This invention is germane to secure communication by means of photonic signals in which the quantum mechanical uncertainty principle is exploited to guarantee that legitimate users can remain confident that a cryptographic key (random bit sequence) distributed over their communication system remains secret in the presence of eavesdropping.
With a secret cryptographic key, two users can (1) make their messages to each other undecipherable by an eavesdropper by means of one-time-pad encryption, and (2) successfully distinguish legitimate messages from modified ones by means of informationally secure mathematical authentication methods. However, it is well known that for secure one-time-pad encryption the key must be (1) as long as the plain text, (2) truly random, (3) secure, and (4) never reused. Mathematical authentication methods such as Wegman-Carter authentication (N. N. Wegman and J. L. Carter, J. of Computer and Syst. Sci. 22, 265, 1981) also consume key information and do not allow re-use of the key.
One method of distributing the key is by carrying between the two users a bulk-material storage medium such as magnetic tape on which a copy of the fresh key is recorded. The two legitimate users must both have copies of the key, and the key must be continually protected from inspection, both during its transport between the two users, and during the entire time from its generation until its use for encryption or authentication and subsequent immediate destruction. Because of the severe logistic problems of key distribution and storage, mathematical techniques for key agreement over an unprotected channel are often used, however, the secrecy of the key is based on unproven assumptions such as the unlikelihood of successfully factoring very large numbers.
Quantum key distribution (QKD) enables two users to secretly share a cryptographic key when needed with provable security arising from the quantum mechanical uncertainty principle (a thoroughly tested physical law). No bulk medium such as magnetic tape is exchanged, but instead, a communication channel is employed that can transmit signals consisting of nonorthogonal quantum states, such as single-photon phase or polarization states. Such signals cannot be accurately monitored by an eavesdropper, because of the quantum mechanical uncertainty principle. Any attempt to monitor them will disturb them and can be detected by the legitimate users of the channel.
Practical methods for QKD were introduced by Bennett et. al. (IBM Technical Disclosure Bulletin 28, 3153-3163, 1985; J. of Cryptology 5, 3-28, 1992). Bennett also proposed a photonic interferometric version of QKD (Phys. Rev. Lett. 68, 3121-3124, 1992). Other implemetations of QKD using photon phase states have been achieved by S. J. Phoenix et. al. (Contemporary Physics 36, 165-195, 1995) and R. J. Hughes et. al. (Contemporary Physics 36, 149-163, 1995). QKD using nonorthogonal photon polarization states in two different bases has been implemented by J. D. Franson et. al. (Applied Optics 33, 2949-2954, 1994).
In each of the QKD schemes, the sender and receiver also exchange information through an unprotected public channel, as part of the secure key distribution process, and also to allow determination of key distribution errors arising from possible eavesdropping and noise. If the disturbance is sufficiently small, the key can be distributed to produce with high probability a smaller amount of secure random key information.
Some related U.S. Pat. Nos. include 5,515,438 to Bennett et al; 5,243,649 to Franson; 5,307,410 to Bennett; and 5,339,182 to Kimble et al.
For the purpose of secure key generation in quantum cryptography, one can employ a train of single photons having two possible equally likely nonorthogonal polarization states .vertline.u&gt; and .vertline.v&gt;, which encode 0 and 1, respectively, to securely communicate a random bit sequence between a sender (Alice) and a receiver (Bob) in the presence of an eavesdropper (Eve).
Recently Ekert et al (see reference 1, which is hereby expressly incorporated by reference) presented an analysis of an entangled translucent eavesdropping scenario of key generation in quantum cryptography. The present invention uses two nonorthogonal photon polarization states. The eavesdropping is translucent in the sense that the eavesdropper Eve perturbs the polarization of the carrier on its way to Bob. The eavesdropper uses a probe that causes the carrier states to become entangled with the probe states.
For detection, Eve makes an information-maximizing von Neumann-type projective measurement, and Bob uses a positive operator valued measure (POVM). Bennett's two-state protocol (see reference 2, which is hereby expressly incorporated by reference) is employed, in which a positive response of Bob's POVM receiver, indicating the reception of a photon in a u-polarization or a v-polarization state, is publicly communicated to Eve without revealing which polarization was detected, and the corresponding bits then constitute the preliminary key secretly shared by Alice and Bob. Bits corresponding to photons that do not excite the u- or v-polarization state detectors are excluded from the key. Because of the noncommutativity of nonorthogonal photon polarization-measurement operators representing nonorthogonal photon polarization states, and also because arbitrary quantum states cannot be cloned (see references 3 and 4), any attempt by Eve to eavesdrop can in principle be detected by Bob and Alice.
The present invention is a new design for the POVM receiver to be used by Bob. It is the first implementation of a POVM in quantum cryptography. The design is totally optical. Because it is also interferometric, it demands precise phase alignment; however, it faithfully represents the perturbed statistics resulting from entangled translucent eavesdropping. Additional analysis pertaining to the device appears in Myers et al (see reference 5).