quantum cryptography beyond the buzz grégoire ribordy cern, may 3rd 2006

Quantum CryptographyQuantum CryptographyBeyond the buzzBeyond the buzz

Grégoire RibordyCERN, May 3rd 2006

2www.idquantique.com

OutlineOutline

Quantum physics and information technology

The limits of classical cryptography

The principles of quantum cryptography

Practical systems and applications

Future directions

3www.idquantique.com

Moore’s law and quantum physicsMoore’s law and quantum physics

O ui

N on

1

10

100

1000

10000

100000

1970 1980 1990 2000 2010 2020

Year

Tra

nsi

sto

rs p

er

chi

p

[x

1000

]

0

10

20

30

40

50

Siz

e o

f tra

nsis

tor'

s g

rid

[a

tom

s]

1

10

100

1000

10000

100000

1970 1980 1990 2000 2010 2020

Year

Tra

nsi

sto

rs p

er

chi

p

[x

1000

]

0

10

20

30

40

50

Siz

e o

f tra

nsis

tor'

s g

rid

[a

tom

s]

Quantum Limit

4www.idquantique.com

Classical and Quantum physicsClassical and Quantum physics

Classical physics … - 1900 Describes the macroscopic world

Deterministic

Intuitive

Quantum physics 1900 - … Description of the microscopic

world

Probabilistic Central role of the observer Not very intuitive

Quantum physics Novel information processing possibilities Quantum Information Theory (QIT)

5www.idquantique.com

Generating random numbers with quantum physicsGenerating random numbers with quantum physics

High bit rate• 4 or 16 Mbits/s

Continuous monitoring

Main OS’s supported

6www.idquantique.com

OutlineOutline

Quantum physics and information technology

The limits of classical cryptography

The principles of quantum cryptography

Practical systems and applications

Future directions

7www.idquantique.com

M essage

Public Key

ScrambledM essage

M essage

Private Key

Different Keys

Message

Secret Key

ScrambledMessage

Message

Secret Key

Identical keysKey Exchange ?!?

Introduction: Classical CryptographyIntroduction: Classical Cryptography

Secret Key Cryptography

Public Key Cryptography

Alice

Bob

Different keys Key exchange solved

Vulnerabilities!!!

8www.idquantique.com

Key length

Co

mp

uti

ng

tim

e

Decryption(without key)

Security of public key cryptographySecurity of public key cryptography

EncryptionDecryption (with key)

Selected Key Length

9www.idquantique.com

Vulnerabilities of public key cryptographyVulnerabilities of public key cryptography

Key length

Co

mp

uti

ng

tim

e

Classical computer

Selected Key Length

10www.idquantique.com

Vulnerabilities of public key cryptographyVulnerabilities of public key cryptography

Key length

Co

mp

uti

ng

tim

e

Quantum computer

Classical computer

& Theoretical progress

Selected Key Length

11www.idquantique.com

Where does Quantum Cryptography fit in?Where does Quantum Cryptography fit in?

Message

Secret Key

ScrambledMessage

Message

Secret Key

Alice

Bob

Quantum Cryptography is a key distribution technique!

Quantum Key Distribution is a better name!!!

Secret key exchange by quantum cryptography

12www.idquantique.com

OutlineOutline

Quantum physics and information technology

The limits of classical cryptography

The principles of quantum cryptography

Practical systems and applications

Future directions

13www.idquantique.com

Physical implementation of a data channelPhysical implementation of a data channel

Fragile !"0"

"1""1"

Classical communication Quantum communication

Security guaranteed by the laws of quantum physics

14www.idquantique.com

Quantum Cryptography: rules of the gameQuantum Cryptography: rules of the game

1. Details of the protocole publicly known

2. Goal: to produce a secret key or nothing

« Eve cannot do better than cutting the line »

Alice and Bob: to estimate Eve’s information on key

IAE small: Produce a key

IAE large:

k’

Eve

Quantum channel

Classical channel

QUANTUM KEY DISTRIBUTION

15www.idquantique.com

Polarization of PhotonsPolarization of Photons

Direction of oscillation of the electric field associated to a lightwave

Polarization states

What can we do with it ?

50 %

E

50 %

16www.idquantique.com

Irreversibility of MeasurementsIrreversibility of Measurements

Incoming photon polarized at 90

Incoming photon polarized at 45

50 %

Rotation of polarizer

50 %

17www.idquantique.com

Quantum communicationsQuantum communications

Transmitting information with a single-photon

Use a quantum property to carry information

Liner States

= "0" = |0>

= "1" = |1>

18www.idquantique.com

Eavesdropping (1)Eavesdropping (1)

A single-photon constitutes an elementary quantum system

It cannot be split

Semi-transparent mirror

?

?

50%

50%

19www.idquantique.com

Eavesdropping (2)Eavesdropping (2)

Communication interception

Use quantum physics to force spy to introduce errors in the communication

?|0> |0>

Eve

BobAlice

20www.idquantique.com

Quantum Cryptography ProtocoleQuantum Cryptography Protocole

BB84

A better name: Quantum Key Distribution

A lice 's B it S e q u e n c e

0 1 0 - 0 1 1 1 1 - 1 0

- 1 - - 0 1 - - 1 - 1 0

B o b 's B a s e s

B o b 's R e s u lts

K e y

A lice

B o b

P o la riz e r s

H o r iz o n ta l - Ve rtic a l

D ia g o n a l ( -4 5 , + 4 5 )

H /V B a s is

4 5 B a s is

0

0

0

0

21www.idquantique.com

Eavesdropping (3)Eavesdropping (3)

50% 50%

50%50%

50% 50% 50%50%

Bob

Eve

Ok Ok OkErrorError

Alice

22www.idquantique.com

Key Distillation (ideal case)Key Distillation (ideal case)

Alice BobQuantum channel

Qubits

Transmission

Basis

Reconciliation

QBERestimate

QBER =0 : no eavesdropping

> 0 : eavesdropping

Sifted key

Reveals rather than prevents eavesdropping

A better name: quantum key distributionquantum key distribution

23www.idquantique.com

Key Distillation (realistic case)Key Distillation (realistic case)

Alice BobQuantum channel

Public channel

(losses)

Qubits

Transmission

Basis

Reconciliation

QBERestimate

Error

correctionPrivacy

amplification

Sifted key

Raw key

Key Key

24www.idquantique.com

Information curvesInformation curves

0.40.0

Sh

an

no

n In

form

atio

n

0.1 0.2 0.30.0

0.2

0.4

0.6

0.8

1.0

QBER

)(1 QBERHI AB

IAEOpt. indiv. attack

Secret key rate

25www.idquantique.com

The Principles of Quantum Cryptography: SummaryThe Principles of Quantum Cryptography: Summary

Quantum CommunicationQuantum CommunicationRaw key exchangeRaw key exchange

Integrity VerificationIntegrity VerificationKey DistillationKey Distillation

Key UseKey Use

Quantum Cryptography

Conventional SymmetricCryptography

Point-to-point optical link

Future-proof key exchangewith security guaranteed bythe laws of physics

26www.idquantique.com

OutlineOutline

Quantum physics and information technology

The limits of classical cryptography

The principles of quantum cryptography

Practical systems and applications

Future directions

27www.idquantique.com

Building a Quantum Key Distibution SystemBuilding a Quantum Key Distibution System

Necessary components

“System approach”

ChannelSingle-Photon Source

Single-Photon Detector

28www.idquantique.com

Polarization CodingPolarization Coding

Typical system

LD 1

LD 2

LD 3

LD 4

QuantumChannel

Alice BobBasis 1

Basis 2

/2

PBS

PBS

"0"

"1""0"

Waveplates

BS

BS

BS F "1"

APD

APD

Public Channel

29www.idquantique.com

InterferencesInterferences

30www.idquantique.com

InterferometerInterferometer

Classical interference

Port 1

Port 2

E

1E

2E

0

0.5

1

0 2 4 6

Phase [radians]

Sortie 1

Sortie 2

31www.idquantique.com

Phase encodingPhase encoding

Quantum optics: single-photon

A

B

A lic e

B o b

D 2

D 10

0.5

1

0 2 4 6

Phase [radians]

Output 1

Output 2

Base 1: A = 0;

Base 2: A =

Basis choice: B = 0;

Compatible: Alice A Di

Bob Di A(A-B = n)Bas

es Incompatible: Alice and Bob ??

(A-B = )

32www.idquantique.com

Phase encoding (2)Phase encoding (2)

Stability of such system ???

In practice

A

B

A lic e

B o b

D 2

D 1

10 km

10 km ± /10 (100 nm)

A lice

A B

B o b

Time (ns)

LL

0

20

40

60

80

CC

-3 -2 -1 0 1 2 3

CL + LC

+

33www.idquantique.com

Auto-compensated set-upAuto-compensated set-up

Time multiplexing

A lice

B obA

B

A tt .S h o r t a rm

L o n g a rm

M F

S P

34www.idquantique.com

Practical requirementsPractical requirements

Distance limitation < 100 km

Current range is sufficient for a vast majority of MAN/SAN applications

Point-to-point dark fiber• Amplifiers• Opto-electro-opto conversion

perturbation of the quantum state of the photon

Distance

Signal, Noise

pnoise

psignal

35www.idquantique.com

Link Encryptors with QKDLink Encryptors with QKD

Network Appliance• Point-to-point link encryption

• Layer 2 device

• Network protocole independent

• Compatible with higher layer encryption

Specifications- Encryption: AES (128, 192, 256 bits)- Key rate as high as 100 keys / s- Distance < 100 km (60 miles)- Pair of dark fiber

Target ApplicationsMAN or SAN encryption

36www.idquantique.com

« Swiss Quantum » Pilot Site« Swiss Quantum » Pilot Site

37www.idquantique.com

OutlineOutline

Quantum physics and information technology

The limits of classical cryptography

The principles of quantum cryptography

Practical systems and applications

Future directions

38www.idquantique.com

Extending the key distribution distanceExtending the key distribution distance

Chaining links

Better components

Free space links to low-earth-orbit (LEO) satellites

Quantum relays and repeaters

Tokyo Geneva

A BB' A ' B" A" B'" A '"

Telco Infrastructure

39www.idquantique.com

Compatibility with conventional optical networksCompatibility with conventional optical networks

Optical switching

WDM Links

40www.idquantique.com

Thank you very much for your attentionThank you very much for your attention

id Quantique SA

Chemin de la Marbrerie, 3

CH-1227 Carouge

Switzerland

Ph: +41 22 301 83 71

Fax: +41 22 301 83 79

info@idquantique.com

www.idquantique.com

41www.idquantique.com

Optical TapsOptical Taps

Optical taps are cheap and simple to use

« Tapping a fibre-optic cable without being detected, and making sense of the information you collect isn’t trivial but has certainly been done by intelligence agencies for the past seven or eight years. These days, it is within the range of a well funded attacker, probably even a really curious college physics major with access to a fibre optics lab and lots of time on his hands. »

John Pescatore, former NSA Analyst

The submarine « USS Carter » worth $4.1 bn will be able to tap and eavesdrop undersea cables.

42www.idquantique.com

Key useKey use

The key produced by a quantum cryptography system is used with conventional symmetric encryption algorithms• One-time pad « unconditional security »

• Other symmetric algorithms (AES, Tripe-DES, etc.) enhanced security by frequent key change

Why is Quantum Cryptography not used to transmit data?1) Quantum Cryptography cannot guarantee that one particular bit will

actually be received.With a random key, it is not a problem. With data, it is.

2) Quantum Cryptography does not prevent eavesdropping, but reveals it a posteriori. Sending a key and verifying its secrecy allows to prevent information leakage.

43www.idquantique.com

Device AuthenticationDevice Authentication

Initial key

Quantum Cryptography Session n: key material

Authentication keyEncryption/decryption key

Session nAuthentication key n

Au

the

ntic

atio

n k

ey

refre

sh

ed