One Way vs. Entangled Cryptography

[Zafa Pi]

In a recent article (I've lost the reference, but it doesn't matter) it said that employing entangled photons is superior to the usual one way transmission of photons from Alice to Bob for creating a one time pad. It gave no justification for this claim. Can anyone provide me with one?

 

[DennisN]

Hi Zafa Pi! Is it something like this you are looking for?

Jennewein et. al, Quantum Cryptography with Entangled Photons,
Phys. Rev. Lett. 84, 4729 – Published 15 May 2000
Abstract:
By realizing a quantum cryptography system based on polarization entangled photon pairs we establish highly secure keys, because a single photon source is approximated and the inherent randomness of quantum measurements is exploited. We implement a novel key distribution scheme using Wigner's inequality to test the security of the quantum channel, and, alternatively, realize a variant of the BB84 protocol. Our system has two completely independent users separated by 360 m, and generates raw keys at rates of 400–800 bits/s with bit error rates around 3%.

On Arxiv:
http://arxiv.org/abs/quant-ph/9912117
http://arxiv.org/pdf/quant-ph/9912117v1.pdf

However, in principle it is always possible to intercept classical key distribution unnoticedly. The recent development of quantum key distribution can cover this major loophole of classical cryptography. It allows Alice and Bob to establish two completely secure keys by transmitting single quanta (qubits) along a quantum channel. The underlying principle of quantum key distribution is that nature prohibits to gain information on the state of a quantum system without disturbing it. Therefore, in appropriately designed schemes, no tapping of the qubits is possible without showing up to Alice and Bob.

 

[Zafa Pi]

Hi Zafa Pi! Is it something like this you are looking for?

Jennewein et. al, Quantum Cryptography with Entangled Photons,
Phys. Rev. Lett. 84, 4729 – Published 15 May 2000
Abstract:
By realizing a quantum cryptography system based on polarization entangled photon pairs we establish highly secure keys, because a single photon source is approximated and the inherent randomness of quantum measurements is exploited. We implement a novel key distribution scheme using Wigner's inequality to test the security of the quantum channel, and, alternatively, realize a variant of the BB84 protocol. Our system has two completely independent users separated by 360 m, and generates raw keys at rates of 400–800 bits/s with bit error rates around 3%.

On Arxiv:
http://arxiv.org/abs/quant-ph/9912117
http://arxiv.org/pdf/quant-ph/9912117v1.pdf

Good looking out, thanks. The only place I see where a comparison is made between the two methods is from your 2nd reference, where they say,

"A range of experiments have demonstrated the feasibility of quantum key distribution, including realizations using the polarization of photons⁹ or the phase of photons in long interferometers^10. These experiments have a common problem: the sources of the photons are attenuated laser pulses which have a non-vanishing probability to contain two or more photons, leaving such systems prone to the so called beam splitter attack¹¹.

Using photon pairs as produced by parametric down conversion allows us to approximate a conditional single photon source¹² with a very low probability for generating two pairs simultaneously and a high bit rate^13. Moreover, when utilizing entangled photon pairs one immediately profits from the inherent randomness of quantum mechanical observations leading to purely random keys."

I find the notion of profiting from the inherent randomness of quantum mechanical observations a bit of a red herring, since Alice can make random selections just fine.
I also find that the problem of Alice sending a couple of photons at a time worse than the difficulty of reliably employing down conversion surprising. But if they say so I'm in no position to quibble.
So I guess that's it.

BTW, are you the guy on the left or right in your avatar?

 

[Simon Phoenix]

If we had a perfect single-photon source then there's no reason in principle why a QKD protocol using entangled states is superior.

From a practical perspective it's very easy to generate an approximate single-photon source by attenuating a laser beam. This is usually modeled as a coherent state. The problem is that for a given time slot there will be a probability that there will be 2 or more photons - which leads to a vulnerability. In order to limit this probability the attenuation can be increased, but this leads to a lower data rate - which is not great for one time pad applications. I'm guessing that this is the reason why the paper you read would suggest that entanglement based QKD is superior.

However, if one uses decoy states with attenuated coherent sources then the photon splitting attack (based on the possibility of there being two or more photons in a given timeslot) can be thwarted and security restored essentially without compromising key rate.

My own view is that there's far too much emphasis within the QKD community on getting key rates high enough for the one time pad to become a practical proposition. Given the effectiveness and speed of symmetric key crypto (with 256 bits to future-proof against quantum computing) I don't really see that there's much practical benefit except where ultra security is required in aiming for OTP applications.

 

[Zafa Pi]

If we had a perfect single-photon source then there's no reason in principle why a QKD protocol using entangled states is superior.

From a practical perspective it's very easy to generate an approximate single-photon source by attenuating a laser beam. This is usually modeled as a coherent state. The problem is that for a given time slot there will be a probability that there will be 2 or more photons - which leads to a vulnerability. In order to limit this probability the attenuation can be increased, but this leads to a lower data rate - which is not great for one time pad applications. I'm guessing that this is the reason why the paper you read would suggest that entanglement based QKD is superior.

However, if one uses decoy states with attenuated coherent sources then the photon splitting attack (based on the possibility of there being two or more photons in a given timeslot) can be thwarted and security restored essentially without compromising key rate.

My own view is that there's far too much emphasis within the QKD community on getting key rates high enough for the one time pad to become a practical proposition. Given the effectiveness and speed of symmetric key crypto (with 256 bits to future-proof against quantum computing) I don't really see that there's much practical benefit except where ultra security is required in aiming for OTP applications.

Cool, thanks. Can you explain or give a reference to "the photon splitting attack" and how it's thwarted?
Also you say, "I don't really see that there's much practical benefit except where ultra security is required in aiming for OTP applications" Is that in case aliens have 1000 bit q-computers?

 

[DennisN]

BTW, are you the guy on the left or right in your avatar?

I am a litte bit of both . I have some of Bender's crude humor and some of Zoidberg's ignorance of biology.