量子密碼學為量子資訊科學研究之一環，量子密碼學主要是利用量子的物理特性，如：不可複製性，海森堡不確定原理等，來達到資訊安全的相關應用。量子金鑰分配協定為目前量子密碼學中最重要的研究課題之一，量子金鑰分配協定的目的主要是讓使用者能藉由量子通道，安全地分配、共享一把秘密金鑰，以利爾後能運用此一金鑰進行安全的通信。相較於傳統金鑰分配協定，量子金鑰分配協定具有下列兩項優點：1.協定之安全性係植基於量子的物理特性，而非解數學難題上；2.可於執行金鑰分配過程中檢測是否遭人竊聽。基於上述的優點，量子金鑰分配協定提供了較傳統金鑰分配協定更安全的金鑰分配通道。
然而，現有量子金鑰分配協定存在下列二項問題：
1.缺乏身份認證功能：多數量子金鑰分配協定在執行金鑰分配的過程中，均假設參與金鑰分配之使用者其身份已完成認證。若摒除此項假設，這些量子金鑰分配協定將無法抵禦「中間人攻擊」(man-in-the-middle attack)的威脅。
2.量子使用率與通信效率不彰：量子金鑰分配過程，金鑰傳送者與接收者必須透過傳統通信通道進行量測基底資訊之交換並捨棄量測基底不同之量子位元，量子使用率與通信效率不彰。
本論文的目的在研究結合古典密碼技術與量子物理特性之優點，提出具高效率與身份認證功能之量子金鑰分配協定。我們將傳統密碼學中的雜湊函數(hash function)以及對稱式加密(symmetric encryption)技術引入量子金鑰分配協定中，此一結合使我們所提出的量子金鑰分配協定具有下列之優點：(1)可有效防範「中間人攻擊」、「竊聽」與「重送」等安全威脅；(2)金鑰接收者(Bob)無需與傳送者(Alice)進行額外之通信即可獨立完成身份認證與金鑰正確性之檢測；(3) Alice與Bob事先建立之主金鑰可重複使用；以及(4)通信效率優於其他量子金鑰分配協定。此外，考量現實網路環境中，通信的雙方在彼此不熟識的狀況下，常需藉助可信任之第三者進行金鑰之分配，因此針對此類應用環境，本論文亦將所提出之兩方量子金鑰分配協定予以擴充成為適用於三方通信且具身份認證功能之量子金鑰分配協定。
基本上，現有的量子金鑰分配協定於金鑰分配的過程中，都假設金鑰的傳送者具備產生量子位元的能力，然而考量量子位元產生設備昂貴的現況，未來的環境未必每位使用者均有能力配置量子位元產生設備。因此未來網路系統中可能只有少數單位（稱為量子位元產生中心）具有產生量子位元之能力，根據此一環境限制，本論文運用量子邏輯閘可以改變量子的相位與狀態的特性，設計出一個新的量子金鑰分配協定，使使用者在無需具備量子位元產生設備之情況下，仍可利用量子位元產生中心所產生之量子位元進行金鑰分配作業。
此外，為提昇量子位元的使用率，本論文運用「量子記憶體」的概念改進現有BB84協定，使得量子位元接收者可以正確地量測、解讀每一個所接收到的量子位元。由於每一個量子位元都可以被正確量測與解讀，因此我們運用此改良後之協定，提出一個新的量子直接通信協定，使Alice在未與Bob先行建立秘密金鑰的情形下，能安全地將機密資料運用量子通道直接傳遞給Bob，而縱使資料傳遞過程中，量子位元遭不法者攔截、竊聽，不法者也無從得知機密資料的內容。

Quantum cryptography, suggested originally by Wiesner and then by Bennett et al., utilizes quantum phenomena such as the no-cloning and the Heisenberg uncertainty principle to achieve the goal of secure communication over quantum channels. Quantum key distribution (QKD) is one of the most devoted researches in quantum cryptography. The object of a QKD protocol (QKDP) is to enable Alice and Bob to securely share a secret key, so that they can make use of that key for further secure communication. Many QKDPs had been proposed in the literature. Compared to the classical key distribution protocols, QKDPs have the following merits: (1) quantum mechanism provides a good solution to secure key distribution without the use of mathematically difficult problems; and (2) legitimate participants can detect the eavesdroppings due to the quantum phenomena. Therefore, QKDPs are considered more secure than the classical key distribution protocols.
However, there are two problems with the current QKDPs.
(1)The lack of user authentication. Most of the current QKDPs assume that all communicating parties had been well authenticated before the protocol execution. In other words, without this assumption, these protocols cannot prevent man-in-the-middle attacks
(2)The inefficiency of quantum bit (qubit) utilization rate and the communication rounds. The sender and the receiver must perform public discussions through the conventional communication channel to exchange the information of their measuring bases. Consequently, the qubits used in the public discussions must be discarded and the extra communication rounds are required.
This thesis integrates the techniques of classical cryptography with the QKDPs to propose a two-party authenticated quantum key distribution protocols (two-party AQKDP). More Precisely, we apply the classical cryptographic hash function and the symmetric encryption to the QKDPs. The proposed protocol has the following advantages: (1) man-in-the-middle attacks can be prevented; the eavesdropping can be detected, and the replay attacks can be avoided; (2) user authentication and key verification can be accomplished by Bob (the receiver) alone without public discussions with Alice (the sender); (3)the secret master key pre-shared between Alice and Bob can be used long-term (repeatedly used), and (4) less communication overhead is required among the existing QKDPs.
In addition, to achieve explicitly mutual authentication between Alice and Bob and to regard the question of who should choose the distributed key, this thesis extends the proposed two-party AQKDP to become a two-party authenticated quantum key agreement protocol (two-party AQKAP), wherein the authenticated session key is determined by an agreement between Alice and Bob rather than chosen by Alice alone. Moreover, since two communication parties usually authenticate each other and share a session key via the assistance of a trusted third party in a large-scale network, the three-party AQKDP and three-party AQKAP are also constructed from the newly proposed protocols in this thesis.
So far, most of the existing QKDPs implicitly assumed that Alice and Bob are capable of generating qubits. This means Alice or Bob in these QKDPs should be equipped with the qubit generating device (QGD) for key distribution. However, for reasons of high cost and others, not everyone except some particular servers (called qubit generating center (QGC) in this thesis) can afford to own the QGDs. In this situation, Alice and Bob, without having QGDs, will not be able to negotiate a key by these QKDPs. Therefore, this thesis will propose an efficient QKDP for the above application environment, in which a QGC is the only party equipped with the QGD in the system, and Alice and Bob can establish a secret key via the assistance of the QGC.
Moreover, this thesis employs the technique of quantum state storage to modify the original BB84 protocol so that Bob can deterministically measure and decode the photons sent by Alice. The modified protocol is more efficient than the original BB84 protocol from the aspect of utilization of qubits. Furthermore, based on the modified BB84 protocol, a single-photon-based deterministic secure quantum communication (DSQC) protocol is proposed to allow Alice to send secret messages to Bob without first establishing a secret key to encrypt them. In contrast to the existing single-photon-based secure communication protocols, which require the sender either to prepare two-qubit photon states or to establish two-way quantum channels with the receiver, the newly proposed protocol requires the sender to prepare single-qubit photon states for message transmissions and only set up one-way quantum channels to the receiver. Therefore, the newly proposed DSQC protocol is suitable and feasible in practical applications.

[1] Cryptographic hash function. Wikimedia Foundation Inc.,
http://en.wikipedia.org/wiki/Cryptographic_hash_function.
[2] Heisenberg uncertainty principle. Semi. Phys. Dept., Vilnius University,
http://www.mtmi.vu.lt/pfk/funkc_dariniai/quant_mech/uncertainty_principle.htm.
[3] Man-in-the-middle attack. Wikimedia Foundation Inc.,
http://en.wikipedia.org/wiki/Man-in-the-middle_attack.
[4] A. Beige, B. G. Englert, Ch. Kurtsiefer, and H. Weinfurter. Secure communication
with a publicly known key. Acta Phys. Pol. A, 101:357, 2002.
[5] C. H. Bennett. Quantum cryptography using any two nonorthogonal states. Phys.
Rev. Lett., 68:3121–3124, 1992.
[6] C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin. Experimental
quantum cryptography. Journal of Cryptology, 5:3–28, 1992.
[7] C. H. Bennett and G. Brassard. Quantum cryptography: Public key distribution
and coin tossing. Proceedings of the IEEE international conference on computers,
systems and signal processing, Bangalore, India, pages 175–179, 1984.[8] C. H. Bennett, G. Brassard, S. Breidbart, and S.Wiesner. Quantum cryptography,
or unforgeable subway tokens. Advances in cryptology: Proceedings of Crypto’82,
New York, pages 267–275, 1982.
[9] E. Biham, M. Boyer, P. O. Boykin, T. Mor, and V. Roychowdhury. A proof of
the security of quantum key distribution. Proceedings of the thirty-second annual
ACM symposium on Theory of computing, pages 715–724, 2000.
[10] K. Bostroem and T. Felbinger. Deterministic secure direct communication using
entanglement. Phys. Rev. Lett., 89:187902, 2002.
[11] Q. Y. Cai and B. W. Li. Improving the capacity of the bostrom-felbinger protocol.
Phys. Rev. A, 69:054301, 2004.
[12] H. J. Cao and H. S. Song. Quantum secure direct communication with w state.
Chin. Phys. Lett., 23:290–292, 2006.
[13] I. P. Degiovanni, I. Ruo Berchera, S. Castelletto, and M. L. Rastello. Quantum
dense key distribution. Phys. Rev. A, 69:032310, 2004.
[14] F. G. Deng and G. L. Long. Secure direct communication with a quantum one-time
pad. Phys. Rev. A, 69:052319, 2004.
[15] F. G. Deng, G. L. Long, and X. S. Liu. Two-step quantum direct communication
protocol using the einstein-podolsky-rosen pair block. Phys. Rev. A, 68:042317,
2003.
[16] F. G. Deng, G. L. Long, and X. S. Liu. Increasing the efficiencies of random-choicebased
quantum communication protocols with delayed measurement. Chinese
Physics Letters, 21:2097–2100, 2004.
[17] W. Diffie and M. E. Hellman. New directions in cryptography. IEEEIT, 22(6):644–
654, 1976.[18] A. Einstein, P. Podolsky, and S. Rosen. Can quantum-mechanical description of
physical reality be considered complete? Physical Review, 47:777–780, 1935.
[19] A. K. Ekert. Quantum cryptography based on bell’s theorem. Phys. Rev. Lett.,
67:661–663, 1991.
[20] G. Folland and A. Sitaram. The uncertainty principle: A mathematical survey.
Journal of Fourier Analysis and Applications, pages 207–238, 1997.
[21] T. Gao, F. Yan, and Z. Wang. Quantum secure conditional direct communication
via epr pairs. International Journal of Modern Physics C, 16(8):1293, 2005.
[22] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden. Quantum cryptography. Rev.
Mod. Phys., 74:145–195, 2002.
[23] D. Gottesman and H.-K. Lo. Proof of security of quantum key distribution with
two-way classical communications. IEEE Transactions on Information Theory,
49(2):457–475, 2003.
[24] G. P. Guo, C. F. Li, B. S. Shi, J. Li, and G. C. Guo. Quantum key distribution
scheme with orthogonal product states. Phys. Rev. A, 64:042301, 2001.
[25] R. J. Hughes, G. G. Luther, G. L. Morgan, C. G. Peterson, and C. Simmons. Quantum
cryptography over underground optical fibers. Proceedings of Advances in
Cryptology - CRYPTO’96, Lecture Notes in Computer Science, Springer-Verlag,
1109:329–342, 1996.
[26] W. Y. Hwang, I. G. Koh, and Y. D. Han. Quantum cryptography without public
announcement of bases. Physical Letter A, 244:489–494, 1998.
[27] W. C. Ku, H. L. Lee, and C. M. Chen. Reflection attack on a generalized key
agreement and password authentication protocol. IEICE TRANS. COMMUN,
E87-B(5):1386–1388, 2004.[28] H. Lee, J. Lim, and H. Yang. Phys. Rev. A, 73:042305, 2006.
[29] H. Lee, J. Lim, and H. Yang. Quantum direct communication with authentication.
Phys. Rev. A, 73:042305, 2006.
[30] X. H. Li, F.G. Deng, C. Y. Li, Y. J. Liang, P. Zhou, and H. Y. Zhou. Deterministic
secure quantum communication without maximally entangled states. J. Korean
Phys. Soc., 49(4):1354–1359, 2006.
[31] X. H. Li, F.G. Deng, and H. Y. Zhou. Improving the security of secure direct
communication based on the secret transmitting order of particles. Phys. Rev. A,
74:054302, 2006.
[32] H. K. Lo and H. F. Chau. Unconditional security of quantum key distribution
over arbitrarily long distances. Science, 283:2050–2056, 1999.
[33] G. L. Long and X. S. Liu. Theoretically efficient high-capacity quantum-keydistribution
scheme. Phys. Rev. A, 65:032302, 2002.
[34] M. Lucamarini and S. Mancini. Secure deterministic communication without entanglement.
Phys. Rev. Lett., 94:140501, 2005.
[35] Z. X. Man, Y. J. Xia, and Z. J. Zhang. Secure deterministic bidirectional communication
without entanglement. International Journal of Quantum Information,
4(4):739–746, 2006.
[36] D. Mayers. Quantum key distribution and string oblivious transfer in noisy channel.
Proceedings of Advances in Cryptology - CRYPTO’96, Lecture Notes in Computer
Science, Springer-Verlag, 1109:343–357, 1996.
[37] D. Mayers. Unconditional security in quantum cryptography. Journal of the ACM,
48(3):351–406, 2001.[38] M. A. Nielsen and I. L. Chuang. Quantum computation and quantum information.
Cambridge University Press, Cambridge, England, 2000.
[39] B. S. Shi, J. Li, J. M. Liu, X. F. Fan, and G. C. Guo. Quantum key distribution and
quantum authentication based on entangled state. Physics Letters A, 281:83–87,
2001.
[40] K. Shimizu and N. Imoto. Single-photon-interference communication equivalent to
bell-state-basis cryptographic quantum communication. Phys. Rev. A, 62:054303,
2000.
[41] P. W. Shor. Algorithms for quantum computation: discrete logarithms and factoring.
Proc. 35th Annual Symposium on Foundations of Computer Science, pages
124–134, 1994.
[42] W. Stallings. Cryptography and network security: Principles and practice. Third
Edition, Prentice Hall International Inc.
[43] W. Stallings. Information theory coding and cryptography. International Edition,
McGraw-Hill. ISBN 0-07-123133-1, Singapore.
[44] P. D. Townsend. Secure key distribution system based on quantum cryptography.
Electronics Letters, 30:809–811, 1994.
[45] C. Wang, F. G. Deng, Y. S. Li, X. S. Liu, and G. L. Long. Quantum secure direct
communication with high-dimension quantum superdense coding. Phys. Rev. A,
71:044305, 2005.
[46] C. Wang, F. G. Deng, and G. L. Long. Multi-step quantum secure direct communication
using multi-particle green-horne-zeilinger state. Optics Communications,
253(1-3):15–20, 2005.[47] J. Wang, Q. Zhang, and C. J. Tang. Quantum secure direct communication based
on order rearrangement of single photons. Phys. Lett. A, 358(4):256–258, 2006.
[48] H. A. Wen. Provably secure password-based authenticated key exchange protocols
using bilinear pairing. PHD Thesis of National Cheng Kung University, 2005.
[49] S. Wiesner. Conjugate coding. Sigact News, 15(1):78, 1983; original manuscript
written circa 1970.
[50] S. Wiesner. Conjugate coding. SIGACT News, 15(1):78–88, Winter-Spring 1983.
[51] A. Wójcik. Eavesdropping on the ping-pong quantum communication protocol.
Phys. Rev. Lett, 90:157901, 2003.
[52] W.K. Wootters and W.H. Zurek. A single quantum cannot be cloned. Nature,
299:802–803, 1992.
[53] F. L. Yan and X. Q. Zhang. A scheme for secure direct communication using epr
pairs and teleportation. Eur. Phys. J. B, 41:75, 2004.
[54] Z. J. Zhang Z. X. Man and Y. Li. Deterministic secure direct communication by
using swapping quantum entanglement and local unitary operations. Chin. Phys.
Lett., 22:18–21, 2005.
[55] G. Zeng and G. Guo. Quantum authentication protocol.
http://xxx.lanl.gov/abs/quant-ph/0001046.
[56] G. Zeng and W. Zhang. Identity verification in quantum key distribution. Phys.
Rev. A, 61:022303, 2000.
[57] A. D. Zhu, Y. Xia, Q. B. Fan, and S. Zhang. Secure direct communication based
on secret transmitting order of particles. Phys. Rev. A, 73:022338, 2006.