First, it is to be stated that photons do not have any defined polarization, except if their state is an eigenstate of the polarization measuring device, and that the value of the polarization is only determined by the measurement. In the present description, the term “as a function of its polarization” is to be understood accordingly.
By “QKD”—“quantum key distribution” (sometimes, though not quite correctly, also termed “quantum cryptography”) quite generally denotes a communication protocol between two subscribers which allows for the generation of a secret, mutual key by using a classical authentic public channel and a quantum channel. In (quantum) cryptography, the two legitimate subscribers usually are called “ALICE” and “BOB”, whereas a possible eavesdropper is called “EVE” (from “eavesdropper”).
In detail, “quantum cryptography” denotes the technique of generating and distributing symmetric secrets, wherein the secrets, i.e. identical bit sequences issued at two spaced-apart locations, can be detected with mathematical exactness by means of methods of quantum information theory (information-theoretical security). Subsequently, the created and distributed symmetrical secrets may be used, e.g., as the key for symmetric cryptographic coding methods. On the contrary, for conventional key distribution systems based on asymmetric cryptography there exists no such proof of security.
Quantum cryptography has been interdisciplinarily developed between the scientific fields of quantum physics, quantum optics, information theory, cryptography and informatics. A survey of the bases and methods as well as the historical development of quantum cryptography is contained in the articles by N. Gisin, G. Ribordy, W. Tittel and H. Zbinden, “Quantum Cryptography”, Rev. Mod. Phys. 74, 145 (2002); and by M. Du{tilde over (s)}ek, N. Lütkenhaus, M. Hendrych, “Quantum Cryptography”, chapter 5, Progress in Optics, vol. 49, Edt. E. Wolf (Elsevier, 2006).
A conventional quantum-cryptographic link comprises two stations, or apparatuses, respectively, usually denoted ALICE component and BOB component. These two stations set up at spaced-apart locations are connected by an optical quantum channel (fiberglass-bound or through free space) as well as by a conventional, classical communication channel, also termed public channel.
In its ALICE and BOB components, such a quantum-cryptographic link generates symmetric secrets (i.e. secrets identical in the ALICE and BOB components) which are delivered to the outside via data channels for further use, e.g. as a key in connected cryptographic systems.
In the following, only QKD will be considered which is based on entangled photons. In this case, two entangled photons which have correlated properties are sent to the two partners. The two partners measure these properties, such as, e.g. the polarization, obtain the same measurement results, and therefore can generate an identical key. Parts of the measurement results, such as, e.g., the exact points of time, are exchanged via public channels. All the messages which are exchanged via public channels must be authenticated. In this manner, the two partners are capable of exactly associating the individual measurements to each other.
In the method of entangled photons, two photons which are quantum-mechanically correlated, can be generated simultaneously in a photon source by a special technique. One photon each, i.e. the idler photon, on the one hand, and the signal photon, on the other hand, is sent to one of the two partners so that the two partners will simultaneously (apart from the line delays) receive a basically identical measurement result. By the subsequent authenticated communication, the same key will be generated at both partners via the public channel.
In the past, various QKD protocols have been suggested with a view to different photon sources. One of the best known and most frequently used protocols is the so-called “BB84-protocol” (BB84—Bennet-Brassard 1984); with the appropriate devices, it can be ensured with this BB84 protocol that a secure quantum key distribution will occur, or that a possible eavesdropper will certainly be detected.
At the BB84 protocol, in the preferred version of interest here, in which the entangled photons are used, photons are each generated by the photon source in pairs with the corresponding, entangled polarization. The photon source comprises, e.g., a pump laser and a non-linear crystal for spontaneous parametric down conversion (SPDC), wherein the photon pairs comprise a local photon, the idler or trigger photon used for triggering the transmission of a signal, and the signal photon or “remote” photon used for information transmission on the quantum channel to the remote subscriber.
FIG. 1 shows the principle of a prior art QKD arrangement 1 (cf. also Poppe et al., “Practical Quantum Key Distribution with Polarization-Entangled Photons”, Opt. Express, 12:3865-3871). This known QKD arrangement 1 comprises a photon source 2 with a pump laser 3 and an SPDC crystal 4 for generating polarization-entangled photons, i.e. specifically signal photons, for the transmission on a quantum channel 5 to a party “BOB”, as well as idler photons for the local party “ALICE”. The two parties or subscribers ALICE and BOB are denoted by 6 and 7, respectively, in FIG. 1. The photon source 2 generates pairs of photons e.g. at a rate of 1 MHz, with an entanglement contrast of >96%.
For measuring the respective photons, a measuring unit 8 and 9, respectively, is provided at each subscriber 6 and 7, respectively, which each have an optical module 10 as well as a number of single photon detectors in the form of photodiodes, e.g. avalanche photodiodes, as a detection device 11. In optical modules 10 of similar design, four photon channels 12, 13, 14, 15 are each provided, which each define an output of the optical module 10, to which an associated single photon detector is connected. The four photon channels 12, 13, 14, 15 are obtained in that polarizing beam splitters 17, 18 are connected to the two light outputs of a non-polarizing beam splitter 16 downstream thereof, a half-wave platelet (λ/2-platelet) 19 being arranged upstream of one of these polarizing beam splitters, e.g. the beam splitter 17. The individual photon channels 12 to 15 then each follow the polarizing beam splitter 17, 18 in the passage path or reflexion path, respectively. Accordingly, the photon channels 12 to 15 can only be passed by photons with horizontal or vertical polarization, respectively, the λ/2 platelet having the additional effect that the photons which pass within the photon channel 12 or 13 have a +45° polarization plane and a −45° polarization plane.
If an idler photon at the local subscriber side 6 “ALICE” is supplied to the optical module 10, it will reach one of the four individual photon detectors which are to be considered as “numbered” (cf. the numbers “1” to “4”) via one of the four photon channels 12 to 15, and depending on the number of the reacting single photon detector of the detection device 11, a measurement result, one bit, will be obtained which can be used for the BB84 protocol.
If the measuring unit 9 with the optical module 10 and the single photon detectors of the detection device 11 is accordingly designed, a corresponding sequence will occur on the remote subscriber side 7 “BOB”, even though, due to the transmission via the quantum channel 5 (in FIG. 1 also an optical guide fiber 5′ is schematically illustrated), a delay of the respective signal photon of a pair relative to the idler photon will exist at the ALICE side 6. Accordingly, a trigger electronic is i.a. provided as time controller 20 so as to send trigger pulses to the remote subscriber 7 as soon as a photon is detected at the local subscriber 6. These trigger signals are transmitted via an independent line.
One disadvantage of this known QKD arrangement is that always several, in particular four, individual photon detectors must be used which practically can never be completely identical so that they will not yield reliably alike results, entailing security risks. Moreover, it is disadvantageous that the single photon detectors which as such are comparatively expensive must be provided in relatively large numbers (2×4 single photon detectors in the example illustrated). During operation, also all the single photon detectors of one subscriber have to be switched off after a detection, such as for periods of at least 50-60 ns, which also has negative effects during operation. In addition, also the trigger electronic in the time controller 20 involves relatively high expenditures.
In another known arrangement (cf. Bettelli et al., “Effect of double pair emission to entanglement based QKD”, CLEO-Europe '07 IQEC, 21 Jun. 2007), a 532 nm CW-laser is used as the pump laser in combination with a non-linear SPDC-crystal so as to obtain non-degenerated pairs of photons. Values typically achieved for the photon rates here are about 2 MHz, at a pump output of 16 mW. The idler photons and signal photons have a mean wavelength of 810 nm and 1550 nm, respectively. In this case, silicon phododiodes can be used as single photon detectors at one local subscriber side (ALICE), similar as with the original version, yet on the side of the remote subscriber (BOB) it is then necessary to use InGaAs detectors for the detection device because of the different frequency range. These InGaAs detectors additionally increase expenses.