Cryptography Reference
In-Depth Information
positive and negative outcomes to provide 0 and 1 bit values. The scheme
was still operating on the traditional BB84 with weak coherent pulses. The
role of postselection in increasing the ultimate range of continuous variable
cryptography has not yet been recognized.
Finally in 2002, Grangier and coworker published a paper [18] proposing
QKD using Gaussian modulated coherent states and homodyne detection and
showing its security against the beam-splitting attack. This paper reminded
the new quantum continuous variable community of the seminal publication
by Bennett [7]. The scheme was based on the BB84-type protocol with many
nonorthogonal bases represented by slight modulations of different quadra-
ture amplitudes
x
e
i
θ
a
†
+
e
−
i
θ
a
θ
=
, which were Gaussian distributed around
0. To ensure the sufficient overlap between all signal states, the scheme
operated at a low light level, and the modulation depth was kept low enough.
The system did not use any postprocessing of the data, and the security of this
first scheme was said to be limited to less than 50% loss level, the so-called
3 dB limit. It was argued that this loss limit, implied by the beam-splitting
attack, holds for standard minimum uncertainty states such as coherent states
as long as no advanced devices such as quantum memories are used.
Shortly after, Silberhorn et al. [20] demonstrated that secure quantum
key distribution systems based on continuous variable implementations can
operate beyond this apparent 3 dB loss limit. It was shown that, by an appro-
priate postselection mechanism, reminding one of the approach by Hirano
et al. [19], one can enter a region where Eve's knowledge of Alice's key falls
behind the information shared between Alice and Bob, even in the presence of
substantial losses. The calculations were performed for a particular modifica-
tion of the protocol of Ref. 18. The security issues related to the postselection
in cryptographic schemes using the phase encoded BB84 with weak coherent
pulses and homodyne detection were further discussed in Ref. 24.
To overcome the loss limit, another special technique has been proposed
by Grangier and coworkers, which uses reverse reconciliation of data [21-
23]. The use of reverse reconciliation has demonstrated for the first time the
robustness of continuous variable systems against losses of more than 3 dB in
an experiment [22]. The original protocol, however, requires strict one-way
communication and relies on interferometric stability for the transmission of
a local oscillator beam. The restriction to one-way error correction posed a
severe limitation, but the same authors showed that certain combinations of
one- and two-way communication will also lead to a secure key.
In the following we present the experimental quantum key distribution
using coherent polarization states [25]. The implemented system is a con-
tinuous variable scheme that combines different features of the traditional
discrete variable BB84 [1,8] and continuous variable coherent state cryptog-
raphy [18-20,22,24]. The distinct difference from the discrete scheme is the use
of homodyne detection. The particular properties of our system that make it
dissimilar from the related continuous variable schemes [18,19,22,24,26] are
polarization encoding and, in contrast to [18,22], the four state protocol based
on postselection to ensure security and high loss tolerance.
x
θ
=
