Quantum key distribution (QKD) is an advanced sub-disciplines of quantum information technology. It aims at coming up with novel and sophisticated methods of securely exchanging cryptographic keys by use of basic quantum mechanical concepts such as entanglement and measurement.
Since the 1970s, with the advent of quantum cryptography, researchers and academics have proposed a handful of quantum key distribution protocols. The earliest of such was proposed in 1984.
Table of contents
- Stages of Quantum Key Distribution
- Quantum Key Distribution schemes
- Quantum Key Distribution protocols
- Attacks against QKD protocols
- Advantages of QKD
- Downsides of QKD
- Further reading
To follow along with this article, you are required to have some understanding of quantum computing.
Stages of quantum key distribution
QKD has two steps associated with it:
- Quantum communication
- Classical post-processing
Quantum communication involves encoding bits in a polarization state followed by sending of the encoded bits. Decoding happens after transmission successfully completes. This phase happens via a quantum channel.
Classical post-processing occurs after decoding of the sent bits. Here, the two communicating parties compare the bases used in encoding and decoding. Then, they perform tests to detect eavesdropping.
Quantum key distribution schemes
There are two major quantum key distribution schemes:
- Prepare and measure (P&M)
- Entanglement based (EB)
P&M, as its name suggests, involves preparing a sequence of bits to be transmitted and measured. It takes advantage of the measurement property in quantum mechanics. This is particularly useful in detecting eavesdropping. This scheme forms the backbone of a number of QKD protocols such as BB84, B92, and SARG04.
EB relies on the phenomenon of quantum entanglement. Entanglement is simply the property in which two quantum bits (referred here to as bits) are inextricably linked such that a measurement of one bit yields a correlated result in the other. E91 and BBM94 are popular protocols based on the EB scheme.
Quantum key distribution protocols
QKD protocols come in two flavors:
- Discrete variable (DV) QKD
- Continuous Variable (CV) QKD
DV-QKD protocols are the most practical and easiest to understand. Let’s address protocols belonging to this category.
1. BB84 protocol
This was the first QKD protocol to be developed. Consider a scenario where Alice and Bob are attempting to establish a secret key. Eavesdropper Eve tries to gain knowledge of the key during this process.
Alice generates a sequence of bits using classical means. She then randomly encodes each bit of the sequence in a polarization state. She does this by choosing standard or Hadamard bases. She sends the encoded bits to Bob via a quantum channel. Bob measures each bit in the sequence by choosing a basis at random.
Using a classical channel, Alice confirms that Bob has received every bit she sent. After an affirmative confirmation, they tell each other what bases they used for encoding and decoding. If the bases agree, they both have the same bit values. If they chose different bases, there is only a 50% chance the bits match.
They discard the bits in which encoding and decoding bases differed. This leaves on average half of the number of bits transmitted. A subset of the remaining bits is used to confirm no eavesdropping occurred. That subset is discarded afterwards and the remaining bits now become the secret key.
2. B92 protocol
This is the simplest QKD protocol. Alice prepares a bit in one of two quantum states. She then sends it to Bob who uses a suitable basis for measurement to recover the state encoded by Alice. This becomes insecure if Alice‘s encoded bits are orthogonal. Orthogonal states are like classical states (0 or 1). This means that it becomes susceptible to accurate measurement and copying by Eve.
3. Six-state protocol
This protocol is a variant of the BB84. It enhances key generation rate as well as the noise tolerance. It uses 3 bases for encoding and decoding hence it’s name.
4. SARG04 protocol
This protocol is similar in some ways to the BB84. It uses the same procedure as the BB84 to send bits between Alice and Bob. The difference comes in the classical post-processing phase.
In classical post-processing, Alice does not explicitly mention her encoding bases. She only announces a pair of non-orthogonal states. Bob uses this knowledge to infer which of their bits matched and which didn’t. The matching bits establish a secret key.
5. BBM94 protocol
A single source creates a sequence of entangled bits. Each half of the bits are sent to Alice and Bob who measure their received bits in only two mutually unbiased bases. Alice and Bob communicate the bases they used over a classical channel. They both discard bits measured using different bases.
They choose to keep bits which had same bases of measurement. Bits measured using the same basis will get a correlated result. This is due to the entanglement property. This will derive a secret key for secure communication. A small sample is then used to check for errors and detect eavesdropping.
6. E91 protocol
In this protocol, Alice and Bob receive each half of entangled bits from a single source. They then measure their bits in the standard or Hadamard bases. Thereafter, they make a comparison on which of their bits matched and which did not. They use the different bits to carry out the CSHS test. The result of this test will show whether there was eavesdropping.
Attacks against QKD protocols
A simple attack which Eve can perform is to intercept the encoded bits. She measures the bits using calcite crystal and photon detector. Then she sends the bits to Bob. Eve‘s random measurement bases will change the bits in some fundamental sense before reaching Bob. This is because of the no-cloning theorem. The result is that Bob has a quarter probability of measuring a different bit value than the one Alice sent. By doing this, Eve introduces a high error rate. This increases the chances of detecting her activity.
A more potent attack is the Photon Number Splitting (PNS) attack. In this attack, a source may emit many bits with identical encodings. Eve then performs a measurement that does not destroy the quantum state of the bits. This is called a non-demolition measurement. She then determines the number of bits.
If the number of bits sent at a time is more than one, she steals the excess bit and forwards the remaining identical bit to Bob. She now waits for Alice to make known her encoding bases. She now uses this knowledge to make sharp measurements of her stolen photons. This means she will always get identical results to Alice and Bob. This results in Eve being able to derive the secret key.
Advantages of QKD
QKD uses the laws of physics to guarantee its security. This is as opposed to its classical counterparts which rely on computational hardness and mathematical intractability.
QKD is also future-proof. This means that it is impossible to store information obtained during the key exchange process and hack it at a later time. This makes it very attractive in securing data that have lengthy lifespans. QKD gives the ability to detect eavesdropping which is also a distinct advantage.
Downsides of QKD
Eve can always interfere whenever there is an instance of key exchange. This is regardless of whether she intends to gain any information. This causes an abortion and restarting of the process. A consequence of this act is a Denial of Service (DOS).
Eve can always pose as Bob to Alice and as Alice to Bob during exchange of keys. This is especially possible when the two legitimate communicating parties are using a non-authenticated classical channel.
It is also vital to note that QKD faces hardware issues. A substantial change of current hardware infrastructure is needed in order to realize a practical QKD network. A single change in a protocol may necessitate a change of hardware. This in the long run may end up being very costly.
In a world where technology seems to get only better, creative solutions are needed in order to secure our communications online. QKD promises to be such a solution. This approach will be a pivotal element of our online information security, especially when universal quantum computers get here.
- Attacks on quantum key distribution protocols that employ non-ITS authentication
Peer Review Contributions by: Geoffrey Mungai