ALL Metrics
-
Views
-
Downloads
Get PDF
Get XML
Cite
Export
Track
Research Article

Quantum data communication protection with the quantum permutation pad block cipher in counter mode and Clifford operators

[version 1; peer review: 1 approved]
PUBLISHED 11 Sep 2023
Author details Author details
OPEN PEER REVIEW
REVIEWER STATUS

This article is included in the Cybersecurity collection.

This article is included in the Quantum Technology collection.

Abstract

Background: This article integrates two cryptographic schemes for quantum data protection. The result achieves authentification, confidentiality, integrity, and replay protection. The authentication, integrity, and replay aspects leverage quantum Clifford operators. Confidentiality of quantum messages is achieved using the quantum permutation pad (QPP) cryptographic scheme.
Methods: Clifford operators and the QPP are combined into a block cipher in counter mode. A shared secret is used to seed a random number generator for the arbitrary selection of Clifford operators and quantum permutations to produce a signature field and perform encryption. An encryption and signature algorithm and a decryption and authentication algorithm are specified to protect quantum messages.
Results: A symmetric key block cipher with authentication is described. The plain text is signed with a sequence of randomly selected Clifford operators. The signed plaintext is encrypted with a sequence of randomly selected permutations. The algorithms are analyzed. As a function of the values selected for the security parameters, there is an unavoidable risk of collision. The probability of block collision
is modelled versus the number of blocks encrypted, for block sizes two, three, four, and five qubits.
Conclusions: The scheme is practical but does not achieve perfect indistinguishability because of the risk of message collision. This is normal and unavoidable when fixed-size fields are assumed to make a scheme practical. The model can be used
to determine the values of the security parameters and the lifetime of session keys to mitigate the risk of information leakage according to the needs of the scheme’s users. The session key can be renewed when a tolerable maximum number of
messages has been sent.

Keywords

Clifford operator, quantum permutation pad, quantum communication, quantum network, security, confidentiality, encryption.

Introduction

Classical communications and networks, such as sonars, cellular networks, and the Internet, use the macroscopic properties of acoustic, electromagnetic, or light waves. In contrast, quantum communications use the microscopic properties of light. For instance, using an appropriate encoding, the quanta of light, called a photon, is used for quantum data communications. Each photon represents a quantum value. Applications of quantum communications include secret communications, quantum networking, and distributed quantum computing. Quantum networks are envisioned for quantum communications across long distances. A quantum network comprises links, repeaters, routers, and terminals. Nodes combine classical memory and quantum bit (qubit) memory. They have classical and quantum computing capabilities. Links are the communication channels, which may be classical or quantum. Applications of quantum networks encompass communications and computation. Quantum communications and networking enable the transfer of quantum states from one location to another. They permit pooling quantum computation resources to solve complex and distributed computing issues.

As with classical data, quantum data is vulnerable to various attacks.16 Quantum data needs to be protected. Fundamental properties are authenticity, confidentiality, integrity, and replay protection.79 We focus on the authenticity, confidentiality, integrity, and replay protection of quantum messages. An authenticity attack deceives the destination about the trustworthy source of a message.7,9 Mitigating the authenticity attack requires a proof of the source identity in a message. Confidentiality protection mitigates the risk of disclosing or leaking information contained in messages. Confidentiality protection is achieved by ciphering plaintext messages. An integrity attack modifies the content of a message. In the quantum setting, this modification on a quantum state |ϕ takes the form of a unitary transformation U. The state |ϕ is modified by U. Mitigating this attack requires a modification detection mechanism. In the quantum setting, a replay attack in the classical sense is not possible because of its non-cloning property. However, an adversary can delay the delivery of a message or, when it knows how, can recreate the state. Mitigating this attack requires a mechanism to ensure that a message is new. Classical computing uses a digital signature to address authenticity, integrity, and replay attacks, possibly combined with a nonce field or a timestamp. This signature mechanism cannot be used in the quantum world in the classical sense.7 Indeed, generating a digital signature in the classical sense requires reading the message content and generating a corresponding signature value using, for instance, a one-way hash function. Reading the content of a quantum state, i.e., measuring, is destructive. However, in the following, we use the signature concept with the understanding that it is not obtained by calculating a value that involves measuring the content of a quantum message.

The article includes one main result. It presents a quantum data protection scheme that achieves all these properties, acknowledging that, at least in the short term, qubit bandwidth is narrow. Such protection schemes need to be lightweight (few additional qubits are required to implement a security scheme). The solution integrates two existing cryptographic schemes: Clifford-operator based authentication9 and quantum permutation pad (QPP).10 In this context, lightweight means that few additional qubits are required to implement a security scheme. Confidentiality is achieved using quantum permutations while authenticity, integrity, and replay protection are obtained using quantum Clifford operators. While this new protection scheme benefits from the security analyses developed for the two cryptographic schemes that it uses, the article takes the investigation further by combining a collision probability analysis, Clifford-operator-based authentication, the QPP symmetric-key encryption, and the block counter mode to create a quantum data protection scheme.

We review related work and introduce relevant quantum information background. We present and analyze the original quantum data block cipher and authentication scheme.

Related work

The work presented in this article is about protecting quantum data using quantum resources. It is a topic that has received attention in the research literature, as discussed in this section. Work can be categorized into two groups: authentication and confidentiality.

Barnum et al. introduced an authentication scheme for quantum data, considering their specific nature, and defined the concepts of completeness and soundness in this context.7 Foundations for cryptographic schemes for authentication have been proposed by Aharonov et al.11 and Broadbent and Wainewright,12,13 building on quantum Clifford operators. This work has been used to build an authenticity, integrity, and replay protection scheme for quantum messages by Barbeau et al.,14,15 with demonstrated soundness and completeness, and to analyze attack probability. Other quantum data authentication efforts include the work of Das and Siopsis,16 building on a position authentication protocol, and Satoh et al.,17 building on the concept of quantum state tomography.

For confidentiality, asymmetric and symmetric encryption schemes have been proposed by Alagic et al.18 and St-Jules,19 using Clifford operators. Efforts have been devoted to adapting the Advanced Encryption Standard (AES)20 to the quantum environment.2123 A challenge is the amount of required quantum resources. In the short term, the available quantum computers have low quantities of memory and high error probabilities in comparison to classical computers. New lighter-weight quantum encryption schemes requiring fewer quantum resources have been proposed.2426 Kuang and Barbeau introduced a universal symmetric encryption scheme called QPP.10 The scheme can be used in several ways in classical and quantum environments.

In this article, we propose and analyze a symmetric key encryption scheme for blocks of quantum data. Building on our previous research,9,10 a general symmetric-key cipher is developed building on QPP in counter mode. Conditions are identified to achieve perfect indistinguishability. Use cases are also identified where perfect indistinguishability is not achieved, but where the probability of collision is low. As emphasized in,10 the QPP scheme can be considered for both classical data and quantum data. In companion papers, we developed a QPP block cipher scheme in counter mode for classical data adapted specifically for the underwater environment.14,15 For the encryption aspect, this article parallels this work for quantum data for a general quantum networking environment. More related work is cited in the following sections.

Quantum information background

In the quantum computing model, the unit of information is called the quantum bit (qubit). Mathematically, using the Dirac ket notation |, the Boolean values zero and one are represented, with the matrix-form equivalent, as

(1)
|0=10and|1=01.

Ket zero, i.e., |0, and ket one, i.e., |1, are the standard computational basis states. A qubit can be in both states |0 and |1 at the same time. A qubit is in a continuum of intermediate states. These intermediate states are called a superposition. A superposition is represented as a unit vector in a complex vector space. Let α and β be two complex numbers, with the constraint that [1]

(2)
α2+β2=1
a qubit is represented as the linear superposition
(3)
|ψ=α|0+β|1.

The term |ψ reads as ket ψ. The factors α and β are the probability amplitudes associated with each state, i.e., |0 and |1. In other words, we do not know in which state a qubit is. According to the probabilistic model of Equation (3), however, the actual measurement of a qubit yields |0, i.e., Boolean value zero, with probability α2 and |1, i.e., Boolean value one, with probability β2. The matrix format is a convenient alternative equivalent representation of the linear superposition of a qubit:

(4)
α|0+β|1αβ

The two coefficients α and β are organized in a one-column, two-row vector. A qubit state that can be written in the form of Equation (4), that is, in the column-vector form, is called a pure state. A qubit is a two-dimensional entity. Using probability amplitude α, the first dimension defines the 0 information component. Using probability amplitude β, the second dimension defines the 1 information component.

Qubits can be composed together. For instance, a two-qubit register consists of a superposition of the four states |00, |01, |10, and |11, i.e., the four possible two-bit binary values. Together with the corresponding probability amplitudes α, β, γ, and δ, the two-qubit linear superposition is

|ψ=α|00+β|01+γ|10+δ|11.

All α, β, γ, and δ are complex numbers with the constraint that α2+β2+γ2+δ2 is equal to one.

In general, a n-qubit quantum register is a 2n-term expression of the following form

(5)
|ψ=i=02n1ψi|iψ0ψ1ψ2n1
with the constraint
i=02n1|ψi|i|=1.

The computational basis is the orthogonal basis

(6)
Bn=012n1.

A n-qubit quantum register is a 2n-dimensional entity. The ith dimension, using probability amplitude ψi, defines the ith information component, with i=0,1,2,,2n1. Both the summation form and equivalent column-vector form are shown. In the summation form, the plus sign is conjunctive, rather than disjunctive. In the quantum-superposition model, all terms in the summation exist simultaneously. One can also appreciate the memory complexity of simulating the quantum computing model with a classical one. A n-qubit register requires the storage of 2n probability amplitudes. For instance, the memory complexity of a 10-qubit register is in the order of kilobytes, a 20-qubit register is in the order of megabytes, and a 30-qubit register is in the order of gigabytes.

The 2n probability amplitudes are organized in a one-column, 2n-row vector in the column-vector form. The ket notation | reflects the vectorial nature of a qubit or a quantum register. The term ket ψ can be interpreted as a mapping to a column vector of the corresponding probability amplitudes:

(7)
|ψψ0ψ1ψ2n1

Quantum data block cipher and authentication scheme

We first briefly review the highlights of Clifford-operator-based authentication, QPP encryption, and the block counter mode. Then, we define original source and destination algorithms for authenticated and confidential quantum data communications.

Clifford-operator-based authentication

The following four matrices constitute the Pauli operators:

(8)
I=1001,X=0110,Y=0jj0,andZ=1001

Over the n-qubit quantum states, the Pauli matrices Pn are the set of all 2n by 2n matrices resulting from tensor products like P1P2Pn, where P1,P2,,Pn are Pauli operators. The set Pn has 22n. Pauli matrices form a group. Hence, they can be interpreted as operators mapping Pauli matrices to Pauli matrices.

The set Pn contains all the Pauli matrices in Pn excluding the identity matrix In. The set U1 represents the set of all complex numbers modulo one. That is, U1 is equal to e:θ, with j equal to 1. The set U2n represents all the 2n by 2n unitary matrices. Given a unitary C, its conjugate transpose C, and a Pauli matrix P, the expression CPC is the conjugation of matrix P by unitary C.

Over the n-qubit quantum states, the set of Clifford operators is defined as

(9)
Cn=CU2n:PPnCPC±Pn/U1

A Clifford operator is a bijection mapping Pauli matrices in Pn to Pauli matrices in Pn, through the action of conjugation. The suffix /U1 implies that two Clifford operators, different solely because of a factor in U1, are considered equivalent. The set Cn has 2n2+2ni=1n4i1 elements. In the following, we refer to it as |Cn|.

Quantum permutation pad

Let us consider the n-qubit orthonormal computational basis defined in Equation (6). Let V be the vector space where every element of it can be expressed as a linear combination of members of this basis. The elements of the symmetric group S2n are permutations over the set V. The degree of the group S2n is 2n. It is of order 2n!. This means that there are 2n! permutation operators. In the following, we refer to them as |S2n|. Each of them can be represented by a 2n by 2n matrix Pi, where i=1,,2n!. Note that every permutation Pi is a bijective function from the set V to itself. Furthermore, the inverse of Pi, denoted as Pi1, is also contained in the symmetric group S2n.

A plaintext M is made of m vectors v0,v1,,vm1 in V. QPP encryption of plaintext M uses a sequence π of m randomly selected permutations corresponding to the list P0,P1,,Pm1, all selected in group S2n. The sequence π is the encryption key of message M. The encryption of plaintext message M with key π is denoted as EπM. It corresponds to the sequence W of vectors w0,w1,,wm1 where w0=P0v0,w1=P1v1,,wm1=Pm1vm1. Conversely, the decryption of W, encrypted with key π, is denoted as DπW. It corresponds to the sequence of vectors P01w0, P11w1,,Pm11wm1.

Definition 1

(Shannon perfect secrecy). For any pair of plaintexts M1 and M2, when ciphertext W is equally likely to be the encryption of M1 or M2, the corresponding cryptographic scheme is perfectly secure.

Theorem 1

The QPP cryptographic scheme is perfectly secure.

Proofs can be found in Refs. 10 and 14. The proofs establish that the probabilities are identical for all messages. The statement of Theorem 1 is theoretical because it requires very long keys. In the following, we use the QPP practically. This property is not maintained.

The implementation of QPP for quantum data has been investigated by Kuang and Perepechaenko.2729 They proposed solutions to several quantum implementation issues, while the open problem of dispatching quantum permutations - that is, the selection of the applied permutations in a quantum circuit - is highlighted. The security of block sizes (n) two, three, four, and five is analyzed for the number of different permutations in a session required to achieve 256-bit of entropy, to mitigate the risk of breaking keys by the Grover’s algorithm.3032 It is highlighted that a 256-bit size yields a brute force search space of 2256 keys. In the sequel, we take the security analysis one step further. As highlighted by Bellare and Rogaway, making the plaintext hard to recover from ciphertext is not enough to declare a cryptographic scheme secure.33 Indeed, information may leak just by observing patterns in traffic. In the next section, we analyze the probability of collisions, which is a cause of information leakage.

Block counter mode

The concept of block counter mode has been examined in detail by Bellare and Rogaway.33 We summarize the main facts.

There are four main block modes, namely the electronic code book (ECB), cipher-block chaining (CBC) with a random initialization vector (IV), counter-based version of CBC (CBCC), and counter (CTR). The block modes are compared in Table 1. An important criterion is the risk of information leakage, which is significant for both the ECB and CBC with random IV modes. We use the CTR mode because of the low risk of information leakage.

Table 1. Block modes.

ModeLeak risk
ECBsignificant
CBC with IVsignificant
CBCClow
CTRlow

Encryption and signature algorithm

The symmetric key block cipher with authentication is described hereafter. Let m and n be non-null positive integers. A quantum plaintext message consists of m quantum blocks w0,w1,,wm1. Each block consists of n qubits. An additional qubits are added to every block for a signature field; is a non-null positive integer.

There are two participants: a message source and a message destination. They share the following security parameters: i) block size (n), ii) number of blocks in a message (m), iii) length of the signature field (), iv) a set C of d1 Clifford operators randomly selected in Cn+, and v) a set P of d2 permutations randomly selected in S2n+. d1 and d2 are non-null positive integers. The source and destination share two secret arbitrary long sequences of random numbers s, modulo d1, and r, modulo d2. The sequence s and set C, and the sequence r and set P can be interpreted as the session authentication and encryption keys shared between the source and destination.

Before transmission, the source signs and encrypts each message. On the source side, there is a static variable i. It is initialized to zero. After the completion of the encryption of a message, the new value of the static variable i is incremented by m units.

The plaintext is signed with a sequence of m randomly selected Clifford operators:

(10)
π=Csi,Csi+1,,Csi+m1

All operators are in the set C. The selection of Clifford operators is determined by the sequence of random numbers s. The message signing key is the sequence of Clifford operators π.

Following the signature procedure, the signed plaintext is encrypted with a sequence of m randomly selected permutations:

(11)
ρ=Pri,Pri+1,,Pri+m1

All permutations are in the set P. The selection of permutations is determined by the sequence of random numbers r. The message encryption key is the sequence of permutations ρ.

The expression

(12)
PrjCsjwj|jmod,withj=i,i+1,,i+m1
represents the quantum block wj suffixed with the signature quantum state |jmod of qubits in state jmod. The Clifford operator Csj is applied, then the permutation Prj is applied. The encryption of the plaintext message is the quantum ciphertext resulting from the following tensor product:
(13)
C=j=ii+m1PrjCsjwj|jmod

The quantum ciphertext C and the value of classical variable i are sent together to the destination.

Note that the term signature is used but not in the classical sense. A classical message signature is calculated by reading the payload of a message. For quantum data, reading the payload to calculate a signature is not feasible because the measurement of the payload qubits would destroy their states.

It is assumed that the plaintext is random and unbiased. A diffusion phase before encryption, on the source side, and an assembly phase after decryption, on the destination side, can be added to remove statistical bias in ciphertext. See Ref. 27 for a circuit design which does that using CNOT gates.

Building the set C of Clifford operators involves the random selection of d1 integers in the range one to |Cn+| and mapping these integers to Clifford operators. Koenig and Smolin have published a On3 algorithm for doing this mapping while van den Berg34 proposed a On2 algorithm. Barbeau et al.9 investigated this aspect for message key purposes.

Decryption and authentication algorithm

The destination receives a quantum ciphertext C and a classical value i. For the purposes of replay protection, the destination ensures that the value of i is new. The ciphertext C consists of m blocks of n+ qubits ωj, j=i,,i+m1. The decryption of a block with index j consists of the following product:

(14)
Xj=CsjPrj1ωj

Csj is the conjugate transpose of Clifford operator Csj. The product CsjCsj is an identity. Prj1 is the inverse permutation of Prj. The product Prj1Prj is also an identity. Assuming that a received message is intact, we have:

(15)
Xj=CsjPrj1ωj=CsjPrj1PrjCsjwj|jmod=CsjCsjwj|jmod=wj|jmod

The original content is restored. To confirm that a verification is performed, measuring the qubits from positions n to n+1 of every block, testing equality with the corresponding block number j, and taking the logical conjunction of the results:

(16)
v=j=ii+m1Xjnn+1=jmod

The result is the Boolean value v. When it evaluates to one, the message is accepted and the resulting plaintext is

(17)
Xi0n1,Xi+10n1,,Xi+m10n1.

Otherwise, the ciphertext C is rejected.

The message verification key is the sequence of conjugate transposes Csi,Csi+1,,Csi+m1, which can easily be derived given π. Verification of the condition of Equation (16) is interpreted as a proof of ownership of the authentication key π by the message source and a validation of integrity. The value of the signature suffix aims to make every message unique, for replay protection. However, there is a risk of collision according to the selected security parameters. The collision probability is further investigated in the next section. The message decryption key is the sequence of inverse permutations Pri1,Pri+11,,Pri+m11, also easily derived given ρ. It is a symmetric key that both the source and destination must share.

Collision probability

As a function of the values selected for the security parameters, d1, d2, , m, and n, there is a risk of collision, i.e., a repeated message value is signed and encrypted the same way.

Definition 2

(Collision). A collision arises when a reoccurring message consisting of m quantum blocks, each of them representing a n-qubit state, is re-numbered with the same sequence of integers i,i+1,,i+m1, modulo , re-resigned with the same sequence of Clifford operators C0,C1,,Cm1, chosen in the group Cn+, and re-encrypted with the same sequence of permutations P0,P1,,Pm1, chosen in the symmetric group S2n+. The same numbering, Clifford operators, and permutations are picked twice to sign and encrypt a repeating message content.

The smaller the collision probability, the better, because collisions leak information. They make it possible to identify traffic patterns, which can eventually lead to breaking encryption schemes. For the analysis, let us assume that a quantum block state is a single member of the orthonormal basis, i.e., no superposition. A message consists of m column vectors in the basis Bn. It is assumed that all members of the basis are equally probable. It is also assumed that, for a message, all block numbering sequences of m integers module are equally probable. These assumptions are reasonable, particularly when diffusion before encryption and assembly after decryption are done.

There are 2mn+d1md2m unique combinations consisting of a message of m blocks of n qubits, a numbering sequence of -bit integers, a sequence of m Clifford operators chosen among a set of d1 available operators, and a sequence of m permutations chosen among a set of d2 available permutations. When over 2mn+d1md2m messages are authenticated and encrypted with the same session key, at least one collision has occurred. We calculate the collision probability when less than 2mn+d1md2m messages have been encrypted with the same session key. Note that collisions are unavoidable with finite-length fields, determined in this case by the security parameters.

Theorem 2

Let i be the number of messages consisting of m quantum states in Bn authenticated using m Clifford operators, chosen in subset C, included in Cn+, of d1 Clifford operators, and encrypted with m permutations, chosen in subset P, included in S2n+, of d2 permutations. is the number of signature qubits allocated for each block. Let i be greater than zero and less than equal to imax=2mn+d1md2m. When i messages have been encrypted, the probability that at least one collision has occurred, denoted as Kd1d2mni, is at least cmin=0.6ii12mn++1d1md2m but not greater than cmax=ii12mn++1d1md2m.

Proof.

Let us assume that all messages are equally probable, that the choice of Clifford operators and permutations is uniform, and that probabilities are independent across messages.

Lower bound. The absence of collision after encrypting i messages is represented as the event ei. The event corresponds to a condition where i messages have been authenticated and encrypted. When no collision has occurred after the authentication and encryption of i messages, it means that among the available 2mn+d1md2m combinations of message value, numbering sequence, Clifford operator sequence, and permutation sequence, solely 2mn+d1md2mi combinations have not been used. Therefore, the probability of no collision when the i+1-th message is signed and encrypted is

Prei+1ei=2mn+d1md2mi2mn+d1md2m=1i2mn+d1md2m

It follows that the probability of the absence of collision after the completion of the signature and encryption of i messages is

(18)
1Kd1d2mmi=Prei=Preiei1Prei==k=1i1Prek+1ek=k=1i11k2mn+d1md2m

Leveraging the inequality 1xexx, with 0x1, the fact 0k2mn+d1md2m1, and the equality k=1i1k=ii12, the product of Equation (18) is less than equal to

(19)
k=1i1ek2mn+d1md2m=eii12mn++1d1md2m
which implies that
(20)
Kd1d2mni1eii12mn++1d1md2m.

Leveraging the inequality 1ex11/ex, Equation (20) is greater than

11eii12mn++1d1md2m0.6ii12mn++1d1md2m.

Hence, we obtain that

Kd1d2mni0.6ii12mn++1d1md2m.

Upper bound. Let the event fi denote a collision resulting from the ith block encryption. The probability of fi is

Prfi=i12mn+d1md2m.

Due to the existence of 2mn+d1md2m of unique triples comprising a message, a Clifford operator, and a permutation, we obtain that

(21)
Kd1d2mni=Prf0f1fi1Prf0+Prf1++Prfi112mn+0d1md2m+1d1md2m+i1d1md2m=ii12mn++1d1md2m

Remark 1

The collision probability approaches the value of one-half by growing the block size (n) and number of blocks in a message (m). It is upper bounded by the value one-half because the weight of the subtrahend one is progressively diminishing, in the numerator ii1, with i reaching imax.

Figure 1 plots the collision probability Kd1d21ni (y-axis) versus the number of transmitted messages i (x-axis), from one to imax. The message size (m) is one. There are curves for two-, three-, four-, and five-qubit QPP (n). The corresponding numbers of gates are 56, 17, six, and three. As mentioned in Remark 1, in the analysis, the maximum collision probability is one-half (or 100.3 on the logarithmic y-axis) when the number of encrypted blocks i is equal to imax. Of course, when i is greater than equal to 2mn+d1md2m, the probability is one. From this perspective, i.e., from the block-key point of view, the collision probability is noticeably high for a low number of encrypted blocks.

2aee2fcd-6611-42a0-baf4-833a46081bf5_figure1.gif

Figure 1. Probability of block collision versus the number of blocks (i) encrypted, for block sizes (n) two, three, four, and five qubits.

Figure 2 presents the message-key point of view. The x-axis corresponds to the block size (n), while the y-axis represents the value of imax as a function of the number of blocks in a message (m) and the block size (n). Again, as noted in Remark 1, in the analysis, the collision probability approaches value one-half as the number of blocks in a message (m) and the block size (n) grow and i approaches imax. Figure 2 plots values for imax (Theorem 2) for block sizes two, three, four, and five and message sizes one, two, four, and eight. imax is a parameter to consider when conducting a risk assessment and determining the maximum number of messages that can be sent before renewing a session key.

2aee2fcd-6611-42a0-baf4-833a46081bf5_figure2.gif

Figure 2. Value of imax (see Theorem 2) according to the block size (n) and message size (m).

Security parameters d1 and d2, selected according to the block size, are as suggested by Kuang and Perepechaenko.27 is equal to two.

Conclusion

An authentication and encryption scheme for quantum messages consisting of blocks of qubits has been presented. The scheme is simple and considers the scarcity of qubits for the upcoming first-generation quantum Internet. The authentication and verification key consists of a sequence of quantum Clifford operators. The encryption and decryption key is made of a sequence of quantum permutations. The scheme uses the block counter mode. Integrity and replay protection are also provided. For authentication, the source provides proof of ownership of the authentication key to the destination. Validation of integrity and replay protection rely on testing the consistency of the signature field of every block. The scheme is practical but does not achieve perfect indistinguishability because of the risk of message collision. This is normal and unavoidable when fixed-size fields are assumed to make a scheme practical. The message collision probability has been analytically determined. The model can be used to determine the values of the security parameters and the lifetime of session keys to mitigate the risk of information leakage according to the needs of the scheme’s users.

Comments on this article Comments (0)

Version 1
VERSION 1 PUBLISHED 11 Sep 2023
Comment
Author details Author details
Competing interests
Grant information
Copyright
Download
 
Export To
metrics
Views Downloads
F1000Research - -
PubMed Central
Data from PMC are received and updated monthly.
- -
Citations
CITE
how to cite this article
Barbeau M. Quantum data communication protection with the quantum permutation pad block cipher in counter mode and Clifford operators [version 1; peer review: 1 approved]. F1000Research 2023, 12:1123 (https://doi.org/10.12688/f1000research.140027.1)
NOTE: If applicable, it is important to ensure the information in square brackets after the title is included in all citations of this article.
track
receive updates on this article
Track an article to receive email alerts on any updates to this article.

Open Peer Review

Current Reviewer Status: ?
Key to Reviewer Statuses VIEW
ApprovedThe paper is scientifically sound in its current form and only minor, if any, improvements are suggested
Approved with reservations A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.
Not approvedFundamental flaws in the paper seriously undermine the findings and conclusions
Version 1
VERSION 1
PUBLISHED 11 Sep 2023
Views
13
Cite
Reviewer Report 23 Jan 2024
Cherry Mangla, CN Infometic Inc, Edmonton, Alberta, Canada 
Approved
VIEWS 13
This article plays a crucial role in the world of cybersecurity and quantum computing, and I fully agree with what the author is saying. The author points out that because of some problems with quantum mechanics, many cybersecurity plans hit ... Continue reading
CITE
CITE
HOW TO CITE THIS REPORT
Mangla C. Reviewer Report For: Quantum data communication protection with the quantum permutation pad block cipher in counter mode and Clifford operators [version 1; peer review: 1 approved]. F1000Research 2023, 12:1123 (https://doi.org/10.5256/f1000research.153354.r230252)
NOTE: it is important to ensure the information in square brackets after the title is included in all citations of this article.
  • Author Response 22 Mar 2024
    Michel Barbeau, School of Computer Science, Carleton University, Ottawa, K1S5B6, Canada
    22 Mar 2024
    Author Response
    Thanks for your report! I will address your feedback.
    Competing Interests: No competing interests were disclosed.
COMMENTS ON THIS REPORT
  • Author Response 22 Mar 2024
    Michel Barbeau, School of Computer Science, Carleton University, Ottawa, K1S5B6, Canada
    22 Mar 2024
    Author Response
    Thanks for your report! I will address your feedback.
    Competing Interests: No competing interests were disclosed.

Comments on this article Comments (0)

Version 1
VERSION 1 PUBLISHED 11 Sep 2023
Comment
Alongside their report, reviewers assign a status to the article:
Approved - the paper is scientifically sound in its current form and only minor, if any, improvements are suggested
Approved with reservations - A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.
Not approved - fundamental flaws in the paper seriously undermine the findings and conclusions
Sign In
If you've forgotten your password, please enter your email address below and we'll send you instructions on how to reset your password.

The email address should be the one you originally registered with F1000.

Email address not valid, please try again

You registered with F1000 via Google, so we cannot reset your password.

To sign in, please click here.

If you still need help with your Google account password, please click here.

You registered with F1000 via Facebook, so we cannot reset your password.

To sign in, please click here.

If you still need help with your Facebook account password, please click here.

Code not correct, please try again
Email us for further assistance.
Server error, please try again.