Have you been wondering what quantum cryptography is all about? Well you are in the right place.
I will be giving an introduction to quantum cryptography which is one of the subfields of quantum information that I think is probably the most easily accessible and that’s why I chose to talk about it today.
So I’m gonna start off with an overview of how we imagine that quantum cryptography might be able to be used in the context of one-time pad cryptography.
I’ll explain a little bit about what that is and how to use one-time pads when you have a circled key distribution problem which is actually the problem that quantum cryptography solves.
So in order to explain how quantum cryptography works I have to give you a little bit of an overview of quantum mechanics.
I’m also going to give you a really short course in quantum mechanics for those of you who haven’t studied it at college before but I’m only going to give you the pieces that you need to know to understand the basics.
I can’t cover everything you would cover in two or three years of quantum mechanics in one article but I’ll give you the sort of highlights of quantum mechanics that allow quantum cryptography schemes to work and it’s actually some sort of fairly surprising how simple it all is.
So I hope that those of you who haven’t heard it before will have a better understanding by the end of this article.
You will have an understanding of how the laws of nature on the atomic level actually allow you to build a cryptography scheme.
Then I will discuss two quantum key distribution protocols: the first one is one that’s 30 years old from Bennett in Brasov from 1984 which is a protocol that uses only properties of single photons.
With this protocol you can do quantum key distribution without really much fancy business at all.
Turns out that of if you’ve heard of commercial quantum cryptography companies they basically all implement this BB 84 protocol.
Then I’m going to talk about another protocol from a code in 1991.
This protocol works basically in a similar way by default but it uses another property of quantum mechanics called entanglement.
This is a great demonstration of some features of quantum mechanics that are not really present in the classical world.
I’ll also talk a little bit about bells inequality and the connection to the Eckert 91 protocol.
Am going to give an overview of what the Bell inequality is and what Bell’s Theorem says.
I’ll have a very short piece on long distance quantum key distribution because if you’ve followed what’s been happening in quantum communication for the last 10 or so years you will notice that a bunch of companies have sprouted up building QKD solutions.
However, all of them seem to only work over a limited distance of up to a hundred or 200 kilometers. I’m going to explain a little bit of why this is the case and how this distance limit can be overcome potentially.
What is Quantum Cryptography?
The following are the topics I will be discussing today:
- One-time pads, and the Key Distribution Problem.
- Fundamentals of quantum mechanics.
- Two key distribution protocols:
- BB84 (uses only single photons)
- E91 (uses entangled-photon pairs)
- Bell’s Inequality and the connection to E91.
- Long-distance QKD using Q. repeaters
1) One-time Pad Cryptography
First of all I’ll talk a little bit about classical cryptography. There’s this idea in classical cryptography that originates in the late 1800s that a so-called one-time pad can provide perfect security.
What this means is that you can only use a given key for encryption process once to ensure perfect security.
The encrypted message provides zero bits of information about what is contained in that message and basically the only information that an eavesdropper would get if they intercepted the message was some limit on how long the message could possibly be.
One time pad cryptography is only perfectly secure if you use it one time per key. You must not reuse a key.
- Read: Cryptography for dummies
Here is an example with encoding of letter A is 0 and Z is 25. You also need to have a key and this key is must be completely random and it’s only going to be used once.
The should be of the same length as the message. What I do is take the key and add it to the message to get a set of numbers. Then I perform modular arithmetic since our alphabet has 26 characters long I do mod 26 and the outcome I get is the ciphertext.
This encrypted text is what am going to send over the network to the person that should receive the message.
If somebody intercepts this they can’t decrypt the message unless they know the key I used.
However, they can find my message if they try all possible combinations of the keys but then they can also find many other possible messages so they kind of get no message.
So how does the decryption side of things work. Well, if you start with the ciphertext and you also use the same character encoding as before.
Subtract they key and you perform modulo arithmetic again you basically end up getting your message out again.
So as you have seen this scheme performs performs as you would expect. You can encrypt a message and you can decrypt it.
The problem is that you have to use keys that are of the same length as the length of your message. And every time you want to send a message you have to use a new key.
This brings a huge problem since you need to distribute keys to all the people you want to communicate with.
For a long time one time pad cryptography seemed like a great solution to making perfectly secure cryptography but one that was logistically infeasible unless you had very large demanding security needs.
Consequently we have the advent of public key cryptography that provides the security that we use today which relies on the proposed impossibility or in feasibility of prime factoring and supposedly difficult problems in mathematics.
But this don’t provide perfectly secure communication that’s where quantum mechanics comes in to help us with this.
2) Quantum Mechanics
I’m going to introduce some features of quantum mechanics that will allow me explain the first protocol by Bennet and Ozawa.
So some features of quantum mechanics that are kind of interesting is that quantum objects can exist in super positions.
What this means is that when you measure a quantum object it will give you a single answer back. This is to say if you measure the quantum states of a quantum object in some superposition you can only find one possible state.
Another crucial feature of quantum mechanics for the quantum cryptography schemes is that measurement cause the state to which the object was measured in to collapse.
I’ll also discuss this interesting property of quantum objects called entanglement.
This is where quantum objects can be connected in some kind of way that yields correlations between the measurements of them that are not explainable by classical means.
To make this a bit clear am going to talk about photons. A photon is basically a packet of light and the one property that’s associated with photons is polarization.
Polarization refers to the orientation of the electric or the magnetic field of the propagating electromagnetic wave. A photon can be either horizontally or vertically polarized.
It can also be circularly polarized or elliptically polarized.
I’ll discuss things in terms of this horizontal or vertical polarization for most of the time. If you haven’t seen polarization before you might have come across if for example in sunglasses.
It’s a light that’s reflected and often has some polarization so if you use polarized glasses you can block out reflections.
Here a the notations that I will be using:
So let’s suppose I measure the polarization of the photon so am going to ask the photon the question.
What is your polarization horizontal so what will happen in this measurement is that I will get an answer that it is horizontally polarized with probability alpha squared.
And I’ll also get the answer that it’s vertically polarized with probably the beta squared so from this you can see that we must have the relation that alpha squared plus B this grade equals one.
This is because when you ask the photon are you horizontally or vertically polarized it’s going to give you either the answer H or the answer V there’s no third option here so this normalization condition must halt.
There’s something really special about the horizontal and vertical polarization basis and in fact the choice of basis is basically arbitrary. We could imagine doing things describing either the preparation of the state or the measurement of the state in some other basis.
For example we could talk about the diagonal and anti-diagonal basis where if you have this sort of plus 45 degree polarization and minus 45 degree polarization.
So what happens if we measure a photon that’s prepared in the state D if we measure the polarization of this photon. So if we ask which state are you horizontally or vertically polarized.
What you will see is that in this basis if you ask it are you d or polarized you’ll get the answer D 100% of the time.
But if you ask it whether it’s HOV polarized you will get a non deterministic answer you’ll get 50 H 50% of the time and V 50% of the time.
A very crucial part of this though is that once you’ve measured it in this basis and you’ve gotten an answer the state will actually collapse.
That means that if you start off for the diagonally polarized photon and you measure it in H V basis and you get the answer H the state will actually become horizontally polarized.
So then if you ask it again what is polarization is in the H V base it will it will then always give you the answer H.
Random Number Generation
So that’s a very interesting feature and it’s something that we are going to exploit.
A side note of all this is that this actually provides an interesting way to make random numbers because let’s say you start off with a diagonally polarized photon and you measure it in the HV basis you’re then going to get the answer that its horizontally polarized with 50 probability 50% and vertically polarized as probability 50% .
Let’s say you do this okay and you get the following answers:
How BB84 QKD protocol works
So the way the protocol starts is the following:
We have a sender Alice and a receiver Bob and the idea is that we’re trying to share a random bit string between these two entities in a way that the an eavesdropper eavesdropping on the channel can be detected
By the end of the day what we want at the end of the protocol is that Alice and Bob should share some random bit string and the way that this works is that there’s a quantum Channel between Alice and Bob.
Through this channel we’re going to send photons that have some polarization. Bob and Alice starts off by deciding randomly to either polarize photons in either this diagonal basis or in the linear basis and so there’s a choice of basis and also the number of bits she wants to send.
Each one of this string here basically is a random bit string that must be made in a completely random way otherwise the the protocol is insecure.
For example one way to do this is using the quantum random number generator scheme then she also chooses another random bit string.
What happens here is that she’s then going to transmit the states as follows so if she chose that the first bit that’s going to be sent here is in diagonal basis and that the state that must be sent is the one then she’ll transmit this state and so on.
Once received by Bob he is going to do something with these. So the first thing that happens in the protocol after Alice’s made these choices is that Bob can simultaneously make again a random choice of basis that he’s going to perform his measurements with.
You’ll note that this set of bases is different from Alice’s because they independently produced random strings so of course with high probability you’re not gonna be the same.
Alice starts off by sending this very first state down the optical fiber for example or a free space and microwave if you like but typically imagine in practice doing with optical fibers.
Bob then measures the received state in the basis that he chose for the first receive bit.
Repeat this for all all the bits and when this is done Alice and Bob can communicate over a classical channel and tell each other which basis measurements they were doing so Alice tells Bob which basis she prepared each state in and Bob tells Alice which basis he measured each of the states in.
What they will do is where they chose a randomly the same basis they will keep those data bits and they will throw all the other ones away.
After they’ve finished with this procedure what they will be left with is all the data bits where Alice and Bob both use the same basis and you will see here that these strings are exactly the same for both of them so somehow now they have managed to produce a random string even though they didn’t just directly send the string and they did it in a way that an eavesdropper can be detected.
Detecting the eavesdropper is the final step of the protocol as both Alice and Bob want to make sure that nobody was listening in to what they were doing.
They can take some subset of the these random strings that they have and check that they definitely match because by what I’ve just told you they should match if no one interfered.
If however, some eavesdropper Eve was listening in and trying to repeat the signal back to back to Bob after listening in on it Eve will necessarily have made some mistakes because she doesn’t know which basis that Bob is measuring in.
So she has to guess and if she guesses most of the time she will get it wrong.
So with high probability if you do this for some reasonable length of string you will be able to detect interceptions and that’s the final step of the protocol.
Once Alice and Bob have agreed over classical channel that none of the parts of the key that the shared are different they can then conclude that there was no eavesdropper and then they can safely use the rest of the string as a private key or a set of private keys.
What do you need to implement BB84 protocol?
- Single photon source
- Polarization optics (polarizing beam splitters and wave plates)
- Single photon detectors.
Entanglement in quantum mechanics
Another feature of quantum mechanics that is very useful is entanglement. I’m going to now try to tell you a little bit about what entanglement is.
So let’s suppose that instead of just having one photon that we were sending before now we’re talking about having two photons.
When two photons are entangled measurement of one affects the other.
Entanglement provides another way of distributing random numbers between parties:
What do you need to implement E91?
- Entangled photon source
- Polarization optics
Entangled photon source:
Entangled photon source crystal diagram:
Entangled Photon source laser beam diagram:
3) Bell’s Theorem
I’ll try and give you a very simple description of Bell’s Theorem and and where the Bell inequality comes from.
So consider that we have two parties Alice and Bob and you send an entangled state.
Alice can make a measurement on the particle that she receives in either the basis A or A prime and Bob can choose to make a measurement on the particle he receives in either basis B or B Prime
Imagine here that the two possible outcomes have outcome either minus or plus.
Let’s suppose we have the set up with Alice and Bob and then let’s make two assumptions about physics and see what the consequences of these assumptions are.
So the first assumption he made is something called local determinism and this is a pretty intuitive notion he’s saying let’s suppose that physics works in a way that when Alice measures her particle that she receives at her location in space that the outcome of her measurement does not depend on what happens somewhere else in space it only depends on what she’s doing and where she is.
Similarly that when Bob makes a measurement at his location in space that the outcome of the measurement that he does does not depend on something else that’s happening somewhere else in the in the universe either.
The second assumption is referred to as objective reality is the idea that we also have some sort of intuition as humans that if we are given a particle to measure some properties of it and we could choose to measure either in this basis A or A prime.
If we measure in basis A that will get some answer but even if we measure in that other basis there is an answer too.
As an experiment we send two particles to Alice and Bob.
Alice and Bob are to measure the basis. Alice measures in either A or A prime Bob measures in either B or B Prime and we can then get measurement results from this.
So if we if we can imagine then that the outcomes of this experiment basically random numbers so random variables where the subscript in here refers to the nth iteration of the experiment and each of these measurement outcomes has value either plus or minus one .
According to the postulates of this local determinism and objective reality we can basically reasonably then say that they exist some joint probability distribution on these four variables and consequently we can define a function which we will call G of n that exists that depends on these four random variables and we can then ask what possible outcomes this random variable G which is dependent on these four fundamental random variables has.
So there are for any given experiment sixteen possible outcomes because we have four n variables and they’re basically binary variables.
So two to the four is sixteen and we’ll find that if you enumerate all of those that G of n always either takes on the value plus or minus two.
We can take the average of this random variable, and we find that:
By looking at the plot of the state of the x-axis is the this angle theta and the y axis is this average of G you’ll see that this red line here marks the value to that for some values of theta.
You actually get a value of G or the average value of G that’s above.
Bell came to conclude that the average value of G must be less than or equal to two using two very simple postulates.
We can now analyze what the function G of n looks like for a two-qubit state, e.g. the polarization states of two photons:
Connection between the E91 QKD protocol and Bell’s Theorem
- If a quantum system can violate Bell’s Inequality, it may be a good (safe) source to use for QKD with E91.
- Ekert (1991) originally proposed using Bell Inequality violation as away to test for eavesdropping.
4) Quantum Repeaters
So the final thing that I want to tell you a little bit about is quantum repeaters.
So if you have an optical fiber and you send a single photon down it typically offer a hundred or 200 kilometers even at telecom wavelength.
There’s sufficiently high loss that you have a very low probability of actually receiving a photon at the end of the fiber as it will have been absorbed somewhere in the fiber optical material.
This is a major problem because we want to be able to communicate securely over distances much longer than 200 kilometers.
One proposal for dealing with this is by having a connection of different of intermediate stations and you can do the BB84 protocol between each station and then XOR everything with each other and chain it like this:
But this has the problem that every kilometers you need a physical location that you can actually trust thus not ideal.
The main advantage that the Eckerd protocol has over BB84 protocol is that it can in principle be used in a way that can scale over arbitrary distances and people have developed a circle quantum repeaters technology.
In principle this lets you connect different stations every hundred or 200 kilometers in a way that if there’s an eavesdropper you will be able to detect it.
So again you can make these repeater stations but they need to be physically
Also another shortcoming is that building a quantum repeater it turns out to be very difficult.
There are a few QKD companies doing these BB84 protocols but building a realistic quantum repeater is probably something that may only happen in 50 years time.
It turns out to be almost as difficult as building a full quantum computer because of the error correction requirements.