Quantum Key Distribution (QKD)

1
Quantum Key Distribution (QKD)

• John A Clark Dept. of Computer Science
• University of York, UK
• jac_at_cs.york.ac.uk

2
Communication

• The only really secure cryptosystem is the
  one-time pad (provided you use it only once,
  which hasnt always been the case).
• Essentially both participants possess the same
  random bit stream b1 b2 b3 b4..
• The sender has a message m1 m2 m3 m4 .
• Encodes message as c1 c2 c3 c4
• Receiver applies b1 b2 b3 b4 to obtain message
• But how can we distribute this keystream b1 b2 b3
  b4?

3
When Alice met Bob

• Communicants will (following tradition) be Alice
  and Bob, trying to communicate their
  love
• Eve isnt happy about this. She wants to listen
  in and interfere

Alice
Bob
Eve
4
Basic Scheme

• Basic scheme based on polarisation of photons

Photons are transverse magnetic waves magnetic
and electric fields are perpendicular to the
direction of propagation. Also they are
perpendicular to each other.
5
Photons

• We will assume that we are dealing with linearly
  polarised light but other schemes are possible
  (e.g. with circularly polarised light).
• We need to create photons that with an electric
  field oscillating in the desired magnetic plane.
• One way to do this is by passing light through an
  appropriate polariser
• More sophisticated way is to use a Pockels Cell.

Only vertically polarised photons emerge
6
Detecting Photons

• Possible to detect absorption by using a Calcite
  crystal

Photon Detector
Photon Detector
7
Measuring a Photon
Suppose photon has polarisation at angle q to a
horizontal filter.
q
8
Blocking is Freedom
9
Basic Scheme

• Basic scheme assumes that the polarisation of
  photons can be arranged. For example

Vertical Polarisation denotes 0
Horizontal Polarisation denotes 1
10
Rectilinear Basis

• Suppose now that Alice sends a 0 in this scheme
  and that Bob uses a photon detector with the same
  basis.

Alice Sends0
Bob Receives0
Alice Sends1
Bob Receives1
11
Diagonal Basis

• Can also arrange this with a diagonal basis

Alice Sends0
Bob Receives0
Alice Sends1
Bob Receives1
12
Basis Mismatch

• What if Alice and Bob choose different bases?

Alice Sends0
Bob Receives0
Bob Receives1
Each result with probability 1/2
13
Use of Basis Summary

• A sender can encode a 0 or a 1 by choosing the
  polarisation of the photon with respect to a
  basis
• Vertical gt 0 Horizontal gt 1 or
• 45 degrees gt 0, 135o gt1
• The receiver Bob can observe (measure) the
  polarisation with respect to either basis.
• If same basis then bits are correctly received
• If different basis then only 50 of bits are
  correctly received.
• This notion underpins one of the basic quantum
  cryptography key distribution schemes.

14
Whats Eve up To?

• Now Eve gets in on the act and chooses to measure
  the photon against some basis and then retransmit
  to Bob.

15
Eves Dropping In

• Suppose Eve listens in using the same basis as
  Alice, measures the photon and retransmits a
  photon as measured (she goes undetected)

Alice Sends0
Eve Measures0
To Bob
Alice Sends1
Eve Measures1
To Bob
16
Eves Dropping In

• Suppose Eve listens in using a different basis
  to Alice
• Similarly if Alice sends a 1 (or if Alice uses
  diagonal basis and Eve uses rectilinear one)

0 and 1 equally likely results
Alice Sends0
Eve Measures0
To Bob
Eve Measures1
0 and 1 equally likely results
To Bob
17
Summary of Eves Droppings

• If Eve gets the basis wrong, then even if Bob
  gets the same basis as Alice his measurements
  will only be 50 percent correct.
• If Alice and Bob become aware of such a mismatch
  they will deduce that Eve is at work.
• A scheme can be created to exploit this.

18
Alice and Bob

• To send and receive a photon Alice and Bob choose
  a basis randomly. Alice sends a 0 or 1 using her
  basis and Bob uses his basis to measure it.
• Alice records the basis she used and the value
  sent. Bob records the basis he used and the value
  he measured.

19
When We are in Harmony

• Throw away results when bases disagree and keep
  results when bases agree

Keep Value
Discard Value
Discard Value
Keep Value
Alice
Bob
20
We Agree

• Alice and Bob exchange a sequence of bit values
  encoded in photon polarisation with bases chosen
  at random.
• Bob announces via an unjammable channel which
  bases he used in each case.
• Alice tells Bob whether choices of basis were
  correct.
• They throw away any bit values where the basis
  choice disagreed and keep those bit values were
  the basis choice agreed.

21
Has Eve Listened In?

• Now we need to determine whether Eve has been
  listening in.
• How might this be done?

22
Has Eve Listened In?

• Can pick some bits at random and tell each other
  what values were sent and received.
• Sufficiently many mismatches then high chance of
  Eve at work.

23
Has Eve Listened In?

• Can pick some random subset and determine the
  parity of the bit values sent and received.
• If parities disagree then Eve may have been at
  work or else there has been an error.
• Even if agree, parity information has been
  publicly broadcast so we discard the final
  contributing bit.
• Can repeat this process numerous times to gain
  increased confidence.

24
Creating Photons

• In practice creating a single photon may not be
  that easy.
• Can be done with dim light pulses.
• But if two photons get created one can be
  captured and measured whilst the other goes
  through to Alice.
• They would both have the same polarisation so the
  security here would be broken.

25
Keeping it All in Line

• The kit used to carry out key distribution way
  may be rather sensitive to disturbance.
• May need continuous adjustment to maintain right
  physical set up etc.

26
Entangled States

• We have described the best known of protocols for
  key distribution.
• Various others are possible. For example, based
  on entanglement with elements of an entangled
  pair sent to each of Bob and Alice.
• Scheme due to Artur Ekert (Oxford).

27
General Usage

• Significant interest in QKD.
• We dont need to use it for everything.
• Can use it to distribute key distribution keys.
• Keys we can use to carry out conventional key
  distribution protocols securely.
• Note no prior contact is necessary.

28
Aside

• QKD here relies on being able to detect Eves
  interfering.
• Possible to go to other extreme and assume that
  data will be intercepted
• More conventional schemes proposed where
  trillions of bits per second would be transmitted
  and only sender and receiver know the (very
  small) time window for the key.
• Idea is to swamp an interceptor with so much data
  that they cannot possibly cope.

29
Summary

• Have outlined basics of a photon-based scheme
  that allows a key to be created and shared
  between two communicants in a manner that allows
  eavesdropping to be detected.
• Makes use of one of the fundamental features of
  quantum mechanics
• Looking (measuring) disturbs things
• QKD works!
• Experiments over 10s of kilometres using fibre
  optics.
• Work also in free space. Aim for QKD with low
  orbiting satellites.