In: Physics
QKD
We introduce the theory of the security of quantum key distribution, which features the fact that no one, including hackers, can break the laws of nature. By contrast, the security of conventional cryptography, which is widely used for communications, cannot be guaranteed even in principle.
Quantum key distribution
Quantum cryptography, especially quantum key distribution (QKD), is
a way to securely distribute a secret key to legitimate parties.
Here, a key is a table of random numbers shared by legitimate users
in such a way that the information is known only to them, and
secure means secure against any possible eavesdropping, which is
the highest level of security. In this article, we introduce the
theory of the security of QKD and say a few words about practical
security where we use practical devices.Quantum mechanics
In this section, we give a brief explanation of quantum mechanics,
which is necessary to understand how QKD works. Roughly speaking,
quantum mechanics is a set of principles describing the behavior of
very small particles, such as atoms, electrons, and photons. One of
the principles tells us that a particle can be in multiple states
that are mutually exclusive. For instance, a single particle can
exist in many locations simultaneously, which seems very odd to us
since we take it for granted that objects normally exist at a
single location; a state of this kind is called a superposition
state. Another principle in quantum mechanics says that if you
observe the location of a particle in the superposition state, then
the particle appears in a single location (this principle is called
wave function collapse), and it is impossible to deterministically
predict where it will appear: we can only determine the probability
of the particle appearing at various different locations. a state
of this kind is called a superposition state. Another principle in
quantum mechanics says that if you observe the location of a
particle in the superposition state, then the particle appears in a
single location.QKD protocol
Now, we are ready for the explanation of how QKD protocol works. In
this article, we explain differential phase shift QKD (DPS-QKD),
which was proposed by NTT in collaboration with Stanford
University. Here, protocol means a sequence of steps, and in the
description of the protocol, we usually assume that the devices
used by the sender and receiver operate as those mathematical
models require. We will come back to the issue of using actual
devices later on.
The protocol starts with the generation of a single photon in
the superposition state of position 1, position 2, ..., position N.
Since the speed of light in a communication channel such as an
optical fiber is constant, this position information is
equivalently transformed into time-slot information. Furthermore,
we encode a random bit string (N-1 bits) of information as N-1
adjacent relative phase differences. More precisely, the bit value
0 (1) is encoded as the relative phase 0 (π).The receiver performs
a measurement that reads out the relative phase differences. This
measurement can be implemented by using beam splitters, which are
optical components, and a single-photon detector, which can detect
a single photon. An important point here is that since the sender
sends only a single photon, the detector receives at most one
photon, so at most only one out of the N-1 bits of relative
information can be read. As we have mentioned, no one, including
the sender and receiver, can ever predict which relative phase
information will be read out. Thus, to share the same bit value,
the receiver informs the sender over a conventional communication
channel, such as a regular telephone, which relative phase
information out of the N-1 bits has been read out. Here, note that
the receiver must not report the bit value itself. After the sender
keeps only the corresponding phase information, the sender and
receiver share an identical bit value, and, after many repetitions
of above steps, they can share multiple bit values, which form the
key. In what sense is QKD secure?
So far we have had a quick look at QKD. In this section, we would
like to mention in what sense QKD is secure. As we have explained
above, we can detect Eve's existence probabilistically, not
deterministically, and we can never reduce to zero the probability
of failing to detect Eve when she is present. For instance, the
probability of the receiver detecting the relative phase
information that Eve has extracted is very low if the number of
detection events is large, but it still cannot be reduced to zero.
In this sense, QKD cannot generate a key perfectly.
According to the theory of QKD, however, the probability of the actually generated key showing different properties, such as information leakage, from the perfect key can be made arbitrarily small by the users whatever form of eavesdropping was conducted by Eve. This should be okay since a very small probability should be fine in many communications.