Making quantum encryption practical

May 22, 2013

Part of Alice’s optical parametric amplifier receiver. This receiver enables her to obtain the quantum-illumination performance advantage that ensures Bob’s communication to her is immune to Eve’s passive eavesdropping. (Credit: Zheshen Zhang et al./MIT)

Researchers in the Optical and Quantum Communications Group at MIT’s Research Laboratory of Electronics (RLE) have experimentally demonstrated a new quantum communication protocol that solves two basic problems with achieving practical quantum encryption.

Quantum key distribution (QKD) requires the inefficient transmission of a huge number of bits for each one that’s successfully received. And QKD depends on the properties of individual photons, so it’s very vulnerable to signal loss, which is inevitable over large enough distances — they generally work across distances of only 100 miles or so.

The new protocol is much more resilient to signal loss than QKD, and it sends only one bit for every one received.

At present, the protocol does have one major caveat: It’s secure only against so-called passive eavesdroppers, who simply siphon light from an optical transmission, and not against active eavesdroppers, who maliciously inject their own light into a communication channel. Security against passive eavesdropping is probably adequate for some optical communication systems, but if the researchers can figure out how to thwart active eavesdroppers, too, their protocol could be used to secure optical data transmission over long distances.

Cascading correlations

Like all quantum information schemes, the new protocol exploits the central mystery of quantum physics: the ability of tiny particles of matter to inhabit mutually exclusive states at the same time. Electrons, for instance, have a property called spin, which describes how they act in a magnetic field. Spin can be either up or down, but it can also be in a strange quantum state known as superposition, in which it’s up and down simultaneously.

According to Jeffrey Shapiro, the Julius A. Stratton Professor of Electrical Engineering and one of the co-directors of the Optical and Quantum Communications Group, quantum particles are capable of a greater degree of correlation than objects described by classical physics. A coin, for instance, can be either face-up or face-down. If you glue a second coin to it, face-to-face, the states of the two coins are correlated: If one is up, the other is down, and vice versa.

In the same way, if two electrons are orbiting the nucleus of an atom at the same distance, their spins are correlated: If one is up, the other must be down. But there’s a third possibility: If one is up and down at the same time, so is the other.

This kind of mutual dependency, even in particles separated by great distances, is known as entanglement. But entanglement is very fragile: It begins to break down as soon as particles start interacting with their immediate environments. The key to the new protocol, Shapiro explains, is that even if the entanglement between two light beams breaks down, and their degree of correlation falls back within classical limits, it can still remain much higher than it would be if the beams had a merely classical correlation to begin with.

Bring the noise

Following cryptographic convention, the RLE researchers describe their protocol in terms of a secure communication between Alice and Bob, with an eavesdropper, named Eve, trying to listen in. Alice creates two entangled light beams and sends one of them to Bob, keeping the other one circulating locally.

“In classical physics, there’s a maximum amount of correlation you can get between two events,” Shapiro says. In the new protocol, however, the entangled beams “have a correlation that exceeds — by orders of magnitude — the classical limit.”

As one of those beams travels toward Bob, interactions with the environment begin to break the entanglement, introducing degradations of signal quality that engineers call “noise.” Bob then adds information to the beam, amplifies it — which adds much more noise — and sends it back. Alice uses the beam she kept circulating locally to decode Bob’s transmission.

Eve, on the other hand, extracts some of the signal that Alice sends Bob and uses that to decode Bob’s transmission. Because Bob’s transmission is so noisy, its correlation with Eve’s sample signal is much lower than it is with the signal Alice kept.

“My experiment can show for the communication between Alice and Bob, if Bob sends one megabit of information, about one bit gets flipped,” says Zheshen Zhang, a postdoc at RLE and first author on the new paper. “For the eavesdropper, about half of the bits get flipped.”

“The first distinction between this and what other people have done in the past is that Jeff’s protocol is a direct secure-communication protocol,” says Saikat Guha, a senior scientist at Raytheon subsidiary BBN Technologies who works on quantum optical communications and imaging. “This is not a key distribution protocol.”

As for whether the system will work over long distances, “we don’t have all the answers yet, but this does seem to have better promise than some of the standard QKD protocols,” Guha says. “In the standard QKD protocols, one big requirement is to have quantum repeaters, which are devices that are not yet available. People are working on it, but there aren’t any quantum repeaters. So you can’t do standard QKD over standard fiber for more than a couple hundred kilometers at the most.”