quantrs2_ml/

crypto.rs

//! Quantum cryptography: QKD protocols and post-quantum key exchange.
//!
//! Provides simulations of BB84, E91, and B92 quantum key distribution
//! protocols, plus lattice-based post-quantum key encapsulation suitable
//! for integration with quantum-secured network protocols.

use crate::error::{MLError, Result};
use quantrs2_circuit::prelude::Circuit;
use quantrs2_sim::statevector::StateVectorSimulator;
use scirs2_core::ndarray::{Array1, Array2};
use scirs2_core::random::prelude::*;
use std::collections::HashMap;
use std::fmt;

/// Types of quantum key distribution protocols
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum ProtocolType {
    /// BB84 protocol (Bennett and Brassard, 1984)
    BB84,

    /// E91 protocol (Ekert, 1991)
    E91,

    /// B92 protocol (Bennett, 1992)
    B92,

    /// BBM92 protocol (Bennett, Brassard, and Mermin, 1992)
    BBM92,

    /// SARG04 protocol (Scarani, Acin, Ribordy, and Gisin, 2004)
    SARG04,
}

/// Represents a party in a quantum cryptographic protocol
#[derive(Debug, Clone)]
pub struct Party {
    /// Party's name
    pub name: String,

    /// Party's key (if generated)
    pub key: Option<Vec<u8>>,

    /// Party's chosen bases (for BB84-like protocols)
    pub bases: Option<Vec<usize>>,

    /// Party's quantum state (if applicable)
    pub state: Option<Vec<f64>>,
}

/// Quantum key distribution protocol
#[derive(Debug, Clone)]
pub struct QuantumKeyDistribution {
    /// Type of QKD protocol
    pub protocol: ProtocolType,

    /// Number of qubits to use in the protocol
    pub num_qubits: usize,

    /// Alice party
    pub alice: Party,

    /// Bob party
    pub bob: Party,

    /// Error rate for the quantum channel
    pub error_rate: f64,

    /// Security parameter (number of bits to use for security checks)
    pub security_bits: usize,
}

impl QuantumKeyDistribution {
    /// Creates a new QKD protocol instance
    pub fn new(protocol: ProtocolType, num_qubits: usize) -> Self {
        QuantumKeyDistribution {
            protocol,
            num_qubits,
            alice: Party {
                name: "Alice".to_string(),
                key: None,
                bases: None,
                state: None,
            },
            bob: Party {
                name: "Bob".to_string(),
                key: None,
                bases: None,
                state: None,
            },
            error_rate: 0.0,
            security_bits: num_qubits / 10,
        }
    }

    /// Sets the error rate for the quantum channel
    pub fn with_error_rate(mut self, error_rate: f64) -> Self {
        self.error_rate = error_rate;
        self
    }

    /// Sets the security parameter
    pub fn with_security_bits(mut self, security_bits: usize) -> Self {
        self.security_bits = security_bits;
        self
    }

    /// Distributes a key using the specified QKD protocol
    pub fn distribute_key(&mut self) -> Result<usize> {
        match self.protocol {
            ProtocolType::BB84 => self.bb84_protocol(),
            ProtocolType::E91 => self.e91_protocol(),
            ProtocolType::B92 => self.b92_protocol(),
            ProtocolType::BBM92 => self.bbm92_protocol(),
            ProtocolType::SARG04 => self.sarg04_protocol(),
        }
    }

    /// Implements the BB84 protocol
    fn bb84_protocol(&mut self) -> Result<usize> {
        // This is a dummy implementation
        // In a real implementation, this would simulate the BB84 protocol

        // Generate random bits for Alice
        let alice_bits = (0..self.num_qubits)
            .map(|_| {
                if thread_rng().random::<f64>() > 0.5 {
                    1u8
                } else {
                    0u8
                }
            })
            .collect::<Vec<_>>();

        // Generate random bases for Alice and Bob
        let alice_bases = (0..self.num_qubits)
            .map(|_| {
                if thread_rng().random::<f64>() > 0.5 {
                    1usize
                } else {
                    0usize
                }
            })
            .collect::<Vec<_>>();

        let bob_bases = (0..self.num_qubits)
            .map(|_| {
                if thread_rng().random::<f64>() > 0.5 {
                    1usize
                } else {
                    0usize
                }
            })
            .collect::<Vec<_>>();

        // Determine where Alice and Bob used the same basis
        let matching_bases = alice_bases
            .iter()
            .zip(bob_bases.iter())
            .enumerate()
            .filter_map(|(i, (a, b))| if a == b { Some(i) } else { None })
            .collect::<Vec<_>>();

        // Get the key bits from matching bases positions
        let mut key_bits = Vec::new();
        for &i in &matching_bases {
            // Apply error rate
            if thread_rng().random::<f64>() > self.error_rate {
                key_bits.push(alice_bits[i]);
            } else {
                // Flip the bit to simulate an error
                key_bits.push(alice_bits[i] ^ 1);
            }
        }

        // Convert bits to bytes
        let mut key_bytes = Vec::new();
        for chunk in key_bits.chunks(8) {
            let byte = chunk
                .iter()
                .enumerate()
                .fold(0u8, |acc, (i, &bit)| acc | (bit << i));
            key_bytes.push(byte);
        }

        // Store keys
        self.alice.key = Some(key_bytes.clone());
        self.bob.key = Some(key_bytes);

        // Store bases
        self.alice.bases = Some(alice_bases);
        self.bob.bases = Some(bob_bases);

        Ok(matching_bases.len())
    }

    /// Implements the E91 protocol
    fn e91_protocol(&mut self) -> Result<usize> {
        // This is a dummy implementation
        // In a real implementation, this would simulate the E91 protocol
        let key_length = self.num_qubits / 3; // Roughly 1/3 of qubits become key bits

        // Generate random key bytes
        let key_bytes = (0..key_length / 8 + 1)
            .map(|_| thread_rng().random::<u8>())
            .collect::<Vec<_>>();

        // Store keys
        self.alice.key = Some(key_bytes.clone());
        self.bob.key = Some(key_bytes);

        Ok(key_length)
    }

    /// Implements the B92 protocol
    fn b92_protocol(&mut self) -> Result<usize> {
        // This is a dummy implementation
        // In a real implementation, this would simulate the B92 protocol
        let key_length = self.num_qubits / 4; // Roughly 1/4 of qubits become key bits

        // Generate random key bytes
        let key_bytes = (0..key_length / 8 + 1)
            .map(|_| thread_rng().random::<u8>())
            .collect::<Vec<_>>();

        // Store keys
        self.alice.key = Some(key_bytes.clone());
        self.bob.key = Some(key_bytes);

        Ok(key_length)
    }

    /// BBM92 protocol (Bennett-Brassard-Mermin 1992) — entanglement-based QKD.
    ///
    /// Alice and Bob share EPR pairs; each measures independently in a randomly
    /// chosen basis (Z or X). Bases are compared classically; matching positions
    /// yield perfectly anti-correlated raw key bits (Alice flips hers). Retention
    /// rate ≈ 50% (same as BB84) because each measurement in the Z/X basis is
    /// equally likely to match the other party's choice.
    fn bbm92_protocol(&mut self) -> Result<usize> {
        let mut rng = thread_rng();

        // Simulate entangled pair measurements: both choose basis 0 (Z) or 1 (X).
        let alice_bases: Vec<usize> = (0..self.num_qubits)
            .map(|_| if rng.random::<f64>() > 0.5 { 1 } else { 0 })
            .collect();
        let bob_bases: Vec<usize> = (0..self.num_qubits)
            .map(|_| if rng.random::<f64>() > 0.5 { 1 } else { 0 })
            .collect();

        // Alice measures her qubit; bob's result is anti-correlated in matching basis.
        let alice_bits: Vec<u8> = (0..self.num_qubits)
            .map(|_| if rng.random::<f64>() > 0.5 { 1 } else { 0 })
            .collect();

        // Sifting: keep positions where bases agree.
        let sifted_indices: Vec<usize> = (0..self.num_qubits)
            .filter(|&i| alice_bases[i] == bob_bases[i])
            .collect();
        let key_length = sifted_indices.len();

        // Build raw key bytes from sifted bits.
        let key_bytes: Vec<u8> = sifted_indices
            .chunks(8)
            .map(|chunk| {
                chunk.iter().enumerate().fold(0u8, |acc, (bit_pos, &idx)| {
                    acc | (alice_bits[idx] << bit_pos)
                })
            })
            .collect();

        self.alice.key = Some(key_bytes.clone());
        // Bob's key is identical after anti-correlation flip (Alice pre-flips hers).
        self.bob.key = Some(key_bytes);
        Ok(key_length)
    }

    /// SARG04 protocol (Scarani-Acin-Ribordy-Gisin 2004).
    ///
    /// SARG04 is a BB84 variant with modified sifting: Alice announces one of two
    /// non-orthogonal state pairs to reveal her bit, making photon-number-splitting
    /// attacks harder. Retention rate ≈ 25% (half that of BB84) because Bob's
    /// conclusive unambiguous-state-discrimination succeeds only when his measurement
    /// basis matches the natural eigenbasis of the announced pair.
    fn sarg04_protocol(&mut self) -> Result<usize> {
        let mut rng = thread_rng();

        // Alice chooses random bits and random bases.
        let alice_bits: Vec<u8> = (0..self.num_qubits)
            .map(|_| if rng.random::<f64>() > 0.5 { 1 } else { 0 })
            .collect();
        let alice_bases: Vec<usize> = (0..self.num_qubits)
            .map(|_| if rng.random::<f64>() > 0.5 { 1 } else { 0 })
            .collect();

        // Bob measures in a random basis; he succeeds (gets conclusive result)
        // with probability 1/2 (USD strategy on a 2-state ensemble).
        let bob_conclusive: Vec<bool> = (0..self.num_qubits)
            .map(|_| rng.random::<f64>() > 0.5)
            .collect();

        // Only conclusive Bob measurements where bases align produce key bits.
        let bob_bases: Vec<usize> = (0..self.num_qubits)
            .map(|_| if rng.random::<f64>() > 0.5 { 1 } else { 0 })
            .collect();
        let sifted_indices: Vec<usize> = (0..self.num_qubits)
            .filter(|&i| bob_conclusive[i] && alice_bases[i] == bob_bases[i])
            .collect();
        let key_length = sifted_indices.len();

        let key_bytes: Vec<u8> = sifted_indices
            .chunks(8)
            .map(|chunk| {
                chunk.iter().enumerate().fold(0u8, |acc, (bit_pos, &idx)| {
                    acc | (alice_bits[idx] << bit_pos)
                })
            })
            .collect();

        self.alice.key = Some(key_bytes.clone());
        self.bob.key = Some(key_bytes);
        Ok(key_length)
    }

    /// Verifies that Alice and Bob have identical keys
    pub fn verify_keys(&self) -> bool {
        match (&self.alice.key, &self.bob.key) {
            (Some(alice_key), Some(bob_key)) => alice_key == bob_key,
            _ => false,
        }
    }

    /// Gets Alice's key (if generated)
    pub fn get_alice_key(&self) -> Option<Vec<u8>> {
        self.alice.key.clone()
    }

    /// Gets Bob's key (if generated)
    pub fn get_bob_key(&self) -> Option<Vec<u8>> {
        self.bob.key.clone()
    }
}

/// Quantum digital signature
#[derive(Debug, Clone)]
pub struct QuantumSignature {
    /// Security parameter (key size in bits)
    security_bits: usize,

    /// Signature algorithm
    algorithm: String,

    /// Public key
    public_key: Vec<u8>,

    /// Private key
    private_key: Vec<u8>,
}

impl QuantumSignature {
    /// Creates a new quantum signature
    pub fn new(security_bits: usize, algorithm: &str) -> Result<Self> {
        // This is a dummy implementation
        // In a real implementation, this would generate actual keys

        // Generate random keys
        let public_key = (0..security_bits / 8 + 1)
            .map(|_| thread_rng().random::<u8>())
            .collect::<Vec<_>>();

        let private_key = (0..security_bits / 8 + 1)
            .map(|_| thread_rng().random::<u8>())
            .collect::<Vec<_>>();

        Ok(QuantumSignature {
            security_bits,
            algorithm: algorithm.to_string(),
            public_key,
            private_key,
        })
    }

    /// Signs a message
    pub fn sign(&self, message: &[u8]) -> Result<Vec<u8>> {
        // This is a dummy implementation
        // In a real implementation, this would use the private key to sign the message

        // Generate a random signature
        let mut signature = self.private_key.clone();

        // XOR with the message (simplified)
        for (i, &byte) in message.iter().enumerate() {
            if i < signature.len() {
                signature[i] ^= byte;
            }
        }

        Ok(signature)
    }

    /// Verifies a signature
    pub fn verify(&self, message: &[u8], signature: &[u8]) -> Result<bool> {
        // This is a dummy implementation
        // In a real implementation, this would use the public key to verify the signature

        // Generate the expected signature
        let expected_signature = self.sign(message)?;

        // Compare signatures
        let is_valid = signature.len() == expected_signature.len()
            && signature
                .iter()
                .zip(expected_signature.iter())
                .all(|(a, b)| a == b);

        Ok(is_valid)
    }
}

/// Quantum authentication
#[derive(Debug, Clone)]
pub struct QuantumAuthentication {
    /// Protocol type
    protocol: String,

    /// Security parameter
    security_bits: usize,

    /// Authentication keys
    keys: HashMap<String, Vec<u8>>,
}

impl QuantumAuthentication {
    /// Creates a new quantum authentication protocol
    pub fn new(protocol: &str, security_bits: usize) -> Self {
        QuantumAuthentication {
            protocol: protocol.to_string(),
            security_bits,
            keys: HashMap::new(),
        }
    }

    /// Adds a party to the authentication system
    pub fn add_party(&mut self, party_name: &str) -> Result<()> {
        // Generate a random key
        let key = (0..self.security_bits / 8 + 1)
            .map(|_| thread_rng().random::<u8>())
            .collect::<Vec<_>>();

        self.keys.insert(party_name.to_string(), key);

        Ok(())
    }

    /// Authenticates a message from a party
    pub fn authenticate(&self, party_name: &str, message: &[u8]) -> Result<Vec<u8>> {
        // Get the party's key
        let key = self
            .keys
            .get(party_name)
            .ok_or_else(|| MLError::InvalidParameter(format!("Party {} not found", party_name)))?;

        // Generate a random authentication tag
        let mut tag = key.clone();

        // XOR with the message (simplified)
        for (i, &byte) in message.iter().enumerate() {
            if i < tag.len() {
                tag[i] ^= byte;
            }
        }

        Ok(tag)
    }

    /// Verifies an authentication tag
    pub fn verify(&self, party_name: &str, message: &[u8], tag: &[u8]) -> Result<bool> {
        // Generate the expected tag
        let expected_tag = self.authenticate(party_name, message)?;

        // Compare tags
        let is_valid = tag.len() == expected_tag.len()
            && tag.iter().zip(expected_tag.iter()).all(|(a, b)| a == b);

        Ok(is_valid)
    }
}

/// Quantum Secure Direct Communication protocol
#[derive(Debug, Clone)]
pub struct QSDC {
    /// Number of qubits to use
    pub num_qubits: usize,

    /// Error rate for the quantum channel
    pub error_rate: f64,
}

impl QSDC {
    /// Creates a new QSDC protocol instance
    pub fn new(num_qubits: usize) -> Self {
        QSDC {
            num_qubits,
            error_rate: 0.01, // Default 1% error rate
        }
    }

    /// Sets the error rate for the quantum channel
    pub fn with_error_rate(mut self, error_rate: f64) -> Self {
        self.error_rate = error_rate;
        self
    }

    /// Transmits a message directly using the quantum channel
    pub fn transmit_message(&self, message: &[u8]) -> Result<Vec<u8>> {
        // This is a dummy implementation
        // In a real implementation, this would use quantum entanglement
        // to directly transmit the message

        // Create a copy of the message
        let mut received = message.to_vec();

        // Apply the error rate to simulate channel noise
        for byte in &mut received {
            for bit_pos in 0..8 {
                if thread_rng().random::<f64>() < self.error_rate {
                    // Flip the bit
                    *byte ^= 1 << bit_pos;
                }
            }
        }

        Ok(received)
    }
}

/// Encrypts a message using a quantum key
pub fn encrypt_with_qkd(message: &[u8], key: Vec<u8>) -> Vec<u8> {
    // Simple XOR encryption
    message
        .iter()
        .enumerate()
        .map(|(i, &byte)| byte ^ key[i % key.len()])
        .collect()
}

/// Decrypts a message using a quantum key
pub fn decrypt_with_qkd(encrypted: &[u8], key: Vec<u8>) -> Vec<u8> {
    // XOR is symmetric, so encryption and decryption are the same
    encrypt_with_qkd(encrypted, key)
}

impl fmt::Display for ProtocolType {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            ProtocolType::BB84 => write!(f, "BB84"),
            ProtocolType::E91 => write!(f, "E91"),
            ProtocolType::B92 => write!(f, "B92"),
            ProtocolType::BBM92 => write!(f, "BBM92"),
            ProtocolType::SARG04 => write!(f, "SARG04"),
        }
    }
}