A Quantum Mechanical Proof of Insecurity of the Theoretical QKD Protocols

Cryptography is crucial to communication security. In 1984, a well-known QKD (quantum key distribution) protocol, BB84, was published by Bennett and Brassard. The BB84 Protocol was followed by the QKD protocols published by Ekert (1991) (E91) and Bennett (1992) (B92). Some authors proved security of the theoretical QKD protocols in different theoretical frameworks by defining security of QKD protocols differently. My argument is that the previous proofs of security are neither unique nor exhaustive for each theoretical QKD protocol, which means that proof of security of the theoretical QKD protocols has not been completed or achieved. The non-uniqueness and the non-exhaustiveness of the proofs will lead to more proofs. However, a coming “proof” of security of the theoretical QKD protocols is possible to be a disproof. The research by quantum mechanics in this paper disproves security of the theoretical QKD protocols, by establishing the theoretical framework of quantum mechanical proof, defining security of QKD protocols, establishing the quantum state of the final key of the theoretical protocols from their information leakages, and applying Grover’s fast quantum mechanical algorithm for database search to the quantum state of the final key to result in the Insecurity Theorem. This result is opposite to those of the previous proofs where the theoretical QKD protocols were secure. It is impossible for Alice and Bob to protect their communications from information leakage by stopping or canceling the protocols. The theoretical QKD keys are conventional and basically insecure. Disproof of security of the theoretical QKD protocols is logical.


Introduction
Cryptography is crucial to communication security. In 1984, a well-known QKD How to cite this paper: Zhao [14]- [19], in different theoretical frameworks by defining security of QKD protocols differently.
My argument is that the authors understand security of QKD with different perspectives, and the previous proofs of security are neither unique nor exhaustive for each theoretical QKD protocol, which means that proof of security of the theoretical QKD protocols has not been completed or achieved. On the other hand, it is possible, from the non-uniqueness and non-exhaustiveness of proofs of security of QKD, that the theoretical QKD protocols will be proved insecure in an updated theoretical framework with an updated definition of security. For insecurity, one proof is enough.
Quantum mechanics is applied to variant research fields. For example, Stanisław Olszewski examines the time intervals characteristic for the quantum emission process, partly on the basis of the Ehrenfest treatment of the adiabatic invariants and partly with the aid of a study of the mechanical properties of electrons entering the simple quantum systems [20]. Shiro Ishikawa proposes the understanding of Wittgenstein's picture theory in the framework of quantum language (or, "measurement theory", "the linguistic Copenhagen interpretation of quantum mechanics", "the quantum mechanical worldview") [21].
Quantum computation holds much promise to break cryptosystems. In 1994, Shor published an algorithm for quantum computation of factoring [22], which can be used for breaking keys of conventional RSA public-key cryptosystems efficiently [22] [23] [24] [25]. In 1996, Grover published a fast quantum mechanical algorithm for database search [26], which can be used for efficient breaking of keys of conventional encryption systems such as Data Encryption Standard (DES) cipher [24]- [30]. The success of quantum computation forces us to ask: Are quantum key distribution protocols secure, encountering powerful quantum computation?
In this research Grover's fast quantum mechanical algorithm for database search is applied to disprove security of the theoretical quantum key distribution protocols [26] [27]. The security of QKD protocols is defined in the theoretical framework of quantum mechanical proof established in this paper. The quantum state of the final key of the theoretical QKD protocols, which is based on the information leakages to Eve, the adversary, is established. Grover's fast quantum mechanical algorithm for database search is applied to the quantum state of the final key to result in the Insecurity Theorem [26] [27]. Journal of Quantum Information Science

The Theoretical Framework of Quantum Mechanical Proof
The theoretical framework of quantum mechanical proof in this paper consists of the theoretical QKD protocols, Grover's fast quantum mechanical algorithm for database search and the rules of mathematical inference in quantum mechanics.
The variables in the framework are listed as: k i : the bit string of the i-th component of the quantum state of the final key; p j : the bit string of the j-th component of the quantum state of the plain-text; k s : the bit string of the key, whose value is set by Alice; p t : the bit string of the plain-text, whose value is set by Alice; C: the bit string of the cypher-text produced by Alice's encryption.

The Definition of Security of QKD Protocols
A QKD (quantum key distribution) protocol is secure if and only if its final key cannot be deduced from the information leakage of the protocol.

Insecurity Theorem of the Theoretical QKD Protocols
The theoretical QKD protocols, BB84, E91 and B92, are insecure in the theoretical framework of quantum mechanical proof in this paper.

Leakage of the Key-Length of BB84
After the "public discussion" of BB84 Protocol, the "remaining shared secret bits", announced or leaked over the public channel, are used as the final key [1]. Thus, Eve, the adversary, overhears the "public exchange of messages" between Alice and Bob, and counts the "remaining shared secret bits" for n, the number of the bits of the final key.

Leakage of the Key-Length of E91
Eve, the adversary, overhears the legitimate users' public announcements, neither disturbing the quantum channel nor violating the requirement of quantum mechanics, to know n, the number of the bits of the final key, by counting the Journal of Quantum Information Science measurements or the orientations of the analyzers within the second group, which Alice and Bob used the same orientation of their analyzers for and publicly announced or leaked [2].

Leakage of the Key-Length of B92
1) Detecting the key-length of EPR and non-EPR key distribution system by Eve: For "EPR and non-EPR key distribution" system [3], Eve repeats for k times to eavesdrop on Alice and Bob's public test in Step 9 and Step 10 of the system [3], and detects the key-length by counting the bits of the final secret key after the k repeated tests, without disturbing the quantum channel.
2) A scheme of "interferometric quantum key distribution using two non-orthogonal low-intensity coherent states" is proposed [3]. According to the scheme, "Alice would randomly send red and green flashes of < 1 photon intensity, and Bob would publicly report which flashes he saw, but not their colors, which would constitute the secret key." [3] My argument is that it is unnecessary for Eve to "see" the same subset of flashes. She can seize the knowledge of the key-length by eavesdropping on Bob's public report and counting the subset flashes seen by Bob.

Quantum State of the Final Key
The leakage of the lengths of the final keys of BB84, E91 and B92 discussed in

OTP Encryption Algorithm
Bennett and Brassard declare that "If the transmission has not been disturbed, they agree to use these shared secret bits in the well-known way as a one-time pad to conceal the meaning of subsequent meaningful communications, or for other cryptographic applications (e.g. authentication tags) requiring shared secret random information." [1]. This declaration defines and publishes the encryption algorithm of QKD protocols: one-time pad encryption algorithm (OTP) [31]. Journal of Quantum Information Science

Quantum State of the Plain-Text
The length (the number of the bits) of the plain-text is n, equal to the length of the key, because the encryption algorithm of QKD is OTP encryption algorithm [31]. Therefore, the quantum state of the plain-text is

Encryption
After the protocol is implemented, Alice encrypts her plain-text by the operation where E is the OTP (one-time pad) encryption algorithm, k s is the bit string of s k , the key, p t is the bit string of t p , the plain-text, C is the cipher-text.
Then she sends the cipher-text and the encryption algorithm (for Bob's decryption) to Bob during the communication between them.

Decryption
Bob receives the cypher-text and the encryption algorithm sent by Alice to him, and establishes his decryption equation where E is the OTP (one-time pad) encryption algorithm, k s is the bit string of s k , the key, p j is the bit string of j p , C is the cipher-text.
Bob's decryption is to solve the decryption equation, Equation (4), to find the plain-text t p .
It is obvious that there exists at least one solution of Equation (4) because of Alice's encrypting (Equation (3)). It is obvious that solution of Equation (4) is required to be unique for successful communication between Alice and Bob.
Solving Equation (4) is to search P (expressed by Equation (2)) for the j p whose bit string, p j , satisfies Equation (4). Bob prefers using Grover's fast quantum mechanical algorithm for database search because Grover's quantum searching algorithm is optimal [32]. Bob's decryption, which needs

O N
Grover's iterations, is presented in Appendix 1 of this paper.

Key-Equation
Eve intercepts the cipher-text and the encryption algorithm sent by Alice to Bob.
For Eve, if i k is the key and j p is the plain-text, they satisfy where E is the OTP encryption algorithm, k i is the bit string of i k , p j is the bit string of j p , C is the cipher-text. Equation (5) is the key-equation.

Uniqueness of Solution
It is obvious that there exists at least one couple of k i and p j that satisfies Equation (5) because of Alice's encrypting (Equation (3)). Furthermore, multiplicity of solution of Equation (5)

Searching by Grover's Fast Quantum Mechanical Algorithm
Eve searches the quantum state of the secrete key (Equation (1) , i j f k p (using the key-equation Equation (5)): 2) Repeating the following operations (a) and (b) for where ( ) , i j f k p is the function defined by Equation (6).
b) Performing Grover operation (in terms of inversion about average operation) where the diffusion transform D can be implemented as

Proved Insecurity Theorem of the Theoretical QKD Protocols
From the inference of Section 5, the result of Section 5.11 and the definition of security of QKD protocols suggested in Section 3, the Insecurity Theorem of the theoretical QKD protocols suggested in Section 4 is proved.

Discussions
1) An alternative approach to establishing of the quantum state of the final key, Equation (1), and the quantum state of the plain-text, Equation (2), is open to Eve. Eve intercepts the cypher-text sent by Alice to Bob and counts its bits for n, then establishes Equation (1), where n is the key-length, and Equation (2), where n is the number of the bits of the plain-text, because the encryption algorithm of QKD is one-time pad (OTP) encryption algorithm [1] [31] and the three bit numbers (of the key, the plain-text and the cypher-text) are identical (n). This is a shortcut approach.
2) Bob's  (7) and Equation (8) 3) It is obvious that it is impossible for Alice and Bob to detect Eve's activities because the quantum transmission between them is not disturbed by Eve's operations of eavesdropping and quantum computation. Thus, it is impossible for Alice and Bob to protect their communications from information leakage by stopping or canceling the protocols.
4) The theoretical QKD keys are conventional ones because they are constructed by conventional bits. Therefore, the essential difficulty of the theoretical QKD protocols is that the theoretical QKD keys are basically insecure. Disproof of security of the theoretical QKD protocols is logical.

Conclusion
This research, based on quantum mechanics and quantum computation, proves that the theoretical QKD protocols, BB84, E91 and B92, are insecure in the theoretical framework of quantum mechanical proof in this paper. This result is opposite to those of the previous proofs where BB84 and B92 QKD protocols were secure. The information leakage of the theoretical QKD protocols is unavoidable because the quantum transmission of the protocols is not disturbed by Eve's operations. The keys of the theoretical QKD protocols are conventional ones of conventional bits and basically insecure. The Insecurity Theorem of the theoretical QKD protocols proved in this paper is a logical result. The insecurity