliation in a QKD system, according to an embodiment of the present invention.
FIG. 10 is a flowchart of a method including QKD post-processing, according to prior art.
DETAILED DESCRIPTION OF EMBODIMENTS
FIG. 10 is a flowchart of a QKD post processing procedure 1000. A transmitting device 1200 (corresponding to the user Alice) generates quantum states, and further transmits the quantum states to a receiving device 1100 (corresponding to the user Bob), in the presence of an eavesdropper 1300 (corresponding to Eve). Hereinafter, the terms“transmitting device” and “Alice” will be used interchangeably. Likewise, the terms“receiving device” and“Bob” will be used interchangeably.
The receiving device 1100 further measures the transmitted quantum states. Moreover, the transmitting device 1200 and the receiving device 1100 may further generate the raw keys based on their corresponding quantum states and/or the measurement results of them.
Additionally, when the post processing of the data of QKD system is performed, for example, the transmitting device 1200 may perform the QKD post-processing (i.e., S1201 in FIG. 10) and/or the receiving device 1100 may perform the QKD post-processing (i.e., SI 101 in FIG. 10).
In the parameter estimation step, Alice and Bob estimate the properties of the quantum channel, which allow them to infer how much error is in the raw key, and how much information about the raw key has been leaked to Eve. In the information reconciliation step, Alice and Bob correct the differences in their keys to arrive at matching keys. In most cases, only one of them performs error correction on one’s key to match the other’s key.
Furthermore, in the privacy amplification step, Alice and Bob perform a length-shortening operation that is specially designed to remove Eve’s information on the key.
The present invention is particularly related to the information reconciliation.
In conventional QKD, either Alice’s or Bob’s key is regarded as correct, and the other party corrects his/her key to match this one.
Moreover, they may use an error correction code, for example, based on the signal quality of the QKD data such as the SNR or BER. In addition, the privacy amplification may be performed and a secret key may be generated.
Notably, the information reconciliation scheme illustrated in FIG. 10 is based on a reverse reconciliation, in which, the error correction information is sent by Bob to Alice so that Alice corrects her string to match Bob’s string. However, the QKD can also work with direction reconciliation in which the error correction information is sent by Alice to Bob so that Bob corrects his string to match Alice’s string, without limiting the present disclosure to a specific reconciliation procedure.
FIG. 1 is a schematic view of a device 100 for performing information reconciliation in a QKD system 1, according to an embodiment of the present invention. The device 100 may comprise processing circuitry (not shown) configured to perform, conduct or initiate the various operations of the device 100 described herein. The processing circuitry may comprise hardware and software. The hardware may comprise analog circuitry or digital circuitry, or both analog and digital circuitry. The digital circuitry may comprise components such as application- specific integrated circuits (ASICs), field-programmable arrays (FPGAs), digital signal processors (DSPs), or multi-purpose processors. In one embodiment, the processing circuitry comprises one or more processors and a non-transitory memory connected to the one or more processors. The non-transitory memory may carry executable program code which, when executed by the one or more processors, causes the device 100 to perform, conduct or initiate the operations or methods described herein.
The QKD system 1 may be a Continues- Variable (CV) QKD system or a Discrete Variables (DV) QKD system.
The device 100 is configured to obtain QKD data 101. The QKD data 101 may be CV-QKD data or DV-QKD data.
For example, the device 100 may be the receiving device in the QKD system 1 (shown in FGI. 1) and may obtain the QKD data 101 from the transmitting device 110 (not shown in FIG. 1), without limiting the present disclosure. However, in some embodiments, the device 100 may be the transmitting device of the QKD system 1. In a further realization, one standalone device 100 for each of the transmitting device and the receiving device may be provided. In a further realization, the device 100 may be a part of the transmitting device and of the receiving device of the QKD system 1.
The device 100 is further configured to obtain an initial error correction codeword 102.
The device 100 is further configured to determine, based on a SNR and/or BER of the QKD data 101, a number of punctures N > 0 to be performed on the initial error correction codeword 102.
The device 100 is further configured to generate an output error correction codeword 103 by puncturing the initial error correction codeword 102 at N positions.
For example, the device 100 may generate the output error correction codeword based on the random puncturing of the initial error correction codeword. Moreover, in some embodiments, the device 100 may further puncture a generated (i.e., currently punctured) output error correction codeword and further generate another error correction codeword. In other words, in some embodiments, an output error correction codeword may be used as an initial error correction codeword, or the like. Hence, in some embodiments, the device 100 may dynamically construct an error correction codeword that adapts to the current operating SNR/BER. Reference is made to FIG. 2, which is a schematic view of generating an output error correction codeword 103 by puncturing the initial error correction codeword 102.
In FIG. 2, a generic codeword is shown, which represents an initial error correction codeword 102, in which the redundancy for error correction is spread out over all the bits of the codeword. The initial error correction codeword 102 has a predetermined structure including n bits and comprises bits representing message information (also hereinafter referred to as information bits) and parity information (also hereinafter referred to as parity bits).
The device 100 may puncture the initial error correction codeword 102 at random positions. Moreover, the device 100 may determine the number of punctures N to be performed, e.g., the device 100 may select N bits to be punctured. Additionally, the device 100 generates the output error correction codeword 103. The output error correction codeword 103 includes (n-N) bits and comprises bits representing information bits and parity bits.
Reference is made to FIG. 3, which is a schematic view of generating an output error correction codeword 103 by puncturing the initial error correction codeword 102 at parity bits 302.
In some embodiments, the error correction codeword 102 may be based on a systematic code. Moreover, the error correction codeword 102, which may have a clear separation between the information bits 301 (e.g., which represent the original uncoded message) and the parity bits 302 (e.g., which are the redundancy added for protection against noise).
Moreover, the device 100 may perform puncturing on the initial error correction codeword 102, for example, by extracting N bits from the initial error correction codeword 102, in particular from the parity bits 302. The N positions of the extracted N bits may correspond to positions within an identity matrix of the parity-check matrix.
Therefore, in some embodiments, a better performance may be achieved, when the puncturing is performed on the parity bits 302 and not on the information bits 301. In addition, a decoding may be performed, which may take into account the punctured positions. In the following, several exemplarily methods are disclosed for performing the random puncturing technique with QKD, as it is described above.
Reference is made to FIG. 4, which is a flowchart of a method 400 for generating an output error correction codeword 103 by puncturing the initial error correction codeword 102.
As discussed above, the device 100 may be, or may be incorporated in, the transmitting device and/or the receiving device.
Without limiting the present disclosure, in the following it is assumed that the device 100 is the receiving device (Bob) and performs the steps 401 to 407 of the method 400.
At 401, Bob (i.e., the device 100, also the receiving device) and Alice (the transmitting device 110) agree on a linear binary forward error correction code which is described by a parity-check matrix. An error correction codeword 102 of the code is associated with a code word length of “n” and a message length“k”, with a code rate“k/n”. Moreover, it has been characterized that, the error correction code may correct errors up to a certain SNR/BER.
At 402, Bob and Alice determine the SNR and/or BER of their QKD data 101.
At 403, Bob (i.e., the device 100) determines the N number of punctured positions based on the determined value of the SNR and/or BER (determined in step 402).
At 404, the device 100 (Bob) randomly selects the punctured positions (e.g., to be performed on the error correction codeword 102).
Moreover, Bob informs Alice about the selected positions. For example, Bob may send a message to Alice, the message may include the randomly selected punctured positions, number of the punctures, etc. Furthermore, Alice obtains the punctured positions.
At 405, Bob generates the (output) error correction codewords 103 for further error correction. It is assumed that Bob’s QKD data is already in binary form. This may be done by some mapping. Moreover, Alice may also form her word. For example, Alice and Bob may form their error correction codewords 103 by filling in the non-punctured positions with their respective QKD data 101 in the same order. Bob additionally fills in the N punctured positions with random data generated by the device 100. Alice simply marks the N punctured positions.
At 406, Bob computes a syndrome by multiplying the parity-check matrix with his generated output error correction codewords 103, and sends the syndrome to Alice.
Additionally, Alice receives the computed syndrome from Bob, performs decoding of her noisy word taking into account the N punctured positions. For example, with a soft decoding, the probability for a punctured bit may be initialized to be unbiased between 0 and 1. If the decoding succeeds without error, she may obtain a codeword that is the same as Bob’s.
At 407, Alice and Bob perform privacy amplification on their obtained matching string in order to generate the final secret key.
In the method 400,“n— N” QKD signals are consumed and“n— k” syndrome bits are openly revealed by Bob to Alice, and thus, Eve may know about them. For each QKD signal exchanged, on average Eve knows about IE amount of information of it. Alice and Bob may privacy- amplify away this information and those revealed by the syndrome bits.
After information reconciliation, n bits corresponding to the whole codeword are produced. Subtracting the amount to be privacy amplified, the key length obtained from the n— N QKD signals is according to Eq. (1): n— (n— k)— (n— N )IE Eq. (1) hence, the key rate per QKD signal is according to Eq. (2): k/ (n— N) — lE Eq. (2) where the first term can be recognized as the rate of the punctured error correction code (i.e., the code that includes the output error correction codeword).
Notably, the party who calculates the syndrome (in this case Bob or the device 100) is assumed to have the QKD data in binary. However, in some embodiments, the (raw) QKD data may not be binary, e.g., as in the CV-QKD data. Hence, in some embodiments, some mapping procedure may be applied in order to convert the non-binary QKD data to form binary data.
Reference is made to FIG. 5 which is a schematic view of generating an output error correction codeword by initially puncturing and further filling the punctured positions by random data 501.
In FIG. 5, an initial error correction codeword 102 is obtained, in which the redundancy for error correction is spread out over all the bits of the codeword.
The device 100 may puncture the initial error correction codeword 102 at random positions. Moreover, the device 100 may determine number of punctures N to be performed, e.g., the device 100 may select /V bits to be punctured. Additionally, the device 100 generates the output error correction codeword 103.
The device 100 further generates random data 501 and fills the punctured positions by the random data 501. Hence, the device 100 generates the output error correction codewords 503 based the generated output error correction codeword 103 in which the punctured positions are filled with its (locally) generated random data 501, and the non-punctured positions indicates the binary QKD data 101.
Reference is made to FIG. 6, which is a schematic view of generating an output error correction codeword 103 by puncturing and marking the punctured positions.
In FIG. 6, an initial error correction codeword 102 is obtained, in which the redundancy for error correction is spread out over all the bits of the codeword.
The device 100 selects A bits to be punctured, further perform puncturing on the initial error correction codeword 102 and generates the output error correction codeword 103.
The device 100 further generates the output error correction codeword 603 based on the (generated) output error correction codeword 103. In the output error correction codeword 603, the positions that the puncturing is performed, are marked as punctured and the non-punctured positions indicates the non-binary QKD data 101 (i.e., ...0.3, -1.9, 3.4, 5.8, -3.1, -2.5, ...).
Reference is made to FIG. 7, which is a flowchart a method 700 for generating an output error correction codeword 103 by puncturing in the positions within an identity matrix of a parity- check matrix, according to an embodiment of the present invention.
Without limiting the present disclosure, in the following it is assumed that the device 100 is the receiving device (Bob) and performs the steps 701 to 708 of the method 700.
At 701, Bob (i.e., the device 100, also the receiving device) and Alice (the transmitting device 110) agree on an initial (e.g., forward) error correction code which is described by a parity- check matrix. The parity-check matrix in is the systematic form, according to Eq. (3):
H = [Q /] Eq. (3) where Q is a submatrix and / is the identity matrix.
At 702, Bob and Alice determine the SNR and/or BER of their QKD data 101.
At 703, Bob (i.e., the device 100) determines the N number of punctured positions based on the determined value of the SNR and/or BER (determined in step 702).
At 704, the device 100 (Bob) randomly selects the punctured positions (e.g., to be performed on an initial error correction codeword 102).
Moreover, Bob informs Alice about the selected positions, and Alice obtains the punctured positions.
At 705, Bob (and also Alice) obtains a new parity-check matrix.
For example, the punctured bits are chosen to correspond to the positions within the identity matrix of the parity-check matrix. In this case, a new parity-check matrix is formed by removing the rows that contain the punctured bits. Note that, only one row should contain a particular punctured bit, due to the systematic structure described in above. For example, suppose the punctured positions are 2 and 4 (with the start index being 1) and the parity-check matrix is
Figure imgf000018_0003
after deleting the relevant rows, Bob obtains H" according to:
Figure imgf000018_0001
Moreover, for simplicity, Bob (device 100) also removes the columns corresponding to the punctured positions as they are all zeros anyway (which means they are unused). Bob obtains H' according to: )
Figure imgf000018_0002
Based on this new code ( H' ), Alice and Bob then form their error correction codewords 103 with their QKD data 101.
At 706, Bob forms his codeword with QKD data, based on the H'. For example, here the length of the codeword is 6 and the syndrome length is 2.
Moreover, Alice forms her word with the QKD data.
At 707, Bob computes a syndrome using the parity-check matrix, and sends the syndrome to Alice.
Additionally, Alice receives the computed syndrome from Bob, performs decoding of her word. Alice in this case decodes her word using this new code (H') without caring about the punctured positions, as the punctured bits have already taken into consideration when forming the new code H'.
At 708, Alice and Bob perform privacy amplification on their obtained matching string in order to generate the final secret key.
Reference is made to FIG. 8 which is a flowchart of a method 800 for generating an output error correction codeword using binary DV-QKD data, according to an embodiment of the present invention. In the embodiment of FIG. 8, the QKD system is based on a DV-QKD system in which Alice’s and Bob’s QKD key bits are binary, without limiting the present invention.
Without limiting the present invention, in the following it is assumed that the device 100 is the transmitting device (Alice) and performs the steps 801 to 807 of the method 800.
At 801, Alice (i.e., the device 100, also the transmitting device) and Bob (the receiving device 110) agree on a forward error correction code.
At 802, Alice and Bob determine the SNR and/or BER of their QKD data 101.
At 803, Alice (i.e., the device 100) determines the N number of punctured positions based on the determined value of the SNR and/or BER (determined in step 802).
At 804, Alice (the device 100) randomly selects the punctured positions (e.g., to be performed on the error correction codeword 102).
Moreover, Bob obtains the punctured positions.
At 805, Alice randomly selects a codeword of length n (e.g., as an initial error correction codeword) in the original code (i.e., the agreed forward error correction code).
At 806, after the N punctured positions are randomly chosen (there are N of them), Alice punctures the codeword accordingly. At 807, Alice performs XOR operation (Exclusive or) with the QKD data at non-punctured positions. She takes n— N QKD key bits and performs XOR with the punctured codeword, disregarding the punctured positions. Moreover, Alice sends the resultant string of length n— N to Bob.
Bob obtains the corresponding n— N QKD key bits of his own and performs XOR with the string he receives from Alice. If there is no difference between Alice’s QKD key bits and Bob’s QKD key bits, the calculation should result in the punctured codeword (i.e., the generated output error correction codeword). However, if there is a difference, the result is a noisy version of the punctured codeword (i.e., the generated output error correction codeword). In any case, Bob decodes the result using a decoder for the error correction codeword taking into account the punctured positions. If the decoding succeeds without error, Bob obtains the initial error correction codeword selected by Alice randomly.
At 808, Alice and Bob perform privacy amplification on their obtained matching codeword in order to generate the final secret key.
FIG. 9 shows a method 900 according to an embodiment of the invention for performing information reconciliation in a QKD system. The method 900 may be carried out by the device 100 (and/or the device 110), as it described above.
The method 900 comprises a step 901 of obtaining QKD data 101.
The method 900 further comprises a step 902 of obtaining an initial error correction codeword 102.
The method 900 further comprises a step 903 of determining, based on a SNR and/or BER of the QKD data 101, a number of punctures N > 0 to be performed on the initial error correction codeword 102.
The method 900 further comprises a step 904 of generating an output error correction codeword 103 by puncturing the initial error correction codeword 102 at N positions. The present invention has been described in conjunction with various embodiments as examples as well as implementations. However, other variations can be understood and effected by those persons skilled in the art and practicing the claimed invention, from the studies of the drawings, this disclosure and the independent claims. In the claims as well as in the description the word “comprising” does not exclude other elements or steps and the indefinite article“a” or“an” does not exclude a plurality. A single element or other unit may fulfill the functions of several entities or items recited in the claims. The mere fact that certain measures are recited in the mutual different dependent claims does not indicate that a combination of these measures cannot be used in an advantageous implementation.

Claims

1. A device (100) for performing information reconciliation in a Quantum Key Distribution, QKD, system (1), wherein the device (100) is configured to:
obtain QKD data (101);
obtain an initial error correction codeword (102);
determine, based on a Signal to Noise Ratio, SNR, and/or Bit Error Rate, BER, of the QKD data (101), a number of punctures N > 0 to be performed on the initial error correction codeword (102); and
generate an output error correction codeword (103) by puncturing the initial error correction codeword (102) at N positions.
2. A device (100) according to claim 1, wherein
the N positions are randomly selected.
3. A device (100) according to claim 1 or 2, wherein
the output error correction codeword (103) is generated based on dynamic puncturing, in particular, on-the-fly puncturing.
4. A device (100) according to one of the claims 1 to 3, further configured to
determine the SNR/BER of the QKD data (102).
5. A device (100) according to one of the claims 1 to 4, wherein
the initial error correction codeword (102) is based on a systematic code comprising a parity-check matrix including information bits (301) and parity bits (302).
6. A device (100) according to claims 5, wherein
puncturing the initial error correction codeword (102) comprises extracting N bits from the initial error correction codeword (102), in particular from the parity bits (302), wherein the N positions of the extracted N bits correspond to positions within an identity matrix of the parity-check matrix.
7. A device (100) according to one of the claims 1 to 6, further configured to
provide the N positions of the puncturing to another device (110).
8. A device (100) according to claim 7 and claim 5 or 6, further configured to compute a syndrome based on the parity-check matrix; and
provide the computed syndrome to the other device (110).
9. A device (100) according to one of the claims 1 to 8, further configured to
generate random data (501); and
fill the N punctured positions by the generated random data (501).
10. A device (100) according to one of the claims 1 to 9, wherein
non-punctured positions of the initial error correction codeword (102) are associated with the QKD data (101).
11. A device (100) according to one of the claims 1 to 10, wherein
the number of punctures, N, is further determined based on a characteristic of an error correction code.
12. A device (100) according to one of the claims 1 to 11, further configured to
perform privacy amplification based on the generated output error correction codeword
(103).
13. A device (100) according to claim 12, wherein
performing the privacy amplification comprises generating a secret key based on the generated output error correction codeword.
14. A method (900) for performing information reconciliation in a Quantum Key Distribution, QKD, system (1), the method (900) comprising:
obtaining (901) QKD data (101);
obtaining (902) an initial error correction codeword (102);
determining (903), based on a Signal to Noise Ratio, SNR, and/or Bit Error Rate, BER, of the QKD data (101), a number of punctures N > 0 to be performed on the initial error correction codeword (102); and
generating (904) an output error correction codeword (103) by puncturing the initial error correction codeword (102) at N positions.
15. A computer program product including computer program code, which, when executed by a processor, causes the method (900) according to claim 14 to be performed.
PCT/EP2019/060182 2019-04-18 2019-04-18 Device and method for performing information reconciliation in a quantum key distribution system WO2020211954A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980091276.6A CN113396556B (en) 2019-04-18 2019-04-18 Apparatus and method for performing information coordination in a quantum key distribution system
PCT/EP2019/060182 WO2020211954A1 (en) 2019-04-18 2019-04-18 Device and method for performing information reconciliation in a quantum key distribution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/060182 WO2020211954A1 (en) 2019-04-18 2019-04-18 Device and method for performing information reconciliation in a quantum key distribution system

Publications (1)

Publication Number Publication Date
WO2020211954A1 true WO2020211954A1 (en) 2020-10-22

Family

ID=66323845

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/060182 WO2020211954A1 (en) 2019-04-18 2019-04-18 Device and method for performing information reconciliation in a quantum key distribution system

Country Status (2)

Country Link
CN (1) CN113396556B (en)
WO (1) WO2020211954A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378582A (en) * 2022-07-20 2022-11-22 中国电子科技集团公司第三十研究所 Method and system for eliminating residual error code in distribution of continuous variable quantum key based on state updating of decoder
WO2023244105A1 (en) 2022-06-14 2023-12-21 Technische Universiteit Delft Segmented error correction for qkd post-processing
WO2024132226A1 (en) * 2022-12-22 2024-06-27 Huawei Technologies Duesseldorf Gmbh Device and method for communication with a remote device to perform information reconciliation in a quantum key distribution system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645358A (en) * 2016-07-22 2018-01-30 北京大学 A kind of code check self-adapting data coordination approach being used in continuous variable quantum key distribution

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7516390B2 (en) * 2005-01-10 2009-04-07 Broadcom Corporation LDPC (Low Density Parity Check) coding and interleaving implemented in MIMO communication systems
US7975189B2 (en) * 2008-11-14 2011-07-05 Trelliware Technologies, Inc. Error rate estimation/application to code-rate adaption
JP5356073B2 (en) * 2009-03-06 2013-12-04 シャープ株式会社 Encoding device, receiving device, wireless communication system, puncture pattern selection method and program thereof
US9203435B2 (en) * 2013-05-08 2015-12-01 Broadcom Corporation Multiple size and rate FEC code combination with minimum shortening and maximum combined code rate
CN109450590A (en) * 2018-08-24 2019-03-08 浙江九州量子信息技术股份有限公司 The adaptive cipher key machinery of consultation based on quasi-cyclic LDPC for QKD

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645358A (en) * 2016-07-22 2018-01-30 北京大学 A kind of code check self-adapting data coordination approach being used in continuous variable quantum key distribution

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAVID ELKOUSS ET AL: "Information Reconciliation for Quantum Key Distribution", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 9 July 2010 (2010-07-09), XP080487652 *
KIKTENKO E O ET AL: "Error estimation at the information reconciliation stage of quantum key distribution", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 13 October 2018 (2018-10-13), XP081065354 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023244105A1 (en) 2022-06-14 2023-12-21 Technische Universiteit Delft Segmented error correction for qkd post-processing
NL2032162B1 (en) 2022-06-14 2023-12-21 Univ Delft Tech Segmented error correction for QKD post-processing
CN115378582A (en) * 2022-07-20 2022-11-22 中国电子科技集团公司第三十研究所 Method and system for eliminating residual error code in distribution of continuous variable quantum key based on state updating of decoder
CN115378582B (en) * 2022-07-20 2024-05-10 中国电子科技集团公司第三十研究所 Method and system for eliminating residual error code of continuous variable quantum key distribution
WO2024132226A1 (en) * 2022-12-22 2024-06-27 Huawei Technologies Duesseldorf Gmbh Device and method for communication with a remote device to perform information reconciliation in a quantum key distribution system

Also Published As

Publication number Publication date
CN113396556A (en) 2021-09-14
CN113396556B (en) 2024-05-17

Similar Documents

Publication Publication Date Title
KR102458727B1 (en) Cryptographic key production from a physical unclonable function
US9203608B2 (en) System for encrypting data with an error correction code
Dodis et al. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data
US10581462B2 (en) Signature-enabled polar encoder and decoder
Koeberl et al. Entropy loss in PUF-based key generation schemes: The repetition code pitfall
US8811615B2 (en) Index-based coding with a pseudo-random source
US9496897B1 (en) Methods and apparatus for generating authenticated error correcting codes
Hiller et al. Cherry-picking reliable PUF bits with differential sequence coding
KR20140099327A (en) Soft decision error correction for memory based puf using a single enrollment
WO2020211954A1 (en) Device and method for performing information reconciliation in a quantum key distribution system
JP6588048B2 (en) Information processing device
Hooshmand et al. Reducing the key length of McEliece cryptosystem using polar codes
Hiller et al. Hiding secrecy leakage in leaky helper data
Finiasz et al. Private stream search at the same communication cost as a regular search: Role of LDPC codes
Günlü et al. Low-complexity and reliable transforms for physical unclonable functions
Hiller et al. Online reliability testing for PUF key derivation
Müelich et al. Error correction for physical unclonable functions using generalized concatenated codes
JP2008544639A (en) Decoding method and apparatus
EP3906634A1 (en) Device and method for processing data of a quantum key distribution system
JP5371623B2 (en) Communication system and receiving apparatus
Pacher et al. Information reconciliation for continuous-variable quantum key distribution using non-binary low-density parity-check codes
Lee et al. Ciphertext-only attack on linear feedback shift register-based Esmaeili-Gulliver cryptosystem
CN116827540A (en) Dynamic coding method of security polarization code based on double-sequence mixing
Jerkovits et al. Nested tailbiting convolutional codes for secrecy, privacy, and storage
JP4914381B2 (en) Message authenticator generation device, message authenticator verification device, message authenticator generation method, message authenticator verification method, program, and recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19720093

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19720093

Country of ref document: EP

Kind code of ref document: A1