Cryptography Reference
In-Depth Information
Equation 9.9 with
0.1, we see that the system can tolerate
about 40 dB of loss. Such low background rates are only possible during night
operation or with subnanometer-wide filters in daylight (pointing sunwards
is still a problem [16]).
In faint pulse quantum cryptography, the security is susceptible to eaves-
dropping on multiphoton pulses. This involves an eavesdropper hijacking the
weak pulse beam at the exit of the transmitter, selecting only those pulses with
more than one photon and measuring in such a way as to get partial informa-
tion on the key. The eavesdropper can then reinject pulses at the receiver, thus
bypassing the channel transmission losses. To avoid this possibility requires
that the average number of photons per pulse (
M
η
∼
0.3 and
M
∼
be low. A conservative
assumption takes the view that all errors and all multiphoton pulses will leak
information to an eavesdropper. After error correction, this implied leakage
can be removed by applying a privacy amplification routine to both keys
[23,24]. This random binary matrix multiplication scrambles the key and re-
duces key length while reducing the number of bits known by a potential
eavesdropper to zero. An extreme technology projection assumes the eaves-
dropper can store one photon of a two-photon pulse (until measurement bases
are revealed) and send the other to the receiver without seeing any loss. This
scenario can be guarded against by limiting
M
)
≤
TL
g
, which would suggests
≤
that a system operating at
M
0.1 can tolerate only 10 dB of transmission loss.
However, the required technologies are decades away at present. With present
technologies the eavesdropper is limited to a strategy where the coding basis
and bit value are uniquely determined from three-photon detection events in
a standard receiver [11]. To do this without discovery, the rate of three-photon
detection at the eavesdropper must be greater than the normal rate of detec-
tion of single photons at the receiver. This implies that setting
M
2
24
TL
g
is
an adequate security level to guard against this attack. A system operating
at
M
≤
0.1 is secure against attack with up to 34 dB of losses. This may affect
the use of GEO-to-ground systems (see Table 9.2). It is probably more realis-
tic, however, to protect against intercept-resend eavesdropping as discussed
above using passive and active monitoring of the viability of the free-space
channel. By definition, the entire free-space channel is visible during the key
exchange, and any eavesdropper must remain invisible to all wavelengths of
the electromagnetic spectrum that can be used to monitor the security. A new
protocol based on varying the intensity may also make higher
M
possible in
future [30].
≤
9.5.3 Entangled State Quantum Cryptography:
Feasibility
For a space experiment one could use 30-cm optics to collimate the pair photon
beams to about 4 µR divergence. Two ground stations with 1 m telescopes
could be used separated by up to 1000 km. A dedicated satellite in orbit
at about 500 km altitude could then be arranged to pass between the two
ground stations at a range of
∼
700 km from each. Losses per arm would then
