SPIE Startup Challenge 2015 Founding Partner - JENOPTIK Get updates from SPIE Newsroom
  • Newsroom Home
  • Astronomy
  • Biomedical Optics & Medical Imaging
  • Defense & Security
  • Electronic Imaging & Signal Processing
  • Illumination & Displays
  • Lasers & Sources
  • Micro/Nano Lithography
  • Nanotechnology
  • Optical Design & Engineering
  • Optoelectronics & Communications
  • Remote Sensing
  • Sensing & Measurement
  • Solar & Alternative Energy
  • Sign up for Newsroom E-Alerts
  • Information for:
SPIE Photonics West 2017 | Register Today

OPIE 2017

OPIC 2017

SPIE Defense + Commercial Sensing 2017 | Register Today




Print PageEmail PageView PDF

Optoelectronics & Communications

Quantum cryptography without monitoring disturbance

A new round-robin differential-phase-shift protocol for quantum key distribution is designed to prevent, rather than detect, eavesdropping.
1 December 2015, SPIE Newsroom. DOI: 10.1117/2.1201511.006202

Quantum key distribution (QKD) is a method for realizing secure private communication (i.e., safe from an adversary with unlimited power). The QKD method uses the bizarre properties of quantum mechanics that appear in very weak optical signals. Since the first QKD protocol was proposed 30 years ago,1 there has been the same basic working concept—that any attempt to distinguish quantum states should cause a disturbance—as dictated in the original version of Heisenberg's uncertainty principle. In conventional QKD protocols, the information leak to an eavesdropper is therefore estimated using this basic quantum mechanics principle. The amount of information that is acquired by a hypothetical eavesdropper (‘Eve’) through intervention of quantum communication can thus be deduced by monitoring the amount of signal disturbance. Based on the level of this deduced information leak, a sender (‘Alice’) and receiver (‘Bob’) apply a so-called privacy amplification process to their transmitted data. This produces a shared secret key for Alice and Bob, but with negligible leak to Eve.

Purchase SPIE Field Guide to Optical Fiber TechnologyA problem associated with conventional QKD protocols, however, is the complication that arises from estimating the amount of leaked information. This is especially the case with protocols that use a conventional laser (which suffer from inherent fluctuations in the emitted number of photons). The most popular method for countering these fluctuations—known as decoy state QKD2–4—uses complicated statistical estimation methods to deduce the level of Eve's intervention from the observed amounts of disturbance. Yet even for encryption of a short message, decoy state QKD requires a long session to collect enough data for reliable estimation.

In recent work, we have proposed a new QKD scheme, which is known as the round-robin differential-phase-shift (RRDPS) protocol.5 This method is based on an entirely different principle6 than conventional QKD protocols. In our RRDPS protocol, the possible amount of leak can be determined without any reference to how Eve has disturbed the signals that are transmitted between Alice and Bob. Our RRDPS protocol can be implemented with the use of a laser and a phase modulator at the sender, and with a variable-delay interferometer followed by photon detectors at the receiver. Most of these components are classical optics tools, and therefore our technique can be realized easily with available technology. Indeed, a number of experimental demonstrations of the protocol7–9 and its variants10 have recently been reported.

In our RRDPS protocol (see Figure 1), Alice modulates a weak coherent laser pulse train of fixed length, L (L is typically about 100). This modulation is achieved with an optical phase shift of 0 or π, and allows a random L-bit sequence to be encoded. Bob then feeds the pulse train to a delayed interferometer. This delay is randomly chosen to be a multiple of the pulse interval. Photon detection (at one of the detectors) is used to determine the phase difference between one pair of laser pulses, which forms Bob's received bit. Bob then publicly announces which pair of pulses has led to the detection. This therefore enables Alice to determine the same bit from her record of the L-bit sequence.

Figure 1. Schematic illustration of the round-robin differential-phase-shift (RRDPS) quantum key distribution (QKD) protocol. In this technique, a weak coherent laser pulse train, with fixed length (L), is sent from Alice and modulated with an optical phase shift of 0 or π, according to a random L-bit sequence (S1S2…SL). The receiver, Bob, then feeds the pulse train through an interferometer with a variable delay (VD). A photon detector is used to determine the phase difference between one pair of laser pulses, which forms the received bit. Alice can then determine the same bit from the recorded L-bit sequence.

The security of the RRDPS protocol can be understood as follows. Alice's L-pulse signal contains only a few photons in total, which are too weak to carry all the information on the L-bit sequence. Eve can thus extract only a few bits and has no control over which parts of the bits to extract. As such, if the announced pair—{i, j}—were randomly chosen, there is only a very small chance that Eve could know those two bits. This concept, however, does not work in the classical (non-quantum) world. In that case—see Figure 2(a)—the weakness of the signal would imply that only a few pulses have phase information and that the rest of the pulses contain no information. Bob could then only determine the phase difference for three cases: {1, 3}, {1, 4}, and {3, 4}. This result would be far from random, and the few bits Eve knows would be exactly the relevant ones. In contrast, a weak quantum signal—see Figure 2(b)—contains every bit, in a ‘shadowy’ way. This means that Bob can extract a phase difference from a much wider range of choices. In fact, Bob can essentially choose the distance (ji) to suit his own needs (achieved using the variable delay in the RRDPS protocol). The announced pair therefore has an inherent randomness that is beyond the reach of Eve. As a result, there is only a very small chance that Eve can know both Alice's i-th and j-th bits. The amount of the leak is thus limited to a small value (which is known from the start), regardless of how Eve may disturb Alice's transmitted signal.

Figure 2. Illustration of (a) classical and (b) quantum weak signals.

With our RRDPS protocol, we can establish security in a very different way from conventional QKD schemes that rely on the information-disturbance trade-off relation. As our protocol does not require precise estimation of the amount of disturbance, only simple post-processing of data is required. We are able to generate a key even when the communication time allocated for a session is short.

We have developed the new RRDPS QKD scheme for cryptography, which can be used to establish security without relying on the information-disturbance trade-off concept. The RRDPS method involves modulation of a weak laser pulse train and random selection of delay in the interferometer at the receiver. It can be implemented with standard optics hardware and requires only simple post-processing of data. The security of our protocol can be ascribed to two separate properties, i.e., the weakness of the signal and the randomness in the announced pair of indices. This simplicity will be an advantage when various imperfections in actual devices are considered during the application of this methodology for practical situations. This is part of our ongoing work.

Masato Koashi
The University of Tokyo
Tokyo, Japan

Masato Koashi received his PhD in physics from the University of Tokyo in 1995. He is currently a professor in the Photon Science Center, Graduate School of Engineering. He has been involved in quantum optics and quantum information theory for more than 20 years.

1. C. H. Bennett, G. Brassard, Quantum cryptography: public key distribution and coin tossing, Proc. IEEE Int'l Conf. Comput. Syst. Signal Process., p. 175-179, 1984.
2. W.-Y. Hwang, Quantum key distribution with high loss: toward global secure communication, Phys. Rev. Lett. 91, p. 057901, 2003. doi:10.1103/PhysRevLett.91.057901
3. H.-K. Lo, X. Ma, K. Chen, Decoy state quantum key distribution, Phys. Rev. Lett. 94, p. 230504, 2005. doi:10.1103/PhysRevLett.94.230504
4. X.-B. Wang, Beating the photon-number-splitting attack in practical quantum cryptography, Phys. Rev. Lett. 94, 2005. doi:10.1103/PhysRevLett.94.230503
5. T. Sasaki, Y. Yamamoto, M. Koashi, Practical quantum key distribution protocol without monitoring signal disturbance, Nature 509, p. 475-478, 2014.
6. M. Koashi, Establishing security of quantum key distribution without monitoring disturbance, Proc. SPIE 9648, p. 96480Y, 2015. doi:10.1117/12.2197813
7. H. Takesue, T. Sasaki, K. Tamaki, M. Koashi, Experimental quantum key distribution without monitoring signal disturbance, Nat. Photon., 2015. doi:10.1038/nphoton.2015.173
8. S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, X.-T. Song, H.-W. Li, L.-J. Zhang, Z. Zhou, G.-C. Guo, Z.-F. Han, Experimental demonstration of quantum key distribution without monitoring of the signal disturbance, arXiv:1505.07884 [quant-ph], 2015.
9. Y.-H. Li, Y. Cao, H. Dai, J. Lin, Z. Zhang, W. Chen, Y. Xu, et al., Experimental round-robin differential phase-shift quantum key distribution, arXiv:1505.08142 [quant-ph], 2015.
10. J.-Y. Guan, Z. Cao, Y. Liu, G.-L. Shen-Tu, J. S. Pelc, M. M. Fejer, C.-Z. Peng, X. Ma, Q. Zhang, J.-W. Pan, Experimental passive round-robin differential phase-shift quantum key distribution, Phys. Rev. Lett. 114, p. 180502, 2015. doi:10.1103/PhysRevLett.114.180502