Post on 06-Jan-2016
description
Quantum Key Distribution (QKD)
John A Clark Dept. of Computer Science
University of York, UKjac@cs.york.ac.uk
Communication The only really secure cryptosystem is the one-time pad
(provided you use it only once, which hasn’t always been the case).
Essentially both participants possess the same random bit stream b1 b2 b3 b4…..
The sender has a message m1 m2 m3 m4 …. Encodes message as c1 c2 c3 c4
Receiver applies b1 b2 b3 b4 to obtain message
But how can we distribute this keystream b1 b2 b3 b4…?
m4)(b4c4m3),(b3c3m2),(b2c2m1),(b1c1
c4)(b4m4c3),(b3m3c2),(b2m2c1),(b1m1
When Alice met Bob Communicants will (following tradition) be Alice and Bob, trying
to communicate their love…
Eve isn’t happy about this. She wants to listen in and interfere
Alice Bob
Eve
Basic Scheme Basic scheme based on polarisation of photons
y
x
z
Photons are transverse magnetic waves – magnetic and electric fields are perpendicular to the direction of propagation. Also they are perpendicular to each other.
Photons We will assume that we are dealing with linearly polarised light but other schemes are possible (e.g. with circularly polarised light). We need to create photons that with an electric field oscillating in the desired magnetic plane. One way to do this is by passing light through an appropriate polariser
More sophisticated way is to use a Pockels Cell.
Only vertically polarised photons emerge
Detecting Photons Possible to detect absorption by using a Calcite crystal
Photon Detector
Photon Detector
Measuring a Photon
Suppose photon has polarisation at angle to a horizontal filter.
Measured as a 0 (absorbed) with prob=sin2 .
Measured as a 1 (permitted) with prob=cos2 .
Blocking is FreedomIntensity
1.0
Intensity0.5
Intensity0
Intensity0.125
Basic Scheme Basic scheme assumes that the polarisation of
photons can be arranged. For example
Vertical Polarisation denotes 0
Horizontal Polarisation denotes 1
Rectilinear Basis Suppose now that Alice sends a 0 in this
scheme and that Bob uses a photon detector with the same basis.
Alice Sends0
Alice Sends1
Bob Receives0
Bob Receives1
Diagonal Basis Can also arrange this with a diagonal basis
Alice Sends0
Alice Sends1
Bob Receives0
Bob Receives1
Basis Mismatch What if Alice and Bob choose different bases?
Alice Sends0
Bob Receives0
Bob Receives1
Each result with probability 1/2
Use of Basis Summary A sender can encode a 0 or a 1 by choosing the
polarisation of the photon with respect to a basis Vertical => 0 Horizontal => 1; or 45 degrees => 0, 135o =>1
The receiver Bob can observe (measure) the polarisation with respect to either basis.
If same basis then bits are correctly received If different basis then only 50% of bits are correctly
received. This notion underpins one of the basic quantum
cryptography key distribution schemes.
What’s Eve up To? Now Eve gets in on the act and chooses to
measure the photon against some basis and then retransmit to Bob.
Eve’s Dropping In Suppose Eve listens in using the same basis as
Alice, measures the photon and retransmits a photon as measured (she goes undetected)
Alice Sends0
Alice Sends1
To Bob
To Bob
Eve Measures0
Eve Measures1
Eve’s Dropping In Suppose Eve listens in using a different basis to Alice
Similarly if Alice sends a 1 (or if Alice uses diagonal basis and Eve uses rectilinear one)
Alice Sends0
To Bob
To Bob
Eve Measures0
Eve Measures1
0 and 1 equally likely results
0 and 1 equally likely results
Summary of Eve’s Droppings If Eve gets the basis wrong, then even if Bob
gets the same basis as Alice his measurements will only be 50 percent correct.
If Alice and Bob become aware of such a mismatch they will deduce that Eve is at work.
A scheme can be created to exploit this.
Alice and Bob To send and receive a photon Alice and Bob
choose a basis randomly. Alice sends a 0 or 1 using her basis and Bob uses his basis to measure it.
Alice records the basis she used and the value sent. Bob records the basis he used and the value he measured.
When We are in Harmony Throw away results when bases disagree and
keep results when bases agree
Keep Value
Discard Value
Keep Value
Discard Value
Alice Bob
We Agree Alice and Bob exchange a sequence of bit
values encoded in photon polarisation with bases chosen at random.
Bob announces via an unjammable channel which bases he used in each case.
Alice tells Bob whether choices of basis were correct.
They throw away any bit values where the basis choice disagreed and keep those bit values were the basis choice agreed.
Has Eve Listened In? Now we need to determine whether Eve has
been listening in. How might this be done?
Has Eve Listened In? Can pick some bits at random and tell each
other what values were sent and received. Sufficiently many mismatches then high
chance of Eve at work.
Has Eve Listened In? Can pick some random subset and determine
the parity of the bit values sent and received. If parities disagree then Eve may have been at
work or else there has been an error. Even if agree, parity information has been
publicly broadcast – so we discard the final contributing bit.
Can repeat this process numerous times to gain increased confidence.
Creating Photons In practice creating a single photon may not
be that easy. Can be done with dim light pulses. But if two photons get created one can be
captured and measured whilst the other goes through to Alice.
They would both have the same polarisation so the security here would be broken.
Keeping it All in Line The kit used to carry out key distribution way
may be rather sensitive to disturbance. May need continuous adjustment to maintain
right physical set up etc.
Entangled States We have described the best known of
protocols for key distribution. Various others are possible. For example,
based on entanglement with elements of an entangled pair sent to each of Bob and Alice.
Scheme due to Artur Ekert (Oxford).
General Usage Significant interest in QKD. We don’t need to use it for everything. Can use it to distribute key distribution keys.
Keys we can use to carry out conventional key distribution protocols securely.
Note: no prior contact is necessary.
Aside QKD here relies on being able to detect Eve’s
interfering. Possible to go to other extreme and assume
that data will be intercepted: More conventional schemes proposed where trillions
of bits per second would be transmitted and only sender and receiver know the (very small) time window for the key.
Idea is to swamp an interceptor with so much data that they cannot possibly cope.
Summary Have outlined basics of a photon-based scheme
that allows a key to be created and shared between two communicants in a manner that allows eavesdropping to be detected.
Makes use of one of the fundamental features of quantum mechanics
Looking (measuring) disturbs things QKD works!
Experiments over 10’s of kilometres using fibre optics. Work also in free space. Aim for QKD with low orbiting
satellites.