Kvantekryptografi med fotoner i optiske fibre
Download
Report
Transcript Kvantekryptografi med fotoner i optiske fibre
Norsk kryptoseminar, 17-18. oktober 2002. NTNU, Trondheim
NTNU
Quantum Cryptography
Vadim Makarov and Dag R. Hjelme
Institutt for fysikalsk elektronikk NTNU
www.vad1.com/qcr/
NTNU
FoU
Trondheim 2002
Classical vs. quantum information
NTNU
Classical information
Perfect copy
Unchanged original
Quantum information
Imperfect copy
Broken original
Trondheim 2002
NTNU
Qubit: polarization state
of a single photon
Measure?
Measure?
50%
50%
Trondheim 2002
What is the problem with classical
cryptography?
NTNU
Secret key cryptography
Requires secure channel for key distribution
In principle every classical channel can be monitored passively
Security is mostly based on complicated non-proven algorithms
Public key cryptography
Security is based on non-proven mathematical assumptions
(e.g. difficulty of factoring large numbers)
We DO know how to factorize in polynomial time! Shor’s
algorithm for quantum computers. Just wait until one is built.
Breakthrough renders messages insecure retroactively
Trondheim 2002
The holy grail: One-time pad
NTNU
The only cipher mathematically proven
Requires massive amounts of key material
m
m
c
k
k
Trondheim 2002
Key distribution
NTNU
Message
Alice
Bob
Open (insecure) channel
Encoder
Encoded message
Message
Decoder
Key
Secure channel
Secret key cryptography requires secure channel for key
distribution.
Quantum cryptography distributes the key by transmitting
quantum states in open channel.
Trondheim 2002
Quantum key distribution
NTNU
Bob
Alice
Diagonal
polarization filters
Horizontal-vertical
polarization filters
Diagonal
detector basis
Horizontalvertical
detector basis
Light source
Alice’s bit sequence 1 0 1 1 0 0 1 1 0 0 1 1 1 0
Bob’s detection basis
Bob’s measurement 1 0 0 1 0 0 1 1 0 0 0 1 0 0
Retained bit sequence 1 – – 1 0 0 – 1 0 0 – 1 – 0
Image reprinted from article: W. Tittel, G. Ribordy, and N. Gisin, "Quantum cryptography," Physics World, March 1998
Trondheim 2002
NTNU
Eavesdropping with wrong reference
system
Tyvlytter
50%
Sender
Mottaker
Referanse
50%
Rett
Galt
Rett
50%
"1"
Galt
Rett
50%
"0"
Galt
Rett
Sender
"0"
Rett
"0"
Rett
"1"
Galt
Rett
Galt
Rett
Galt
"1"
Rett
Rett
"0"
"1"
Galt
Rett
Rett
Galt
Rett
Galt
"0"
Rett
Rett
"1"
"0"
Galt
Rett
Rett
Galt
Rett
Galt
"1"
Rett
Rett
"1"
Rett
"0"
Galt
Rett
50%
"0"
50%
Resultat av mеling
Eavesdropper
Receiver
"1"
Galt
Rett
Galt
Rett
Galt
Trondheim 2002
Interferometric QKD channel
NTNU
Sender (Alice)
Receiver (Bob)
L1
Source
f1
f =
1
f2
S1
0 or 90 - "1"
f = 180 or 270 - "0"
1
Transmission
line
L2
D0
S2
D1
Reference
systems:
f = 0
2
f = 90
2
Trondheim 2002
Implementation: interferometer structure
Alice
Variable Ratio
PM Coupler
NTNU
Variable
Delay Line
Polarizer
Laser
Phase
Modulator 1
PM fiber
1300 nm (or 1550 nm)
Polarization
Combiner
Attenuator
Alice's
PC
Pulse Rate = 10 MHz
Public
Communication
Channel
Eve's Territory
Bob
Line
Standard
SM fiber
Bob's
PC
APD
PM Coupler
50/50
Phase
Modulator 2
Polarization
Controller
'0'
Polarization
Combiner
'1'
PM fiber
Polarizing
Splitter
Trondheim 2002
NTNU
Photo 1. Alice (uncovered, no thermoisolation installed)
Trondheim 2002
NTNU
Photo 2. Bob (uncovered, no thermoisolation installed)
Trondheim 2002
Single-photon detector:
APD in Geiger mode
NTNU
Gate Pulse
Generator
Bias
-VAPD
tgate
VE
Transmission
Lines, Z=50
C = CAPD
APD Inside Cryostat
VB
T=1/(gate pulse rate)
Vbias
Differential
Amplifier
t
tgate down to 1ns
gate pulse rate = 20 MHz
Epitaxx APD
Trondheim 2002
Recovery from errors
NTNU
Eve’s information
Bob’s information
QBER limit:
Individual attacks: 15%
All theoretically possible attacks: 11%
Trondheim 2002
Distance limitation
NTNU
,
Maximum link
distance, km
nm
850
1300
1550
70
Fiber
attenuation,
Detectors
dB/km
2
Si, room temperature
0.35
Ge, -196C
0.2
InGaAs, 60C
1550 nm
30
20
1300 nm
5
0
850 nm
0
5E-5
Few %
Detector noise level
(dark count probability)
Trondheim 2002
Components of security
NTNU
1
1
2 3
Alice
Bob
1. Conventional security
2. Security against quantum attacks
3. Security against Trojan horse attacks
- ones that don’t deal with quantum states, but use loopholes
in optical scheme
Trondheim 2002
Practical security: large pulse attack
NTNU
Alice
Phase
Modulator
Attenuator
Alice's
PC
Line
Eve’s Equipment
- interrogating Alice’s phase modulator with powerful external pulses
(can give Eve bit values directly)
Trondheim 2002
Eavesdropping experiment
Alice
NTNU
4% reflection
Phase
Modulator
Laser
Vmod
Eve
L1
Out
OTDR
Received
OTDR
pulse
Variable
attenuator
In
L2
Fine length
adjustment
to get L1 = L2
0
4.1
8.2
Vmod, V
Trondheim 2002
NTNU
Photo 3. Artem Vakhitov tunes up Eve’s setup
Trondheim 2002
NTNU
Re-keying satellites/
Global key distribution network
1.9 km
10 km
23.4 km
Trondheim 2002
Quantum key distribution in network
NTNU
Multi-user key distribution
Bob 1
Passive splitter
Bob 2
Alice
Bob 3
Multiplexing with telecom traffic
1300 nm
Alice
Data
transmitter
28 km
WDM
1550 nm
1.2 Gbit/s
WDM
Bob
Data
receiver
Trondheim 2002
Entangled photon pairs
NTNU
1560nm
Entangled
Photon Pairs
Nonlinear
Crystal
Pump
Pulses
780nm
To Bob
Passive
Measurement
Alice
Random state
prepared
passively
Trondheim 2002
Advanced multi-party protocols:
Secret sharing and splitting
NTNU
A
B
A
C
B
A
C
B
C
Trondheim 2002
Commercial status
NTNU
id Quantique (Geneva)
first commercially available quantum key distribution
system:
MagiQ Technologies (Boston)
EQUIS project (Heriot-Watt University and Corning; UK)
compact integration into standard PCs
+ several research groups, telecom/ electronics companies
Trondheim 2002