Quantum key distribution

Quantum cryptography is a technology arising from the broad field of quantum information which is more developed towards real world applications, with a few companies starting to offer commercial products.

We implement a field version of free space quantum cryptography for the urban environment of Singapore. A compact source of entangled photon pairs is used to implement a BB84-type quantum key distribution protocol. The system is able to detect single photons in an outdoor environment and against a strong background at moderate daylight conditions. A successful key exchange over a test range on NUS campus has been demonstrated.

Implementation

To explore key distribution systems relying on entangled photons as a primary physical resource for key generation, we follow currently a simple extension of a BB84 protocol, based on polarization measurements on photon pairs at two legitimate communication partners:

Besides the source for entangled photon pairs, we use compact single photon detection modules for polarization measurements, and a coincidence identification concept with records times relative to local clocks on both sides, obliviating any specific hardware communication channel for the protocol besides the quantum link itself. After a few seconds of our photon-pair based clock synchronization scheme, the key generation process runs continuously using an autonomous standard WIFI link between or two sides for all coincidence detection and genuine key generation protocol elements such as base reconciliation, error correction and privacy amplification.

Somewhat different from other QKD implementations, this scheme requires no large bandwidth supply for very random numbers in order not to undermine the in-principle security promised by QKD, but only a very moderate bandwidth for the classical protocol parts.

Hardware

Our intent is to provide a reference system for investigating the practical feasibility and security of a quantum key distribution system which is not bound to optical fibers, but is reasonably mobile and can be deployed under ad-hoc conditions. This required development of quantum optical equipment compatible with environmental conditions in tropical Singapore.

Software / Protocol aspects

In an attempt to minimize the effort in expensive and sensitive physical hardware, we moved large parts of the key generation tasks into the software of our system. All coincidence identification key sifting and error correction components, which are essential part of every QKD approach were implemented in a way that key material is generated continuously once the quantum link is established between the two sites. Lossless compression schemes for classical communication operate close to the Shannon limit, allowing us to work with consumer-grade networking equipment. Privacy-amplified key accumulates in well-defined standard packets to be consumed by a key management system to to be used for encryption of data.

The code that drives our crypto implementation has migrated to a google code project. This is also an attempt to provide a basis of a security discussion on an implementation level rather than on the conceptual level only, making this part of a larger programme to assess realistic systems [6].

Performance

In an uninterrupted run of establishment of secret key over the span of a night, we arrived at a key rate after error correction and privacy amplification of 630 bits per second on average. Our initial raw key error ratio is limited by the imperfect polarization correlations of our entangled photon source at night (4..5% QBER), and by ambient light contributions at daytime.

Key generation performance in a field trial over a run at night. The blue trace shows the photon pair rate identified as originating form the parametric down conversion source at the two remote locations, subject to alignment drifts and atmospheric transmission quality fluctuations. The green trace indicates our raw key rate after basis reconciliation in a BB84-type protocol, and the red trace the resulting final key rate after error correction and privacy amplification, implementing a modified cascade error correction protocol. The raw key error fraction (QBER, lower panel) is dominated by source correlations at night, and starts to see a sharp increase with the rising sun shining directly in the single photon detectors.

Implementation of an Ekert-91 protocol

One of the often quoted practical applications of entangled states are QKD protocols which make explicit use of the monogamy of entanglement - such that an eavesdropping attempt is revealed not via an error in the established raw key, but in a reduction in the entanglement.
The violation of a Bell inequality can provide a quantitative measure for this loss of entanglement, and an explicit assessment of the possible knowledge of an eavesdropper was given in the framework of device-independent cryptography [cite acin et al]. In the theoretical scenario, this assessment makes no explicit assumption on the specific measurement devices. In particular, it makes no assumption on the size of the Hilbert space (and thus possible side channels).
We implemented a QKD protocol inspired by this idea, based on passive base choices where we randomly either test for a violation of a CSHS Bell inequality or generate a key.

We operated the key exchange based on this protocol over the same optical link on the NUS campus, and generate a secret key with an average Bell value of S=2.5 at a rate around 300 s^-1. Technical details of that experimental implementation of the Ekert protocol can be found in [3].

Daylight operation

Any free-space optical QKD link which claims some practical relevance needs to operate in daylight conditions. We succeeded to demonstrate this on campus with a BBM92 protocol, where our QKD system generated key without interruption over several days. The technical details can be found in [4]

Hacking

Any cryptography systems needs to prove its worthiness by being subjected to attacks. We try to find explicit holes in the implementation and explore the consequences of not addressing them.
Recently we looked into the timing information exchanged between the communicating parties as a side channel from which Eve can collect a large amount of information about the key. See here or look up the article [2] for a more details. Even more recently we explored another, really large hole in the system (or comparable ones) in collaboration with Vadim Makarov from Trondheim/Norway[7]. More to come...

Varia

In December 2007 the full crypto kit was sent to Berlin to be demonstrated live at the Chaos Communication Congress. The kit survived the shipping, and the demo was a success. As part of the congress we also gave a talk and released the software and some test data that drives the QKD system as open source.

In the framework of the master thesis of Caleb Ho, an algorithm was developed to carry out the clock synchronization for the remote coincidence identification with relatively cheap clocks instead of Rubidium references or GPS receivers by exploiting the high temporal correlation of downconverted photon pairs only, thus reducing significantly the hardware requirements. See reference [5] for details.

References

[1]	I. Marcikic, A. Lamas-Linares, C. Kurtsiefer: Free-space quantum key distribution with entangled photons. Applied Physics Letters 89, 101122 (2006)
[2]	A. Lamas-Linares and C.Kurtsiefer: Breaking a quantum key distribution system through a timing side channel. Opt. Express 15, 9388 (2007)
[3]	A. Ling, M.P. Peloso, I. Marcikic, V. Scarani, A.Lamas-Linares, C. Kurtsiefer: Experimental quantum key distribution based on a Bell test. Physical Review A 78, 020301 (R) (2008)
[4]	M.P. Peloso, I. Gerhardt, C. Ho, A. Lamas-Linares, C. Kurtsiefer: Daylight operation of a free space, entanglement-based quantum key distribution system. New Journal of Physics 11, 045007 (2009)
[5]	C.Ho, A. Lamas-Linares, C. Kurtsiefer: Clock synchronization by remote detection of correlated photon pairs. New Journal of Physics 11, 045011 (2009)
[6]	V. Scarani, C. Kurtsiefer: The black paper of quantum cryptography: real implementation problems. arXiv:0906.4547 (2009)
[7]	I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurtsiefer, V. Makarov: Full-field implementation of a perfect eavesdropper on a quantum cryptography system, Nature communications 2, 349 (2011) / arXiv:1011.0105 (2010)