Recent years have seen rapid advances in quantum information theory and quantum computation theory which perform unconventional information processing by effectively using the principles of quantum mechanics (P. W. Shor, “Algorithms for quantum computation: Discrete logarithms and factoring” in Proceedings of the 35th Annual Symposium on Foundations of Computer Science (ed. S. Goldwasser) 124–134 (IEEE Computer Society, Los Alamitos, Calif., 1994), P. W. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer”, SIAM J. Computing 26, 1483 (1997), and D. Deutsch and R. Jozsa, “Rapid solution of problems by quantum computation”, Proc. R. Soc. Lond. A 349, 553 (1992)). Concurrently with these theories, studies have also been made to apply uncertainty of quantum theory, the quantum no-cloning theorem for pure quantum states, and entanglement between quantum systems to encryption. Of the methods studied, BB84 is considered as an effective key distribution method, which can implement highly safe encryption in combination with the one-time pad method (C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing”, Proceedings of IEEE International Conference on Computers, .Systems, and Signal Processing, Bangalore, India, pp. 175–179, December 1984, C. H. Bennett, F. B. Bessette, G. Brassard, L. Salvail and J. Smolin, “Experimental Quantum Cryptography”, J. Cryptography, 5: 3–28 (1992), and C. H. Bennett, G. Brassard, and A. K. Ekert, “Quantum Cryptography”, Scientific American, 267, No. 4, 50–57, October 1992). Quantum teleportation is considered as a method of effectively transmitting an arbitrary quantum state (C. H. Bennett, G. Brassard, C. Cépeau, R. Jozsa, A. Peres and W. K. Wootters, “Teleporting an unknown quantum state via dual classic and Einstein-Podolsky-Rosen channels”, Phys. Rev. Lett. 70, 1895 (1993), D. Bouwmeester, J-W. Pan, K. Mattle, M. Eibl, H. Weinfurter and A. Zeilinger, “Experimental quantum teleportation”, Nature 390, 575–579 (1997), and A. Furusawa, J. L. Sørensen, S. L. Braunstein, C. A. Fuchs, H. J. Kimble and E. S. Polzik, “Unconditional Quantum Teleportation”, Science 282, 706–709 (1998)).
A sender of information, recipient, and eavesdropper will be referred to as Alice, Bob, and Eve, respectively, in accordance with the practices in the field of encryption.
BB84 is used to share a classical random string without making the third party know it. The sender Alice randomly selects one of four types of states, i.e., {|0>,|1>} of a rectilinear basis and {(1/√{square root over (2)})(|0>±|1>)} of a circular basis as one photon (two-state system or qubit) state, and sends it to the recipient Bob. Bob randomly selects one of two types of bases independently of Alice, and observes the sent photon with the selected basis. This process is repeated, and data is adopted only when the bases selected by Alice and Bob match. In this case, |0>,(1/√{square root over (2)})(|0>+|1>) is made to correspond to the bit value “0”, and |1>,(1/√{square root over (2)})(|0>−1>) is made to correspond to “1”.
The rectilinear basis and the circular basis are inconsistent with each other. The data obtained by observation with wrong bases become random probabilistically. Assume that the eavesdropper Eve extracts a photon on the way, observes it with some basis, and sends substitute photon. In this case, a contradiction arises with a probability of ¼ or more per photon. As a consequence, Alice and Bob notice eavesdropping. As described above, BB84 effectively uses the uncertainty principle of quantum mechanics to detect the presence of an eavesdropper.
A. K. Ekert has proposed a protocol for performing classical random key distribution by distributing two qubits of EPR-state |Ψ˜>=(1/√{square root over (2)})(|01>−|10>) to Alice and Bob (A. K. Ekert, “Quantum Cryptography Based on Bell's Theorem”, Phys. Rev. Lett. 67, 661 (1991)). The intervention of Eve is detected by the Bell's theorem. Each of Alice and Bob randomly selects one of three types of predetermined bases, and observes the EPR-state qubit on hand. This process is repeated, and the result obtained when bases match is adopted as data for a key. If observation is made with different bases, the result is disclosed through a public channel, and a correlation function S is calculated. Eavesdropping is detected on the basis of the difference between the correlation functions S with and without the intervention of Eve.
C. H. Bennett et al. have studied the protocol obtained by simplifying the protocol by A. K. Ekert, and showed that the protocol was equivalent to BB84 (C. H. Bennett, G. Brassard, and N. D. Mermin, “Quantum Cryptography without Bell's Theorem”, Phys. Rev. Lett. 68, 557 (1992)). According to C. H. Bennett et al., each of Alice and Bob is made to select two types of observation bases, and Alice is made to have an EPR-state source. Alice leaves one of a pair of qubits generated by the EPR-state source on her side, makes observation with a basis randomly selected from the rectilinear basis and the circular basis, and sends the remaining qubit to Bob. The results obtained when the observation bases on the Alice and Bob sides match are adopted as data, and some of the data are used for detection of Eve. It is impossible to discern whether the randomness of signals transmitted from Alice to Bob is based on observation of EPR-state or a classical random number. That is, this technique is equivalent to BB84. Owing to these studies, it has been recognized that classical key distribution based on quantum mechanics can be satisfactorily performed by utilizing only uncertainty, and entanglement is not necessarily required. (It is, however, known that a combination of the technique called entanglement purification protocol and the protocol by Ekert makes it possible to execute highly safe classical key distribution (C. H. Bennett, G. Brassard, S. Popescu, B. Schumacher, J. A. Smolin, and W. K. Wootters, “Purification of Noisy Entanglement and Faithful Teleportation via Noisy Channels”, Phys. Rev. Lett. 76, 722 (1996), D. Deutsch, A. Ekert, R. Jozsa, C. Macchiavello, S. Popescu and A. Sanpera, “Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels”, Phys. Rev. Lett. 77, 2818 (1996), C. H. Bennett, D. P. DiVincenzo, J. A. Smolin, and W. K. Wootters, “Mixed-state entanglement and quantum error correction”, Phys. Rev. A54, 3824 (1996)).
Quantum teleportation is used to transmit an arbitrary quantum state. Assume that Alice and Bob share a pair of qubits in the EPR-state in advance. Alice observe a qubit in a state |Ψ> to be transmitted and a qubit in the EPR-state on hand with four Bell states as a base. Alice notifies Bob of the observation result as 2-bit classical information through a public channel. Bob performs unitary transformation of the qubit in the EPR-state in accordance with this notification from Alice. As a result, the qubit held by Bob is set in the state |Ψ> which Alice wanted to transmit. This method is characterized in that the classical information of |Ψ> is completely separated from non-classical information, and only the classical information is sent through the public channel. From this reason, Alice need not know the accurate position of Bob. In addition, eavesdropping is theoretically impossible as long as the EPR-state is properly shared. Eve cannot even destroy the quantum information |Ψ>.
There is an intimate connection between these methods and the no-cloning theorem. This theorem states that there is no unitary transformation that clones an arbitrary quantum state (W. K. Wootters and W. H. Zurek, “A single quantum cannot be cloned”, Nature 299, 802–803 (1982)). In BB84, this theorem is effective in the following point. Even if Eve intercepts a qubit (photon) midway along a quantum channel, she cannot discern which one of two types of bases is selected. Eve cannot therefore clone the qubit and leave the clone on hand. As a consequence, Eve must observe the qubit with some basis and send substitute qubit in accordance with the observation result. In this sense, the “no cloning theorem” may be considered as another expression of uncertainty. According to quantum teleportation, Alice cannot clone the state |Ψ> which she wants to transmit, and hence cannot observe |Ψ>. This is because, observation may disturb the original quantum information. In quantum teleportation, both Alice and Bob have no knowledge about the quantum state |Ψ> that is being transmitted throughout the process.
Recently, a method of safely transmitting classical binary data (not classical random string) by using two photons in the Bell state has been proposed (K. Shimizu and N. Imoto, “Communication channels secured from eavesdropping via transmission of photonic Bell states”, Phys. Rev. A 60, 157 (1999)). According to the characteristic features of this method, each of Alice and Bob prepares two types of bases on H22 and performs encoding and observation. In addition, encoding is performed by using only the degree of freedom corresponding to two dimensions out of four dimensions of the Hilbert space.
Quantum teleportation has excellent properties when it is used as a method of transmitting an arbitrary quantum state. However, a sender (Alice) and recipient (Bob) must share a pair of entangled qubits prior to operation for transmission. This pair of qubits are generated by a given source first, and then must be distributed to the sender (Alice) and recipient (Bob) via a quantum channel. If, therefore, an eavesdropper (Eve) intercepts the qubit to be held by the recipient (Bob) midway along a quantum channel, eavesdropping will become successful. To avoid such a danger, the sender (Alice) and recipient (Bob) distribute many pairs of entangled qubits to each other first, and then purify them by a technique called entanglement purification protocol (C. H. Bennett, G. Brassard, S. Popescu, B. Schumacher, J. A. Smolin, and W. K. Wootters, “Purification of Noisy Entanglement and Faithful Teleportation via Noisy Channels”, Phys. Rev. Lett. 76, 722 (1996), D. Deutsch, A. Ekert, R. Jozsa, C. Macchiavello, S. Popescu and A. Sanpera, “Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels”, Phys. Rev. Lett. 77, 2818 (1996), and C. H. Bennett, D. P. DiVincenzo, J. A. Smolin, and W. K. Wootters, “Mixed-state entanglement and quantum error correction”, Phys. Rev. A54, 3824 (1996)).