Making quantum encryption practical

May 21, 2013 by Larry Hardesty

One of the many promising applications of quantum mechanics in the information sciences is quantum key distribution (QKD), in which the counterintuitive behavior of quantum particles guarantees that no one can eavesdrop on a private exchange of data without detection.

As its name implies, QKD is intended for the distribution of that can be used for ordinary, nonquantum cryptography. That's because it requires the transmission of a huge number of bits for each one that's successfully received. That kind of inefficiency is tolerable for key distribution, but not for general-purpose communication.

Also, because QKD depends on the properties of individual —photons—it's very vulnerable to signal loss, which is inevitable over large enough distances. Although QKD systems have been built—some commercially—they generally work across distances of only 100 miles or so.

In a series of recent papers, researchers in the Optical and Quantum Communications Group at MIT's Research Laboratory of Electronics described a new protocol that could solve both of these problems. It's much more resilient to signal loss than QKD, and it sends only one bit for every one received.

In the latest issue of Physical Review Letters, they describe the first experimental implementation of their system, which bore out all their .

At present, the protocol does have one major caveat: It's secure only against so-called passive eavesdroppers, who simply siphon light from an , and not against active eavesdroppers, who maliciously inject their own light into a . Security against passive eavesdropping is probably adequate for some , but if the researchers can figure out how to thwart active eavesdroppers, too, their protocol could be used to secure over long distances.

Cascading correlations

Like all schemes, the new protocol exploits the central mystery of quantum physics: the ability of tiny particles of matter to inhabit mutually exclusive states at the same time. Electrons, for instance, have a property called spin, which describes how they act in a magnetic field. Spin can be either up or down, but it can also be in a strange quantum state known as superposition, in which it's up and down simultaneously.

According to Jeffrey Shapiro, the Julius A. Stratton Professor of Electrical Engineering and one of the co-directors of the Optical and Quantum Communications Group, are capable of a greater degree of correlation than objects described by classical physics. A coin, for instance, can be either face-up or face-down. If you glue a second coin to it, face-to-face, the states of the two coins are correlated: If one is up, the other is down, and vice versa.

In the same way, if two electrons are orbiting the nucleus of an atom at the same distance, their spins are correlated: If one is up, the other must be down. But there's a third possibility: If one is up and down at the same time, so is the other.

This kind of mutual dependency, even in particles separated by great distances, is known as entanglement. But entanglement is very fragile: It begins to break down as soon as particles start interacting with their immediate environments. The key to the new protocol, Shapiro explains, is that even if the entanglement between two light beams breaks down, and their degree of correlation falls back within classical limits, it can still remain much higher than it would be if the beams had a merely classical correlation to begin with.

Bring the noise

Following cryptographic convention, the RLE researchers describe their protocol in terms of a secure communication between Alice and Bob, with an eavesdropper, named Eve, trying to listen in. Alice creates two entangled light beams and sends one of them to Bob, keeping the other one circulating locally.

"In classical physics, there's a maximum amount of correlation you can get between two events," Shapiro says. In the new protocol, however, the entangled beams "have a correlation that exceeds—by orders of magnitude—the classical limit."

As one of those beams travels toward Bob, interactions with the environment begin to break the entanglement, introducing degradations of signal quality that engineers call "noise." Bob then adds information to the beam, amplifies it—which adds much more noise—and sends it back. Alice uses the beam she kept circulating locally to decode Bob's transmission.

Eve, on the other hand, extracts some of the signal that Alice sends Bob and uses that to decode Bob's transmission. Because Bob's transmission is so noisy, its correlation with Eve's sample signal is much lower than it is with the signal Alice kept.

"My experiment can show for the communication between Alice and Bob, if Bob sends one megabit of information, about one bit gets flipped," says Zheshen Zhang, a postdoc at RLE and first author on the new paper. "For the eavesdropper, about half of the bits get flipped."

"The first distinction between this and what other people have done in the past is that Jeff's protocol is a direct secure-," says Saikat Guha, a senior scientist at Raytheon subsidiary BBN Technologies who works on quantum optical communications and imaging. "This is not a key distribution protocol."

As for whether the system will work over long distances, "we don't have all the answers yet, but this does seem to have better promise than some of the standard QKD protocols," Guha says. "In the standard QKD protocols, one big requirement is to have quantum repeaters, which are devices that are not yet available. People are working on it, but there aren't any quantum repeaters. So you can't do standard QKD over standard fiber for more than a couple hundred kilometers at the most."

Guha observes that the RLE researchers' protocol isn't secure against active eavesdropping, but says, "I think it's very promising that it will be adapted to active eavesdropping. It's just that the analysis hasn't been done."

"We're working on the theory for active eavesdropping," Shapiro adds.

The paper is titled "Entanglement's Benefit Survives an Entanglement-Breaking Channel."

Explore further: 'Cavity protection effect' helps to conserve quantum information

More information: prl.aps.org/accepted/15071Y4aP… a04f9c67f2cf08bc2cdc

Related Stories

Secure communication technology can conquer lack of trust

Jan 02, 2013

Many scenarios in business and communication require that two parties share information without either being sure if they can trust the other. Examples include secure auctions and identification at ATM machines. Exploiting ...

Entanglement recycling makes teleportation more practical

Jan 17, 2013

(Phys.org)—Working in the exotic-sounding field of quantum teleportation, physicists are trying to make it easier to transmit quantum information in the form of qubits from one location to another without having the qubits ...

Making quantum cryptography truly secure

Jun 14, 2011

Quantum key distribution (QKD) is an advanced tool for secure computer-based interactions, providing confidential communication between two remote parties by enabling them to construct a shared secret key ...

Recommended for you

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

EyeNStein
1 / 5 (2) May 21, 2013
Once you have quantum repeaters Eve will be able to duplicate(repeat) both versions of the message A-B and B-A for her own benefit too. And inject extra noise towards Bob to force a retransmission of any bits which fail her checksum test.
LarryD
not rated yet May 21, 2013
Hi EyenStein, me again. I do understand the the ideas here and read considerable about 'Alice & Bob' converstaions along with Bell's theorem. I'm not sure I understand completely and as a layman I have no experience.
On the quantum short distance level I can see how this will work but surely over long distances, in the real world, wouldn't 'relay stations' be required and wouldn't these be on a more 'classical' level? How would Alice ensure that Eve could not 'listen in' at a relay point?
EyeNStein
1 / 5 (2) May 22, 2013
Hi LarryD
Yes, and hence the need for some type of quantum repeater, mentioned in the article but currently non-existent.
Once you use a classical (electronic digital) repeater, the relationship of trust is no longer between A and B but between each of them and the port on their side of the repeater in the middle.
EyeNStein
1 / 5 (2) May 22, 2013
The main weakness of this protocol, repeaters aside, is that Bob is modulating Alice's beam with his data in an entirely classical manner. Anyone with access to both paths A-B and B-A can correlate the two and read off what Bob did.
LarryD
not rated yet May 22, 2013
The main weakness of this protocol, repeaters aside, is that Bob is modulating Alice's beam with his data in an entirely classical manner. Anyone with access to both paths A-B and B-A can correlate the two and read off what Bob did.

Thanks, my ignorance, i.e. 'repeaters', is clear. I hadn't read accounts that used that term, 'station' or some more common term was used.
As you say the protocol has another weakness. However, isn't that weakness 'Permanent' because of human structure? As we are unable to perceive QM levels we depend on making equipment that puts information in a form that we can 'see', classically. The only way seems to me that the human Brain has to be on a par with technology and receive info directly. This sounds like ESP and not approriate to discuss here. The next level down would 'computer implants' but that sounds like science fiction. What about the 'headsets' used for games etc.?
antialias_physorg
1 / 5 (1) May 22, 2013
Yes, and hence the need for some type of quantum repeater, mentioned in the article but currently non-existent.


First one demonstrated in 2008.
http://www.nature...241.html

The problem with direct access is a serious one, though. Somewhat mitigated if the network is node distributed (because then Eve needs access to and manipulation capability of all possible, disjoint paths to remain undetected)

Remember: the problem here is not so much the encryption scheme (which is a totally secure one-time pad) but the distribution of the key itself. If you can distribute the key while being sure that the key wasn't read you can then use a classical channel for transmitting the message encrypted with the key.

So even if Eve gets part of the key, and you can be sure to notice her doing so, you have given her no information whatsoever at that point.
RalphWaldoEmerson
not rated yet May 29, 2013
The main weakness of this protocol, repeaters aside, is that Bob is modulating Alice's beam with his data in an entirely classical manner. Anyone with access to both paths A-B and B-A can correlate the two and read off what Bob did.


No, he or she can't. That's the whole point of the new protocol! From the article: "Eve, on the other hand, extracts some of the signal that Alice sends Bob and uses that to decode Bob's transmission. Because Bob's transmission is so noisy, its correlation with Eve's sample signal is much lower than it is with the signal Alice kept.

"'My experiment can show for the communication between Alice and Bob, if Bob sends one megabit of information, about one bit gets flipped,' says Zheshen Zhang, a postdoc at RLE and first author on the new paper. 'For the eavesdropper, about half of the bits get flipped.'"

Moreover, the new protocol does *not* require repeaters. Again, as the article says, that is, precisely, one of its advantages over QKD.
EyeNStein
1 / 5 (2) Jun 01, 2013
No, he or she can't.

Why? If Eve retains a repeater copy of what Bob modulated his signal onto, or worse still additively injects a quantum Eve signal for Bob to modulate why can't Eve decode Bobs modulation?
Bobs modulation isn't even a quantum process so its a classical optical correlation function.