Alright, I’m back from vacation! And it’s time to dive into a paper on yet another completely different field! (I swear I’ll stop doing this soon :) )
This was actually one of my favorite concepts from my Physics 344 course, on the topic of Quantum Key Distribution (QKD). It’s the idea of securely transmitting information that could theoretically be proven to not be eavesdropped on, due to the fundamental physics that the key distribution is based on. So, let’s dive in!
The most difficult part of QKD for me initially is the idea that you aren’t actually distributing any message through quantum technologies. Instead, QKD is focused on distributing a singular key that you can use to encrypt and decrypt a message. Instead of trying to keep the message as hidden as you can, you make the file easily accessible for anyone, but only the person with the right key can decrypt the message. Having a secure key is very important. For instance, if you have a person physically carry a paper with a long string of random numbers and letters on it from one computer to another, then you would be fairly certain that noone is reading that key. If someone did manage to mug your messenger, then your messenger could at least tell you that she was mugged, and that the key is no longer useful! (Of course, if your messenger was actually a secret double agent and betrayed you… but let’s not go into that scenario!)
In any case, distributing a key can be very difficult because you never know who might be trying to steal the keys. And because the internet makes key distribution so easy, you can be worried if someone has copied your key without you knowing. Then, even though you believe that your file is properly locked away, someone else is actually snooping on all of your information!
QKD is one way to combat that kind of snooping. Instead of relying on very difficult problems in computing and mathematics, it relies on physical properties of photons to prevent an intruder from snooping without giving away that they are snooping. That is, the eavesdropper can definitely attempt to spy on the key that is being distributed, but if they do so, the intended recipients can see the eavesdropper’s actions. If eavesdropping is detected, a new key can be created and used.
One early method that was introduced was a EPR source, or an Einstein-Podolsky-Rwhatever source. (jk it’s Rosen) These three scientists published a paper in 1935 regarding two entangled particles that could be sent in different directions. The entangled particle is prepared in a state that requires both particles to be in the same state, either both up or both down: 1/√2 (|00> + |11>). Then, when the participants Albert and Boris measure the particles in different locations, they should expect to get the same result. If anyone tries to eavesdrop in the middle, they disrupt the state and the result can be detected.
To implement this encryption, start with some random source that produces entangled particles. Then, allow both Albert and Boris to make measurements in random directions, without sharing those directions. After they make their measurements, they publicly announce to each other which axes they used – either the X axis or the Z axis. For convenience, let’s suppose that they make a total of 1000 measurements, and only 500 of those measurements have instances where both Albert and Boris measured along the same axis – either both X or both Z. Let’s call these measurements S. For those measurements, they are certain that, if there was no eavesdropper, their measurements are exactly the same. So, when we look at S without any eavesdropper, we are certain that Albert and Boris have exactly the same copy of the key.
However, this has not yet been checked yet to see whether the eavesdropper was actually there or not. Therefore, to validate the key, we create a 250 character subset S’ for testing. We essentially broadcast our measurements within S’ for the world to see, and check if they are exactly the same. If they all match up, then the remainder of the unbroadcasted set in S should be secure and not spied upon.
There is a good reason for using a test algorithm that is a large portion of S. Suppose that we have a fairly clever eavesdropper, who doesn’t try to listen in on the entire signal but just on 10% of the signal. If Albert and Boris only test a very small portion of their data set, then the eavesdropper might still be able to slip through. However, by testing a majority of their total signal, Albert and Boris are reasonably certain that no eavesdropper was listening in, and that the remaining ~250 bits are an exact key that can be used.
This specific 1992 paper is a follow up of Bennett and Brassard’s 1984 paper that proposes a similar but simpler method of performing QKD. (Hence, the name “BB84”). The paper shows that a slightly more advanced way of eavesdropping, by manually creating a false EPR source and trying to fool Alice and Bob, does not work for EPR or BB84, and that BB84 is analogous to EPR encryption as implemented by Ekert.
First, the paper shows that an adversary, Nathan, cannot create a false source to spy on Albert and Boris, who are using the EPR scheme, as implemented by Ekert. The fear here is that perhaps Nathan can create a thrice entangled source and send it out to Albert and Boris, and then listen in on channel three. Something that might look like 1/√2 (|000> + |111>), where by listening on channel 3, Nathan would get the same information as Albert and Boris.
The most general way of representing this mystery qubit is through the following:
|Φ> = |00>|A> + |01>|B> + |10>|C> + |11>|D>
But now, in order for Nathan to fool Albert and Boris in the X basis, Nathan is limited in what |Φ> could be, to become:
|Φ> = |01>|B> + |10>|C>
But then! To fool Albert and Boris in the Z basis, Nathan is further limited to make his qubit to become
|Φ> = (|01>-|10>)|C>
meaning that |C> is completely decoupled from the qubits that are sent to Albert and Boris. Regardless of how tricky Nathan can be, he gets no information from creating and sending out |Φ>, since the information he gets from |C> is decoupled from the information sent to Alice and Bob.
Therefore, this completes the proof that Nathan can still do no harm!
Next, we move on to showing the BB84 scheme, and how it is the same to the EPR/Ekert scheme. The primary difference between BB84 and Ekert is that BB84 allows Alice to prepare the states beforehand and then send them to Bob, instead of Albert and Boris simultaneously observing the pair of entangled particle. Therefore, Alice is able to prepare her state in a random fashion, and Bob should still make measurements in a random fashion along either the X or Z axis. Afterwards, they carry out the same scheme as above, where they publicly release the axis for measurements, and then compare some subset to validate against eavesdropping.
This is shown to be the same as the EPR state because any eavesdropper needs to make a measurement that leaves the particle that goes to Bob undisturbed. But, “any measurement which fails to disturb nonorthogonal states also yields no information about them.” Therefore, Eve cannot create any kind of unitary operator U that is able to eavesdrop without detection.
Through this paper, BB84 is demonstrated to be as strong as EPR, and that both are secured against eavesdroppers. Quite amazing stuff!
Reference: Bennett, C. H., et al. Quantum Cryptography without Bell’s Theorem Phys. Rev. Lett. 68 557-559 (1992)