Question

Describe in detail the core principle of "quantum key distribution".

Answer 1

QKD

We introduce the theory of the security of quantum key distribution, which features the fact that no one, including hackers, can break the laws of nature. By contrast, the security of conventional cryptography, which is widely used for communications, cannot be guaranteed even in principle.

Quantum key distribution
Quantum cryptography, especially quantum key distribution (QKD), is a way to securely distribute a secret key to legitimate parties. Here, a key is a table of random numbers shared by legitimate users in such a way that the information is known only to them, and secure means secure against any possible eavesdropping, which is the highest level of security. In this article, we introduce the theory of the security of QKD and say a few words about practical security where we use practical devices.Quantum mechanics
In this section, we give a brief explanation of quantum mechanics, which is necessary to understand how QKD works. Roughly speaking, quantum mechanics is a set of principles describing the behavior of very small particles, such as atoms, electrons, and photons. One of the principles tells us that a particle can be in multiple states that are mutually exclusive. For instance, a single particle can exist in many locations simultaneously, which seems very odd to us since we take it for granted that objects normally exist at a single location; a state of this kind is called a superposition state. Another principle in quantum mechanics says that if you observe the location of a particle in the superposition state, then the particle appears in a single location (this principle is called wave function collapse), and it is impossible to deterministically predict where it will appear: we can only determine the probability of the particle appearing at various different locations. a state of this kind is called a superposition state. Another principle in quantum mechanics says that if you observe the location of a particle in the superposition state, then the particle appears in a single location.QKD protocol
Now, we are ready for the explanation of how QKD protocol works. In this article, we explain differential phase shift QKD (DPS-QKD), which was proposed by NTT in collaboration with Stanford University. Here, protocol means a sequence of steps, and in the description of the protocol, we usually assume that the devices used by the sender and receiver operate as those mathematical models require. We will come back to the issue of using actual devices later on.

The protocol starts with the generation of a single photon in the superposition state of position 1, position 2, ..., position N. Since the speed of light in a communication channel such as an optical fiber is constant, this position information is equivalently transformed into time-slot information. Furthermore, we encode a random bit string (N-1 bits) of information as N-1 adjacent relative phase differences. More precisely, the bit value 0 (1) is encoded as the relative phase 0 (π).The receiver performs a measurement that reads out the relative phase differences. This measurement can be implemented by using beam splitters, which are optical components, and a single-photon detector, which can detect a single photon. An important point here is that since the sender sends only a single photon, the detector receives at most one photon, so at most only one out of the N-1 bits of relative information can be read. As we have mentioned, no one, including the sender and receiver, can ever predict which relative phase information will be read out. Thus, to share the same bit value, the receiver informs the sender over a conventional communication channel, such as a regular telephone, which relative phase information out of the N-1 bits has been read out. Here, note that the receiver must not report the bit value itself. After the sender keeps only the corresponding phase information, the sender and receiver share an identical bit value, and, after many repetitions of above steps, they can share multiple bit values, which form the key. In what sense is QKD secure?
So far we have had a quick look at QKD. In this section, we would like to mention in what sense QKD is secure. As we have explained above, we can detect Eve's existence probabilistically, not deterministically, and we can never reduce to zero the probability of failing to detect Eve when she is present. For instance, the probability of the receiver detecting the relative phase information that Eve has extracted is very low if the number of detection events is large, but it still cannot be reduced to zero. In this sense, QKD cannot generate a key perfectly.

According to the theory of QKD, however, the probability of the actually generated key showing different properties, such as information leakage, from the perfect key can be made arbitrarily small by the users whatever form of eavesdropping was conducted by Eve. This should be okay since a very small probability should be fine in many communications.