[
  {
    "instruction": "Answer a question about:\nDefault password\n\n==Introduction==\nWhere a device needs a username and/or password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, or after resetting to factory defaults.\nManufacturers of such equipment typically use a simple password, such as admin or password on all equipment they ship, in the expectation that users will change the password during configuration.  The default username and password is usually found in the instruction manual (common for all devices) or on the device itself.\nDefault passwords are one of the major contributing factors to large-scale compromises of home routers. Leaving such a password on devices available to the public is a major security risk.Some devices (such as wireless routers) will come with unique default router username and passwords printed on a sticker, which is more secure than a common default password. Some vendors will however derive the password from the device's MAC address using a known algorithm, in which case the password can be also easily reproduced by attackers.\n\n== Default access ==\nTo access internet-connected devices on a network, a user must know its default IP address. Manufacturers typically use 192.168.1.1 or 10.0.0.1 as default router IP addresses. However, some will have variations on this. Similarly to login details, leaving this unchanged can lead to security issues.\nWhat is the risk of using a common default password on devices?",
    "context": "",
    "output": "The risk of using a common default password on devices is that it can be easily guessed or known by attackers, allowing them to gain access to the device.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What is the risk of using a common default password on devices?",
      "answer": "The risk of using a common default password on devices is that it can be easily guessed or known by attackers, allowing them to gain access to the device.",
      "context": "Default password\n\n==Introduction==\nWhere a device needs a username and/or password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, or after resetting to factory defaults.\nManufacturers of such equipment typically use a simple password, such as admin or password on all equipment they ship, in the expectation that users will change the password during configuration.  The default username and password is usually found in the instruction manual (common for all devices) or on the device itself.\nDefault passwords are one of the major contributing factors to large-scale compromises of home routers. Leaving such a password on devices available to the public is a major security risk.Some devices (such as wireless routers) will come with unique default router username and passwords printed on a sticker, which is more secure than a common default password. Some vendors will however derive the password from the device's MAC address using a known algorithm, in which case the password can be also easily reproduced by attackers.\n\n== Default access ==\nTo access internet-connected devices on a network, a user must know its default IP address. Manufacturers typically use 192.168.1.1 or 10.0.0.1 as default router IP addresses. However, some will have variations on this. Similarly to login details, leaving this unchanged can lead to security issues."
    }
  },
  {
    "instruction": "Context: KLJN Secure Key Exchange\n\n==Introduction==\nRandom-resistor-random-temperature Kirchhoff-law-Johnson-noise key exchange, also known as RRRT-KLJN or simply KLJN, is an approach for distributing cryptographic keys between two parties that claims to offer unconditional security. This claim, which has been contested, is significant, as the only other key exchange approach claiming to offer unconditional security is Quantum key distribution.\nThe KLJN secure key exchange scheme was proposed in 2005 by Laszlo Kish and Granqvist. It has the advantage over quantum key distribution in that it can be performed over a metallic wire with just four resistors, two noise generators, and four voltage measuring devices---equipment that is low-priced and can be readily manufactured. It has the disadvantage that several attacks against KLJN have been identified which must be defended against.\n\"Given that the amount of effort and funding that goes into Quantum Cryptography is substantial (some even mock it as a distraction from the ultimate prize which is quantum computing), it seems to me that the fact that classic thermodynamic resources allow for similar inherent security should give one pause,\" wrote Henning Dekant, the founder of the Quantum Computing Meetup, in April 2013. The Cybersecurity Curricula 2017, a joint project of the Association for Computing Machinery, the IEEE Computer Society, the Association for Information Systems, and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8) recommends teaching the KLJN Scheme as part of teaching \"Advanced concepts\" in its knowledge unit on cryptography.\n\n\n\n== See Also/Further Reading ==\n\nNow answer this question: What is the significance of the fact that the KLJN key exchange scheme can be performed over a metallic wire?",
    "context": "",
    "output": "The fact that the KLJN key exchange scheme can be performed over a metallic wire is significant because it enables the use of low-priced and readily manufactured equipment for the key exchange. This is in contrast to Quantum key distribution, which requires more complex and expensive equipment.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What is the significance of the fact that the KLJN key exchange scheme can be performed over a metallic wire?",
      "answer": "The fact that the KLJN key exchange scheme can be performed over a metallic wire is significant because it enables the use of low-priced and readily manufactured equipment for the key exchange. This is in contrast to Quantum key distribution, which requires more complex and expensive equipment.",
      "context": "KLJN Secure Key Exchange\n\n==Introduction==\nRandom-resistor-random-temperature Kirchhoff-law-Johnson-noise key exchange, also known as RRRT-KLJN or simply KLJN, is an approach for distributing cryptographic keys between two parties that claims to offer unconditional security. This claim, which has been contested, is significant, as the only other key exchange approach claiming to offer unconditional security is Quantum key distribution.\nThe KLJN secure key exchange scheme was proposed in 2005 by Laszlo Kish and Granqvist. It has the advantage over quantum key distribution in that it can be performed over a metallic wire with just four resistors, two noise generators, and four voltage measuring devices---equipment that is low-priced and can be readily manufactured. It has the disadvantage that several attacks against KLJN have been identified which must be defended against.\n\"Given that the amount of effort and funding that goes into Quantum Cryptography is substantial (some even mock it as a distraction from the ultimate prize which is quantum computing), it seems to me that the fact that classic thermodynamic resources allow for similar inherent security should give one pause,\" wrote Henning Dekant, the founder of the Quantum Computing Meetup, in April 2013. The Cybersecurity Curricula 2017, a joint project of the Association for Computing Machinery, the IEEE Computer Society, the Association for Information Systems, and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8) recommends teaching the KLJN Scheme as part of teaching \"Advanced concepts\" in its knowledge unit on cryptography.\n\n\n\n== See Also/Further Reading =="
    }
  },
  {
    "instruction": "Here is a question about this text: NSA product types\n\n==Introduction==\nThe U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define Type 1, 2, 3, and 4 products.   The definitions of numeric type products have been removed from the government lexicon  and are no longer used in government procurement efforts.\n\n== Type 1 product ==\nA Type 1 product was a device or system certified by NSA for use in cryptographically securing classified U.S. Government information. A Type 1 product was defined as:\n\nCryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring the most stringent protection mechanisms.\nThey were available to U.S. Government users, their contractors, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with International Traffic in Arms Regulations.\nType 1 certification was a rigorous process that included testing and formal analysis of (among other things) cryptographic security, functional security, tamper resistance, emissions security (EMSEC/TEMPEST), and security of the product manufacturing and distribution process.\n\n== Type 2 product ==\nA Type 2 product was unclassified cryptographic equipment, assemblies, or components, endorsed by the NSA, for use in telecommunications and automated information systems for the protection of national security information, as defined as:\n\nCryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified national security information.\n\n== Type 3 product ==\nA Type 3 product was a device for use with Sensitive, But Unclassified (SBU) information on non-national security systems, defined as:\n\nUnclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP).\nApproved encryption algorithms included three-key Triple DES, and AES (although AES can also be used in NSA-certified Type 1 products). Approvals for DES, two-key Triple DES and Skipjack have been withdrawn as of 2015.\n\n== Type 4 product ==\nA Type 4 product was an encryption algorithm that was registered with NIST but is not a Federal Information Processing Standard (FIPS), defined as:\n\nUnevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor\u2019s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS.\nWhat is the answer to this question: What is the role of the National Information Assurance Partnership (NIAP) in the development of Type 3 products?",
    "context": "",
    "output": "The National Information Assurance Partnership (NIAP) plays a role in the development of Type 3 products by evaluating the cryptographic algorithms/modules used in these products.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What is the role of the National Information Assurance Partnership (NIAP) in the development of Type 3 products?",
      "answer": "The National Information Assurance Partnership (NIAP) plays a role in the development of Type 3 products by evaluating the cryptographic algorithms/modules used in these products.",
      "context": "NSA product types\n\n==Introduction==\nThe U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define Type 1, 2, 3, and 4 products.   The definitions of numeric type products have been removed from the government lexicon  and are no longer used in government procurement efforts.\n\n== Type 1 product ==\nA Type 1 product was a device or system certified by NSA for use in cryptographically securing classified U.S. Government information. A Type 1 product was defined as:\n\nCryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring the most stringent protection mechanisms.\nThey were available to U.S. Government users, their contractors, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with International Traffic in Arms Regulations.\nType 1 certification was a rigorous process that included testing and formal analysis of (among other things) cryptographic security, functional security, tamper resistance, emissions security (EMSEC/TEMPEST), and security of the product manufacturing and distribution process.\n\n== Type 2 product ==\nA Type 2 product was unclassified cryptographic equipment, assemblies, or components, endorsed by the NSA, for use in telecommunications and automated information systems for the protection of national security information, as defined as:\n\nCryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified national security information.\n\n== Type 3 product ==\nA Type 3 product was a device for use with Sensitive, But Unclassified (SBU) information on non-national security systems, defined as:\n\nUnclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP).\nApproved encryption algorithms included three-key Triple DES, and AES (although AES can also be used in NSA-certified Type 1 products). Approvals for DES, two-key Triple DES and Skipjack have been withdrawn as of 2015.\n\n== Type 4 product ==\nA Type 4 product was an encryption algorithm that was registered with NIST but is not a Federal Information Processing Standard (FIPS), defined as:\n\nUnevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor\u2019s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS."
    }
  },
  {
    "instruction": "Federal Information Processing Standards\n\n==Introduction==\nThe Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors. FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the  Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).\n\n== Specific areas of FIPS standardization ==\nThe U.S. government has developed various FIPS specifications to standardize a number of topics including:\n\nCodes, e.g., FIPS county codes or codes to indicate weather conditions or emergency indications. In 1994, National Oceanic and Atmospheric Administration (NOAA) began broadcasting FIPS codes along with their standard weather broadcasts from local stations. These codes identify the type of emergency and the specific geographic area, such as a county, affected by the emergency.\nEncryption standards, such as AES (FIPS 197), and its predecessor, the withdrawn 56-bit DES (FIPS 46-3).\n\n== Data security standards ==\nSome FIPS standards are related to the security of data processing systems. Some of these include the use of key escrow systems.\n\n== Withdrawal of geographic codes ==\nSome examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4).  These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. Some of the codes maintain the previous numerical system, particularly for states.In 2008, NIST withdrew the FIPS 55-3 database. This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government.  FIPS 8-6 \"Metropolitan Areas\" and 9-1 \"Congressional Districts of the U.S.\" were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively.The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas.In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census. Until then, previously issued FIPS place codes, renamed \"Census Code,\" will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition.\n\nQ: In what situations are FIPS standards typically applied?",
    "context": "",
    "output": "A: FIPS standards are typically applied in cases where suitable industry standards do not exist, with the goal of ensuring computer security and interoperability in computer systems used by non-military government agencies and contractors in the United States.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "In what situations are FIPS standards typically applied?",
      "answer": "FIPS standards are typically applied in cases where suitable industry standards do not exist, with the goal of ensuring computer security and interoperability in computer systems used by non-military government agencies and contractors in the United States.",
      "context": "Federal Information Processing Standards\n\n==Introduction==\nThe Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors. FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the  Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).\n\n== Specific areas of FIPS standardization ==\nThe U.S. government has developed various FIPS specifications to standardize a number of topics including:\n\nCodes, e.g., FIPS county codes or codes to indicate weather conditions or emergency indications. In 1994, National Oceanic and Atmospheric Administration (NOAA) began broadcasting FIPS codes along with their standard weather broadcasts from local stations. These codes identify the type of emergency and the specific geographic area, such as a county, affected by the emergency.\nEncryption standards, such as AES (FIPS 197), and its predecessor, the withdrawn 56-bit DES (FIPS 46-3).\n\n== Data security standards ==\nSome FIPS standards are related to the security of data processing systems. Some of these include the use of key escrow systems.\n\n== Withdrawal of geographic codes ==\nSome examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4).  These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. Some of the codes maintain the previous numerical system, particularly for states.In 2008, NIST withdrew the FIPS 55-3 database. This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government.  FIPS 8-6 \"Metropolitan Areas\" and 9-1 \"Congressional Districts of the U.S.\" were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively.The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas.In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census. Until then, previously issued FIPS place codes, renamed \"Census Code,\" will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition."
    }
  },
  {
    "instruction": "Here is a question about this text: Operation Cyberstorm\n\n==Introduction==\nOperation Cyberstorm was a two-year undercover operation in the United States by the Federal Bureau of Investigation (FBI), against illegal copying of software.  At the time, it was the largest sweep ever conducted by the FBI against illegal copying.\n\n\n\n== Investigations ==\nA number of individuals purchased software at discounts, and resold them at a profit  in violation of their software license.\n\n== Convictions ==\nMirza Ali, 60, of Fremont, California and Sameena Ali, 53, also of Fremont, were sentenced in 2007 to 60 months imprisonment, and forfeiture in the amount of $5,105,977. Keith Griffen, 56, of Oregon City, Oregon, was sentenced to 33 months of imprisonment, restitution to Microsoft Corporation in the amount of $20,000,000, three years of supervised release, and $900 in special assessments. William Glushenko, 66, was sentenced to one year of probation and 100 hours of community service after pleading guilty to misprision of felony.\nWhat is the answer to this question: What was the time frame for Operation Cyberstorm?",
    "context": "",
    "output": "Operation Cyberstorm was a two-year undercover operation.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What was the time frame for Operation Cyberstorm?",
      "answer": "Operation Cyberstorm was a two-year undercover operation.",
      "context": "Operation Cyberstorm\n\n==Introduction==\nOperation Cyberstorm was a two-year undercover operation in the United States by the Federal Bureau of Investigation (FBI), against illegal copying of software.  At the time, it was the largest sweep ever conducted by the FBI against illegal copying.\n\n\n\n== Investigations ==\nA number of individuals purchased software at discounts, and resold them at a profit  in violation of their software license.\n\n== Convictions ==\nMirza Ali, 60, of Fremont, California and Sameena Ali, 53, also of Fremont, were sentenced in 2007 to 60 months imprisonment, and forfeiture in the amount of $5,105,977. Keith Griffen, 56, of Oregon City, Oregon, was sentenced to 33 months of imprisonment, restitution to Microsoft Corporation in the amount of $20,000,000, three years of supervised release, and $900 in special assessments. William Glushenko, 66, was sentenced to one year of probation and 100 hours of community service after pleading guilty to misprision of felony."
    }
  },
  {
    "instruction": "Here is a question about this text: Netsukuku\n\n==Introduction==\nNetsukuku is an experimental peer-to-peer routing system, developed by the FreakNet MediaLab in 2005, created to build up a distributed network, anonymous and censorship-free, fully independent but not necessarily separated from the Internet, without the support of any server, ISP and no central authority.\nNetsukuku is designed to handle up to 2128 nodes without any servers or central systems, with minimal CPU and memory resources. This mesh network can be built using existing network infrastructure components such as Wi-Fi.\nThe project has been in slow development since 2005, never abandoning a beta state. It has also never been tested on large scale.\n\n== Operation ==\nAs of December 2011, the latest theoretical work on Netsukuku could be found in the author's master thesis Scalable Mesh Networks and the Address Space Balancing problem. The following description takes into account only the basic concepts of the theory.\nNetsukuku uses a custom routing protocol called QSPN (Quantum Shortest Path Netsukuku) that strives to be efficient and not taxing on the computational capabilities of each node. The current version of the protocol is QSPNv2. It adopts a hierarchical structure. 256 nodes are grouped inside a gnode (group node), 256 gnodes are grouped in a single ggnode (group of group nodes), 256 ggnodes are grouped in a single gggnode, and so on. This offers a set of advantages main documentation. The protocol relies on the fact that the nodes are not mobile and that the network structure does not change quickly, as several minutes may be required before a change in the network is propagated. However, a node that joins the network is immediately able to communicate using the routes of its neighbors. When a node joins the mesh network, Netsukuku automatically adapts and all other nodes come to know the fastest and most efficient routes to communicate with the newcomer. Each node has no more privileges or restrictions than the other nodes.\nThe domain name system (DNS) is replaced by a decentralised and distributed system called ANDNA (Abnormal Netsukuku Domain Name Anarchy). The ANDNA database is included in the Netsukuku system, so each node includes such database that occupies at most 355 kilobytes of memory.\nSimplifying, ANDNA works as follows: to resolve a symbolic name the host applies a function Hash on its behalf. The Hash function returns an address that the host contacts asking for the resolution generated by the hash. The contacted node receives a request, searches in its ANDNA database for the address associated with the name and returns it to the applicant host. Recording works in a similar way: for example, let's suppose that the node X wants to register the address FreakNet.andna; X calculates the hash name and obtains the address 11.22.33.44 associated with node Y. The node X contacts Y asking to register 11.22.33.44 as its own. Y stores the request in its database and any request for resolution of 11.22.33.44 hash, will answer with the X's address.\nThe protocol is a little more complex than this, as the system provides a public/private key to authenticate the hosts and prevent unauthorized changes to the ANDNA database. Furthermore, the protocol provides redundancy in the database to make the protocol resistant to failure and also provides for the migration of the database if the network topology changes. The protocol does not provide for the possibility of revoking a symbolic name; after a certain period of inactivity (currently 3 days) it is simply deleted from the database. The protocol also prevents a single host from recording an excessive number of symbolic names (at present 256 names) in order to prevent spammers from storing a high number of terms to perform cybersquatting.\nWhat is the answer to this question: What is the maximum period of inactivity before a symbolic name is deleted from the ANDNA database in Netsukuku?",
    "context": "",
    "output": "After a certain period of inactivity (currently 3 days), a symbolic name is deleted from the ANDNA database in Netsukuku.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What is the maximum period of inactivity before a symbolic name is deleted from the ANDNA database in Netsukuku?",
      "answer": "After a certain period of inactivity (currently 3 days), a symbolic name is deleted from the ANDNA database in Netsukuku.",
      "context": "Netsukuku\n\n==Introduction==\nNetsukuku is an experimental peer-to-peer routing system, developed by the FreakNet MediaLab in 2005, created to build up a distributed network, anonymous and censorship-free, fully independent but not necessarily separated from the Internet, without the support of any server, ISP and no central authority.\nNetsukuku is designed to handle up to 2128 nodes without any servers or central systems, with minimal CPU and memory resources. This mesh network can be built using existing network infrastructure components such as Wi-Fi.\nThe project has been in slow development since 2005, never abandoning a beta state. It has also never been tested on large scale.\n\n== Operation ==\nAs of December 2011, the latest theoretical work on Netsukuku could be found in the author's master thesis Scalable Mesh Networks and the Address Space Balancing problem. The following description takes into account only the basic concepts of the theory.\nNetsukuku uses a custom routing protocol called QSPN (Quantum Shortest Path Netsukuku) that strives to be efficient and not taxing on the computational capabilities of each node. The current version of the protocol is QSPNv2. It adopts a hierarchical structure. 256 nodes are grouped inside a gnode (group node), 256 gnodes are grouped in a single ggnode (group of group nodes), 256 ggnodes are grouped in a single gggnode, and so on. This offers a set of advantages main documentation. The protocol relies on the fact that the nodes are not mobile and that the network structure does not change quickly, as several minutes may be required before a change in the network is propagated. However, a node that joins the network is immediately able to communicate using the routes of its neighbors. When a node joins the mesh network, Netsukuku automatically adapts and all other nodes come to know the fastest and most efficient routes to communicate with the newcomer. Each node has no more privileges or restrictions than the other nodes.\nThe domain name system (DNS) is replaced by a decentralised and distributed system called ANDNA (Abnormal Netsukuku Domain Name Anarchy). The ANDNA database is included in the Netsukuku system, so each node includes such database that occupies at most 355 kilobytes of memory.\nSimplifying, ANDNA works as follows: to resolve a symbolic name the host applies a function Hash on its behalf. The Hash function returns an address that the host contacts asking for the resolution generated by the hash. The contacted node receives a request, searches in its ANDNA database for the address associated with the name and returns it to the applicant host. Recording works in a similar way: for example, let's suppose that the node X wants to register the address FreakNet.andna; X calculates the hash name and obtains the address 11.22.33.44 associated with node Y. The node X contacts Y asking to register 11.22.33.44 as its own. Y stores the request in its database and any request for resolution of 11.22.33.44 hash, will answer with the X's address.\nThe protocol is a little more complex than this, as the system provides a public/private key to authenticate the hosts and prevent unauthorized changes to the ANDNA database. Furthermore, the protocol provides redundancy in the database to make the protocol resistant to failure and also provides for the migration of the database if the network topology changes. The protocol does not provide for the possibility of revoking a symbolic name; after a certain period of inactivity (currently 3 days) it is simply deleted from the database. The protocol also prevents a single host from recording an excessive number of symbolic names (at present 256 names) in order to prevent spammers from storing a high number of terms to perform cybersquatting."
    }
  },
  {
    "instruction": "text: NANO Antivirus\n\n==Introduction==\nNANO Antivirus is Russian antivirus software\ndeveloped by NANO Security Ltd. The software has free and paid (NANO Antivirus Pro) versions. NANO Security is a Russian company founded in 2009 by a team which has developed and implemented antivirus software since 2003.\nNANO Security Ltd is integrated into Security and Maintenance of Microsoft. The company is included in Microsoft's list of reputable antimalware producers.The software is intended for use in homes and small businesses.\nIn 2017, NANO Antivirus Pro was included in the Russian Software Registry of the Ministry of Telecom and Mass Communications of the Russian Federation.\n\n\n\n== Other products of the company based on the NANO Antivirus technologies ==\nNANO Antivirus Pro \u2013 the paid version of NANO Antivirus with extended functionality, it uses the dynamic licensing model.\nNANO Antivirus White Label - the platform for developing of co-branded versions of NANO Antivirus.\nNANO Antivirus Engine (SDK) \u2013 the product for development of independent third-party antivirus solutions based on the NANO Antivirus technology. This product also allows to integrate the antivirus technology into existing third-party solutions.\nNANO Antivirus Sky Scan \u2013 the Windows Store application for Windows 8/10 which provides easy-to-use access to NANO Antivirus cloud scan service. If the desktop version of NANO Antivirus is installed on the target device, NANO Antivirus Sky Scan can also be used as a native metro-style shell for the desktop solution.\nNANO Antivirus Online Scanner \u2013 the web application which allows any user to scan suspicious file right in his web browser. The functional of Online Scanner is also available as a special web form for embedding to third-party sites.\n\n== Online scanners ==\nNANO Antivirus is integrated into the following online scanners: VirusTotal, OPSWAT Metadefender, and VirScan.org as Engine Supplier and certified partner.\n\n== Patents ==\nThe technologies of NANO Security are patented in Europe, USA, Russia, China and other countries.\n\nQuestion: What is NANO Antivirus Engine (SDK) and what is it used for?",
    "context": "",
    "output": "NANO Antivirus Engine (SDK) is a product for developing independent third-party antivirus solutions based on NANO Antivirus technology. It also allows for integrating antivirus technology into existing third-party solutions.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What is NANO Antivirus Engine (SDK) and what is it used for?",
      "answer": "NANO Antivirus Engine (SDK) is a product for developing independent third-party antivirus solutions based on NANO Antivirus technology. It also allows for integrating antivirus technology into existing third-party solutions.",
      "context": "NANO Antivirus\n\n==Introduction==\nNANO Antivirus is Russian antivirus software\ndeveloped by NANO Security Ltd. The software has free and paid (NANO Antivirus Pro) versions. NANO Security is a Russian company founded in 2009 by a team which has developed and implemented antivirus software since 2003.\nNANO Security Ltd is integrated into Security and Maintenance of Microsoft. The company is included in Microsoft's list of reputable antimalware producers.The software is intended for use in homes and small businesses.\nIn 2017, NANO Antivirus Pro was included in the Russian Software Registry of the Ministry of Telecom and Mass Communications of the Russian Federation.\n\n\n\n== Other products of the company based on the NANO Antivirus technologies ==\nNANO Antivirus Pro \u2013 the paid version of NANO Antivirus with extended functionality, it uses the dynamic licensing model.\nNANO Antivirus White Label - the platform for developing of co-branded versions of NANO Antivirus.\nNANO Antivirus Engine (SDK) \u2013 the product for development of independent third-party antivirus solutions based on the NANO Antivirus technology. This product also allows to integrate the antivirus technology into existing third-party solutions.\nNANO Antivirus Sky Scan \u2013 the Windows Store application for Windows 8/10 which provides easy-to-use access to NANO Antivirus cloud scan service. If the desktop version of NANO Antivirus is installed on the target device, NANO Antivirus Sky Scan can also be used as a native metro-style shell for the desktop solution.\nNANO Antivirus Online Scanner \u2013 the web application which allows any user to scan suspicious file right in his web browser. The functional of Online Scanner is also available as a special web form for embedding to third-party sites.\n\n== Online scanners ==\nNANO Antivirus is integrated into the following online scanners: VirusTotal, OPSWAT Metadefender, and VirScan.org as Engine Supplier and certified partner.\n\n== Patents ==\nThe technologies of NANO Security are patented in Europe, USA, Russia, China and other countries."
    }
  },
  {
    "instruction": "Anti-Spam Research Group\n\n==Introduction==\nThe Anti-Spam Research Group (ASRG) was a research group started within the Internet Research Task Force (IRTF), where its charter concluded on 18 March 2013.  It is still a reference and a melting pot for anti-spam research and theorization.  In particular, the wiki lives on.\nDedicated to research into curbing spam on an Internet-wide level, it consists of a mailing list to coordinate work and a small web site with a wiki.\nAs with other IRTF groups, the ASRG contributed to the Internet Engineering Task Force (IETF) process with drafts, documents, and assistance in the creation of new working groups.  One IETF group spun off from the ASRG is MARID.\nThe ASRG is sporadically active, as little evolves in the anti-spam landscape, with most activity happening on the mailing list. In 2008 the ASRG worked on Internet Drafts about DNSBLs, in 2010 on the standardization of Feedback loop (email).\n\n\n\n== Chairs of the ASRG ==\nJohn R. Levine of Taughannock Networks (2003\u20132013)\nYakov Shafranovich of SolidMatrix Technologies (2003 - 2004)\nPaul Q. Judge of Ciphertrust, Inc. (2003)\n\nQ: What was the ASRG's main contribution to the IETF process?",
    "context": "",
    "output": "A: The ASRG's main contribution to the IETF process was providing drafts, documents, and assistance in the creation of new working groups.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What was the ASRG's main contribution to the IETF process?",
      "answer": "The ASRG's main contribution to the IETF process was providing drafts, documents, and assistance in the creation of new working groups.",
      "context": "Anti-Spam Research Group\n\n==Introduction==\nThe Anti-Spam Research Group (ASRG) was a research group started within the Internet Research Task Force (IRTF), where its charter concluded on 18 March 2013.  It is still a reference and a melting pot for anti-spam research and theorization.  In particular, the wiki lives on.\nDedicated to research into curbing spam on an Internet-wide level, it consists of a mailing list to coordinate work and a small web site with a wiki.\nAs with other IRTF groups, the ASRG contributed to the Internet Engineering Task Force (IETF) process with drafts, documents, and assistance in the creation of new working groups.  One IETF group spun off from the ASRG is MARID.\nThe ASRG is sporadically active, as little evolves in the anti-spam landscape, with most activity happening on the mailing list. In 2008 the ASRG worked on Internet Drafts about DNSBLs, in 2010 on the standardization of Feedback loop (email).\n\n\n\n== Chairs of the ASRG ==\nJohn R. Levine of Taughannock Networks (2003\u20132013)\nYakov Shafranovich of SolidMatrix Technologies (2003 - 2004)\nPaul Q. Judge of Ciphertrust, Inc. (2003)"
    }
  },
  {
    "instruction": "Remote SIM provisioning\n\n==Introduction==\nRemote SIM provisioning is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer. The specification was originally part of the GSMA's work on eSIM and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into \"domains\" that separate the operator profile from the security and application \"domains\". In practise \"eSIM upgrade\" in the form of a normal SIM card is possible (using the Android 9 eSIM APIs) or eSIM can be included into an SOC. The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.\n\n== Background to the specification ==\nIn the background of the technology looked to address the following issues:\n\nThe development of non-removable SIM technology - a new generation of SIM-cards like MFF which are soldered into the device.\nThe appearance and support by mobile operators of the concept of ABC (always best connected) \u2013 the opportunity get quality connections from any mobile operator at any point in time.\nThe explosive growth of the Internet of Things (IoT) - according to Gartner about 8.4 billion connections in 2017 (up 31% from 2016).\nThe cost and effort required to swap a SIM in a device that has been deployed in the field.\n\n== Origin ==\nThe GSM Association (GSMA) which brings together about 800 operators and 250 mobile ecosystem companies became the first to come up with the Consumer Remote SIM Provisioning initiative. The beginning of creation the technology was announced in the summer 2014. The complete version of the specification was realized in February, 2016.\nInitially, the specification was supposed to be used just by M2M devices, but since December, 2015 it has begun being spread over various custom wearable devices, and into enterprise applications like authentication and identity management.\n\"This new specification gives consumers the freedom to remotely connect devices, such as wearables, to a mobile network of their choice and continues to evolve the process of connecting new and innovative devices,\" Alex Sinclair, Chief Technology Officer, GSMA.\nBesides, the right of independent service providers to transmit commands of loading profiles to SIM-cards in the device has been amended and the possibility to store arrays of profiles in independent certified data centers (Subscriptions manager) has appeared.\n\n== Functions and benefits ==\nThe specification that covers the carrier selection aspects aims to allow consumers to choose a mobile network operator from a wide range to activate the SIM embedded in a device via a subscription. It aims to simplify the users\u2019 life by connecting their multiple devices through the same subscription. It should also motivate mobile device manufacturers to develop the next generation of the mobile-connected devices that will suit better the wearable technology applications. The specification that covers the carrier selection for M2M devices is simpler since typically there is no subscriber involved (e.g. changing the operator in an electricity meter).\nThe language that is used to describe these specification is a little confusing since eSIM is not a physical format (or \"form factor\" - the phrase that is used to describe the various SIM sizes). The eSIM describes the functionality in the SIM, not the physical size of the SIM - and there are eSIMs in many formats (2FF, 3FF, 4FF, MFF).\nGSMA have also developed a compliance framework for eSIM devices, eUICCs, and subscription management products - to help with interoperability and security for products supporting eSIM. This is published by the GSMA as SGP.24, the eSIM compliance process describes common compliance requirements for:\n\nFunctional interoperability\neUICC security\neUICC production site security\nSubscription Management site security\n\n== Operation ==\nRemote provisioning on the host device is initiated by the Local Profile Assistant (LPA), a software package that follows the RSP specification.\nWhen the LPA wants to retrieve a carrier profile it contacts a subscription manager (SM) service on the internet via HTTPS. The address of the SM can be defined:\n\nin a QR code scanned by the user\nby manually entering the SM's host name/Activation code on screen\nhard coded by the host device manufacturer in firmware.\nvia a universal discovery service operated by the GSMA.The LPA is responsible for validating the X.509 certificate of the SM is valid and issued by the GSMA certificate authority. Once validation is complete the LPA will coordinate a secure channel between the eUICC and the SM using challenge-response authentication to enter programming mode. The LPA will request carrier profiles available for download, either by submitting the activation code provided by the user or the eSIM ID (EID) of the eUICC. The SM will provide the requested profile encrypted in a way that only the eUICC can decrypt/install to ensure the network authentication key remains secure.\nHow does remote SIM provisioning address the challenges associated with swapping SIM cards in deployed devices?",
    "context": "",
    "output": "Remote SIM provisioning addresses this challenge by enabling consumers to remotely activate and manage their SIM-enabled devices without the need for physical SIM card swaps. This eliminates the time, cost, and effort required to swap SIM cards in deployed devices, making it a more convenient and efficient solution for managing SIM-enabled devices.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "How does remote SIM provisioning address the challenges associated with swapping SIM cards in deployed devices?",
      "answer": "Remote SIM provisioning addresses this challenge by enabling consumers to remotely activate and manage their SIM-enabled devices without the need for physical SIM card swaps. This eliminates the time, cost, and effort required to swap SIM cards in deployed devices, making it a more convenient and efficient solution for managing SIM-enabled devices.",
      "context": "Remote SIM provisioning\n\n==Introduction==\nRemote SIM provisioning is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer. The specification was originally part of the GSMA's work on eSIM and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into \"domains\" that separate the operator profile from the security and application \"domains\". In practise \"eSIM upgrade\" in the form of a normal SIM card is possible (using the Android 9 eSIM APIs) or eSIM can be included into an SOC. The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.\n\n== Background to the specification ==\nIn the background of the technology looked to address the following issues:\n\nThe development of non-removable SIM technology - a new generation of SIM-cards like MFF which are soldered into the device.\nThe appearance and support by mobile operators of the concept of ABC (always best connected) \u2013 the opportunity get quality connections from any mobile operator at any point in time.\nThe explosive growth of the Internet of Things (IoT) - according to Gartner about 8.4 billion connections in 2017 (up 31% from 2016).\nThe cost and effort required to swap a SIM in a device that has been deployed in the field.\n\n== Origin ==\nThe GSM Association (GSMA) which brings together about 800 operators and 250 mobile ecosystem companies became the first to come up with the Consumer Remote SIM Provisioning initiative. The beginning of creation the technology was announced in the summer 2014. The complete version of the specification was realized in February, 2016.\nInitially, the specification was supposed to be used just by M2M devices, but since December, 2015 it has begun being spread over various custom wearable devices, and into enterprise applications like authentication and identity management.\n\"This new specification gives consumers the freedom to remotely connect devices, such as wearables, to a mobile network of their choice and continues to evolve the process of connecting new and innovative devices,\" Alex Sinclair, Chief Technology Officer, GSMA.\nBesides, the right of independent service providers to transmit commands of loading profiles to SIM-cards in the device has been amended and the possibility to store arrays of profiles in independent certified data centers (Subscriptions manager) has appeared.\n\n== Functions and benefits ==\nThe specification that covers the carrier selection aspects aims to allow consumers to choose a mobile network operator from a wide range to activate the SIM embedded in a device via a subscription. It aims to simplify the users\u2019 life by connecting their multiple devices through the same subscription. It should also motivate mobile device manufacturers to develop the next generation of the mobile-connected devices that will suit better the wearable technology applications. The specification that covers the carrier selection for M2M devices is simpler since typically there is no subscriber involved (e.g. changing the operator in an electricity meter).\nThe language that is used to describe these specification is a little confusing since eSIM is not a physical format (or \"form factor\" - the phrase that is used to describe the various SIM sizes). The eSIM describes the functionality in the SIM, not the physical size of the SIM - and there are eSIMs in many formats (2FF, 3FF, 4FF, MFF).\nGSMA have also developed a compliance framework for eSIM devices, eUICCs, and subscription management products - to help with interoperability and security for products supporting eSIM. This is published by the GSMA as SGP.24, the eSIM compliance process describes common compliance requirements for:\n\nFunctional interoperability\neUICC security\neUICC production site security\nSubscription Management site security\n\n== Operation ==\nRemote provisioning on the host device is initiated by the Local Profile Assistant (LPA), a software package that follows the RSP specification.\nWhen the LPA wants to retrieve a carrier profile it contacts a subscription manager (SM) service on the internet via HTTPS. The address of the SM can be defined:\n\nin a QR code scanned by the user\nby manually entering the SM's host name/Activation code on screen\nhard coded by the host device manufacturer in firmware.\nvia a universal discovery service operated by the GSMA.The LPA is responsible for validating the X.509 certificate of the SM is valid and issued by the GSMA certificate authority. Once validation is complete the LPA will coordinate a secure channel between the eUICC and the SM using challenge-response authentication to enter programming mode. The LPA will request carrier profiles available for download, either by submitting the activation code provided by the user or the eSIM ID (EID) of the eUICC. The SM will provide the requested profile encrypted in a way that only the eUICC can decrypt/install to ensure the network authentication key remains secure."
    }
  },
  {
    "instruction": "Decoy state\n\n==Introduction==\nWithin quantum cryptography, the Decoy state quantum key distribution (QKD) protocol is the most widely implemented QKD scheme. Practical QKD systems use multi-photon sources, in contrast to the standard BB84 protocol, making them susceptible to photon number splitting (PNS) attacks. This would significantly limit the secure transmission rate or the maximum channel length in practical QKD systems. In decoy state technique, this fundamental weakness of practical QKD systems is addressed by using multiple intensity levels at the transmitter's source, i.e. qubits are transmitted by Alice using randomly chosen intensity levels (one signal state and several decoy states), resulting in varying photon number statistics throughout the channel. At the end of the transmission Alice announces publicly which intensity level has been used for the transmission of each qubit. A successful PNS attack requires maintaining the bit error rate (BER) at the receiver's end, which can not be accomplished with multiple photon number statistics. By monitoring BERs associated with each intensity level, the two legitimate parties will be able to detect a PNS attack, with highly increased secure transmission rates or maximum channel lengths, making QKD systems suitable for practical applications.\n\n\n\n== Motivation ==\nIn the security proofs of QKD protocols, such as BB84, a single photon source is assumed to be used by the sender, Alice. In reality, a perfect single photon source does not exist. Instead, practical sources, such as weak coherent state laser source, are widely used for QKD. The key problem with these practical QKD sources lies on their multi-photon components. A serious security loophole exists when Alice uses multi-photon states as quantum information carriers. With multi-photon components, an eavesdropper, Eve, could in principle split the photons, keep one photon, and send the rest to Bob. After Alice and Bob announce the basis information, Eve can measure the intercepted photon to get the key information. When the channel is lossy, Eve can launch more sophisticated attacks, such as the photon number splitting attack. In order to minimize the effects of multi-photon states, Alice has to use an extremely weak laser source, which results in a relatively low speed of QKD. The decoy-state method is proposed to solve this multi-photon issue by using a few different photon intensities instead of one. With decoy states, the practical sources, such as a coherent-state source or heralded parametric down-conversion (PDC) source, perform almost as well as a single photon source.\n\n== Development ==\nThe decoy-state scheme was proposed by Won-Young Hwang from Northwestern University. Later, its security was proven by developing a photon number channel model and assuming the usage of an infinite number of decoy states. A common practical decoy-state method only needs two decoy states, vacuum decoy and weak decoy. This vacuum+weak decoy state method was first proposed by Hoi-Kwong Lo from University of Toronto, and then was analyzed by others.  It has been shown that with only the vacuum and weak decoy states, the achieved key rate is very close to the infinite decoy state case.\n\n== Experimental demonstrations ==\nThe first decoy state method experiment was performed by Hoi-Kwong Lo's group and their collaborator Li Qian,  where the one-decoy state method  is employed. The transmission distance is 15 km and the key generation speed is 165 bit/s. Then, a longer distance QKD is demonstrated with the vacuum+weak decoy state method via 60 km fiber.  Later, three experimental groups demonstrate the decoy-state method over 100 km distances.  There are many other demonstrations afterwards.\n\n== Decoy-state QKD using non-coherent-state sources ==\nDecoy state QKD protocols with non-coherent-state sources have also been analyzed. Passive decoy state protocol, where the decoy states are prepared passively, is proposed as a parametric down-conversion source.\n\nQ: What are the key differences between single photon sources and practical QKD sources, and how does the decoy-state method address these differences?",
    "context": "",
    "output": "A: Single photon sources are assumed to be used in the security proofs of QKD protocols, but they do not exist in reality. Practical QKD sources, such as weak coherent state laser sources, have multi-photon components, which can be exploited by an eavesdropper. The decoy-state method addresses these differences by using a few different photon intensities instead of one, allowing practical sources to perform almost as well as a single photon source.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval3",
    "parsed_raw_data": {
      "question": "What are the key differences between single photon sources and practical QKD sources, and how does the decoy-state method address these differences?",
      "answer": "Single photon sources are assumed to be used in the security proofs of QKD protocols, but they do not exist in reality. Practical QKD sources, such as weak coherent state laser sources, have multi-photon components, which can be exploited by an eavesdropper. The decoy-state method addresses these differences by using a few different photon intensities instead of one, allowing practical sources to perform almost as well as a single photon source.",
      "context": "Decoy state\n\n==Introduction==\nWithin quantum cryptography, the Decoy state quantum key distribution (QKD) protocol is the most widely implemented QKD scheme. Practical QKD systems use multi-photon sources, in contrast to the standard BB84 protocol, making them susceptible to photon number splitting (PNS) attacks. This would significantly limit the secure transmission rate or the maximum channel length in practical QKD systems. In decoy state technique, this fundamental weakness of practical QKD systems is addressed by using multiple intensity levels at the transmitter's source, i.e. qubits are transmitted by Alice using randomly chosen intensity levels (one signal state and several decoy states), resulting in varying photon number statistics throughout the channel. At the end of the transmission Alice announces publicly which intensity level has been used for the transmission of each qubit. A successful PNS attack requires maintaining the bit error rate (BER) at the receiver's end, which can not be accomplished with multiple photon number statistics. By monitoring BERs associated with each intensity level, the two legitimate parties will be able to detect a PNS attack, with highly increased secure transmission rates or maximum channel lengths, making QKD systems suitable for practical applications.\n\n\n\n== Motivation ==\nIn the security proofs of QKD protocols, such as BB84, a single photon source is assumed to be used by the sender, Alice. In reality, a perfect single photon source does not exist. Instead, practical sources, such as weak coherent state laser source, are widely used for QKD. The key problem with these practical QKD sources lies on their multi-photon components. A serious security loophole exists when Alice uses multi-photon states as quantum information carriers. With multi-photon components, an eavesdropper, Eve, could in principle split the photons, keep one photon, and send the rest to Bob. After Alice and Bob announce the basis information, Eve can measure the intercepted photon to get the key information. When the channel is lossy, Eve can launch more sophisticated attacks, such as the photon number splitting attack. In order to minimize the effects of multi-photon states, Alice has to use an extremely weak laser source, which results in a relatively low speed of QKD. The decoy-state method is proposed to solve this multi-photon issue by using a few different photon intensities instead of one. With decoy states, the practical sources, such as a coherent-state source or heralded parametric down-conversion (PDC) source, perform almost as well as a single photon source.\n\n== Development ==\nThe decoy-state scheme was proposed by Won-Young Hwang from Northwestern University. Later, its security was proven by developing a photon number channel model and assuming the usage of an infinite number of decoy states. A common practical decoy-state method only needs two decoy states, vacuum decoy and weak decoy. This vacuum+weak decoy state method was first proposed by Hoi-Kwong Lo from University of Toronto, and then was analyzed by others.  It has been shown that with only the vacuum and weak decoy states, the achieved key rate is very close to the infinite decoy state case.\n\n== Experimental demonstrations ==\nThe first decoy state method experiment was performed by Hoi-Kwong Lo's group and their collaborator Li Qian,  where the one-decoy state method  is employed. The transmission distance is 15 km and the key generation speed is 165 bit/s. Then, a longer distance QKD is demonstrated with the vacuum+weak decoy state method via 60 km fiber.  Later, three experimental groups demonstrate the decoy-state method over 100 km distances.  There are many other demonstrations afterwards.\n\n== Decoy-state QKD using non-coherent-state sources ==\nDecoy state QKD protocols with non-coherent-state sources have also been analyzed. Passive decoy state protocol, where the decoy states are prepared passively, is proposed as a parametric down-conversion source."
    }
  }
]