Foolproof Quantum Cryptography
Adding decoy photons to quantum-cryptographic signals should finally make them “unconditionally secure.”
Researchers at Toshiba, in Cambridge, U.K., have found a way to plug a security hole that currently limits how far and how fast encryption keys can be distributed using existing quantum-cryptographic systems. The developments could broaden the commercial appeal of “unconditionally secure” quantum key distribution, says Andrew Shields, head of Quantum Information Group at Toshiba Research Europe, who led the research.
Quantum cryptography is currently only used for sending encryption keys between buildings by some banks and government departments. But systems can only guarantee security over relatively short distances. The challenge is to extend the range and increase the speed at which the keys can be sent so that they can be used more widely, says Shields.
Current commercial quantum-cryptography systems are designed to enable two parties to exchange secret encryption keys without running the risk of them being intercepted. This is done by encoding the digital key information in bursts of light sent over standard optical fibers.
The 1s and 0s of these digital keys are encoded in time delays between pulses of individual photons. In theory, what makes this so secure is that any attempt by an eavesdropper to intercept the signal will necessarily involve removing individual photons from the signal–an act that can be detected.
In practice, however, this sort of unconditional security can only really be guaranteed if one’s light source emits nothing but single photons. Since this is not the case in current quantum encryption, eavesdropping attacks are possible. In one strategy, an eavesdropper siphons off individual photons; this attack relies on the fact that some pulses will consist of more than one photon, meaning they won’t be missed.
To get around this, existing commercial quantum-encryption systems use tricks to reduce the probability that pulses will contain multiple photons. For example, the systems might limit the intensity of each pulse and reduce the bit rate at which they are sent. However, the trade-off is that the weaker a pulse is, the less distance it can travel, while a slower bit rate will limit the speed at which keys can be distributed, says Shields.
Toshiba’s solution is to include within the signal what Shields calls “decoy pulses.” These pulses are randomly interspersed within the signal and are weaker than the rest of the signal. This means they rarely consist of more than one photon. If an eavesdropper tries blocking single photons while siphoning off multiple photons from the rest of the pulses, more of these decoy pulses will be blocked on average than will the rest of the signal. So by monitoring the proportion of signals to decoy pulses that make it through, it is possible to detect an attack.
Using this decoy approach allows more-powerful laser pulses to be used, which in turn allows the bit rate to be increased and, likewise, the distance over which it can be sent, says Shields. Nondecoy signals can achieve about 43 bits per second over a distance of about 25 kilometers. But the decoy approach can achieve 5.5 kilobits per second, which is a 100-fold increase.
It is possible to get unconditional security already, but the challenge is to do this over longer distances, says Gregoire Ribordy, CEO and founder of id Quantique, the Swiss company that, in 2002, launched a commercial quantum-cryptography system. “This decoy allows you to increase the range or the bit rate for a given distance,” Ribordy says.
The decoy approach is a very useful defense against this sort of attack on quantum cryptography, and several groups are now working on similar approaches, says Franco Wong, of the quantum information science group at MIT. But the trouble with claims about unconditional security is that there are currently no means of testing it, except through simulation, Wong says.
The second advance the group has made has more long-term significance, says Shields. This is the development of a light-emitting diode capable of more reliably emitting single photons. “With quantum key distribution, the ideal is to send only single photons,” he says. If one can do this reliably, the transmission would be truly impervious to any attacks, and techniques like decoy pulses would be rendered redundant.
Toshiba’s approach is to create an array of quantum dots, each measuring 45 nanometers in diameter and capable of emitting only single photons. Although a light-emitting diode made using these quantum dots still occasionally emits more than one photon, the chances of this happening are five times less than they would be if using a laser. There are other ways to produce single photons, but one of the benefits of using quantum dots is that they can be easily integrated and controlled by electronics. “Control by a voltage rather than a laser is a great advantage because electrical devices are much more compact and robust,” says Shields.