Mathematical Structures and Modeling 2019. N. 1(49). PP. 119-125
UDC 004.056 DOI: 10.25513/2222-8772.2019.1.119-125
SECURE MULTI-AGENT QUANTUM COMMUNICATION: TOWARDS THE MOST EFFICIENT SCHEME (A PEDAGOGICAL REMARK)
Olga Kosheleva
Ph.D. (Phys.-Math.), Associate Professor, e-mail: [email protected]
Vladik Kreinovich Ph.D. (Phys.-Math.), Professor, e-mail: [email protected]
University of Texas at El Paso, El Paso, Texas 79968, USA
Abstract. In many economic and financial applications, it is important to have secure communications. At present, communication security is provided mostly by RSA coding, but the emergent quantum computing can break this encoding, thus making it not secure. One way to make communications absolutely secure is to use quantum encryption. The existing schemes for quantum encryption are aimed at agent-to-agent communications; however, in practice, we often need secure multi-agent communications, where each of the agents has the ability to securely send messages to everyone else. In principle, we can repeat the agent-to-agent scheme for each pair of agents, but this requires a large number of complex preliminary quantum communications. In this paper, we show how to minimize the number of such preliminary communications — without sacrificing reliability of the all-pairs scheme.
Keywords: Quantum communication, multi-agent communication.
1. Need for Secure Group Communications
Need for secure communications. In e-commerce and e-finance, it is important to preserve privacy and confidentiality of all the transactions. In other words, we need to make sure that e-commerce and e-finance are based on a secure communication scheme.
How communications are made secure now. At present, secure communications are based mostly on the RSA algorithm; see, e.g., [1]. In this scheme, the communicator A selects two large prime numbers Pi and P2 that he/she keeps private, and releases their product P = Pi • P2 into the public domain. This public code P can then be used any anyone to encode the messages they send to A. To decode the messages, one needs to know the factors Pi and P2. Since A knows these factors, A can decode these messages.
The security of this encoding scheme is provided by the fact that no efficient algorithm is known for factoring large integers - and RSA algorithms use 100-digit and longer factors Pi. In principle, we can factor an integer P by trying
all possible prime numbers p ^ yfP. This works for small P, but for a number with 100 decimal digits, testing all prime numbers ^ \/~P requires V10100 = 1050 computational steps — which make this procedure much longer than the lifetime of the Universe.
Why we need quantum communications. For factoring large integers on the usual computers, no efficient algorithm is known. However, it is known that if we consider quantum computers, then factoring large integers becomes feasible; see, e.g., [4-6,8]. At present, we do not yet have quantum computers powerful enough to decode the usual RSA message, but engineers are designing more and more powerful quantum computers, and sooner or later RSA-encoded communications will no longer be secure.
Good news is that the same quantum physics that makes RSA not secure also provides us with a secure way to communicate, known as quantum cryptography; see, e.g., [3,4,8]. In contrast to quantum computing, which is mostly the thing of the future, quantum cryptography is a practical scheme, it has been used for decades already.
In this scheme — it is described in some detail in the appendix — two agents that want to communicate in the future exchange quantum signals. By analyzing these signals, they come up with a sequence s = s1s2.. .sn of bits (0s and 1s) s1, s2, ..., sn which they both know but which is not known to anyone else.
This sequence of 0s and 1s can then be used as one-time pad. Namely, if one of the two agents needs to send a message m = m1 m2 ...mn consisting of bits m1}..., mn, then:
• the sender computes and send the encoded signal e = s © m, where
(s © m)i = Si © mi
and © means addition modulo 2 — which differs by the usual addition of bits
only when Si = m,i = 1, in which case 1 © 1 = 0;
the receiver, after getting the signal, reconstructs the original message as
m = s © e.
Indeed, for addition modulo 2, we always have a © a = 0, hence s © e = s © (s © m) = (s © s) © m = 0 © m = m.
Once the message is sent, the pair of agents again perform preliminary quantum communications and generate a new one-time pad, etc.
Need for multi-agent communications. In economic and financial applications, it is often important to have multi-agent communications. Such communications are especially important for decentralized schemes (like blockchain-based schemes), where each record of financial transactions is stored in many different locations.
In such a scheme, we have several agents. Let us denote the overall number of agents who need to communicate with each other by N. The system should be
ready for each of these agents Ai,... ,AN to send communication to everyone else.
Using pairwise communication scheme for multi-agent communication: a straightforward idea. In principle, we should be ready for communications beN • (N — 1)
tween each pair of agents. For N agents, there are --- such pairs. So,
a straightforward idea is to repeat the quantum-communication protocol for each
pair (Aj ,Ak) and thus get ——^—— one-time pads s(j'k) corresponding to these pairs.
If agent Aj needs to send a message to all the other agents Ai, A2, ... Aj-1, Aj+1, ..., An, this agent will use a one-time pad s(j'k) to communicate with the k-th agent.
N • (N — 1)
Can we do it more efficiently? The above scheme requires-—-- preliminary quantum communications — and preliminary quantum communications are the most complex part of the general quantum communication protocol. Can we have fewer preliminary quantum communications?
We can do it, but at the expense of reliability. One possibility to have a more efficient multi-communication scheme is to select one agent as a hub and set up one-time pads between this selected agent and everyone else. This way, we have a secure communication channel between the hub agent and every other agent.
Then, if an agent Aj wants to transmit a message to everyone else, this agent first sends this message to the hub agent, and then the hub agent sends it to everyone else.
This scheme is efficient — it needs only N — 1 preliminary quantum communications — but it is not as reliable as the original scheme: indeed, if the hub agent is not functioning well (which happens), then the original scheme still works while the hub scheme does not. So, we arrive at the following question.
Can we have an efficient scheme without decreasing reliability: formulation of the problem and our answer. Can we have an efficient scheme without decreasing reliability?
In this paper, we show that this is indeed possible: namely, we provide a multiagent communication scheme which is maximally efficient and at the same time as reliable as the all-pairs scheme.
2. Towards the Optimal Multi-Agent Quantum Communication Protocol
Lower bound on the number of preliminary quantum communications. The
only way to have secure communications is to have a secure one-time pad provided by preliminary quantum communications. A pair of agents may get a one-time pad either directly from the mutual preliminary quantum communication, or by somehow combining one-time pads provided by other pairs.
Each agent can thus securely communicate only with agents which are either directly connected with this agent by preliminary quantum communications, or connected by a chain in which each agent is connected to the next one by preliminary quantum communications between them.
Since we want each agent to be able to securely communicate with any other agent, every two agents must be connected by such a chain. We start with a single agent. At each point, we have a set of agents that can be thus connected with the agent Ai. Each new preliminary quantum agent-to-agent communication adds may add one agent to this list — if it connects this new agent with one of the agents which are already on this list. Thus, each new comunication adds no more than one new agent to this list. We start with a single agent, so after performing k agent-to-agent preliminary quantum communications, we add no more than k agents to the original list, and thus, we have ^ k + 1 agents connected to Ai. We want to have all N agents connected to Ai, so we must have N ^ k + 1 and thus, k ^ N — 1.
This is the desired lower bound: to enable each agent to securely communicate with every other agent, we need to perform at least N — 1 agent-to-agent preliminary quantum communications.
Towards a scheme that implements this lower bound. Let us show that it is possible to have a secure communication protocol that requires exactly N — 1 agent-to-agent preliminary quantum communications. Due to what we have just shown, this algorithm is the most efficient one — in the sense that it requires the smallest possible number of agent-to-agent preliminary quantum communications.
Let one of the agents — let us denote this agent by Ai — perform the preliminary step of quantum communication with every other agent Ai, ..., Am. As a result, for each j = 2,3,... ,N, both Ai and Aj know a one-time pad s(j) — which no one else knows.
Then, Ai uses a random number generator to generate a random string s and then sends by an open channel, to each agent Aj, a string s © s(j). Each agent can reconstruct s as (s © s(j)) © s(j). Thus, all N agents now have the same one-time pad s that they can use for the future multi-agent communication.
Acknowledgments
This work was partially supported by the US National Science Foundation via grant HRD-1242122 (Cyber-ShARE Center of Excellence).
References
1. Th. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, MIT Press, Cambridge, Massachusetts, 2009.
2. R. Feynman, R. Leighton, and M. Sands, The Feynman Lectures on Physics, Addison Wesley, Boston, Massachusetts, 2005.
3. O. Galindo, V. Kreinovich, and O. Kosheleva, "Current quantum cryptography algorithm is optimal: a proof", Proceedings of the IEEE Symposium on Computational Intelligence for Engineering Solutions CIES'2018, Bengaluru, India, November 18-21, 2018.
4. M. Nielsen and I. Chuang, Quantum Computation and Quantum Information, Cambridge University Press, Cambridge, 2000.
5. P. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer", Proceedings of the 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, November 20-22, 1994.
6. P. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer", SIAM J. Sci. Statist. Comput., 1997, Vol. 26, pp. 1484-ff.
7. K. S. Thorne and R. D. Blandford, Modern Classical Physics: Optics, Fluids, Plasmas, Elasticity, Relativity, and Statistical Physics, Princeton University Press, Princeton, New Jersey, 2017
8. C. P. Williams and S. H. Clearwater, Ultimate Zero and One, Copernicus, New York, 2000.
A. Quantum Communication: A Brief Reminder
Quantum background: a brief reminder. In quantum mechanics (see, e.g., [2, 7]) each bit, in addition to the usual two states 0 and 1 (which are denoted by |0) and |1)), it is also possible to have a superposition c0 • |0) + ci • |1), where Ci are complex numbers for which |c0|2 + |ci|2 = 1. If in this state, we try to find out whether we have 0 or 1, we get 0 with probability |c0|2 and 1 with probability |ci|2.
In particular, the standard quantum communication algorithm uses the following two states:
|0'> = 72 -|0) + 72 •|1)
and
m = T! '|0)-T2 '|1).
To reconstruct the state, we need to use a measuring instrument. A measuring instrument can be tuned:
• either to detect the usual states |0) and |1) (we will denote this by +)
• or to detect the quantum states |0') and |1') (we will denote this tuning by x).
In this case:
• If the measuring instrument's tuning matches the signal - e.g., if the signal is |0) or |1) and the instrument is tuned on |0) or |1) — then the instrument reconstructs the original signal.
On the other hand, if there is a mismatch between the instrument's tuning and the signal — e.g., if the signal is |0') or |1') while the instrument is tuned on |0) or |1) - then, irrespective of the signal, the instrument returns 0 or 1 equal with probability 1/2, and the original signal is lost.
The actual quantum communication scheme. The sending agent A runs, several times, a random number generator that generates 0 or 1 with equal probability 1/2. As a result, we get a multi-bit sequence r1 ...rc. Then, A runs the same random number generator n more times, generating c more bits t1.. .tc. For each i:
• if ti = 0, then A uses the + tuning to send the signal ti, i.e., sends |0) if ri = 0 and sends |1) if ri = 1;
• if ti = 0, then A uses the x tuning to send the signal ti, i.e., sends |0') if ri = 0 and sends |1') if ri = 1.
The receiving agent B also runs its own random random number generator, generating yet another sequence b1)... ,bc of c bits. Then, for each i:
• if bi = 0, then B uses the + tuning to measure the received signal, and
• if bi = 1, then B uses the x tuning to measure the received signal.
For those bits for which there is a match between the signal and the tuning, i.e., for which ti = bi, B gets exactly the original signal r». For every other index i, the result of B's measurements is 0 or 1 with probability 1/2 — and the original signal ri is lost.
Now, A openly sends, to B, all the bits ti. In half of the cases, bi coincides with ti. The agent B sends, to A, the list of such i's. For these i's — and there are c/2 such i's — both agents know the value r^ The sequence of all these common values is the desired one-time pad of length n & c/2 that A and B can now use to securely communicate.
Why is this scheme secure. The security of this scheme is based on the fact that an eavesdropped does not know which tuning was used for each bit i. If the eavesdropper tries to measure the signal, it will thus, in half of the cases, use the wrong tuning, and thus, the original signal will be lost — i.e., replaced with a random bit.
As a result, even for some of the bits for which ti = bi, due to this replacement, the bits measured by B will be, in general, different from r». To detect eavesdropping, A also sends to B, by open channel, some of the bits ri corresponding to the cases when ti = bi.
• If for some i, B measured a bit different from ri, this means that there was an eavesdropper.
• If all the test-bits ri are reproduced by B exactly — this means that the channel was secure, there was no eavesdropping.
БЕЗОПАСНАЯ МНОГОАГЕНТНАЯ КВАНТОВАЯ КОММУНИКАЦИЯ: НА ПУТИ К НАИБОЛЕЕ ЭФФЕКТИВНОЙ СХЕМЕ (ПЕДАГОГИЧЕСКОЕ ЗАМЕЧАНИЕ)
О. Кошелева
к.ф.-м.н., доцент, e-mail: [email protected] В. Крейнович
к.ф.-м.н., профессор, e-mail: [email protected]
Техасский университет в Эль Пасо, США
Аннотация. Во многих экономических и финансовых приложениях важно иметь безопасную связь. В настоящее время безопасность связи обеспечивается главным образом RSA-кодирование, но появляющиеся квантовые вычисления могут взломать этот код, делая его небезопасным. Один из способов сделать связь абсолютно безопасной — использовать квантовое шифрование. Существующие схемы квантового шифрования нацелены на связь от агента к агенту; однако на практике нам часто требуется безопасная многоагентная связь, где каждый из агентов может безопасно отправлять сообщения всем остальным. В принципе, мы можем повторить схему агент-агент для каждой пары агентов, но для этого требуется большое количество сложных предварительных квантовых связей. В этой статье мы покажем, как минимизировать количество таких предварительных сообщений — без ущерба для надёжности схемы всех пар.
Ключевые слова: обобщённые тригонометрические суммы, обработка сигналов.
Дата поступления в редакцию: 02.12.2018