Symmetries and security of a quantum-public-key encryption based on single-qubit rotations

Exploring the symmetries underlying a previously proposed encryption scheme that relies on single-qubit rotations, we derive an improved upper bound on the maximum information that an eavesdropper might extract from all the available copies of the public key. Subsequently, the robustness of the scheme is investigated in the context of attacks that address each public-key qubit independently. The attacks under consideration make use of projective measurements on single qubits and their efficiency is compared to attacks that address many qubits collectively and require complicated quantum operations.

Figure 1

A posteriori probability distributions [given by Eqs. (14)] for $T=8$ [(a)–(e)], $T=9$ [(f)–(h)], and various events $\{T_0^{\left(z\right)},T_0^{\left(x\right)}\}$: (a) $T_0^{\left(z\right)}=0$; (b), (f) $T_0^{\left(z\right)}=2$; (c), (g) $T_0^{\left(z\right)}=4$; (d), (h) $T_0^{\left(z\right)}=6$; (e) $T_0^{\left(z\right)}=8$.

Figure 2

Entropy of a priori probability distribution (=entropy of private key), Holevo bound, and information gain as functions of the number of public-key copies $2T$ that become available. The value of $n$ affects considerably the a priori probability distribution. The inset shows the difference between the Holevo bound and the information gain.

Figure 3

Conditional probability $P\left(\text{suc}\right|w_j,k_j)$ for $n=10$ and various values of $T$.

Figure 4

Conditional probability $P\left(\text{suc}\right|w_j)$ for $n=10$ and various values of $T$.

Figure 5

Average probability of success ${\overline{P}}_s\left(\mathrm{suc}\right)$ as a function of codeword length $s$ for $n=10$ and various values of $T$. The solid lines are numerical results obtained from Eqs. (25), whereas the dashed lines are for the upper bound defined in Eq. (26).