Quantum cryptography


Quantum cryptography is the science of exploiting quantum mechanical properties such as quantum entanglement, measurement disturbance, no-cloning theorem, and the principle of superposition to perform various cryptographic tasks. Historically defined as the practice of encoding messages, a concept now referred to as encryption, quantum cryptography plays a crucial role in the secure processing, storage, and transmission of information across various domains.
One aspect of quantum cryptography is quantum key distribution, which offers an information-theoretically secure solution to the key exchange problem. The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical communication. Furthermore, quantum cryptography affords the authentication of messages, which allows the legitimates parties to prove that the messages were not wiretapped during transmission. For example, in a cryptographic set-up, it is impossible to copy with perfect fidelity, the data encoded in a quantum state. If one attempts to read the encoded data, the quantum state will be changed due to wave function collapse. This could be used to detect eavesdropping in QKD schemes, or in quantum communication links and networks. These advantages have significantly influenced the evolution of quantum cryptography, making it practical in today's digital age, where devices are increasingly interconnected and cyberattacks have become more sophisticated. As such quantum cryptography is a critical component in the advancement of a quantum internet, as it establishes robust mechanisms to ensure the long-term privacy and integrity of digital communications and systems.

History

In the early 1970s, Stephen Wiesner, then at Columbia University in New York, introduced the concept of quantum conjugate coding. His seminal paper titled "Conjugate Coding" was rejected by the IEEE Information Theory Society but was eventually published in 1983 in SIGACT News. In this paper he showed how to store or transmit two messages by encoding them in two "conjugate observables", such as linear and circular polarization of photons, so that either, but not both, properties may be received and decoded. It was not until Charles H. Bennett, of the IBM's Thomas J. Watson Research Center, and Gilles Brassard met in 1979 at the 20th IEEE Symposium on the Foundations of Computer Science, held in Puerto Rico, that they discovered how to incorporate Wiesner's findings. "The main breakthrough came when we realized that photons were never meant to store information, but rather to transmit it." In 1984, building upon this work, Bennett and Brassard proposed a method for secure communication, which is now called BB84, the first Quantum Key Distribution system. Independently, in 1991 Artur Ekert proposed to use Bell's inequalities to achieve secure key distribution. Ekert's protocol for the key distribution, as it was subsequently shown by Dominic Mayers and Andrew Yao, offers device-independent quantum key distribution.
Companies that manufacture quantum cryptography systems include MagiQ Technologies, Inc., ID Quantique, QuintessenceLabs, Toshiba, QNu Labs and SeQureNet.

Advantages

Cryptography is the strongest link in the chain of data security. However, interested parties cannot assume that cryptographic keys will remain secure indefinitely. Quantum cryptography has the potential to encrypt data for longer periods than classical cryptography. Using classical cryptography, scientists cannot guarantee encryption beyond approximately 30 years, but some stakeholders could use longer periods of protection. Take, for example, the healthcare industry. As of 2017, 85.9% of office-based physicians are using electronic medical record systems to store and transmit patient data. Under the Health Insurance Portability and Accountability Act, medical records must be kept secret. Quantum key distribution can protect electronic records for periods of up to 100 years. Also, quantum cryptography has useful applications for governments and militaries as, historically, governments have kept military data secret for periods of over 60 years. There also has been proof that quantum key distribution can travel through a noisy channel over a long distance and be secure. It can be reduced from a noisy quantum scheme to a classical noiseless scheme. This can be solved with classical probability theory. This process of having consistent protection over a noisy channel can be possible through the implementation of quantum repeaters. Quantum repeaters have the ability to resolve quantum communication errors in an efficient way. Quantum repeaters, which are quantum computers, can be stationed as segments over the noisy channel to ensure the security of communication. Quantum repeaters do this by purifying the segments of the channel before connecting them creating a secure line of communication. Sub-par quantum repeaters can provide an efficient amount of security through the noisy channel over a long distance.

Applications

Quantum cryptography is a general subject that covers a broad range of cryptographic practices and protocols. While encryption techniques are widely recognized and understood, a significant challenge remains in the secure distribution of shared keys, often referred to as key establishment or key agreement. Quantum Key Distribution aims to address this particular challenge. Below, we explore various notable methodologies and applications currently employed in quantum cryptography.
The best-known and developed application of quantum cryptography is QKD, which is the process of using quantum communication to establish a shared key between two parties without a third party learning anything about that key, even if Eve can eavesdrop on all communication between Alice and Bob. If Eve tries to learn information about the key being established, discrepancies will arise causing Alice and Bob to notice. Once the key is established, it is then typically used for encrypted communication using classical techniques. For instance, the exchanged key could be used for symmetric cryptography.
The security of quantum key distribution can be proven mathematically without imposing any restrictions on the abilities of an eavesdropper, something not possible with classical key distribution. This is usually described as "unconditional security", although there are some minimal assumptions required, including that the laws of quantum mechanics apply and that Alice and Bob are able to authenticate each other, i.e. Eve should not be able to impersonate Alice or Bob as otherwise a man-in-the-middle attack would be possible.
While QKD is secure, its practical application faces some challenges. There are in fact limitations for the key generation rate at increasing transmission distances. Recent studies have allowed important advancements in this regard. In 2018, the protocol of twin-field QKD was proposed as a mechanism to overcome the limits of lossy communication. The rate of the twin field protocol was shown to overcome the secret key-agreement capacity of the lossy communication channel, known as repeater-less PLOB bound, at 340 km of optical fiber; its ideal rate surpasses this bound already at 200 km and follows the rate-loss scaling of the higher repeater-assisted secret key-agreement capacity. The protocol suggests that optimal key rates are achievable on "550 kilometers of standard optical fibre", which is already commonly used in communications today. The theoretical result was confirmed in the first experimental demonstration of QKD beyond the PLOB bound which has been characterized as the first effective quantum repeater. Notable developments in terms of achieving high rates at long distances are the sending-not-sending version of the TF-QKD protocol. and the no-phase-postselected twin-field scheme.

Mistrustful quantum cryptography

In mistrustful cryptography the participating parties do not trust each other. For example, Alice and Bob collaborate to perform some computation where both parties enter some private inputs. But Alice does not trust Bob and Bob does not trust Alice. Thus, a secure implementation of a cryptographic task requires that after completing the computation, Alice can be guaranteed that Bob has not cheated and Bob can be guaranteed that Alice has not cheated either. Examples of tasks in mistrustful cryptography are commitment schemes and secure computations, the latter including the further examples of coin flipping and oblivious transfer. Key distribution does not belong to the area of mistrustful cryptography. Mistrustful quantum cryptography studies the area of mistrustful cryptography using quantum systems.
In contrast to quantum key distribution where unconditional security can be achieved based only on the laws of quantum physics, in the case of various tasks in mistrustful cryptography there are no-go theorems showing that it is impossible to achieve unconditionally secure protocols based only on the laws of quantum physics. However, some of these tasks can be implemented with unconditional security if the protocols not only exploit quantum mechanics but also special relativity. For example, unconditionally secure quantum bit commitment was shown impossible by Mayers and by Lo and Chau. Unconditionally secure ideal quantum coin flipping was shown impossible by Lo and Chau. Moreover, Lo showed that there cannot be unconditionally secure quantum protocols for one-out-of-two oblivious transfer and other secure two-party computations. However, unconditionally secure relativistic protocols for coin flipping and bit-commitment have been shown by Kent.

Quantum coin flipping

Unlike quantum key distribution, quantum coin flipping is a protocol that is used between two participants who do not trust each other. The participants communicate via a quantum channel and exchange information through the transmission of qubits. But because Alice and Bob do not trust each other, each expects the other to cheat. Therefore, more effort must be spent on ensuring that neither Alice nor Bob can gain a significant advantage over the other to produce a desired outcome. An ability to influence a particular outcome is referred to as a bias, and there is a significant focus on developing protocols to reduce the bias of a dishonest player, otherwise known as cheating. Quantum communication protocols, including quantum coin flipping, have been shown to provide significant security advantages over classical communication, though they may be considered difficult to realize in the practical world.
A coin flip protocol generally occurs like this:
  1. Alice chooses a basis and generates a string of photons to send to Bob in that basis.
  2. Bob randomly chooses to measure each photon in a rectilinear or diagonal basis, noting which basis he used and the measured value.
  3. Bob publicly guesses which basis Alice used to send her qubits.
  4. Alice announces the basis she used and sends her original string to Bob.
  5. Bob confirms by comparing Alice's string to his table. It should be perfectly correlated with the values Bob measured using Alice's basis and completely uncorrelated with the opposite.
Cheating occurs when one player attempts to influence, or increase the probability of a particular outcome. The protocol discourages some forms of cheating; for example, Alice could cheat at step 4 by claiming that Bob incorrectly guessed her initial basis when he guessed correctly, but Alice would then need to generate a new string of qubits that perfectly correlates with what Bob measured in the opposite table. Her chance of generating a matching string of qubits will decrease exponentially with the number of qubits sent, and if Bob notes a mismatch, he will know she was lying. Alice could also generate a string of photons using a mixture of states, but Bob would easily see that her string will correlate partially with both sides of the table, and know she cheated in the process. There is also an inherent flaw that comes with current quantum devices. Errors and lost qubits will affect Bob's measurements, resulting in holes in Bob's measurement table. Significant losses in measurement will affect Bob's ability to verify Alice's qubit sequence in step 5.
One theoretically surefire way for Alice to cheat is to utilize the Einstein-Podolsky-Rosen paradox. Two photons in an EPR pair are anticorrelated; that is, they will always be found to have opposite polarizations, provided that they are measured in the same basis. Alice could generate a string of EPR pairs, sending one photon per pair to Bob and storing the other herself. When Bob states his guess, she could measure her EPR pair photons in the opposite basis and obtain a perfect correlation to Bob's opposite table. Bob would never know she cheated. However, this requires capabilities that quantum technology currently does not possess, making it impossible to do in practice. To successfully execute this, Alice would need to be able to store all the photons for a significant amount of time as well as measure them with near perfect efficiency. This is because any photon lost in storage or in measurement would result in a hole in her string that she would have to fill by guessing. The more guesses she has to make, the more she risks detection by Bob for cheating.