Open Line, Hidden Key

December 2000
By Henry S. Kenyon

Quantum cryptography allows transmission of secure information over public communication networks.

By manipulating the slippery and elusive qualities of matter’s smallest components, scientists have developed a way to encode and send data along unsecured public fiber optic lines. The method relies on the unique nature of atomic behavior—any attempt by an outside party to analyze the coded material changes the atoms’ characteristics, rendering the transmission useless.

Known as quantum cryptography, this technique represents the first practical application emerging from the diverse field of quantum studies, which examines the possibilities that arise because small particles of matter are both intertwined and yet completely isolated. These individual atoms and molecules are capable of feats such as unbreakable data transmission; exponentially powerful and rapid computation and data searching, which is known as quantum computing; and the theoretical possibility of moving the essence, or quantum states, of matter from one place to another, known as quantum teleportation.

Using commercial telecommunications equipment, researchers at IBM’s Almaden Research Center in San Jose, California, have demonstrated the feasibility of sending encoded key information down 20 kilometers of fiber optic line. According to Dr. William P. Risk, manager of quantum information at Almaden, the center’s goal was to determine the possibility of developing a practical prototype system.

IBM’s quantum cryptography effort began in 1996. The system is designed to operate over fiber optic cable at the telecommunications wavelengths of 1.3 and 1.55 microns, the most common wavelengths used in optical networking and optical telecommunications. By working with these existing formats, IBM scientists were able to take advantage of the large body of research and development work used to produce commercial components.

The prototype system operates like a commercial telecommunications network with two computers at different sites connected by optical fiber, over which the quantum cryptographic exchange takes place. Experiments were also conducted over the center’s local area network (LAN). While IBM has not yet determined the degree to which it will commercialize the center’s research, such a system could be manufactured today, Risk says.

Currently capable of sending a coded message up to 20 kilometers, the system can potentially be extended to distances of up to 100 kilometers, but researchers are unsure what the data rate would be because the error rate increases the farther light travels through an optical line, Risk offers. Repeaters also limit the quality of the transmission. Used to strengthen the signal over long stretches of optical fiber, they interfere with the quantum states of the key data, he adds.

Risk maintains that Almaden’s primary goal was to send messages over short distances. “We weren’t trying to set a distance record with this system. What we were trying to do was see if we could develop a very practical method that would work over useful lengths and data rates. The intention is to possibly use the system in a campus or a metropolitan environment where 10 or 20 kilometers is enough to connect users together,” he says.

Though commonly referred to as quantum cryptography, Risk believes a better description is quantum key distribution. The process involves using quantum mechanics to establish a key that two parties use in a communication to encrypt a message. The subsequent transaction need not take place over optical fiber, he says. Instead, a telephone line, LAN, microwave or other means could be used.

Quantum cryptography differs from previous methods of information security in the way the secret key is established and distributed. In the past, copies of the key were sent to each user via a trusted courier. This technique is only as trustworthy as the courier, he observes. Quantum key distribution involves the use of quantum mechanics to create an identical pass for two users through a random process known only to them.

The correspondents develop the key in several steps taken entirely over public channels. “Everything that takes place can be publicly observed, and yet it’s still possible to ensure that the key is secret, and therefore any communication subsequently encrypted using that key is secret,” he explains.

The key process involves sending individual photons down an optical fiber that connects two host computers. Citing two hypothetical users, Alice and Bob, Risk notes that Alice generates or randomly determines whether a given photon will represent a 1 or a 0 before sending it to Bob. Because information is lost as it travels in an optical fiber, and Bob’s detectors are not perfectly efficient, Bob will only receive a subset of the information that may contain errors.

In the second stage of the process, both parties conduct a joint distributed computation where the blocks of bits that Bob received are compared to Alice’s for parity. For example, Bob takes the first 16 bits he collected and counts the number of 1s. He then tells Alice if there was an odd or even number of 1s, and Alice determines whether that agrees with the number of 1s she counted in that same subset. By comparing parities, errors in Bob’s key can be located and corrected. Once the process is complete, both users have a common set of bits.

To counter any potential spies, users go through a process called privacy amplification. This method sacrifices some of the bits in the initial sequence and generates a new group. For each bit sacrificed, the amount of information available to an eavesdropper is reduced by half. For example, by giving up 10 bits, the amount of information useful to an eavesdropper is reduced to a thousandth of a bit, Risk says. At the end, Alice and Bob have a shorter sequence of 1s and 0s that agree exactly and that provide eavesdroppers with no useful information. Those bits then become the key for subsequent communication.

This entire verification process takes two to three minutes in the laboratory; however, Risk notes that IBM researchers have not optimized the communication or the computation process. The calculations take place on a standard laboratory automation and computation package that is probably much slower than a system that would be specifically designed for this purpose, he says.

Early in the development of quantum cryptography, researchers concerned themselves with two potential eavesdropping scenarios. One situation involves a spy who uses a beam-splitting device, such as a half-silvered mirror, to pull off some of the photons. If Alice sends packets of thousands of photons at a time to Bob—which, from a practical point, is easier to do and much easier to detect—an eavesdropper could split a few photons from those packets and get some of the same information. To thwart this, quantum key information is only sent down the optical fiber one photon at a time because single photons cannot be split, Risk explains.

Another surreptitious data-gathering method involves an eavesdropper intercepting the communication between Alice and Bob. The spy could try to collect all of the photons sent by Alice, attempt to analyze them, and then retransmit them to Bob. To counter this type of attack, a method was developed that randomly changes how 0s and 1s are represented. One way that Alice can represent a 1 or a 0 to Bob using light is to encode the polarization state of the photon, Risk says.

“You can think of a light wave as being a vibration that in one case could move in a horizontal direction or a vertical direction. Alice could use a horizontal vibration to represent a 0 and a vertical vibration as a 1. Light can also vibrate in a circular manner, going either clockwise or counterclockwise, so she could choose to use a clockwise rotation for a 0 and a counterclockwise rotation for a 1,” he explains.

If Alice randomly chooses between these two interpretations and Bob also randomly chooses a receiver sensitive to one type of light vibration, on average, half of the bits she sends will be received correctly, Risk says. These are then used to create the key. Eavesdroppers trying to collect and analyze all of the data would misinterpret the information 50 percent of the time because they do not know what random choice Alice made or how to represent the data. When the eavesdroppers send the analyzed photons to Bob, half of those bits will be in error. As Alice and Bob compare their data and look for errors, the evidence of this data-gathering attack would be an easily detectable 25 percent error rate in the bits.

This system is effective against eavesdropping because of the nature of quantum mechanics, Risk contends. The act of trying to measure a particle in a quantum state in and of itself changes the particle’s state. For example, if Alice is sending circularly polarized photons to Bob, and the spy is measuring them with a standard polarizing beam-splitter-type detector designed to reliably determine a photon’s horizontal or vertical linear polarization, passing the circularly polarized photon through the detector changes it into a linearly polarized photon. Thus, some of the information Alice originally encoded in the quantum state of that photon is lost.

According to Risk, one of the primary technical hurdles to quantum cryptography across fiber optic cables is that optical fibers are notorious for not preserving photons’ polarization states. “You put light that’s polarized in a certain way in at one end, and it comes out the other end of the fiber in a completely different state. This may vary as the temperature changes and trucks drive over the place where the fiber is installed,” he says.

This loss can be compensated for in two ways. A number of light pulses can be sent down the fiber to discover and actively adjust to any changes. The second way, which the researchers at Almaden chose, uses a passive technique that automatically reacts to any changes in the polarization state. However, to accomplish this, the light must travel a round-trip by going down the fiber in one direction and back in another, Risk says.

While this automatic compensation works extremely well for 10- or 20-kilometer fiber lengths, systems designed to take advantage of this method consequently are limited in range. Risk notes that Almaden scientists are developing means to extend this round-trip scheme. Researchers at Los Alamos National Laboratories, Albuquerque, New Mexico, have demonstrated quantum cryptography that is effective at distances of up to 50 kilometers using the one-way active pulse method. However, the problem with this technique is that time must be spent tuning the system to understand what the fiber is doing and to compensate for it, he says.

Another hurdle facing IBM and other groups working on optical fiber-based quantum cryptography is the quality of the detectors used to receive the individual photons. Current technology is not very efficient at detecting single photons at the 1.3 and 1.55 micron telecommunication wavelengths.

“What we have done is take commercially available telecom detectors and use them in a way they weren’t really intended to be used, but which makes it possible to detect single photons. Basically, that means cooling them to 120 degrees Kelvin and putting higher voltages on them than they’re supposed to have. If you beat on them hard enough and are clever about how you do it, you can get them to detect single photons with reasonable efficiencies,” Risk explains. But these efficiencies are not nearly as high as what could be done in the visible wavelength range, and inefficiency leads to detection problems at long telecommunication wavelengths.

Another issue is that commercial vendors are changing optical devices to meet the needs of the telecommunications industry. These modifications include placing preamplifiers on the same chip as the detector, which makes them more difficult to use for quantum research purposes. The problem is really an engineering issue, but very few manufacturers make detectors specifically to meet scientists’ needs, he says.

Risk sees quantum cryptography as the first practical use of a subset of a broader field, which he classifies as the communication of quantum information. Two avenues of cryptographic research are being pursued in this area. The first is fiber optics based and is being examined by a number of groups such as IBM and BT. The scientists on the other path seek to extend quantum key distribution beyond the few tens of kilometers of available fiber optic cable.

Risk notes that Los Alamos researchers are conducting experiments to broadcast quantum key information via laser from a groundstation to a satellite and back to Earth. Current experiments have only been conducted on the ground through a volume of air comparable to that required to reach a satellite. Research shows that this method is technically feasible, he says.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.