How to remove detector side channel attacks has been a notoriously hard problem in quantum cryptography. Here, we propose a simple solution to this problem-measurement device independent quantum key distribution. It not only removes all detector side channels, but also doubles the secure distance with conventional lasers. Our proposal can be implemented with standard optical components with low detection efficiency and highly lossy channels. In contrast to the previous solution of full device independent QKD, the realization of our idea does not require detectors of near unity detection efficiency in combination with a qubit amplifier (based on teleportation) or a quantum non-demolition measurement of the number of photons in a pulse. Furthermore, its key generation rate is many orders of magnitude higher than that based on full device independent QKD. The results show that long-distance quantum cryptography over say 200km will remain secure even with seriously flawed detectors.Quantum key distribution (QKD) allows two parties (typically called Alice and Bob) to generate a common string of secret bits, called a secret key, in the presence of an eavesdropper, Eve [1]. This key can be used for tasks such as secure communication and authentication. Unfortunately, there is a big gap between the theory and practice of QKD. In principle, QKD offers unconditional security guaranteed by the laws of physics [2-4]. However, real-life implementations of QKD rarely conform to the assumptions in idealized models used in security proofs. Indeed, by exploiting security loopholes in practical realizations, especially imperfections in the detectors, different attacks have been successfully launched against commercial QKD systems [5, 6], thus highlighting their practical vulnerabilities.To connect theory with practice again, several approaches have been proposed. The first one is the presumably hard-verifiable problem of trying to characterize real devices fully and account for all side channels. The second approach is a teleportation trick [2,7]. The third solution is (full) device independent QKD (DI-QKD) [9]. This last technique does not require detailed knowledge of how QKD devices work and can prove security based on the violation of a Bell inequality. Unfortunately, DI-QKD is highly impractical because it needs near unity detection efficiency together with a qubit amplifier or a quantum non-demolition (QND) measurement of the number of photons in a pulse, and even then generates an extremely low key rate (of order 10 −10 bits per pulse) at practical distances [10].
Secure communication plays a crucial role in the Internet Age. Quantum mechanics may revolutionise cryptography as we know it today. In this Review Article, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After a brief introduction to recent experimental progress and challenges, we survey the latest developments in quantum hacking and counter-measures against it.With the rise of the Internet, the importance of cryptography is growing every day. Each time we make an on-line purchase with our credit cards, or we conduct financial transactions using Internet banking, we should be concerned with secure communication. Unfortunately, the security of conventional cryptography is often based on computational assumptions. For instance, the security of the RSA scheme [1], the most widely used public-key encryption scheme, is based on the presumed hardness of factoring. Consequently, conventional cryptography is vulnerable to unanticipated advances in hardware and algorithms, as well as to quantum code-breaking such as Shor's efficient algorithm [2] for factoring. Government and trade secrets are kept for decades. An eavesdropper, Eve, may simply save communications sent in 2014 and wait for technological advances. If she is able to factorise large integers in say 2100, she could retroactively break the security of data sent in 2014.In contrast, quantum key distribution (QKD), the best-known application of quantum cryptography, promises to achieve the Holy Grail of cryptographyunconditional security in communication. By unconditional security or, more precisely, -security, as it will be explained shortly (see section discussing the security model of QKD), Eve is not restricted by computational assumptions but she is only limited by the laws of physics. QKD is a remarkable solution to long-term security since, in principle, it offers security for eternity. Unlike conventional cryptography, which allows Eve to store a classical transcript of communications, in QKD, once a quantum transmission is done, there is no classical transcript for Eve to store. See Box 1 for background information on secure communication and QKD.Box 1 | Secure communication and QKD. Secure Communication: Suppose a sender, Alice, would like to send a secret message to a receiver, Bob, through an open communication channel. Encryption is needed. If they share a common string of secret bits, called a key, Alice can use her key to transform a plain-text into a cipher-text, which is unintelligible to Eve. In contrast, Bob, with his key, can decrypt the cipher-text and recover the plain-text. In cryptography, the security of a crypto-system should rely solely on the secrecy of the key. The question is: how to distribute a key securely? In conventional cryptography, this is often done by trusted couriers. Unfortunately, in classical physics, couriers may be brided or compromised without the users noti...
Due to its ability to tolerate high channel loss, decoy-state quantum key distribution (QKD) has been one of the main focuses within the QKD community. Notably, several experimental groups have demonstrated that it is secure and feasible under real-world conditions. Crucially, however, the security and feasibility claims made by most of these experiments were obtained under the assumption that the eavesdropper is restricted to particular types of attacks or that the finite-key effects are neglected. Unfortunately, such assumptions are not possible to guarantee in practice. In this work, we provide concise and tight finite-key security bounds for practical decoy-state QKD that are valid against general attacks.
Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach-measurement-device-independent quantum key distribution-has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time frame of signal transmission.
We demonstrate that a necessary precondition for unconditionally secure quantum key distribution is that sender and receiver can use the available measurement results to prove the presence of entanglement in a quantum state that is effectively distributed between them. One can thus systematically search for entanglement using the class of entanglement witness operators that can be constructed from the observed data. We apply such analysis to two well-known quantum key distribution protocols, namely the 4-state protocol and the 6-state protocol. As a special case, we show that, for some asymmetric error patterns, the presence of entanglement can be proven even for error rates above 25% (4-state protocol) and 33% (6-state protocol). PACS numbers:Quantum key distribution (QKD) [1,2] QKD protocols distinguish typically two phases to establish a key. In the first phase, an effective bi-partite quantum mechanical state is distributed between the legitimate users, which establishes correlations between them. A (restricted) set of measurements is used to measure these correlations, and the measurement results are described by a joint probability distribution P (A, B). In the second phase, called key distillation, Alice and Bob use an authenticated public channel to process the correlated data in order to obtain a secret key. This procedure involves, typically, postselection of data, error correction to reconcile the data, and privacy amplification to decouple the data from a possible eavesdropper [4].In this Letter we consider the first phase of QKD and demonstrate that a necessary precondition for successful key distillation is that Alice and Bob can detect the presence of entanglement in a quantum state that is effectively distributed between them. Such detection may involve available observed data only; it can be realized by using the class of entanglement witness operators that can be constructed from these data.Two types of schemes are typically used to create correlated data. In prepare&measure schemes (P&M schemes) Alice prepares a random sequence of pre-defined nonorthogonal states that are sent to Bob through an untrusted channel (controlled by Eve). Generalizing the ideas of Bennett et al. [5], the signal preparation can be thought of as follows: Alice prepares an entangled bipartite state of the form |Ψ source AB = i √ p i |e i |ϕ i . If she measures the first system in the canonical orthonormal basis |e i , she effectively prepares the (nonorthogonal) signal states |ϕ i with probabilites p i . The action of the quantum channel on the state |Ψ source AB leads to an effective bi-partite state shared by Alice and Bob. One important characteristic of the P&M schemes is that the reduced density matrix ρ A of Alice is fixed [6]. In entanglement based schemes a bi-partite state is distributed to Alice and Bob by an, in general, untrusted third party. This party may be an eavesdropper who is in possession of a third sub-system that may be entangled with those given to Alice and Bob. While the subsystems measured by...
In principle, quantum key distribution (QKD) offers unconditional security based on the laws of physics. In practice, flaws in the state preparation undermine the security of QKD systems, as standard theoretical approaches to deal with state preparation flaws are not loss-tolerant. An eavesdropper can enhance and exploit such imperfections through quantum channel loss, thus dramatically lowering the key generation rate. Crucially, the security analyses of most existing QKD experiments are rather unrealistic as they typically neglect this effect. Here, we propose a novel and general approach that makes QKD loss-tolerant to state preparation flaws. Importantly, it suggests that the state preparation process in QKD can be significantly less precise than initially thought. Our method can widely apply to other quantum cryptographic protocols.PACS numbers: 03.67.Dd, 03.67.-a Introduction.-Quantum key distribution (QKD) [1] allows two distant parties, Alice and Bob, to distribute a secret key, which is essential to achieve provable secure communications [2]. The field of QKD has progressed very rapidly over the last years, and it now offers practical systems that can operate in realistic environments [3,4].Crucially, QKD provides unconditional security based on the laws of physics, i.e., despite the computational power of the eavesdropper, Eve. Indeed, the security of QKD has been promptly demonstrated for different scenarios [5][6][7][8][9][10][11][12]. Importantly, Gottesman, Lo, Lütkenhaus and Preskill [13] (henceforth referred to as GLLP) proved the security of QKD when Alice's and Bob's devices are flawed, as is the case in practical implementations. Unfortunately, however, GLLP has a severe limitation, namely, it is not loss-tolerant; it assumes the worst case scenario where Eve can enhance flaws in the state preparation by exploiting channel loss. As a result, the key generation rate and achievable distance of QKD are dramatically reduced [14]. Notice that most existing QKD experiments simply ignore state preparation imperfections in their key rate formula, which renders their results unrealistic and not really secure.In this Letter, we show that GLLP's worst case assumption is far too conservative, i.e., in sharp contrast to GLLP, we present a security proof for QKD that is loss-tolerant. Indeed, for the case of modulation errors, an important flaw in real-life QKD systems, we show that Eve cannot exploit channel loss to enhance such imperfections. The intuition here is rather simple: in this type of state preparation flaws the signals sent out by Alice are still qubits, i.e., there is no side-channel for Eve to exploit
Twin-field (TF) quantum key distribution (QKD) was conjectured to beat the private capacity of a point-to-point QKD link by using single-photon interference in a central measuring station. This remarkable conjecture has recently triggered an intense research activity to prove its security. Here, we introduce a TF-type QKD protocol which is conceptually simpler than the original proposal. It relies on the pre-selection of a global phase, instead of the post-selection of a global phase, which significantly simplifies its security analysis and is arguably less demanding experimentally. We demonstrate that the secure key rate of our protocol has a square-root improvement over the point-to-point private capacity, as conjectured by the original TF QKD.
A novel protocol, measurement-device-independent quantum key distribution (MDI-QKD), removes all attacks from the detection system, the most vulnerable part in QKD implementations. In this paper, we present an analysis for practical aspects of MDI-QKD. To evaluate its performance, we study various error sources by developing a general system model. We find that MDI-QKD is highly practical and thus can be easily implemented with standard optical devices. Moreover, we present a simple analytical method with only two (general) decoy states for the finite decoy-state analysis. This method can be used directly by experimentalists to demonstrate MDI-QKD. By combining the system model with the finite decoy-state method, we present a general framework for the optimal choice of the intensities of the signal and decoy states. Furthermore, we consider a common situation, namely asymmetric BS U1 Alice U3 a b c d U2 PBS2 PBS1 SPD SPD ch dh cv WCP M M Charles/Eve Alice M Bob WCP P M M BS U3 3 B a b c d PBS2 SPD SPD ch dh dv cv Charles/Eve WCP Figure 1. MDI-QKD system model. WCP, weak coherent pulse; M, polarization and intensity modulators; BS, beam splitter; PBS, polarization BS; SPD, singlephoton detector. In MDI-QKD [14], each of Alice and Bob prepares BB84 states in combination with decoy states and sends them to an untrusted relay Charles (or Eve), who is supposed to perform a BSM. As an example, this figure considers a polarization-encoding scheme. Three unitary operators (U) are used to model the polarization misalignment (or rotation); PBS2 is defined as the fundamental measurement basis; U 1 (U 2 ) represents the polarization misalignment of Alice's (Bob's) channel transmission, while U 3 models the misalignment of the other measurement setting, PBS1. In the ideal case without any polarization misalignment, the rectilinear (Z ) basis, used for key generation in equation (1), refers to the basis of PBS1 and PBS2.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.