Cryptography Reference
In-Depth Information
4. Alice openly communicates to Bob her choice of randomly selected
<m
of
the
p
j
. They compare her
of the
p
j
with Bob's corresponding
q
j
If any
of these do not match, Alice and Bob know there must be an eavesdropper
(see analysis below) and they abort the run. Otherwise, they go to step
5.
5. Alice and Bob discard the
randomly tested
p
j
=
q
j
, and maintain the
remaining
m
−
of them as the secret key.
Analysis
: The bitstringcorrespondingto their areed-upon secret key is
truly random since Alice's initial photon burst was random and Bob's choice
of polarization methods was random. Hence, this agreed upon bitstring can be
used for a one-time pad.
To see why the above key-generation scheme is the equivalent of a one-time
pad, suppose that Mallory has also attempted to measure the initial photon
burst from Alice. Then Bob and Mallory are in exactly the same situation since
both of them will choose the wrongdetector roughly half of the time (but not
the same half). The uncertainty principle guarantees that Mallory has no means
of duplicating Alice's original settings, so even if Mallory's eavesdropping on the
telephone conversation, thereby gaining knowledge of the correct polarization
settings, this does not help because Mallory will have measured about half of
these incorrectly. Hence, this one-time pad is absolutely unbreakable, since
Mallory cannot intercept Alice's message without making errors.
Mallory's presence is detected by the very act of measuring. If Alice sends
a
, for instance, and Mallory uses the + detector, then the incoming
will
emerge as one of
, since this is the only way that photon can get through
Mallory's detector. If Bob measured the transformed photon with the
↑
or
→
×
detector
and
emerges, then a correct setting of the detector will result in an incorrect
reading. In this case Mallory has altered the resulting
q
j
. Of course, it might
also occur that Bob's readingresults in the correct
emerging. Therefore,
Mallory has a one in four chance of beingdetected for each photon checked.
Since
of the
q
j
are checked in step 4, then the probability of detectingMallory
is 1
(3
/
4)
. Hence, for arbitrarily large
(and suLciently large corresponding
n
), we can make this as close to 1 as we desire.
The above analysis shows that quantum cryptography allows key distribution
between two entities (who share no prior keyingmaterial) that is provably secure
against enemies with unlimited computing power, provided that the entities have
access to a conventional channel, aside from the quantum channel.
There was a workingprototype for such a similar quantum scheme developed
in 1989 by the authors of [20] (havingfour, rather than two, schemes), but there
were some glitches in the prototype, all of which is discussed in the topic [291,
pages 177 and 178] devoted entirely to quantum computing. Moreover, there
have been implementations of the scheme usingfiber optical cables over several
kilometers (see [125] and [155]). Further advances were announced in Tokyo in
March of 2004; NEC Corporation in collaboration with others have succeeded
in realizingthe world record, a 150-km-longsingle-photon transmission.
−
Search WWH ::
Custom Search