Quantum key distribution involves establishing a key between a sender (“Alice”) and a receiver (“Bob”) by using weak (e.g., 1 photon per pulse) optical signals (“quantum signals”) transmitted over a “quantum channel.” The security of the key distribution is based on the quantum mechanical principle that any measurement of a quantum system in unknown state will modify its state. As a consequence, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the quantum signal will introduce errors into the transmitted signals, thereby revealing her presence.
The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” IEEE Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, Dec. 10-12, 1984, pp. 175-179. Specific QKD systems are described in the publication by C. H. Bennett et al., entitled “Experimental Quantum Cryptography,” J. Cryptology 5: 3-28 (1992), in the publication by C. H. Bennett, entitled “Quantum Cryptography Using Any Two Non-Orthogonal States”, Phys. Rev. Lett. 68 3121 (1992), and in U.S. Pat. No. 5,307,410 to Bennett (the '410 patent). The general process for performing QKD is described in the book by Bouwmeester et al., “The Physics of Quantum Information,” Springer-Verlag 2001, in Section 2.3, pages 27-33.
Most conventional QKD systems employ a multi-photon source, such as a laser, and attenuate multi-photon pulses to achieve single-photon quantum signals (pulses), i.e., light pulses having a mean photon number μ≦1. This is called “weak coherent pulse” or WCP QKD. Other QKD systems employ a single-photon source to generate the quantum signals. One type of single-photon source is called a “heralded photon source,” which produces single photons from correlated photon pairs. Photon pairs, created via spontaneous parametric down conversion (SPDC) for example, can be converted to single photons by using one photon as a trigger (signal photon) to collapse the state of the twin (idler) photon from a pair into a single photon state. The use of the trigger photon yields information about the timing of the twin photon, thus effectively eliminating a vacuum component, i.e., those time slots that do not contain any photons.
The trigger-photon method does not provide perfect elimination (blocking) of multi-photon pulses. This is because a single-photon trigger detector typically does not distinguish between single and multiple photon events. Even if the trigger detector is capable of resolving multiple photons, its low quantum efficiency, together with the loss from the trigger optical components, reduces its resolution. Accordingly, if a single-photon source is used in a QKD system, the non-zero probability that multi-photon signals will be generated poses a security risk because an eavesdropper could obtain information about the exchanged key via the multi-photon pulses, e.g., via a photon number splitting (PNS) attack.
Consequently, in prior art QKD systems that use a single-photon source, effort is made to suppress or discard the multi-photon signals generated by the single-photon source. In the case of a heralded single photon source based on parametric down conversion, suppressing multi-photon signals can be accomplished by reducing the rate of photon pair production. While secure, this method reduces the key rate, though not the maximum transmission distance. An attack on the multiple-photon pulses can prove very effective for Eve if she can take advantage of the large channel loss. Thus, the ability to detect Eve changing the efficiency of the delivery of single versus multi-photon pulses from Alice to Bob is the crucial element in maintaining system security in the presence of loss.
One type of security safeguard is the decoy-state method proposed by Hwang in his article entitled “Quantum key distribution with high loss: toward global secure communication,” published at arXiv:quant-ph/0211153 v5, May 19, 2003. In the Hwang method, Alice replaces some of the single-photon quantum signals with multi-photon signals as “decoy states.” The decoy states allows Alice to determine whether Eve is taking advantage of the channel loss and performing certain type of attack—say, for example, a PNS attack or an unambiguous state discrimination (USD) attack—by checking the loss of the decoy states as compared to that of the quantum pulses. Unfortunately, the Hwang method is only applicable to WCP QKD and does account for the realities of a commercially viable QKD system and that include non-deal components such as single-photon detectors with dark current noise, etc.