Cryptography Reference
In-Depth Information
can be used to represent a one. Note at this point that an adversary who wants to
measure the polarization of the photons sent from A to B does not know the bases in
which they must be measured. If the measurement is made with the correct bases, the
measurement yields a correct result. If, however, the measurement is made with the
wrong bases, the measurement will randomly change the polarization of the mea-
sured photons (by the laws of quantum mechanics). Consequently, without knowing
the polarization bases originally chosen by A, the adversary has only a negligible
chance of correctly guessing them and correctly measuring the polarization of the
photons accordingly. More likely, he or she is going to cause errors that can be
detected in the aftermath. Also note at this point that B does not know either which
bases to use for the measurements (from the quantum channel's perspective, there
is no difference between B and an adversary). As B receives the photons, he or she
decides, randomly for each photon and independently of A, whether to measure the
photon's rectilinear or diagonal polarization. B then interprets each result as a zero
or one, depending on the outcome of the measurement. Following this strategy, B
obtains meaningful data from only about half the photons he or she detects (those
for which he or she guesses the correct polarization base). Unfortunately, B does
not know which ones are correctly measured and which ones are measured with
the wrong polarization base. B's information is further degraded by the fact that, in
practice, some of the photons will be lost in transit or would fail to be counted by B's
imperfect detectors. In either case, B records the results of his or her measurements
and keeps them secret.
Subsequent steps of the quantum key exchange protocol may take place over a
public channel. Let us assume that this channel is only susceptible to passive attacks
(e.g., eavesdropping), and that it is not susceptible to active attacks (e.g., injection,
alteration, or deletion of messages). This basically means that we assume a public
channel that is authentic. This assumption can be made obsolete by having A and B
share a secret key that can be used for message origin authentication. In this case,
the quantum key exchange protocol will still work as a method of “key expansion”
rather than key generation.
A and B can now use the public channel to determine, by exchange of
messages, which photons were successfully received and of these which were
measured by B in the correct polarization base. B therefore publicly announces the
type of measurements (but not the results), and A tells B which measurements were
of the correct type. All of these announcements occur on the public channel. A and
B keep all cases in which B's measurements were of the correct type. These cases
are then translated into ones and zeros, representing the agreed secret key. If the
quantum transmission has been undisturbed, A and B should now agree on the bits
encoded by these photons, even though this fact has never been discussed over the
public channel.
