Cryptography Reference
In-Depth Information
An eavesdropper Eve cannot, exactly like Bob, obtain every time a conclusive
result, as the basis used is unknown. Therefore a simple intercept-and-resend
strategy, in which Eve measures the incoming photon and sends a new one
to Bob (prepared according to the measurement result), will fail. Indeed, half
the time Eve will use a noncompatible basis, and the reemitted photon will
introduce errors in the key of Alice and Bob. Hence, by checking the errors
in the key, Alice and Bob are able to reveal the presence of an eavesdropper.
This fact can be shown to hold for any eavesdropping strategy, as perfectly
elaborated as it might be; see [7] and references therein. Only after the key
exchange do Alice and Bob tell each other which basis they used for each pho-
ton. They can establish a sifted key by attributing to each polarization state
a bit value (0 or 1), keeping events with compatible bases and discarding
the others. They correct the errors that were introduced by the imperfect key
exchange and apply a procedure called privacy amplification, which allows
them to eliminate the information that Eve might have acquired (supposing
her action is at the origin of the detected error). It can be shown that Alice
and Bob can distill a random, perfectly secret key as long as the error rate
is smaller than 11% (respectively 15%, depending on the assumptions one
wants to make on a potential eavesdropper) [7]. However, the efficiency of
the distillation becomes very small for error rates above 10%.
In the original papers introducing the idea, quantum cryptography is nat-
urally based on single photons. However, true single photon sources are very
difficult to realize experimentally. In fact, only a few QKD experiments with
single photons have been reported up to now [19,20]. In addition, presently
available sources are not yet suitable for (fiber) QKD — their wavelengths
are not adapted to fiber telecommunications. Therefore, today's QKD setups,
which have been successfully tested and are ready to be commercialized, are
based on faint laser pulses. In addition, a couple of rather proof-of-principle
experiments using photon-pairs have been performed (see Section 2.4).
Faint laser pulses are light pulses with a Poisson distributed number
of photons and an average number of photons well below 1. Their creation
is very simple but there are two disadvantages. First, since most faint laser
pulses contain in fact zero photons, the bit rate and the signal-to-noise ratio
are considerably reduced. Second, since some faint laser pulses contain two
or more photons, there is some opportunity for eavesdropping, see [73], the
discussion held in Section 2.5.2, and Chapter 6 of this topic. However, it can be
shown that faint pulse QKD can be mathematically secure over distances up
to 100 km with present technology [86]. In particular, we recently presented
a new protocol [21,22] that can increase the range and bit rate of secure faint
laser QKD.
2.3.2 A Practical Realization: The Plug & Play
Configuration
The principles of QKD we have explained use polarized photons. The first
experiment through 30 cm [23] of air used several states of polarization as
