Researchers at the University of Toronto have shown, in a study published in the February 24 issue of Physical Review Letters, that one of the present liabilities of quantum cryptography can be turned into an advantage. Using “quantum decoys,” Professor Hoi-Kwong Lo and his team are increasing the distance that quantum-encrypted data can be sent over fiber-optic cable.
Quantum cryptography uses particles of light called photons to create and send keys used for coding and decoding messages. A photon can transmit bits of a key by representing a 1 or 0, depending on a property called polarization. The sender of this key (physicists call her “Alice”) transmits a string of randomly polarized single photons to the recipient (“Bob”), who collects each photon, one at a time.
The reason this technique is so secure is that photons possess a safeguard inherent in quantum mechanics. For an eavesdropper to listen in, he or she must tap the fiber-optic line and measure the polarization of the photons with a detector as the photons arrive. But quantum mechanics dictates that any measurement, such as the one taken by the eavesdropper, unavoidably modifies the polarization. This means that Bob would notice if a transmission had been intercepted – as soon as he and Alice compared notes (over a channel that doesn’t need to be secure) about the polarization of photons sent and received. Any inconsistency in the sent and received photons would alert them to the fact that the key had been stolen.
A problem arises, however, when more than a single photon is inadvertently sent at a time -– a common occurrence since no perfect single photon emitter exists. This happens, says Jonathan Habif, quantum information research scientist at BBN Technologies, because scientists send pulses of laser light through a series of filters until only one photon squeezes through; but the filtering process isn’t perfect, and sometimes more than one photon per pulse gets through.
When two photons of the same polarization are sent, one of them can be picked off by the eavesdropper, while the other one will go through unchanged, as if nothing is amiss. Additionally, Habif says, in order to send a quantum-encrypted key farther, the initial light from the laser must be more intense, which means there must be more photons to begin with, thus increasing the likelihood that more than one photon will squeak through the filters.
Professor Lo, lead scientist on the Toronto study, has cleverly used these problematic extra photons to dupe eavesdroppers. The light in his experiment is prepared in such a way that a small percentage of photons are decoys that contain no information at all about the key. “The eavesdropper has no idea which is the signal or which is the decoy,” Lo says. “In the end, Alice and Bob can compare, and Alice will announce [in a separate message that doesn’t need to be encrypted] which ones are the signals and which are the decoys.” The signal photons contain information about the key, but the eavesdropper doesn’t know which photons she measured.
The concept of using decoys in quantum cryptography was first proposed in 2003 by Won-Young Hwang, then at Northwestern University in Evanston, IL. In 2005, Lo says, his team mathematically proved that the technique could enhance security. In their most recent announcement, Lo and his team have shown for the first time that the decoy method can actually work in a real-world environment, using a modified off-the-shelf quantum cryptographic system and commercial fiber optics.
The major implication of their findings is that quantum cryptography should now be usable over greater distances. “Prior to decoy states, you couldn’t ramp up the signal to increase the distance,” says Jim Harrington, a researcher at Los Alamos National Laboratory, “because you would send out more than one photon.”
Lo and his team claim that the new technique can guarantee security over 15 kilometers of commercial fiber-optic lines. While this isn’t a distance record, Lo says small modifications to the setup could allow extremely secure transactions over 120 kilometers -– roughly the current upper limit claimed for commercial quantum encryption systems, such as those from id Quantique of Geneva, Switzerland, and MagiQ Technologies of New York City.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today