Quantum cryptography is the most convenient resolution for information security systems that presents an ultimate approach for key distribution. Today, the most viable key distribution resolutions for information security systems are those based on quantum cryptography. It is based on the quantum rules of physics rather than the assumed computational complexity of mathematical problems. But, the initial BB84 quantum key distribution protocol which is the raw key exchange of S13 quantum key distribution protocol has weakness of disclosure of large portion of secrete key or eavesdropping. Also, it cannot make use of most of the generated random bit. This paper enhanced S13 quantum key distribution protocol by employing polarization, secrete key disclosure and non-repudiation. The use of biometric or MAC address ensures non-repudiation. The row key exchange part of the S13 quantum key distribution which is the same as BB84 is enhanced by employing polarization techniques to make use of most of the generated random bit. Then, the tentative final key generated at the end of error estimation phase should be divided into blocks, padding, inverting the last bit of each block and XORing the block to generate a totally different key from the tentative one. Also, the random bits will be from biometric or serve MAC address respectively. The enhanced S13 quantum key is evaluated using cryptanalysis which shows that the enhanced protocol ensures disclosures of large portion of secrete key to prevent eavesdropping, utilization of most of the chosen binary strings to generate strong key and safeguarding against impersonation attack.

It is a common requirement for modern web applications as many if not all services that need personalization and control of access move online. Due to increase in these services becoming online, login authentications become targets to attackers. Therefore, there is need for secure and efficient web application login authentication schemes to ensure users access control, security and privacy. Present schemes have limitations such as users spent a lot of time browsing to create image portfolios than to create passwords and PINs, subject to active impersonation attack, some will only suit well for financial transaction system due to the TIC involved, some may have hash collisions, some require addition BLE device to be install and available on the authentication systems and cannot be used for higher data rates and long distance unlike cellular and WiFi devices, some involves reuse of password at single or multiple service providers which may lead to a password reuse attack called domino effect and some work well in application that needs to share permission with other applications like social media applications inform of APIs and improvising of user anonymity. We propose an improved web application login authentication scheme using hybrid cryptography with user anonymity. The improved scheme used blowfish – the most efficient private key algorithm, Elgamal – very secure public key algorithm and SHA-2 hash function combined together to enable high performance and security. The methods are thoroughly discussed and its security evaluated to show that it provides password protection, user privacy, perfect forward secrecy, mutual authentication and security against impersonation attack.