Quantum Key Distribution (QKD) is a method for two parties (traditionally called Alice and Bob) to securely share a secret key (typically a random string of 0s and 1s) using the principle of quantum mechanics rather than relying on mathematical assumptions about computational hardness. As indicated by its name, QKD comes as a solution to a well-known classical problem: the key distribution problem. It has indeed been shown that two distant parties could exchange a secret message without anyone getting any information about it if the two parties shared a previously generated secret “key” (i.e. a uniformly random string of 0s and 1s of length equal to that of the message). However, if leaves open the question of how to first agree on such a key, without anyone learning anything about it. Classical solutions to the key distribution problem all rely on assuming that it is not possible to solve certain mathematical problems in a reasonable amount of time (years…). However, this is not a strict guarantee if better algorithms or computers are designed. In particular, the advent of large-scale quantum computers would threaten many current classical cryptosystems. On the other hand, the security of quantum key distribution is guaranteed by the laws of quantum mechanics.
How QKD Works in Practice
QKD starts with a quantum transmission phase where Alice and Bob perform measurements on quantum states. The measurement results enable them to construct a yet-unsecure key. QKD leverages a principle in quantum mechanics which states that measuring the state of an unknown system modifies it. This means that any eavesdropper (traditionally called “Eve”) trying to spy on the process will necessarily leave a detectable trace. Any eavesdropping tentative can thus be detected with very high probability when Alice and Bob sacrifice a small portion of their key to compare it and check for errors. As a first approximation, it is often stated that whenever such errors are present, they indicate the presence of an eavesdropper, and the process should be carried over. In practice, most of the time, errors rather come from noise (i.e. any unwanted interactions with the environment) but to be on the safe side, one needs to attribute them to an eavesdropper. The ratio of errors is then used to know how much information may have leaked towards Eve. Finally, classical post-processing methods are used to extract a perfectly secure yet shorter key from the one previously generated.
Why Photonics Is Used for QKD
Photons are a natural carrier of quantum information over a distance, and practical QKD systems today, whether fibber-based, free-space or satellite, are built with quantum photonics.
Once the key is shared, it can be used with a classical encryption algorithm to protect data. Moreover, the ability of performing QKD is a key step toward building and deploying distributed quantum computation, whereby multiple QPU are interconnected to perform a shared computation.
Frequently Asked Questions
- Can a quantum computer break quantum keys?
The security of QKD protocols is guaranteed by the law of quantum mechanics not computational assumptions. Therefore, even a quantum computer cannot break quantum keys.
- What are some limitations of QKD?
There are two main limitations to quantum key distribution. The first is the limited distance between the parties due to photon loss in optical fibbers or air. Satellite-based quantum key distribution is now investigated to solve this issue. The second limitation is the cost and complexity of quantum hardware development (source, repeaters, detectors, etc.).
- Is a practical QKD system really invulnerable to attacks?
While the security of perfect quantum key distribution protocols is guaranteed by the laws of quantum physics, deviations between the experimental setup and the theoretical protocol can result in security breaches. Indeed, one very common assumption in any cryptosystem (be it classical or quantum) is that the devices used behave exactly as intended. This assumption is difficult to meet in practical QKD systems. Device-independent QKD aims to solve this issue by replacing this assumption by a weaker one, namely that the devices cannot communicate between themselves. However, device-independent QKD is not yet mature enough to be implemented. For this reason, as of today, it is always safer to add a QKD protocol on top of a classical protocol rather than relying solely on QKD.
- What are the advantages of quantum key distribution compared to classical key distribution?
Quantum keys are fundamentally secure, as their security is based on the laws of physics rather than computational complexity. Therefore, even the most powerful supercomputers cannot break them. Second, the two parties exchanging the keys can detect a potential eavesdropper. Therefore, they can restart the protocol until they both agree on the absence of an eavesdropper.