Pascal Junod

Long-term performance of the SwissQuantum quantum key distribution network in a field environment

In this paper, we report on the performance of the SwissQuantum quantum key distribution (QKD) network. The network was installed in the Geneva metropolitan area and ran for more than one-and-a-half years, from the end of March 2009 to the beginning of January 2011. The main goal of this experiment was to test the reliability of the quantum layer over a long period of time in a production environment. A key management layer has been developed to manage the key between the three nodes of the network. This QKD-secure network was utilized by end-users through an application layer.

A fast and versatile quantum key distribution system with hardware key distillation and wavelength multiplexing

We present a compactly integrated, 625 MHz clocked coherent one-way quantum key distribution system which continuously distributes secret keys over an optical fibre link. To support high secret key rates, we implemented a fast hardware key distillation engine which allows for key distillation rates up to 4 Mbps in real time. The system employs wavelength multiplexing in order to run over only a single optical fibre. Using fast gated InGaAs single photon detectors, we reliably distribute secret keys with a rate above 21 kbps over 25 km of optical fibre. We optimized the system considering a security analysis that respects finite-key-size effects, authentication costs and system errors for a security parameter of eQKD = 4 × 10−9.

An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies

We describe a new public-key and provably secure attribute-based broadcast encryption scheme which supports complex access policies with AND, OR and NOT gates. Our scheme, especially targetting the implemention of efficient Pay-TV systems, can handle conjunctions of disjunctions by construction and disjunctions of conjunctions by concatenation, which are the most general forms of Boolean expressions. It is based on a modification of the Boneh-Gentry-Waters broadcast encryption scheme in order to achieve attribute collusion resistance and to support complex Boolean access policies. The security of our scheme is proven in the generic model of groups with pairings. Finally, we compare our scheme to several other Attribute-based Broadcast Encryption designs, both in terms of bandwidth requirements and implementation costs.

Revisiting the IDEA Philosophy

Since almost two decades, the block cipher IDEA has resisted an exceptional number of cryptanalysis attempts. At the time of writing, the best published attack works against 6 out of the 8.5 rounds (in the non-related-key attacks model), employs almost the whole codebook, and improves the complexity of an exhaustive key search by a factor of only two. In a parallel way, Lipmaa demonstrated that IDEA can benefit from SIMD (Single Instruction, Multiple Data) instructions on high-end CPUs, resulting in very fast implementations. The aim of this paper is two-fold: first, we describe a parallel, time-constant implementation of eight instances of IDEA able to encrypt in counter mode at a speed of 5.42 cycles/byte on an Intel Core2 processor. This is comparable to the fastest stream ciphers and notably faster than the best known implementations of most block ciphers on the same processor. Second, we propose the design of a new block cipher, named WIDEA, leveraging on IDEAs outstanding security-performance ratio. We furthermore propose a new key-schedule algorithm in replacement of completely linear IDEAs one, and we show that it is possible to build a compression function able to process data at a speed of 5.98 cycles/byte. A significant property of WIDEA is that it closely follows the security rationales defined by Lai and Massey in 1990, hence inheriting all the cryptanalysis done the past 15 years in a very natural way.

Improving the Boneh-Franklin Traitor Tracing Scheme

Traitor tracing schemes are cryptographically secure broadcast methods that allow identification of conspirators: if a pirate key is generated by k traitors out of a static set of *** legitimate users, then all traitors can be identified given the pirate key. In this paper we address three practicality and security issues of the Boneh-Franklin traitor-tracing scheme. In the first place, without changing the original scheme, we modify its tracing procedure in the non-black-box model such that it allows identification of k traitors in time

An FPGA-Based 4 Mbps Secret Key Distillation Engine for Quantum Key Distribution Systems

tilde{O}(k^2)

Ciphertext-Policy Attribute-Based Broadcast Encryption with Small Keys

, as opposed to the original tracing complexity

Continuous QKD and high speed data encryption

tilde{O}(ell)

Performance of the SwissQuantum network over 21 months

. This new tracing procedure works independently of the nature of the Reed-Solomon code used to watermark private keys. As a consequence, in applications with billions of users it takes just a few minutes on a common desktop computer to identify large collusions. Secondly, we exhibit the lack of practical value of list-decoding algorithms to identify more than k traitors. Finally, we show that 2k traitors can derive the keys of all legitimate users and we propose a fix to this security issue.

Method for public-key attribute-based encryption with respect to a conjunctive logical expression.

Quantum key distribution (QKD) enables provably secure communication between two parties over an optical fiber that arguably withstands any form of attack. Besides the need for a suitable physical signalling scheme and the corresponding devices, QKD also requires a secret key distillation protocol. This protocol and the involved signal processing handle the reliable key agreement process over the fragile quantum channel, as well as the necessary post-processing of key bits to avoid leakage of secret key information to an eavesdropper. In this paper we present in detail an implementation of a key distillation engine for a QKD system based on the coherent one-way (COW) protocol. The processing of key bits by the key distillation engine includes agreement on quantum bit detections (sifting), information reconciliation with forward error correction coding, parameter estimation, and privacy amplification over an authenticated channel. We detail the system architecture combining all these processing steps, and discuss the design trade-offs for each individual system module. We also assess the performance and efficiency of our key distillation implementation in terms of throughput, error correction capabilities, and resource utilization. On a single-FPGA (Xilinx Virtex-6 LX240T) platform, the system supports distilled key rates of up to 4 Mbps.