A N EXAMPLE OF B92 QKD For example Alice preparing a polarized photon for each of her bits according to the rules: and sending it over the “quantum channel” to Bob. Bob makes a polarization measurement on each photon he receives, according to the value of his bit as given by: and records the result (“pass” = Y, “fail” = N).
In this experiment we see that for the first and fourth bits Alice and Bob had different bit values, so that Bob’s result is "N" in each case. However, for the second and third bits, Alice and Bob have the same bit values and the protocol is such that there is a probability of 0.5 that Bob’s result is a “Y” in each case. Of course, we cannot predict in any particular experiment which one will be a “Y,” but in this example the second bit was a “N” and the third bit was a “Y.”
I MPLICATIONS : EXPERIMENTAL The highest bit rate system currently demonstrated exchanges secure keys at 1 Mbit/s (over 20 km of optical fiber) and 10 kbit/s (over 100 km of fiber), achieved by a collaboration between the University of Cambridge and Toshiba using the BB84 protocol with decoy pulses. As of March 2007 the longest distance over which quantum key distribution has been demonstrated using optic fiber is 148.7 km, achieved by Los Alamos National Laboratory/NIST using the BB84 protocol. Significantly, this distance is long enough for almost all the spans found in today's fiber networks. The distance record for free space QKD is 144 km between two of the Canary Islands, achieved by a European collaboration using entangled photons (the Ekert scheme) in 2006, and using BB84 enhanced with decoy states in 2007. The experiments suggest transmission to satellites is possible, due to the lower atmospheric density at higher altitudes. For example although the minimum distance from the International Space Station to the ESA Space Debris Telescope is about 400 km, the atmospheric thickness is about an order of magnitude less than in the European experiment, thus yielding less attenuation compared to this experiment.
I MPLICATIONS : C OMMERCIAL There are currently three companies offering commercial quantum key distribution systems; id Quantique (Geneva), MagiQ Technologies (New York) and QuintessenceLabs (Australia). Several other companies also have active research programs, including Toshiba, HP, IBM, Mitsubishi, NEC and NTT Quantum encryption technology provided by the Swiss company Id Quantique was used in the Swiss canton (state) of Geneva to transmit ballot results to the capitol in the national election occurring on October 21, 2007. In 2004, the world's first bank transfer using quantum key distribution was carried in Vienna, Austria.
A N EXAMPLE OF EPR PROTOCOL Alice’s polarization 01 - +10+ Alice’s bit value 01 0 1101 Bob’s polarization ++ - 11++ Bob’s bit value 11 0 1111
T HE ORIGIN OF KEY BITS Since it is symmetric – Alice and Bob perform identical tasks on their qubits, even possibly simultaneously – it cannot be said that either Alice or Bob generates the key. Rather, the key is truly random. In fact the same applies to the BB84 protocol, since it can be reduced to an instance of a generalized version of the EPR protocol key is undetermined until Alice or Bob performs a measurement on their EPR pair half. Similar observations can be made about the B92 protocol. For this reason, quantum cryptography is sometimes thought of not as secret key exchange or transfer, but rather as secret key generation, since fundamentally neither Alice nor Bob can pre-determine the key they will ultimately end up with upon completion of the protocol.
A N EXAMPLE OF VULNERABLE QKD PROTOCOL Li describes a QKD protocol using Greenberger-Horne-Zeilinger (GHZ) states that requires no classical communication. The protocol is described as follows, for communicating parties Alice and Bob:
Ever since there’s been money, there’ve been people trying to counterfeit it Previous work on the physics of money: In his capacity as Master of the Mint, Isaac Newton added milled edges to English coins to make them harder to counterfeit (Newton also personally oversaw hangings of counterfeiters) Quantum Money
Today: Holograms, embedded strips, “microprinting,” special inks… Leads to an arms race with no obvious winner Problem: From a CS perspective, uncopyable cash seems impossible for trivial reasons Any printing technology the good guys can build, bad guys can in principle build also x (x,x) is a polynomial-time operation
What’s done in practice: Have a trusted third party authorize every transaction OK, but sometimes you want cash, and that seems impossible to secure, at least in classical physics… (BitCoin: “Trusted third party” is distributed over the Internet)
First Idea in the History of Quantum Info Wiesner 1969: Money that’s information-theoretically impossible to counterfeit, assuming quantum mechanics Each banknote contains n qubits, secretly prepared in one of the 4 states |0 ,|1 ,|+ ,|- In a giant database, the bank remembers how it prepared every qubit on every banknote Want to verify a banknote? Take it to the bank. Bank uses its knowledge to measure each qubit in the right basis: OR (Recent) Theorem: A counterfeiter who doesn’t know the state can copy it with probability at most (3/4) n
D RAWBACKS OF W IESNER ’ S S CHEME 1.Banknotes could decohere in microseconds in your wallet—the “Schrödinger’s money problem”! The reason why quantum money isn’t yet practical, in contrast to (say) quantum key distribution 2.Bank needs a big database describing every banknote Solution (Bennett et al. ‘82): Pseudorandom functions 3.Only the bank knows how to verify the money 4.Scheme can be broken by interacting with the bank
Future Direction: Quantum Copy-Protection Finally, a serious use for quantum computing Goal: Quantum state | f that lets you compute an unknown function f, but doesn’t let you efficiently create more states with which f can be computed
Q UANTUM C RYPTOGRAPHY C OMES TO S MART P HONES A smart phone can do pretty much anything a PC can. But, aside from password protection, phones have very little security—a real problem with more and more people using phones for online banking and shopping. But researchers at Los Alamos National Lab hope quantum encryption can help. Quantum encryption typically requires a lot of processing power and covers only short distances. But Los Alamos says it's developed a minitransmitter that encodes the encryption key on a single photon. They call it the QKarD transmitter, short for Quantum Smart Card. Any change in the photon’s quantum information reveals an attempted hack and cancels the transaction.
QKarD faces a few challenges. You'd still need a password or some biometric security to make sure someone doesn't use your lost or stolen phone to make their own encrypted transactions. Also, Google's Wallet mobile payment service already uses encryption. It may not be as secure as quantum encryption, but many people may decide it’s good enough. One thing’s for sure: we're going to need more mobile gadget security to keep a step ahead of info-hungry hackers.
R EFERENCES C. H. Bennett, Phys. Rev. Lett. 68, 3121 (1992). C. H. Bennett and G. Brassard, Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, Bangalore (New York, IEEE, 1984). arXiv:quant-ph/9904038v1 arXiv:quant-ph/0206092v1 arXiv:quant-ph/0305076v1 M. A. Nielsen an d I.L.Chuang, Quantum Computation and Quantum Information, Cambridge University Press, UK, 2000. http://en.wikipedia.org/wiki/Quantum_key_distribution www. scottaaronson.com/talks/ money -hs.ppt www. scottaaronson.com/talks/q money -uw.ppt http://www.scientificamerican.com/podcast/episode.cfm?id=quantum- cryptography-comes-to-smart-12-02-02