Over the last half century our society has witnessed global changes in the field of communications, and increased attention has been given to problems such as data storage and secure data transmission. The latter is currently based upon a computational complexity argument: certain problems are extremely difficult to solve without a suitable key, usually known only to legitimate users of a communications system. The security of such a system relies upon the assumption that eavesdroppers do not have access to the key, and that without it, they cannot decipher encrypted data. New technologies, however, offer a more secure method: quantum mechanics provides a way to attain unconditional security for any data transmission.
An unknown quantum state cannot be copied or measured with infinite precision. Hence, when data is encoded into quantum states, the laws of physics protect it from any unauthorized eavesdropper (using standard cryptographic terms, we will refer to such an eavesdropper as Eve). Quantum states are typically realized with photons, which are sent by the transmitter (Alice) to the receiver (Bob) through a channel such as an optical fiber, or a straight segment of free space. Our approach takes this one step further. We use the channel in a bidirectional manner, such that the photons are prepared by Bob, encoded by Alice, and finally measured and decoded by Bob. This provides better efficiency than unidirectional protocols on small- and medium-scale distances, and higher security against specific, crucial eavesdropping strategies. Our experimental results demonstrate the feasibility of this method.
The best-known basic protocol for quantum cryptography, published by Gilles Brassard and Charles Bennett, is called BB84.1 Using BB84, Alice prepares a photon in a rectilinear polarization state, chosen at random from the following four states: |0〉; |1〉 (eigenstates of the Pauli matrix Z); |+〉; or |-〉 (eigenstates of the Pauli matrix X). Alice then sends the proton to Bob. The above states are special because they belong to mutually unbiased bases (Z and X), and it is not possible to perfectly discriminate between them. Consequently, should Eve try to gain information about the photon prepared by Alice, she will necessarily disturb its quantum state. Such disturbances can be monitored by the legitimate users and exploited to make the channel secure.
After n iterations of this procedure, additional post-processing is performed to complete key generation. At this point, the users will share a secret key that can be used to enable a private communication.
In our cryptographic scheme,2 the initial preparation of the photon polarization state is identical to that of BB84, but it is Bob who does this preparation. When the photon reaches Alice, it can be measured (as in BB84) or encoded via a unitary transformation, as shown in Figure 1. The photon is then sent back to Bob, who retrieves the information from it. This bidirectional protocol (BP) has already been optically implemented with both entangled photons3 and with faint pulses.4 (See Figure 2). We are currently implementing a complete quantum key distribution at telecommunications wavelengths using the BP with phase encoding.
Figure 1. Using the bidirectional scheme, photons are prepared by Bob, encoded by Alice, then measured and decoded by Bob. With a certain probability c, Alice also measures the photons to test the security of the forward direction.
Figure 2. In the experimental setup, we used both the spontaneous parametric down-conversion (SPDC) and an attenuated laser (faint pulses, FP) as a photon source. The inset shows a typical communication test for different sets of preparation by Bob and operation by Alice. Bob's preparation is reported on the overlay (Z and X eigenstates). The black area represents the distribution of the quantum bit error rate.
The BP is robust against individual attacks by Eve in an unprecedented way. We report our calculations about this type of security in Figure 3. It is apparent that the mutually shared information between Bob and Eve (IBE) is always less than that shared between Bob and Alice (IAB). Using the BP, a secret key can always be distilled by legitimate users, regardless of the noise on the channel. By comparison, the limiting noise value for the BB84 protocol is 15%.
Figure 3. Mutual information between Alice and Bob (IAB), Alice and Eve (IAE), Bob and Eve (IBE) are shown as functions of the quantum bit error rate, demonstrating the security of the bidirectional protocol against individual attacks. QAB. A secret key can be distilled by the legitimate users regardless of the noise on the channel.
Figure 4 shows that the BP is also robust against photon number splitting attacks, and that it is more efficient than the BB84 protocol in key distribution for small and medium distances. These results are surprising, as the bidirectional channel implies more losses than a unidirectional one. This improvement, as well as the security of the BP against individual attacks, is the result of the fact that a basic reconciliation process is unnecessary in BP. This feature also creates the theoretical possibility for secure direct communication of plaintext—i.e. unencrypted information—whenever a channel presents very low rates of losses and noise.
The logarithm of the secure gain Gsec
(given in bits/s) versus the distance between Alice and Bob (in km) is shown. A comparison to the results for a BB84 protocol at the same wavelength (λ = 830nm)5
is given to demonstrate the security of the bidirectional protocol against photon number splitting attacks.
It is worth noting that the BP can be thought of as a technique rather than a protocol on its own. In fact, given an already functional one-way scheme such as the BB84, it is very easy to make the scheme bidirectional: it is sufficient to simply double Alice and Bob's equipment without doubling the channel already deployed between them. The encoding by Alice is then realized with a single electro-optical phase modulator.
In addition to the complete transmission of a secret key using the BP, we are working on novel features (including memory effects) of the bidirectional channel, a decoy-state technique applied to the BP, and the possibility of direct communication.