# Introduction

## Background and Motivation

Cloud data security is a critical challenge in today’s digital age. Traditional encryption methods face increasing threats, especially with the advent of quantum computing. To address these challenges, researchers have proposed integrating **Quantum Key Distribution (QKD)** with advanced encryption schemes such as **Ciphertext-Policy Attribute-Based Encryption (CP-ABE)**. The paper under discussion introduces a model that leverages multi-qubit QKD to generate secure keys and then uses CP-ABE to enforce fine-grained access control over encrypted cloud data. This approach is designed to ensure that even if a cloud system is compromised, only users with the correct attributes (e.g., "Manager" and "Finance") can decrypt the data.

## Paper's Proposal

The paper outlines a multi-step process:
- **QKD for Key Generation:**
  - **Multi-Qubit Generation:**  
    Alice prepares entangled qubit pairs with chaotic behavior to introduce true randomness.
  - **Transmission and Measurement:**  
    The qubits are sent to Bob, who measures them. Following this, error correction and privacy amplification yield a secure secret key.
- **CP-ABE for Access Control:**  
  - The QKD-generated key is used to encrypt cloud data.
  - CP-ABE enforces an access policy, ensuring that only users whose attributes meet the policy can decrypt the key (or the data).
- **Secure Cloud Data Protection:**  
  - The integration of QKD and CP-ABE provides robust security against both classical and quantum adversaries.

## Our Implementation

In our project, we have built a **proof-of-concept simulation** that captures the core ideas of the paper. Our implementation is divided into several components:

1. **QKD Simulation:**
   - **Alice’s Role:**  
     - Generates entangled Bell pairs using Qiskit.
     - Applies chaotic rotations (using a logistic map) to simulate quantum randomness.
   - **Bob’s Role:**  
     - Measures the qubits using Qiskit’s **AerSimulator**.
     - The measurement outcomes (classical bit strings) serve as the basis for key derivation.
   
2. **Key Derivation:**
   - The measurement outcomes are concatenated and hashed with SHA‑256.
   - The first 16 bytes (128 bits) of the hash are used as the AES key.

3. **Symmetric Encryption with AES:**
   - The derived AES key is used to encrypt a plaintext message in AES EAX mode.
   - Decryption is performed to verify that the process correctly recovers the original message.

4. **CP-ABE Simulation:**
   - A sample policy is defined requiring attributes `"Manager"` and `"Finance"`.
   - The message is "encrypted" (conceptually) along with this policy.
   - Decryption is allowed only if the user's attributes satisfy the policy.

## Cloud Integration (Conceptual)

While our simulation currently focuses on local cryptographic operations, the model can be integrated with cloud systems as follows:

- **Data Encryption:**  
  Data is encrypted locally using the AES key derived from the QKD process, then uploaded to a cloud storage service (e.g., AWS S3, Azure Blob Storage).
  
- **Key Management and Access Control:**  
  The QKD key (protected by CP-ABE) ensures that only authorized users can decrypt the AES key and, subsequently, the cloud data.

- **Secure Communication:**  
  Secure channels (e.g., TLS) ensure that both data and key distribution remain confidential during transmission.

## Conclusion

This simulation demonstrates a simplified workflow:
- **Simulated QKD Key Generation:**  
  Through entangled qubit pairs with chaotic rotations.
- **AES Encryption:**  
  Using a key derived from quantum measurements.
- **CP-ABE Simulation:**  
  Enforcing attribute-based access control.

Though simplified, this proof-of-concept captures the core ideas of integrating QKD with CP-ABE for cloud data security. It provides a foundation for further development towards a fully robust cryptographic system.


