Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state | 00 >, and picks a random 2n bitstring b, 2.Alice randomly selects n EPR pairs T for checking Eve’s interference, 3.Alice performs H on the second qubit of each pair i such that b i =1, she sends the second qubit of each pair to Bob, 4.Bob receives them and announces it, 5.Alice announces b and T, 6.Bob applies H on the qubits where b i =1, 7.Alice and Bob measure their qubits in T in the Z basis, publicly share the result. If more than t errors occurred they abort, 8.Alice and Bob consider the remaining qubits as being in superposition over all [n,m]-CSS(u,v) codes correcting any t errors. Alice measures u,v, sends result to Bob, both correct the errors and get m nearly perfect EPR pairs, 9.Alice and Bob measure the m EPR pairs in the standard computational basis to get a shared secret-key.
Family of CSS codes Remember that CSS codewords are defined as: Equivalently, we can define CSS u,v as follows: CSS u,v codes all work the same way than CSS codes.
CSS xz (C 1,C 2 ) is a basis We have seen that: C 1 is a [n,k 1,t]-linear code, C 2 is a [n,k 2 ]-linear code such that the dual of C 2 corrects t errors. When A measures H 1 she gets s x randomly in {0,1} n-k1, When A measures H 2 she gets s z randomly in {0,1} k2. After error-correction and decoding they get: Assume H 1 is the parity check for C 1 and H 2 is the parity check for C 2 *.
Error-Rate Estimation Estimating the number of bit and phase flips: Thm: If n out of 2n 2-qubit states are tested that way and less than t bit and phase flips were found then the number t’ of phase and bit flips for the untested positions is such that:
A non-local test Since Alice and Bob are physically separated, the previous test cannot be performed. However, Notice that the same statistics as before would be obtained if for each position either bit flip or phase flip would be tested but not both. Observe also that: which means that bit flips and phase flips can be detected by applying both the Z or the X measurements and comparing the results. Notice that Alice and Bob by doing this make the detection of both bit-flip and phase-flip impossible on a single qubit.
Bit-Flips and Phase-Flips Notice that using H on the second qubit of each pair at random randomizes the distribution of the errors: It follows that the number of phase-flips and bit flips are distributed identically since H is applied randomly and Eve cannot find any information about when H is applied. Only measuring for bit-flips gives a bound on both the number phase-flips and bit-flips. Thm: If n out of 2n 2-qubit states(in Lo-Chau) are tested for bit flips and t’ are detected then the number t x and t z for phase and bit flips in the untested positions is such that:
High Fidelity Implies Low Entropy Lemma 12.9: If > 1-2 -s, then S ) < (2n+s+1/ln2)2 -s +O(2 -2s ). Proof: It follows that S ) <= S max ) where
Application to Lo-Chau Protocol This is a secure Quantum Key distribution protocol! If the estimate for the number of errors is accurate and is such that the QECC allows to fix them then Alice and Bob share m perfect EPR pairs, Since the estimate is mistaken only with negligible probability 2 - n then the state shared by Alice and Bob is such that > n, By the Corollary to the Holevo bound, the amount of Shannon information available to the Eavesdropper, about the outcome of Alice’s and Bob’s measurements determining the key, is negligible,
1.Alice creates 2n EPR pairs each in state | 00 >, and picks a random 2n bitstring b, 2.Alice randomly selects n EPR pairs T for checking Eve’s interference, 3.Alice performs H on the qubit to be sent for each i such that b i =1, she sends the qubits to Bob, 4.Bob receives them and announces it, 5.Alice announces b and T, 6.Bob applies H on the qubits where b i =1, 7.Alice and Bob measure their qubits in T in the Z basis, publicly share the result. If more than t- n errors occurred they abort, 8.Alice and Bob measure their remaining qubits according a check matrix for a predetermined [n,m]-CSS code correcting t errors. They share the results, correct and get m nearly perfect EPR pairs, 9.Alice and Bob measure the m EPR pairs in the Z basis to get a shared secret-key. Alice creates n random check bits, and n EPR pairs in state | 00 >. She encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b, Alice randomly picks n positions T to put the check qubits among n EPR pairs, Bob measures the check qubits in Z basis, publicly shares the result with Alice, if more than t- n errors occurred then they abort. Modified* Lo-Chau Protocol
1.Alice creates n random check bits, and n EPR pairs in state | 00 >. She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b, 2.Alice randomly picks n positions T to put the check qubits among n EPR pairs, 3.Alice performs H on the qubit to be sent for each i such that b i =1, she sends the qubits to Bob, 4.Bob receives them and announces it, 5.Alice announces b and T, 6.Bob applies H on the qubits where b i =1, 7.Bob measures the check qubits in {|0>,|1>} basis, publicly shares the result with Alice, if more than t- n errors occurred then they abort. 8.Alice and Bob measure their remaining qubits according the check matrix for a CSS x,z (C 1,C 2 ) where x and z are random. They share the results, correct the errors, decode and gets m perfect EPR pairs. 9.Alice and Bob measure the m EPR pairs in the Z basis to get a shared secret- key. The random CSS code is randomly selected by Alice when she measures. She could have done this here !! The key is random and determined by Alice here
Removing the Need for EPR Pairs At step 8, Alice gets x and z randomly and uniformly, since (but see note below): At step 9, Alice obtains a random m-bit sting k encoded in CSS xz (C 1,C 2 ) code: All measurements could as well occur at the very beginning! Note that measurement of x,z actually return random cosets (of C1 and C2 dual). But Alice could announce random members of the cosets and then x and z are indeed uniform. m=k 1 -k 2
1.Alice creates n random check bits, and n EPR pairs in state | 00 >. She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b, 2.Alice randomly picks n positions T to put the check qubits among n EPR pairs, 3.Alice performs H on the qubit to be sent for each i such that b i =1, she sends the qubits to Bob, 4.Bob receives them and announces it, 5.Alice announces b and T, 6.Bob applies H on the qubits where b i =1, 7.Bob measures the check qubits in Z basis, publicly shares the result with Alice, if more than t- n errors occurred then they abort. 8.Alice and Bob measure their remaining qubits according the check matrix for a CSS x,z (C 1,C 2 ) where x and z are random. They share the results, correct the errors, decode and gets m perfect EPR pairs. 9.Alice and Bob measure the m EPR pairs in the Z basis to get a shared secret- key. Alice creates n random check bits, a random m bit key k, random x and z. She encodes |k> in CSS xz (C 1,C 2 ). She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b. Alice randomly chooses T and put the check qubits among the encoded |k>, Alice announces x,z, b and T to Bob, Bob corrects and decodes the remaining qubits according the CSS xz (C 1,C 2 ) code, Bob measures the decoded qubits in basis Z and gets key k. CSS codes protocol Still needs quantum Computer!!! Bob needs storing!
Removing the need for Quantum Computer Alice sends the encoding: Bob receives: Bob decodes for bitflips: Bob can recover k by measuring and identifying the coset: x is removed using Alice’s announcement z and correcting e 2 are now useless!
Alice creates n random check bits, a random m bit key k, random x and z. She encodes |k> in CSS xz (C 1,C 2 ). She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b. Alice randomly chooses T and put the check qubits among the encoded |k>, Alice performs H on the qubit to be sent for each i such that b i =1, she sends the qubits to Bob, Bob receives them and announces it, Alice announces x,z, b and T to Bob, Bob applies H on the qubits where b i =1, Bob measures the check qubits in {|0>,|1>} basis, publicly shares the result with Alice, if more than t- n errors occurred then they abort. Bob corrects and decodes the remaining qubits according the CSS xz (C 1,C 2 ) code, Bob measures the decoded qubits in basis Z and gets key k. CSS codes protocol Bob measures the remaining qubits to get v k +w+x+e 1 and subtracts x before correcting e 1 to get v k +w, Bob computes the coset v k +w+C 2 =v k +C 2 in order to get k. Alice announces x, b and T to Bob, Bob doesn’t need to do quantum error-correction! But Alice does!
Removing Alice’s encoding Since Alice does not need to announce z, she sends a mixture: When w 1 +w 2 <>0 then half the z will produce -1 and half +1 This state is simpler to create than a CSS encoding: Alice classically chooses w in C 2 at random, constructs |v k +w+x> as before using random x and k.
Alice creates n random check bits, a random m bit key k, random x and z. She encodes |k> in CSS xz (C 1,C 2 ). She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b. Alice randomly chooses T and put the check qubits among the encoded |k>, Alice performs H on the qubit to be sent for each i such that b i =1, she sends the qubits to Bob, Bob receives them and announces it, Alice announces x, b and T to Bob, Bob applies H on the qubits where b i =1, Bob measures the check qubits in {|0>,|1>} basis, publicly shares the result with Alice, if more than t- n errors occurred then they abort. Bob measures the remaining qubits to get v k +w+x+e 1 and subtracts x before correcting e 1 to get v k +w, Bob computes the coset v k +w+C 2 =v k +C 2 in order to get k. Alice creates n random check bits, a random x, a random v k in C 1 /C 2, and a random w in C 2. She encodes n qubits in state |0> or |1> according v k +w+x. She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b. No more quantum computer needed Alice randomly chooses T to put as check qubits among the encoded |v k +w+x>,
Further Simplifications Alice sends: in C 2 in {0,1} n in C 1 /C 2 Bob gets : Alice announces: Bob subtracts : If Alice chooses v k in C 1 then w becomes useless!!
Further Simplifications Alice sends: Bob gets : Alice announces: Bob subtracts : Notice that v k +x is completely random, so Alice could choose x at random and send |x> with no change for the rest of the world. in {0,1} n in C 1
Alice creates n random check bits, a random x, a random v k in C 1 /C 2, and a random w in C 2. She encodes n qubits in state |0> or |1> according v k +w+x. She also encodes n qubits in state |0> or |1> according the check bits and picks a random 2n-bit string b. Alice randomly chooses T and put the check qubits among the encoded |k>, Alice performs H on the qubit to be sent for each i such that b i =1, she sends the qubits to Bob, Bob receives them and announces it, Alice announces x, b and T to Bob, Bob applies H on the qubits where b i =1, Bob measures the check qubits T in {|0>,|1>} basis, publicly shares the result with Alice, if more than t- n errors occurred then they abort. Bob measures the remaining qubits to get v k +w+x+e 1 and subtracts x before correcting e 1 to get v k +w, Bob computes the coset v k +w+C 2 =v k +C 2 in order to get k. Alice chooses random v k in C 1 and creates 2n qubits in states |0> and |1> according to 2n random bits. She also picks a random b in {0,1} 2n, Alice randomly chooses n check positions T while the others are |x>, Alice announces b, x-v k, and T to Bob, Bob measures the remaining qubits to get x+e, subtracts x-v k to get v k + e, and corrects e according C 1 to finally get v k, Alice and Bob compute the coset v k +C 2 in order to get k. Almost BB84 Only quantum memory remains to be removed Alice could prepare the qubits already in bases b!
Almost done Alice could pick (4+ )n random bits, for each she creates a qubit in basis |0>,|1> or |+>,|-> according b. Upon reception, Bob could measure randomly in the X or Z basis. When Alice announces b, they keep only the matching positions. Only then, Alice chooses the check qubits.
Secure BB84 Alice creates (4+ n random bits, For each bit, she creates a qubit in the Z or X basis according a random b, Alice sends the resulting qubits to Bob, Alice chooses a random v k in C 1, Bob receives and publicly announces it. He measures each qubit in random Z or X basis, Alice announces b, Alice and Bob only keep the qubits measured and sent in the same basis. Alice randomly picks 2n of the remaining positions and picks n for testing, Alice and Bob publicly compared their check bits. If too many errors occurred then they abort. Alice is left with |x> and Bob with |x+e>. Alice announces x-v k. Bob subtracts this from his result and corrects according C 1 to obtain v k, Alice and Bob compute the coset v k +C2 in C1 to obtain k.
Tolerable noise level for secure QKD Randomizing the positions of errors allows for correcting t errors with a code of minimum distance about t (with good prob).
QKD for Sale! Link Encryptors are hardware Quantum Cryptography appliances for point-to-point wire-speed link encrpytion. Quantum Key Distribution and AES encryption engines are combined in a stand-alone unit. Vectis is a layer 2 encryption device that securely bridges two Fast Ethernet fiber optic networks. Plug-and-play Quantum Key Distribution system that was designed for research and development applications. It is the ideal tool for researchers interested to contribute to the field of Quantum Cryptography.