Quantum key distribution

[R.A. Hettinga]

<http://www.aip.org/tip/INPHFA/vol-10/iss-6/p22.html>
  - The Industrial Physicist

?Quantum key distribution

Data carrying photons may be transmitted by laser and detected in such a
way that any interference will be noted

by Jennifer Ouellette

pdf version of this article

Computing's exponential increase in power requires setting the bar always
higher to secure electronicdata transmissions from would-be hackers. The
ideal solution would transmit data in quantum bits, but truly quantum
information processing may lie decades away. Therefore, several companies
have focused on bringing one aspect of quantum communications to market-
quantum key distribution (QKD), used to exchange secret keys that protect
data during transmission. Two companies, MagiQ Technologies (New York, NY)
and ID Quantique (Geneva, Switzerland), have released commercial QKD
systems, and several others plan to enter the marketplace within two years.
Figure 1. When blue light is pumped into a nonlinear crystal, entangled
photon pairs (imaged here as a red beam with the aid of a diode laser)
emerge at an angle of 30 to the blue beam, and the beams are sent into
single-mode fibers to be detected. Because the entangled photons "know"
each other, any interference will result in a mismatch when the two beams
are compared. (University of Vienna/Volker Steger)

 "There is a continuous war between code makers and code breakers," says
Alexei Trifonov, chief scientist with MagiQ. Cryptologists devise more
difficult coding schemes, only to have them broken. Quantum cryptography
has the potential to end that cycle. This is important to national security
and modern electronic business transactions, which transmit credit card
numbers and other sensitive information in encrypted form. The Department
of Defense (DoD) currently funds several quantum-cryptography projects as
part of a $20.6 million initiative in quantum information. Globally, public
and private sources will fund about $50 million in quantum-cryptography
work over the next several years. Andrew Hammond, a vice president of
MagiQ, estimates that the market for QKD systems will reach $200 million
within a few years, and one day could hit $1 billion annually.

Key types

QKD was proposed roughly 20 years ago, but its premise rests on the
formulation of Heisenberg's uncertainty principle in 1927. The very act of
observing or measuring a particle-such as a photon in a data stream-changes
its behavior (Figure 1). Any moving photon can have one of four
orientations: vertical, horizontal, or diagonal in either direction. A
standard laser can be modified to emit single photons, each with a
particular orientation. Would-be hackers (eavesdroppers in cryptography
parlance) can record the orientations with photon detectors, but doing so
changes the orientation of some photons-and, thus, alerts the sender and
receiver of a compromised transmission.

An encryption key-the code needed to encrypt or decipher a message-consists
of a string of random bits.  Such a key is useless unless it is completely
random, known only to the communicating parties, and changed regularly. In
the one-time-pad approach, the key length must equal the message length,
and it should be used only once. In theory, this makes the encrypted
message secure, but problems arise in practice. In the real world, keys
must be exchanged by a CD-ROM or some other physical means, which makes
keys susceptible to interception. Reusing a key gives code breakers the
opportunity to find patterns in the encrypted data that might reveal the
key. Historically, the Soviet Union's accidental duplication of
one-time-pad pages allowed U.S. cryptanalysts to unmask the spy Klaus Fuchs
in 1949.

Rather than one-time-pad keys, many data-transmission security systems
today use public-key cryptography, which relies on very long prime numbers
to transmit keys. A typical public-key encryption scheme uses two keys. The
first is a public key, available to anyone with access to the global
registry of public keys, and the message is encrypted with it. The second
is private, accessible only to the receiver. Both keys are needed to
unscramble a message. The system's primary weakness is that a powerful
computer could use the public key to learn the private key (see The
Industrial Physicist, August 2000, pp. 29-33).

Quantum key distribution

A key distributed using quantum cryptography would be almost impossible to
steal because QKD systems continually and randomly generate new private
keys that both parties share automatically. A compromised key in a QKD
system can only decrypt a small amount of encoded information because the
private key may be changed every second or even continuously. To build up a
secret key from a stream of single photons, each photon is encoded with a
bit value of 0 or 1, typically by a photon in some superposition state,
such as polarization. These photons are emitted by a conventional laser as
pulses of light so dim that most pulses do not emit a photon. This approach
ensures that few pulses  contain more than one photon. Additional losses
occur as photons travel through the fiber-optic line. In the end, only a
small fraction  of the received pulses actually contain a photon. However,
this low yield is not problematic for QKD because only photons that reach
the receiver are used. The key is generally encoded in either the
polarization or the relative phase of the photon (see "Keeping Alice and
Bob secure", below).

 The most common standard protocol for QKD is called BB84, after its
inventors, IBM's Charles Bennett and Gilles Brassard. Invented in 1984, it
uses a stream of single photons to transfer a cryptographic key between two
parties, who can use it to encode and decode data transmitted using
standard high-speed techniques. Right now, single photons allow real-time
data transmissions only at low speed, typically 100 bits/s-a hundred
millionth the speed of today's fastest fiber-optic transmission systems.
That explains why most companies have focused on commercializing QKD and
not on data encryption.
Polarization-based encoding works best for free-space communication systems
rather than fiber-optic lines. Data are transmitted faster in free-space
systems, but they cannot traverse the longer distances of fiber-optic
links. In July 2004, a team at the National Institute of Standards and
Technology (NIST), working with Acadia Optronics (Rockville, MD),
demonstrated the world's fastest quantum- cryptography system by sending a
quantum key over a 730-m free-space link at rates of up to 1 megabit/s-
1,000 times as fast as previously reported results. The NIST system uses an
infrared laser to generate the photons and reflecting telescopes with 8-in.
mirrors to send and receive the photons through air.

NIST's system differs from other existing QKD systems in how it identifies
a photon from the sender, as opposed to photons from another source, such
as the sun. The scientists record the exact time of each emission and look
for a photon only when one is expected. The window of observation time must
be very short, but NIST physicist Joshua Bienfang says that making frequent
brief observations enables the team to generate new keys more often.

Fiber-optic links

Randomly generated keys are changed up to 1,000 times/s in MagiQ's OPN
Security Gateway, which uses a secure fiber-optic link to transmit the
changing key sequence up to 120 km as a stream of polarized photons. The
company claims that linking its systems together can transmit a QKD several
hundred kilometers (Figures 2 and 3).
Quantum properties other than polarization can encode the value of a bit
for the quantum key, says Gregoire Ribordy, CEO of Swiss start-up ID
Quantique. His company introduced the first commercial quantum-cryptography
products in 2002: single-photon detectors and random-number generators, two
essential components for quantum-cryptography systems. In 2003, the company
partnered with two electronic-security firms to develop a commercial system.
Figure 3. A more detailed network shows routers for concentrating and
directing Internet traffic, Sonet telecommunications protocol, wave
division multiplexers, optical amplifiers, and repeaters.

ID Quantique's system encodes data in the phase of the photon instead of
its polarization state. An interferometer splits beams of light and then
recombines them at the output end, and it can do the same with a single
photon. Although a photon cannot split in two, its dual wave-particle
nature allows it to travel through both arms of the interferometer as a
wave, only becoming a particle again when it recombines and is detected at
the output end. It takes but a slight change in the length of one
interferometer arm to randomly alter a photon's phase.
Figure 4. Henry Yeh, director of programs, and Chip Elliot, principal
engineer, in the Quantum  Laboratory at BBN Technologies, which operates
the DARPA-funded world's first quantum key distribution network. (BBN
Technologies)

 In 2002, scientists at Northwestern University developed a
quantum-cryptography method capable of sending encr ypted data over a
fiber- optic line at 250 megabits/s, almost 1,000 times as fast as prior
quantum technology. The team used standard lasers and existing optical
technology to transmit large bundles of photons; other techniques used in
quantum cryptography rely on single photons, which are harder to detect.
BBN Technologies (Cambridge, MA) operates the world's first quantum
cryptographic network, which links several different kinds of QKD systems
(Figure 4). Some use off-the-shelf optical lasers and detectors to emit and
detect single photons; others use entangled pairs of photons.

 This DARPA-funded network runs between BBN, Harvard, and Boston
University, a citysized schematic designed to test the robustness of such
systems in real-world applications (Figure 5). It allows multiple users at
each organization to tap into a fiberoptic loop secured by a
quantum-cryptography system. BBN will soon add a free-space QKD link and an
entangled- photon QKD system.  Other companies are also investing in
quantum-cryptography systems. IBM's Almaden Research Center, the NEC
Research Institute, Toshiba, and Hewlett-Packard are on the brink of
introducing products. In March 2004, NEC scientists in Japan sent a single
photon over a 150-km fiber-optic link, breaking the transmissiondistance
record for quantum cryptography.
Figure 5. This network allows users at BBN Technologies, Harvard
University, and Boston  University to tap into a fiber-optic loop secured
by a quantum-cryptography  system. (BBN Technologies/Funding by the Defense
Advanced Research Projects Agency)

To date, most commercially viable QKD systems rely on fiber-optic links
limited to 100 to 120 km. At longer distances, random noise degrades the
photon stream. Quantum keys cannot travel far over fiberoptic lines, and,
thus, they can work only between computers directly connected to each
other. The only way to achieve such a system with total security in a
networking environment and at greater distances is to add quantum
repeaters-rudimentary quantum computers- to regenerate the bits. NEC and
Hewlett- Packard are developing components needed to make quantum repeaters
a reality.

Entangled photons

To date, physicists have not developed an ideal single-photon source. In a
small number of instances, more than one photon is emitted, making the
system vulnerable. A hacker could tap the system and measure one of the
photons to discover what polarization the sender is using, and then send
the other onto the receiver-all without revealing his or her presence.

That explains why entangled photons present an attractive future option.
When two photons become entangled, if one is vertically polarized, the
other is always polarized horizontally. The polarization of a single photon
cannot be known until it is measured, and the measurement will
automatically determine the polarization of the other photon, even if it is
several hundred meters away. Albert Einstein dubbed this "spooky action at
a distance." A QKD system using entangled photons would have a critical
advantage: the key comes into existence simultaneously at both sender and
receiver nodes, eliminating the possibility of interception.

Entangled-state quantum cryptography works by generating entangled-photon
pairs and distributing them through fibers or free space so that each
arrives at the receiver's detectors simultaneously. Once measured, the
photons assume one of four polarization states at random. Entanglement
works over fiberoptic lines, but there are inevitable losses, which limits
transmission distance. Free-space techniques extend the entanglement to
distances in the range of 24 km.

Last April, a team from the University of Vienna, Austria's ARC Seibersdorf
Research (Seibersdorf), and Ludwig- Maximilians University (Munich,
Germany) performed the first quantum-secured transfer of money using
entangled photons. The scientists installed a 1.45-km fiber-optic line
under Vienna's streets to link a transmitter at city hall to a receiver at
the headquarters of an Austrian bank. They used a crystal with nonlinear
optical properties to split photons with wavelengths of 405 nm into
entangled pairs of photons with wavelengths of 810 nm. Using the key, the
team safely transferred funds from city hall to the bank.

In April 2004, the European Union launched the SECOQC project, which
involves 41 participants from 12 countries: Austria, Belgium, Canada, the
Czech Republic, Denmark, France, Germany, Italy, Russia, Sweden,
Switzerland, and the United Kingdom. Participants have pledged 11.4 million
euro ($14.8 million U.S.) in funding over the next four years to create a
secure quantum network globally. One of the project's eight goals is to
develop a suitable QKD system. The techniques under consideration are the
University of Vienna's entangledphoton scheme, ID Quantique's attenuated
pulsed-laser source of single photons, and free-space links. The last would
also enable key distribution using modulated coherent states rather than
photon counting.

Faster detectors

Future developments will focus on faster photon detectors, a major factor
limiting the development of practical systems for widespread commercial
use. Chip Elliott, BBN's principal engineer, says the company is working
with the University of Rochester and NIST's Boulder Laboratories in
Colorado to develop practical superconducting photon detectors based on
niobium nitride, which would operate at 4 K and 10 GHz. Laboratory models
can already detect billions of photons per second-several hundred orders of
magnitude faster than today's commercial photon detectors.

The ultimate goal is to make QKD more reliable, integrate it with today's
telecommunications infrastructure, and increase the transmission distance
and rate of key generation. "It's one thing to achieve quantum cryptography
in the laboratory on a multimillion dollar government- funded project,"
says MagiQ's Trifonov. "It's quite another to make it reasonably
cost-effective for commercial applications."

 

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'