Quantum key distribution
Data carrying photons may be transmitted by laser and detected
in such a way that any interference will be noted
by Jennifer Ouellette
pdf version of this article
Computing’s exponential increase in power requires
setting the bar always higher to secure electronicdata
transmissions from would-be hackers. The ideal
solution would transmit data in quantum bits, but truly
quantum information processing may lie decades away.
Therefore, several companies have focused on bringing
one aspect of quantum communications to market—
quantum key distribution (QKD), used to exchange
secret keys that protect data during transmission. Two
companies, MagiQ Technologies (New York, NY) and ID
Quantique (Geneva, Switzerland), have released commercial
QKD systems, and several others plan to enter
the marketplace within two years.
 |
| Figure 1. When blue
light is pumped into a nonlinear crystal, entangled photon pairs (imaged here
as a red beam with the aid of a diode laser) emerge at an angle of 3° to
the blue beam, and the beams are sent into single-mode fibers to be detected.
Because the entangled photons “know” each other, any interference
will result in a mismatch when the two beams are compared. (University of Vienna/Volker
Steger) |
“There is a continuous war between code makers and
code breakers,” says Alexei Trifonov, chief scientist with
MagiQ. Cryptologists devise more difficult coding
schemes, only to have them broken. Quantum cryptography
has the potential to end that cycle. This is important
to national security and modern electronic business
transactions, which transmit credit card numbers and
other sensitive information in encrypted form.
The Department of Defense (DoD) currently funds
several quantum-cryptography projects as part of a
$20.6 million initiative in quantum information. Globally,
public and private sources will fund about $50 million
in quantum-cryptography work over the next several
years. Andrew Hammond, a vice president of MagiQ,
estimates that the market for QKD systems will reach
$200 million within a few years, and one day could hit
$1 billion annually.
Key types
QKD was proposed roughly 20 years ago, but its premise rests on
the formulation of Heisenberg’s uncertainty principle in 1927.
The very act of observing or measuring a particle—such as
a photon in a data stream—changes its behavior (Figure 1).
Any moving photon can have one of four orientations: vertical, horizontal,
or diagonal in either direction. A standard laser can be modified
to emit single photons, each with a particular orientation. Would-be
hackers (eavesdroppers in cryptography parlance) can record the
orientations with photon detectors, but doing so changes the orientation
of some photons—and, thus, alerts the sender and receiver
of a compromised transmission.
An encryption key—the code needed to encrypt or
decipher a message—consists of a string of random bits.
Such a key is useless unless it is completely random,
known only to the communicating parties, and changed
regularly. In the one-time-pad approach, the key length
must equal the message length, and it should be used
only once. In theory, this makes the encrypted message
secure, but problems arise in practice. In the real world,
keys must be exchanged by a CD-ROM or some other
physical means, which makes keys susceptible to interception.
Reusing a key gives code breakers the opportunity
to find patterns in the encrypted data that might
reveal the key. Historically, the Soviet Union’s accidental
duplication of one-time-pad pages allowed U.S. cryptanalysts
to unmask the spy Klaus Fuchs in 1949.
Rather than one-time-pad keys, many data-transmission
security systems today use public-key cryptography,
which relies on very long prime numbers to transmit keys.
A typical public-key encryption scheme uses two keys.
The first is a public key, available to anyone with access to
the global registry of public keys, and the message is
encrypted with it. The second is private, accessible only to
the receiver. Both keys are needed to unscramble a message.
The system’s primary weakness is that a powerful
computer could use the public key to learn the private key
(see The
Industrial Physicist, August 2000, pp. 29–33).
Quantum key distribution
A
key distributed using quantum cryptography would be almost impossible to steal
because QKD systems continually and randomly generate new private keys that
both parties share automatically. A compromised key in a QKD system can only
decrypt a small amount of encoded information because the private key may be
changed every second or even continuously. To build up a secret key from a stream
of single photons, each photon is encoded with a bit value of 0 or 1, typically
by a photon in some superposition state, such as polarization. These photons
are emitted by a conventional laser as pulses of light so dim that most
pulses do not emit a photon. This approach ensures that few pulses
contain more than one photon. Additional losses occur as photons
travel through the fiber-optic line. In the end, only a small fraction
of the received pulses actually contain a photon. However, this
low yield is not problematic for QKD because only photons that
reach the receiver are used. The key is generally encoded in either the
polarization or the relative phase of the photon (see "Keeping
Alice and Bob secure", below).
The most common standard protocol for QKD is called
BB84, after its inventors, IBM’s Charles Bennett and Gilles
Brassard. Invented in 1984, it uses a stream of single photons
to transfer a cryptographic key between two parties,
who can use it to encode and decode data transmitted
using standard high-speed techniques. Right now, single
photons allow real-time data transmissions only at low
speed, typically 100 bits/s—a hundred millionth the
speed of today’s fastest fiber-optic transmission systems.
That explains why most companies have focused on commercializing
QKD and not on data encryption.
Polarization-based encoding works best for free-space communication systems
rather than fiber-optic lines. Data
are transmitted faster in free-space systems, but they cannot
traverse the longer distances of fiber-optic links. In
July 2004, a team at the National Institute of Standards
and Technology (NIST), working with Acadia Optronics
(Rockville, MD), demonstrated the world’s fastest quantum-
cryptography system by sending a quantum key over
a 730-m free-space link at rates of up to 1 megabit/s—
1,000 times as fast as previously reported results. The
NIST system uses an infrared laser to generate the photons
and reflecting telescopes with 8-in. mirrors to send
and receive the photons through air.
NIST’s system differs from other existing QKD systems
in how it identifies a photon from the sender, as
opposed to photons from another source, such as the
sun. The scientists record the exact time of each emission
and look for a photon only when one is expected.
The window of observation time must be very short, but
NIST physicist Joshua Bienfang says that making frequent
brief observations enables the team to generate
new keys more often.
Fiber-optic links
Randomly generated keys are changed up to 1,000
times/s in MagiQ’s OPN Security Gateway, which uses a
secure fiber-optic link to transmit the changing key
sequence up to 120 km as a stream of polarized photons.
The company claims that linking its systems
together can transmit a QKD several hundred kilometers
(Figures 2 and 3).
Quantum properties other than polarization can
encode the value of a bit for the quantum key, says Gregoire
Ribordy, CEO of Swiss start-up ID Quantique. His
company introduced the first commercial quantum-cryptography
products in 2002: single-photon detectors and
random-number generators, two essential components for
quantum-cryptography systems. In 2003, the company
partnered with two electronic-security firms to develop a
commercial system.
 |
| Figure
3. A more detailed
network shows routers for concentrating and directing Internet
traffic, Sonet telecommunications protocol, wave division multiplexers,
optical amplifiers, and repeaters. |
ID Quantique’s system encodes data in the phase of the photon
instead of its polarization state. An interferometer splits beams
of light and then recombines them at the output end, and it can
do the same with a single photon. Although a photon cannot split
in two, its dual wave–particle nature allows it to travel
through both arms of the interferometer as a wave, only becoming
a particle again when it recombines and is detected at the output
end. It takes but a slight change in the length of one interferometer
arm to randomly alter a photon’s phase.
 |
| Figure
4. Henry Yeh, director
of programs, and Chip Elliot, principal engineer, in the Quantum
Laboratory at BBN Technologies, which operates the DARPA-funded
world’s first quantum key distribution network. (BBN
Technologies) |
In 2002, scientists at Northwestern University developed a quantum-cryptography
method capable of sending encr ypted data over a fiber- optic line
at 250 megabits/s, almost 1,000 times as fast as prior quantum technology.
The team used standard lasers and existing optical technology to
transmit large bundles of photons; other techniques used in quantum
cryptography rely on single photons, which are harder to detect.
BBN Technologies (Cambridge, MA) operates the world’s first
quantum cryptographic network, which links several different kinds
of QKD systems (Figure 4). Some use off-the-shelf optical lasers
and detectors to emit and detect single photons; others use entangled
pairs of photons.
This DARPA-funded network runs
between BBN, Harvard, and Boston University, a citysized
schematic designed to test the robustness of such
systems in real-world applications (Figure 5). It allows
multiple users at each organization to tap into a fiberoptic
loop secured by a quantum-cryptography system.
BBN will soon add a free-space QKD link and an entangled-
photon QKD system.
Other companies are also investing in quantum-cryptography
systems. IBM’s Almaden Research Center, the
NEC Research Institute, Toshiba, and Hewlett-Packard
are on the brink of introducing products. In March
2004, NEC scientists in Japan sent a single photon over
a 150-km fiber-optic link, breaking the transmissiondistance
record for quantum cryptography.
 |
| Figure
5. This network
allows users at BBN Technologies, Harvard University, and Boston
University to tap into a fiber-optic loop secured by a quantum-cryptography
system. (BBN Technologies/Funding by the Defense Advanced Research
Projects Agency) |
To date, most commercially viable QKD systems
rely on fiber-optic links limited to 100 to 120 km. At
longer distances, random noise degrades the photon
stream. Quantum keys cannot travel far over fiberoptic
lines, and, thus, they can work only between
computers directly connected to each other. The only
way to achieve such a system with total security in a
networking environment and at greater distances is to
add quantum repeaters—rudimentary quantum computers—
to regenerate the bits. NEC and Hewlett-
Packard are developing components needed to make
quantum repeaters a reality.
Entangled photons
To date, physicists have not developed an ideal single-photon
source. In a small number of instances, more
than one photon is emitted, making the system vulnerable.
A hacker could tap the system and measure one of
the photons to discover what polarization the sender is
using, and then send the other onto the receiver—all
without revealing his or her presence.
That explains why entangled photons present an
attractive future option. When two photons become
entangled, if one is vertically polarized, the other is
always polarized horizontally. The polarization of a single
photon cannot be known until it is measured, and the
measurement will automatically determine the polarization
of the other photon, even if it is several hundred
meters away. Albert Einstein dubbed this “spooky action
at a distance.” A QKD system using entangled photons
would have a critical advantage: the key comes into existence
simultaneously at both sender and receiver nodes,
eliminating the possibility of interception.
Entangled-state quantum cryptography works by generating
entangled-photon pairs and distributing them through fibers or free space so
that each arrives at the receiver’s detectors simultaneously.
Once measured, the photons assume one of four polarization
states at random. Entanglement works over fiberoptic
lines, but there are inevitable losses, which limits
transmission distance. Free-space techniques extend the
entanglement to distances in the range of 24 km.
Last April, a team from the University of Vienna, Austria’s
ARC Seibersdorf Research (Seibersdorf), and Ludwig-
Maximilians University (Munich, Germany) performed the
first quantum-secured transfer of money using entangled
photons. The scientists installed a 1.45-km fiber-optic line
under Vienna’s streets to link a transmitter at city hall to a
receiver at the headquarters of an Austrian bank. They
used a crystal with nonlinear optical properties to split
photons with wavelengths of 405 nm into entangled pairs of photons
with wavelengths of 810 nm. Using the key, the team safely
transferred funds from city hall to the bank.
In April 2004, the European Union launched the
SECOQC project, which involves 41 participants from
12 countries: Austria, Belgium, Canada, the Czech
Republic, Denmark, France, Germany, Italy, Russia, Sweden,
Switzerland, and the United Kingdom. Participants
have pledged 11.4 million euro ($14.8 million U.S.) in
funding over the next four years to create a secure quantum
network globally. One of the project’s eight goals is
to develop a suitable QKD system. The techniques under
consideration are the University of Vienna’s entangledphoton
scheme, ID Quantique’s attenuated pulsed-laser
source of single photons, and free-space links. The last
would also enable key distribution using modulated coherent states
rather than photon counting.
Faster detectors
Future developments will focus on faster photon detectors,
a major factor limiting the development of practical
systems for widespread commercial use. Chip Elliott,
BBN’s principal engineer, says the company is working
with the University of Rochester and NIST’s Boulder Laboratories
in Colorado to develop practical superconducting
photon detectors based on niobium nitride, which
would operate at 4 K and 10 GHz. Laboratory models can
already detect billions of photons per second—several
hundred orders of magnitude faster than today’s commercial
photon detectors. The ultimate goal is to make QKD more reliable, integrate it with today’s
telecommunications infrastructure, and increase the transmission
distance and rate of key generation. “It’s one thing
to achieve quantum cryptography in the laboratory on a multimillion
dollar government- funded project,” says MagiQ’s Trifonov.
“It’s quite another to make it reasonably cost-effective
for commercial applications.”
|
