Quantum_Cryptography

QUANTUM CRYPTOGRAPHY By Lalitha CONTENTS 1. Introduction 1 2.1 Cryptography 3 2.2 Quantum Mechanics 4 2. Need for Quantum Cryptography 4 3. Evolution of Quantum Cryptography 5 4. Quantum Cryptography 7 5. Quantum Principles 8 6.3 Elements of the Quantum Theory 9 6.4 Heisenberg’s Uncertainty Principle 9 6.5 Photon Polarization 9 6. Various Protocols and Algorithms for QKD 13 7.6 E91 Protocol 13 7. Methodology 13 8. The key distribution problem 18 9.7 Quantum Key Distribution with BB84 18 9. Hardware to be used 22 10. Implementations 23 11. Commercial QC providers 25 12. Applications 25 13. Merits 26 14. Demerits 26 15. Future Scope 27 16. Conclusion 27 17. References 28 LIST OF FIGURES Figure No. | Description | Page No. | 1 | The basic cryptographic model | 3 | 2 | Sketch of Stephen Wiesner's Quantum Money, source. quantum money Univ KLU AT | 5 | 3 | Quantum Cryptographic apparatus constructed at IBM. Flashes of polarized light | 6 | 4 | Brief network architecture of SECOQC | 6 | 5 | Example showing Quantum Cryptography | 8 | 6 | Polarization of Photon | 9 | 7 | Photon Polarization using vertical and tilted Filters respectively | 12 | 8 | Photon Polarization with filter | 12 | 9 | Alice transmitting data one photon at a time to Bob | 14 | 10 | The basic setup for quantum key distribution. The quantum channel is typically an optical fiber, capable of transmitting individual polarized photons. | 16 | 11 | The sequence of steps in the BB84 quantum key distribution scheme, in the presence of an eavesdropper. | 17 | 12 | QKD using BB84 protocol | 18 | LIST OF TABLES Table No. | Description | Page No | 1 | Different orientations of photons | 10 | 2 | Type of Polarization and Symbol | 10 | 3 | Type of filter and its symbol | 10 | 4 | Detector type and Symbol | 11 | 5 | The filter output | 11 | ABSTRACT Quantum cryptography uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages. An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. These results from a fundamental part of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented which detects eavesdropping. If the level of eavesdropping is below a certain threshold a key can be produced which is guaranteed as secure, otherwise no secure key is possible and communication is aborted. The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security.  Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt and decrypt a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key. 1. Introduction Quantum cryptography uses quantum mechanics to guarantee secure communication. This is based on the Heisenberg uncertainty principle that it is impossible to measure a quantum state without changing it, and a single photon can represent a quantum state. Quantum cryptography is the use of quantum systems to do cryptographic tasks. The most famous example (but by no means the only one) is quantum key distribution (QKD) which uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages. An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. This result from a fundamental aspect of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented which detects eavesdropping. If the level of eavesdropping is below a certain threshold, a key can be produced that is guaranteed to be secure (i.e. the eavesdropper has no information about), otherwise no secure key is possible and communication is aborted. The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security. Logical information of messages, a train of 0 and 1 bit, can be encoded in the polarization of photons. It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages. An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. These results from a fundamental part of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented which detects eavesdropping. If the level of eavesdropping is below a certain threshold a key can be produced which is guaranteed as secure, otherwise no secure key is possible and communication is aborted.  The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security.  Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt and decrypt a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key. Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key. 1.1. Cryptography It originated from the Greek words “kryptos”, meaning hidden, and “graphos” means writing. Cryptography is the art of devising codes and ciphers, and cryptoanalysis is the art of breaking them. Cryptology is the combination of the two. In the literature of cryptology, information to be encrypted is known as “plaintext”, and the parameters of the encryption algorithm that transforms the plain text are collectively called a” key”. Cryptography does not mask the existence of the message, but does disguise its content. Figure1. The basic cryptographic model The purpose of cryptography is to transmit information in such a way that access to it is restricted entirely to the intended recipient, even if the transmission itself is received by others. This science is of increasing importance with the advent of broadcast and network communication, such as electronic transactions, the Internet, e-mail, and cell phones, where sensitive monetary, business, political, and personal communications are transmitted over public channels. Cryptography operates by a sender scrambling or encrypting the original message or plaintext in a systematic way that obscures its meaning. The encrypted message or cryptotext is transmitted, and the receiver recovers the message by unscrambling or decrypting the transmission. A cryptosystem is a mechanism or convention that allows two or more legitimate users to exchange messages secretly - nobody but these users must be able to learn the content of the messages. 1.2. Quantum Mechanics Quantum communications is based on sending information with one photon at a time using fiber optic cables.  At the beginning of the last century probably the most striking physical theory have appeared: Quantum Mechanics. During decades it has become the one of the best tested theories and it has influenced many practical domains. However, in some sense it is still the least understood theory. The reason is its rather contra-intuitive nature. Quantum mechanics (QM) is a set of scientific principles describing the known behavior of energy and matter that predominate at the atomic and subatomic scales. The name derives from the observation that some physical quantities—such as the angular momentum of an electron—can be changed only by set amounts, or quanta, rather than being capable of varying by any amount. The wave–particle duality of electromagnetic radiation and matter at the atomic scale provides a unified view of the behavior of particles such as photons and electrons. Photons are the quanta of light, and have energy values proportional to their frequency via the Planck constant. An electron bound in an atomic orbital has quantized values of angular momentum. The unbound electron does not exhibit quantized energy levels, but is associated with a matter wave, as are all massive particles. The full significance of the Planck constant is expressed in physics through the dynamic physical attribute of action. 1. Need for Quantum Cryptography The demerits of traditional cryptology paved the way for Quantum Cryptography. A disadvantage of using public-key cryptography for encryption is speed: there are popular secret-key encryption methods that are significantly faster than any currently available public-key encryption method. Nevertheless, public-key cryptography can be used with secret-key cryptography to get the best of both worlds. For encryption, the best solution is to combine public- and secret-key systems in order to get both the security advantages of public-key systems and the speed advantages of secret-key systems. The public-key system can be used to encrypt a secret key which is used to encrypt the bulk of a file or message. Such a protocol is called a digital envelope, which is explained in more detail in the case of RSA. Public-key cryptography may be vulnerable to impersonation, however, even if users' private keys are not available. A successful attack on a certification authority will allow an adversary to impersonate whomever the adversary chooses to by using a public-key certificate from the compromised authority to bind a key of the adversary's choice to the name of another user. 2. Evolution of Quantum Cryptography Quantum cryptography was proposed first by Stephen Wiesner, then at Columbia University in New York, who, in the early 1970s, introduced the concept of quantum conjugate coding. Figure2. Sketch of Stephen Wiesner's Quantum Money, source. quantum money Univ KLU AT Shortly before British physicist David Deutsch published the first paper proposing Quantum Computer s in 1985, cryptologists had united quantum theory with code-making. In early 1980’s two computer scientists, Charles Bennett a researcher for IBM and Gilles Brassard from the University of Monstreal, realized that the application of quantum theory in the field of cryptography could have the potential to create a cipher giving absolute security for eternity. Initial work was hampered by the ubiquitous problem of key distribution; if a conventional key-exchange system was used such as RSA, any security would be quickly lost to a brute-force attack using a quantum computer. Figure3. Quantum Cryptographic apparatus constructed at IBM. Flashes of polarized light, each one tenth of a photon, are generated and measured across a free air optical path of 32 centimeters. The crypto system developed by Bennett and Bassard uses polarized light photons to transfer data between two points. As a photon travels through space it vibrates perpendicularly to its plane of movement, the direction of vibration is known as its polarization. Polarizing filters can be created from plastic polymers which will only light of a certain polarization through. These polaroids or filters will block photons of a diagrammatically opposite polarization, but will allow those with the same polarization through. Bennett and Bassard proposed scheme takes advantage of the fact that an observer will have no idea which angle of polarizing filter should be used for a certain photon to pass successfully through. The world's first computer network protected by quantum cryptography was implemented in October 2008, at a scientific conference in Vienna. The name of this network is SECOQC (Secure Communication Based on Quantum Cryptography) and EU funded this project. The network used 200 km of standard fiber optic cable to interconnect six locations across Vienna and the town of St Poelten located 69 km to the west. Figure4. Brief network architecture of SECOQC 3. Quantum Cryptography Quantum cryptography is the use of quantum systems to do cryptographic tasks. Quantum cryptography allows secure communications on fibre optic and free space networks. Uniquely it offers ‘unconditional secrecy’, which is independent of the computing power, fancy gadgetry or cunning of a hacker. The security of quantum cryptography stems from inviolable laws of nature and it is therefore widely regarded as the strongest cryptographic protection possible. An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. This result from a fundamental aspect of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented which detects eavesdropping. If the level of eavesdropping is below a certain threshold, a key can be produced that is guaranteed to be secure (i.e. the eavesdropper has no information about), otherwise no secure key is possible and communication is aborted. The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security. Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key. In 1990, independently and initially unaware of the earlier work, Artur Ekert, then a Ph.D. student at Wolfson College, University of Oxford, developed a different approach to quantum cryptography based on peculiar quantum correlations known as quantum entanglement. Figure5. Example showing Quantum Cryptography 4. Quantum Principles In physics, a quantum (plural: quanta) is the minimum unit of any physical entity involved in an interaction. A photon, for example, is a single quantum of light, and may thus be referred to as a "light quantum". A photon is an elementary particle of light, carrying a fixed amount of energy. Light may be polarized; polarization is a physical property that emerges when light is regarded as an electromagnetic wave. The direction of a photon's polarization can be fixed to any desired angle (using a polarizing filter) and can be measured using a calcite crystal. 5.3. Elements of the Quantum Theory * Light waves are propagated as discrete quanta called photons. * They are mass less and have energy, momentum and angular momentum called spin. * Spin carries the polarization. * If on its way we put a polarization filter a photon may pass through it or may not. * We can use a detector to check of a photon has passed through a filter. 5.4. Heisenberg’s Uncertainty Principle Certain pairs of physical properties are related in such a way that measuring one property prevents the observer from knowing the value of the other. When measuring the polarization of a photon, the choice of what direction to measure affects all subsequent measurements. If a photon passes through a vertical filter it will have the vertical orientation regardless of its initial direction of polarization. 5.5. Photon Polarization Figure6. Polarisation of Photon A photon which is rectilinearly polarized has a polarization direction at 0° or 90° with respect to the horizontal. A diagonally polarized photon has a polarization direction at 45° or 135°. It is possible to use polarized photons to represent individual bits in a key or a message, with the following conventions: Table1. Different orientations of photons Position  | 0 | 1 | Rectilinear | 0° | 90° | Diagonal | 45° | 135° | That is to say, a polarization direction of 0° or 45° may be taken to stand for binary 0, while directions of 45° and 135° may be taken to stand for binary 1. This is the convention used in the quantum key distribution scheme BB84. The process of mapping a sequence of bits to a sequence of rectilinearly and diagonally polarized photons is referred to as conjugate coding, while the rectilinear and diagonal polarization are known as conjugate variables. Quantum theory stipulates that it is impossible to measure the values of any pair of conjugate variables simultaneously. Table2. Type of Polarization and Symbol Polarization: | Horizontal | Up-Down Diagonal | Vertical | Down-Up Diagonal | Symbol: | | | | | | | | | | Table3. Type of filter and its symbol Filter: | Horizontal | Up-Down Diagonal | Vertical | Down-Up Diagonal | Symbol: | | | | | Table4. Detector type and Symbol Detector Type: | Rectilinear | Diagonal | Symbol: | | | Table5. The filter output Input |   | Filter |   | Output |   | | + | | = | | | | + | | = | | | The position and momentum of a particle are the most common examples of conjugate variables. If an experimenter tries to measure a particle's position, he or she has to project light on it of a very short wavelength; however, short-wavelength light has a direct impact on the particle's momentum, making it impossible for the experimenter to measure momentum to any degree of accuracy. Similarly, to measure a particle's momentum, long-wavelength light is used, and this necessarily makes the position of the particle uncertain. In quantum mechanics, position and momentum are also referred to as incompatible observables, by virtue of the impossibility of measuring both at the same time. This same impossibility applies to rectilinear and diagonal polarization for photons: if someone tries to measure a rectilinearly polarized photon with respect to the diagonal, all information about the photon's rectilinear polarization is lost. Photon Polarization using Filter Vertical filter Tilted filter at the angle Figure7. Photon Polarization using vertical and tilted Filters respectively The probability of a photon appearing after the second filter depends on the angle and becomes 0 at = 90 degrees Figure8. Photon Polarization with filter The first filter randomizes the measurements of the second filter. * A pair of orthogonal filters such as vertical/horizontal is called a basis. * A pair of bases is conjugate if the measurement in the first basis completely randomizes the measurements in the second basis. * As in the previous slide example for = 45deg. 5. Various Protocols and Algorithms for QKD * BB84 Protocol: Charles H. Bennett and Gilles Brassard (1984) * E91 protocol: Artur Ekert (1991) * RSA Algorithm * Entanglement based protocols  6.6. E91 Protocol The Ekert scheme uses entangled pairs of photons. These can be created by Alice, by Bob, or by some source separate from both of them, including eavesdropper Eve. The photons are distributed so that Alice and Bob each end up with one photon from each pair. The scheme relies on two properties of entanglement. First, the entangled states are perfectly correlated in the sense that if Alice and Bob both measure whether their particles have vertical or horizontal polarizations, they always get the same answer with 100% probability. The same is true if they both measure any other pair of complementary (orthogonal) polarizations. However, the particular results are completely random; it is impossible for Alice to predict if she (and thus Bob) will get vertical polarization or horizontal polarization. Second, any attempt at eavesdropping by Eve destroys these correlations in a way that Alice and Bob can detect. 6. Methodology Let us assume Alice and Bob are authorized communicators on a quantum communications channel. Alice transmits single photons to Bob. Along comes Eve, who puts a "wiretap" on the channel, which can intercept the signal going to Bob. Eve must perform a measurement on an individual quantum state (must measure the polarity of a single-photon pulse). But quantum mechanics tells us that every measurement perturbs the quantum system. Hence, Eve's reading of the quantum signal reduces the number of photon arriving to Bob, while her attempts to resend "fake" photons to Bob (playing Alice) perturbs the correlation between Alice and Bob's data. Thus, Alice and Bob can detect Eve's presence by comparing on the public channel a random segment of their quantum signal. Alice transmits data to Bob one photon at a time. Eve attempts to tap into their communications. Eve has full access to all communication channels (quantum or classical) that the laws of physics allow. Figure9. Alice transmitting data one photon at a time to Bob It is important to stress that in the current quantum cryptography implementation, called quantum key distribution, quantum communications channel is not used to transmit a message, but only a key consisting of a random string of bits. Such arrangement allows Alice and Bob to have the full control over the transmission process. If it turns out that the key is corrupted, Alice and Bob discard it and start again. If the key successfully passes the control (matches on both sides), Alice uses it to encode the message and Bob to unscramble the text. The quantum key is completely random, and its confidentiality is checked before the actual message is sent. The confidentiality check is a result of the no-cloning theorem, which states that an unknown quantum state (for example, a photon state) cannot be copied exactly. Alice sends a 0 or a 1 randomly, assigning vertical polarization as a logical 1 and horizontal polarization as a logical 0. To make things more efficient, +45 degrees can also be assigned a logical 1 and -45 degrees a logical 0. The resulting pattern is the key that Alice transmits, which is unknown to anyone, even Bob. Bob has his own polarizers and needs to guess the incoming bit (coded polarization) stream. Sometimes Bob guesses correctly and sometimes not. Thus, contrary to classical cryptography, there is no predefined key. When Bob has received all of the bits, Alice and Bob compare the settings of their polarizers over a public channel (for example, via an internet link). They do not reveal, however, the logical values of the transmitted bits (they exchange only settings of polarizers), and they keep bits only when their settings match. If there is any eavesdropping on the channel, the states on the two sides would not match, which would lead to Alice and Bob discarding the key and starting over again. If the settings match, Alice uses the key to encrypt messages. Example: Let us take an example: Alice and Bob are linked together via a noiseless optical fiber. Eve, the eavesdropper, is capable of making measurements on individual photons passing through the fiber. Consider the case in which Alice wants to communicate the binary sequence 00110 to Bob through this setup, using BB84. Figure10. The basic setup for quantum key distribution. The quantum channel is typically an optical fiber, capable of transmitting individual polarized photons. Alice and Bob perform the steps described in the previous section, detailed below. The question marks indicate bit positions for which measurement will produce a random result (0 or 1 with equal probability). The whole process is illustrated in figure10, where instead of question marks, one of the two possible bit values are shown. 1. Alice prepares the binary sequence s = 00110, part of which will be used later as the common cryptographic key with Bob. 2. Alice chooses a sequence of encoding bases at random, say b = RDRDD. (Remember: "R" = rectilinear polarization (0° or 90°); "D" = diagonal polarization (45° or 135°). 3. Alice encodes s using the bases b, to produce the sequence of photons with respective polarizations 0°, 45°, 90°, 135°, 45°. 4. Eve makes a random choice of measurement bases, e b = RRDDD. 5. Eve intercepts each photon and measures it with her choice of basis, producing a sequence of bits e s =0''10. 6. Eve substitutes the photons she has intercepted, by encoding the bits obtained in the previous step with the bases chosen in step 4. This is known as an "intercept-resend" attack. 7. Bob receives the photons placed on the optical fiber by Eve, and measures them with a set of randomly chosen measurement bases b' = RDDRD, obtaining finally a sequence of bits s' = 0'''0. 8. Alice and Bob compare their choices of basis and detect Eve's presence with the second bit, for which they used identical bases but obtained different bit values; they discard the third and fourth bit, leaving s = 000 and s' = 0'0. Figure 11. The sequence of steps in the BB84 quantum key distribution scheme, in the presence of an eavesdropper. For the second and third bit in this example, Eve makes an incorrect choice of measurement basis, indicated with red colored text. Bob makes an incorrect choice of basis for the third and fourth bit, similarly indicated in red. For the second bit, although Bob has chosen the correct basis (D), the outcome of measurement does not match the original bit encoded by Alice -- this allows Alice and Bob to detect Eve's presence. 7. The key distribution problem For military and diplomatic applications, it may be possible to have the key delivered manually to all the legitimate users, using a trusted third party such as a courier. But not everybody can afford couriers, and even if they could, there is no guarantee that couriers can be trusted. Anyone who manages to find out the keys being used can decrypt the messages effortlessly, defeating the objective of encryption. This aspect of (symmetric) cryptography is referred to as the key distribution problem. 8.7. Quantum Key Distribution with BB84 The quantum key distribution procedure (QKD) allows two parties to establish a common random secret key. It takes advantage of the fact that quantum mechanics does not allow us to distinguish non-orthogonal states with certainty. Within the framework of classical physics, information encoded into a property of a classical object, can be acquired without affecting the state of the object. However, if information is encoded into a property of a quantum object, any attempt to discriminate its non-orthogonal states inevitably changes the original state with a nonzero probability. And since eavesdropping is also governed by the laws of quantum mechanics, these changes cause errors in transmissions and reveal the eavesdropper. QKD cannot prevent from eavesdropping, but it enables legitimate users to discover it. If any eavesdropping is detected, the key is simply thrown away and a new one is generated. No leakage of information occurs, since the key is just a random sequence. Figure12. QKD using BB84 protocol We can build a perfectly secure key distribution system using the principles of quantum physics; this is known as quantum key distribution (QKD). The keys produced using QKD are guaranteed to be secret, and may be used in conjunction with any cryptosystem. BB84 is the first known quantum key distribution scheme, named after the original paper by Bennett and Brassard, published in 1984. BB84 allows two parties, conventionally "Alice" and "Bob", to establish a secret, common key sequence using polarized photons. The steps in the procedure are listed below: 1. Alice generates a random binary sequence s. 2. Alice chooses which type of photon to use (rectilinearly polarized, "R", or diagonally polarized, "D") in order to represent each bit in s. We say that a rectilinearly polarized photon encodes a bit in the R-basis, while a diagonally polarized photon encodes a bit in the D-basis. Let b denote the sequence of choices of basis for each photon. 3. Alice uses specialized equipment, including a light source and a set of polarizers, to create a sequence p of polarized photons whose polarization directions represent the bits in s. 4. Alice sends the photon sequence p to Bob over a suitable quantum channel, such as an optical fiber. 5. For each photon received, Bob makes a guess as to whether it is rectilinearly or diagonally polarized, and sets up his measurement device accordingly. Let b' denote his choices of basis. 6. Bob measures each photon with respect to the basis chosen in step 5, producing a new sequence of bitss'. 7. Alice and Bob communicate over a classical, possibly public channel. Specifically, Alice tells Bob her choice of basis for each bit, and he tells her whether he made the same choice. The bits for which Alice and Bob have used different bases are discarded from s and s'. What is important to understand about this procedure is that, only if Bob's guess is correct, is it certain that he will make an accurate measurement. If Bob attempts to measure a rectilinearly polarized photon with a diagonally oriented measurement device (and vice versa), the outcome will be, at random, either 0 or 1; in this case, the original bit value represented by the photon is encoded in its rectilinear polarization, and all information about the rectilinear polarization is lost. So, an incorrect choice of measurement basis randomizes the outcome of a measurement, which is only accurate in this case with probability 50%. If n photons are transmitted in total, there is a probability 0.5n that Bob will measure all of them correctly. A similar logical argument allows Alice and Bob to detect the presence of an eavesdropper ("Eve"). Just as Bob, Eve is incapable of knowing which type of photon is used to represent each bit. Therefore Eve must guess which measurement basis to use and, since it is impossible for her to duplicate the state of each received photon (due to the theorem of non-clone ability of quantum states), she must create a new photon to send to Bob. Eve's presence is made manifest to Alice and Bob because Eve's measurements necessarily cause a disturbance to the states of the transmitted photons. The criterion for detecting Eve's presence can be formulated as follows. For the ith bit chosen by Alice, s[i], there will correspond a choice of polarization basis, b[i], which is used to encode the bit to a photon. If Bob's chosen measurement basis is b'[i] and the outcome of his measurement is s'[i], then b'[i] = b[i] should necessarily imply s'[i] = s[i] If an eavesdropper tries to obtain any information about s[i], a disturbance will result and, even if Bob and Alice's bases match, s'[i] ≠ s[i]. This allows Alice and Bob to detect an eavesdropper's presence on a noiseless channel, and to reschedule their communications accordingly. 8.8. Secret Key Reconciliation The basic BB84 procedure is incomplete in the following sense: whether an eavesdropper is present or not, there will still be errors in Bob's key sequence. The final step of BB84, which was described above merely as a comparison of encoding and measurement bases, is usually much more elaborate. There are two parts involved: secret key reconciliation and privacy amplification. I will explain the first of the two in this section. The process of reconciliation is a special error correction procedure which eliminates: * Errors due to incorrect choices of measurement basis; * Errors induced by eavesdropping; and * Errors due to channel noise, if any exists. Reconciliation is performed as an interactive binary search for errors. Alice and Bob divide their bit sequences into blocks and compare each other's parity for each block. Whenever their respective parities for any given block do not match, they divide it into smaller blocks and compare parities again, repeating this process until the exact location of the error is found. When an error has been located, Alice and Bob may decide to discard the corresponding bit, or agree on the correct value. During this process, Alice and Bob can communicate over a classical (i.e., "non-quantum") channel, which is by definition insecure and accessible to an eavesdropper. 8.3 Privacy Amplification Since valuable information about the key may be obtained by an eavesdropper during reconciliation, Alice and Bob must perform a final step in order to establish a perfectly secret key: this is the process of privacy amplification. The process of reconciliation results in a bit sequence which is common to Alice and Bob, but some of its bits may be known to an eavesdropper who has tapped the classical channel. To eliminate this "leaked" information, Alice and Bob must apply, in common, a binary transformation (usually, a random permutation) to their sequences, and discard a subset of bits from the result. The precise choice of transformation and the number of bits discarded, of course, determine the amount of secrecy of the final key. The objective of this step is to minimize the quantity of correct information which the eavesdropper may have obtained about Alice and Bob's common bit sequence. At the end of the privacy amplification procedure, Alice and Bob's bit sequences may be shown to be identical and absolutely secret, with arbitrarily high probability. 8.4 Quantum Entanglement Entanglement is perhaps the most mysterious quantum phenomena. It is a kind of quantum correlation that is stronger, in a certain sense, than any classical one. If some quantum system, consisting of several subsystems, is in an entangled state (even in a pure entangled state) its individual subsystems cannot be described by pure quantum states. Using Schrodinger's words: The best possible knowledge of the whole does not include the best possible knowledge of its parts. Entangled states can be used to test so called Bell inequalities in order to judge between quantum theory and local-realistic theories with hidden variables. They can also serve for quantum key distribution and quantum teleportation. Entanglement is an essential ingredient in quantum computation and information processing. Experimental quantum optics offers an efficient tool for preparing entangled pairs of photons - the spontaneous process of down conversion in non-linear optical crystals. It enables us to create pairs of photons with entangled wavelengths, directions and/or polarizations. In the following figure you can see the optical field rising from KDP crystal. 8. Hardware to be used QKD depends heavily on hardware components. This is probably the largest limiting factor of the system as a whole as it relies on the proper transmission and detection of individual photons. This is no small feat as photons are sensitive particles and if not treated carefully, can change polarization or sometimes disappear. * Distance of transmission Fiber optic cables today generally have a limited distance of transmission. To combat this, fiber optic networks use amplifiers at certain points to read and boost the signals so that there is no data loss. With a quantum cryptographic system, amplifiers cannot be used for two reasons. First normal amplifiers don't care about the polarization of individual photons, so any special polarization before the amplifier would be lost. Second, is that even if there were a way to successfully amplify a photon without losing its polarization, it would provide an entry point for an eavesdropper. * Emission of single photons Another technical detail is emitting single photons; most systems cannot accurately send individual photons. The problem arises from the fact that photons are actually tiny particles of energy generated by excited molecules. So if when generating photons you accidentally input too much energy you might get several photons out. Many in place QKD systems have ways to combat this, but it is still something that should be noted as it hinders a perfect implementation. * Dedicated fiber lines Because the quantum cryptographic protocol is so different from regular optical data transmissions, it would require a dedicated fiber network. As the cost of running fiber optic cable can be expensive, it is very likely that Quantum Cryptography would only be used for the most important communication channels (e.g. between governments), not regular civilian use. * Hardware attacks A more interesting problem is that even if all of the above problems are solved and Quantum Cryptography could be properly implemented, a single paperclip has the ability to destroy any secure communications. By pinching a quantum cryptographic fiber cable between a paperclip, photons passing through the kink in the cable would most likely change polarization. This has the effect of not stopping the transmission from taking place but would destroy any attempt at key generation, thus turning encrypted messages into a mess. 9. Implementations * The highest bit rate system currently demonstrated exchanges secure keys at 1 Mbit/s (over 20 km of optical fiber) and 10 kbit/s (over 100 km of fiber), achieved by a collaboration between the University of Cambridge and Toshiba using the BB84 protocol with decoy pulses. * As of March 2007 the longest distance over which quantum key distribution has been demonstrated using optic fiber is 148.7 km, achieved by Los Alamos National Laboratory/NIST using the BB84 protocol. Significantly, this distance is long enough for almost all the spans found in today's fiber networks. The distance record for free space QKD is 144 km between two of the Canary Islands, achieved by a European collaboration using entangled photons (the Ekert scheme) in 2006, and usingBB84 enhanced with decoy state in 2007. The experiments suggest transmission to satellites is possible, due to the lower atmospheric density at higher altitudes. For example although the minimum distance from the International Space Station to the ESA Space Debris Telescope is about 400 km, the atmospheric thickness is about an order of magnitude less than in the European experiment, thus yielding less attenuation compared to this experiment. * The DARPA Quantum Network, a 10-node quantum cryptography network, has been running since 2004 in Massachusetts, USA. It is being developed by BBN Technologies, Harvard University, Boston University and QinetiQ. * There are currently four companies offering commercial quantum cryptography systems; id Quantique (Geneva), MagiQ Technologies (New York), SmartQuantum (France) and Quintessence Labs (Australia). Several other companies also have active research programmes, including Toshiba, HP, IBM, Mitsubishi, NEC and NTT (See External links for direct research links). * Quantum encryption technology provided by the Swiss company Id Quantique was used in the Swiss canton (state) of Geneva to transmit ballot results to the capitol in the national election occurring on October 21, 2007. * In 2004, the world's first bank transfer using quantum cryptography was carried in Vienna, Austria. An important cheque, which needed absolute security, was transmitted from the Mayor of the city to an Austrian bank . * Votes cast in the Swiss canton of Geneva were protected for the first time by quantum cryptography. 10. Commercial QC providers * id Quantique, Geneva Switzerland * Optical fiber based system * Tens of kilometers distances * MagiQ Technologies, NY City * Optical fiber-glass * Up to 100 kilometers distances * NEC Tokyo 150 kilometers * QinetiQ Farnborough, England * Through the air 10 kilometers. * Supplied system to BBN in Cambridge Mass. 11. Applications They are employed in each and every place wherever there is a computer connected to a network, for the establishment of a secure communication. This can be briefly called as ‘Network Security’. They can be: * The Government Offices * In Banking and Insurance sector * Research centers and labs * Embassies, Foreign exchange centers * In Business sites , for industrial security * E-commerce and e-mail protection * For the protection of casted votes * Personal information security * Military use, which is the main cause for its invention. 12. Merits Quantum cryptography obtains its fundamental security from the fact that each ‘qubit’ is carried by a single photon, and each photon will be altered as soon as it is read. This makes impossible to intercept message without being detected. Quantum Cryptographic Systems have the advantages listed below: * Being automatic * Most secure than conventional cryptographic systems. * Greater reliability * Detecting the presence of outsider who is watching the communication. * The ability to detect any interception of the key * Very effective for Quantum Key Distribution (QKD). * Robust under various conditions. * Lower operating costs than a secure human courier network. 13. Demerits Factors preventing wide adoption of quantum cryptography outside high security areas include * The cost of equipment * The lack of a demonstrated threat to existing key exchange protocols. * As, currently a dedicated fiber optic line (or line of sight in free space) is required between the two points linked by quantum cryptography, a denial of service attack can be mounted by simply cutting or blocking the line 14. Future Scope Quantum cryptography is a method for secure communication. It is a way to solve the problem of secret key distribution. This is a substantial difference from any classical cryptographic techniques. Quantum cryptography promises to revolutionize secure communication by providing security based on the fundamental laws of physics, instead of the current state of mathematical algorithms or computing technology. The devices for implementing such methods exist and the performance of demonstration systems is being continuously improved. Within the next few years, if not months, such systems could start encrypting some of the most valuable secrets of government and industry. 15. Conclusion Quantum Cryptography today is an interesting experiment bridging two sciences. As such it is bound to grow and evolve with time like any other science, sometimes going in the right direction and other times, not. The quantum cryptographic process described above has limitations in its physical implementation, but out weighing those limitations is the soundness of the theory of security embedded in quantum mechanics and as such it is the biggest step we have to the holy grail of 100% perfectly secure communications. However, with optic fiber networks already present in many countries the infrastructure is in place for a more widespread use. 16. References Mika Hirvensalo , “Quantum Computing” A Leverrier 1,5, E Karpov 2, P Grangier 3 and N J Cerf 2,4 “A journal of new physics” J.P. Gazeau, J. Nesetril and B. Rovan, Editors, “Physics and Theoretical Computer Science” Gilles Van Asssche , “Quantum Cryptography and Secret-Key Distillation” A Leverrier 1,5, E Karpov 2, P Grangier 3 and N J Cerf 2,4 “Security of continuous-variable quantum key distribution: towards a de Finetti theorem for rotation symmetry in phase space” Lecture of Leonard Susskind's Modern Physics course concentrating on Quantum Mechanics. W. Diffie and M. E. Hellman, IEEE Transactions on Information Theory, IT-22, pp. 644-654 (1977). http://en.wikipedia.org/wiki/Quantum_cryptography http://www.andrew-hoyer.com/experiments/quantum_cryptography http://www.physorg.com/news187287510.html http://www.pcmag.com/article2/0,2817,1130877,00.asp www.nature.com/.../v447/n7143/full/447372a.html http://www.springer.com/mathematics/numbers/book/978-3-540-88701-0 http://images.google.co.in/imgres'imgurl=http://interquanta.biz/qic/6ent.gif&imgrefurl=http://interquanta.biz/qic/&usg=__x62GVWCl-U6idfqCuU_onM21w0I=&h=540&w=720&sz=34&hl=en&start=6&itbs=1&tbnid=WcqcCqFFbYMIBM:&tbnh=105&tbnw=140&prev=/images%3Fq%3Dquantum%2Bcryptography%26hl%3Den%26sa%3DG%26gbv%3D2%26tbs%3Disch:1 http://images.google.co.in/imgres'imgurl=http://pascal.iseg.utl.pt/~ncrato/EMS/F 4-r1181.jpg&imgrefurl=http://pascal.iseg.utl.pt/~ncrato/EMS/Crypto3.htm&usg=__YWZ4egVK6NGafjxKA0YNEEf3KNs=&h=271&w=452&sz=22&hl=en&start=4&itbs=1&tbnid=yloaQtDMVBVVwM:&tbnh=76&tbnw=127&prev=/images%3Fq%3Dquantum%2Bcryptography%26hl%3Den%26sa%3DG%26gbv%3D2%26tbs%3Disch:1