Jump to content

Draft:Measurement-device-independent quantum key distribution

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Kyle M Jordan (talk | contribs) at 15:58, 1 December 2024 (Consistent acronym for DI-QKD.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


Measurement-device-independent quantum key distribution (MDI-QKD) is a family of quantum key distribution (QKD) protocols allowing two parties to share a cryptographic key over an uncontrolled network. Protocols of this type can be used even if some of the devices used to generate the key have been tampered with. Like other types of quantum key distribution, the users of a MDI-QKD protocol can detect the presence of many types of security vulnerabilities and avoid unintentionally sharing secret information with a third party.

Quantum key distribution relies on the users sharing quantum systems, with measurements on these systems being used to generate a random key; due to the no-cloning theorem, any attempt to copy the keys during transmission can be detected. During long-distance communications, these quantum systems are disturbed by the environment and lose their information-carrying properties. The solution is to place quantum repeaters between the two parties, which rely on additional measurements to extend the range of quantum communication. In a practical key distribution system, these repeaters can be modified by malicious third parties in order to change their behaviour and compromise any secure communications. Measurement-device-independent quantum key distribution can be used in these cases to detect any changes to the behaviour of intermediate devices, with the users aborting communication if any tampering has occurred.

Description

Alice and Bob prepare qubits and send them to Eve, who measures them. Eve communicates the measurement results with Alice and Bob. Alice and Bob use the results from Eve to establish a secret key that only they know.

Ideal implementation

Suppose that Alice and Bob are in separate laboratories, that each can prepare a qubit in any desired pure state, and that neither laboratory has any undesired communication channels with the outside world. Since the goal is to overcome any detector side-channels, we consider the extreme case in which a third-party Eve (who may be malicious) has exclusive access to all detectors used in the protocol. Alice and Bob are both connected to Eve by quantum channels, and furthermore all parties can share classical information over a public authenticated channel. The goal of the MDI-QKD protocol is for Alice and Bob to prepare and send quantum systems to Eve, who performs measurements and publicly announces a result; based on the Eve's responses and their public communications, Alice and Bob either create a shared private key or, if this is not possible, abort the protocol[1].

The protocol now proceeds as follows.

  1. Alice and Bob each select a random value , where denotes either Alice or Bob. This value is used to choose between one of two mutually-unbiased qubit bases; for concreteness, we will use and .
  2. Alice and Bob each select a second random value , corresponding to either the first or second element of the basis . Each party prepares the chosen state and sends it to Eve, who (in the ideal case) receives the two-qubit state .
  3. Eve measures the two-qubit state in the Bell basis




    and announces the result to Alice and Bob over a public channel.
  4. Alice, Bob, and Eve repeat the previous steps times, recording the measurement results and (for Alice and Bob) the selected basis and state for each trial.
  5. Alice and Bob share their preparation bases over the public channel and discard any trials in which they used different bases.
  6. The remaining trials involve eight possible input states , four for each of the two bases. The following table shows the probabilities for each Bell measurement result given a particular input state.

    In the cases where the qubits were prepared in the basis and the result is , and where the qubits were prepared in the basis and the result is one of or , then either Alice or Bob flips the value of their bit . In any case, so long as Eve truthfully reports the results of a Bell measurement, after the flip Alice and Bob possess the same bit values, .

  7. Alice and Bob publicly share their bit values for a subset of the trials . If the bit values for this subset do not agree, it indicates that Eve may have tampered with the measurement process or falsely reported some measurement results.
  8. If Alice and Bob find that a sufficient number of the bit values that were compared agree, then they perform information reconciliation and privacy amplification to determine a secret key that is unknown to Eve.

History

The concept of device-independent quantum key distribution (DI-QKD) was described by Mayers and Yao[2], which relies on "self-checking" devices which can certify their own correct operation. An early proposal for fully device-independent quantum key distribution is given in a paper by Acín et al[3]. This protocol relies on violations of a Bell inequality. So long as no unwanted information leaves Alice's and Bob's labs (as might occur, for example, if an eavesdropper broadcasts the results of each of their measurements), any violation of a Bell inequality by their measurement results implies that Alice and Bob share nonlocal correlations. A third party may modify Alice's and Bob's devices in such a way so as to mimic the outputs of a secure key distribution protocol, but without additional communication channels these modified devices can produce only locally-correlated outputs[4]. By testing a statistic such as the CHSH inequality, Alice and Bob can verify whether nonlocal correlations exist and therefore rule out the presence of such modifications (or, at least, modifications which might provide a third party with useful information about the key). However, like other implementations of Bell inequality tests, DI-QKD is subject to so-called loopholes, of which the most important is the detection loophole; to overcome this, the detectors used in the protocol must have very high efficiencies, which limits practical implementation[5].

Measurement-device-independent QKD was proposed in 2012 by Lo et al as a workaround to this situation[1]. Since MDI-QKD relies on reliable preparation of quantum states, it makes stronger assumptions about the workings of devices than fully DI-QKD, and so reintroduces possible side-channels in the preparation device. However, this comes with much less stringent requirements for technical implementations, and allows for the use of conventional detectors with lower quantum efficiency while still being immune to detector side-channel attacks. Preparation side-channels can still be overcome using techniques such as the decoy-state method[6]. An early proof-of-principle experimental demonstration using a polarization encoding was performed in 2013 by Rubenok el al[7]; later experiments have implemented MDI-QKD across more than 400 km of optical fiber[8].

See also

References

  1. ^ a b Lo, Hoi-Kwong (2012). "Measurement-Device-Independent Quantum Key Distribution". Physical Review Letters. 108 (13). doi:10.1103/PhysRevLett.108.130503.
  2. ^ Mayers, Dominic; Yao, Andrew (2004-09-13), Self testing quantum apparatus, doi:10.48550/arXiv.quant-ph/0307205
  3. ^ Acín, Antonio; Massar, Serge; Pironio, Stefano (2006-08-02). "Efficient quantum key distribution secure against no-signalling eavesdroppers". New Journal of Physics. 8 (8): 126–126. doi:10.1088/1367-2630/8/8/126. ISSN 1367-2630.
  4. ^ Pirandola, S.; Andersen, U. L.; Banchi, L.; Berta, M.; Bunandar, D.; Colbeck, R.; Englund, D.; Gehring, T.; Lupo, C.; Ottaviani, C.; Pereira, J. L.; Razavi, M.; Shaari, J. Shamsul; Tomamichel, M.; Usenko, V. C. (2020-12-31). "Advances in quantum cryptography". Advances in Optics and Photonics. 12 (4): 1012–1236. doi:10.1364/AOP.361502. ISSN 1943-8206.
  5. ^ Liu, Wen-Zhao (2022). "Toward a Photonic Demonstration of Device-Independent Quantum Key Distribution". Physical Review Letters. 129 (5). doi:10.1103/PhysRevLett.129.050502.
  6. ^ Liu, Yang (2013). "Experimental Measurement-Device-Independent Quantum Key Distribution". Physical Review Letters. 111 (13). doi:10.1103/PhysRevLett.111.130502.
  7. ^ Rubenok, A. (2013). "Real-World Two-Photon Interference and Proof-of-Principle Quantum Key Distribution Immune to Detector Attacks". Physical Review Letters. 111 (13). doi:10.1103/PhysRevLett.111.130501.
  8. ^ Yin, Hua-Lei (2016). "Measurement-Device-Independent Quantum Key Distribution Over a 404 km Optical Fiber". Physical Review Letters. 117 (19). doi:10.1103/PhysRevLett.117.190501.

Further reading