Higher Institute for Applied Sciences and Technology

Communications Department
4
th
year, SEMINAR











Submitted by: Fadi Akil
Scientific Supervisor: Dr. Oumayma Al-Dakkak
Linguistic Supervisor: Mr. Fahmi Ammareen
Seminar Coordinator: Dr. Nizar Zarka


March 8
th
, 2012


i




Abstract

Unlike classical (conventional) cryptographic systems which are based on mathematics (mostly
number theory), quantum cryptography is based on the physics of quantum mechanics, and it is
extremely secure. In this paper we shall recall classical cryptographic protocols (symmetric &
asymmetric). As well, standard examples of each type are introduced and their insufficiency is
discussed. Afterward, we encounter the basic concepts of quantum computation and quantum
information theory.
In the context of quantum cryptography, two parties (given access to an insecure quantum and
classical channel) can securely establish a secret key without making any assumptions about the
capabilities of an eavesdropper who might be present. This is because the principles of quantum
mechanics ensure that no eavesdropper can successfully measure the quantum state being
transmitted without disturbing the state in some detectable way. This seminar briefly describes
those underlying principles of quantum cryptography and provides an overview of the simplest
quantum key distribution (QKD) protocol present in the literature, namely BB84 protocol.







ii

Contents
Abstract ............................................................................................................................................ i
Contents .......................................................................................................................................... ii
List of Figures................................................................................................................................ iii
1. Introduction ................................................................................................................................. 1
2. Classical Cryptographic Communication Systems ..................................................................... 1
2.1 Generalities & Terminology ................................................................................................................ 1
2.2 Cryptographic Protocols (Symmetric vs. Asymmetric) ...................................................................... 3
3. A Glance at Quantum Computation Theory ............................................................................... 9
3.1 Quantum Bits or Qubits .................................................................................................................... 9
3.2 The road to a Quantum Computer ................................................................................................... 11
4. Quantum Cryptographic Communication Systems .................................................................. 13
4.1 Quantum Key Distribution (QKD) ...................................................................................................... 13
4.2 The BB84 Quantum Cryptographic Protocol without noise ............................................................. 14
5. Conclusion ................................................................................................................................ 19
List of Acronyms .......................................................................................................................... 20
References ..................................................................................................................................... 21








iii

List of Figures
Fig. 1 - Classiacl Cryptographic Communication System .............................................................................. 2
Fig. 2 - Private Key Cryptography. ................................................................................................................. 3
Fig. 3 - Vernam Cipher (One-time pad) ......................................................................................................... 4
Fig. 4 - Claude E. Shannon ............................................................................................................................. 4
Fig. 5 - Public Key Cryptography ................................................................................................................... 5
Fig. 6 - W. Diffie, M. Hellman, R. Rivest, A. Shamir & L. Adleman ................................................................ 6
Fig. 7 - Classical Bit vs. Quantum Bit ........................................................................................................... 10
Fig. 8 - Measurement of a Qubit ................................................................................................................. 11
Fig. 9 - Classical computer vs. Quantum Computer Performance .............................................................. 11
Fig. 10 - Peter Shor ...................................................................................................................................... 12
Fig. 11 - C. Bennet & G. Brassard ................................................................................................................ 14
Fig. 12 - Alphabets of rectilinear & diagonal polarization bases ................................................................ 14
Fig. 13 - Quantum Cryptographic Communication System ........................................................................ 15
Fig. 14 - A brief description of BB84 protocol ............................................................................................. 18
Fig. 15 - First implementation of BB84 ....................................................................................................... 19











1
1. Introduction

Cryptography literally means The art & science of secret writing & sending a message between
two parties in such a way that its contents cannot be understood by someone other than the
intended recipient. Human desire to communicate secretly is at least as old as writing itself and
goes back to the beginnings of our civilization. Cryptography is a key technology in
telecommunication systems. It is used to keep data secret, digitally sign documents, manage
access, and so forth. Users therefore should not only know how its techniques work, but they
must also be able to estimate their efficiency and security.
For ages, mathematicians have searched for a system that would allow two parties to exchange
messages in absolute secrecy. The modern cryptography which we may call mathematical
cryptography was born together with computer science. Modern cryptography follows a strong
scientific approach and designs cryptographic algorithms around computational hardness
assumptions, making such algorithms hard to break by an adversary. It is theoretically possible to
break such a system but it is infeasible to do so by any practical means. These schemes are
therefore computationally secure. There exist information-theoretically secure schemes that
provably cannot be brokenan example is the one-time padbut these schemes are more
difficult to implement than the theoretically breakable (but computationally secure) mechanisms.
Quantum mechanics has now joined forces with cryptology to achieve a major step in that
direction giving birth to what is called Quantum Cryptography. In contrast to Classical
cryptography which depends upon Mathematics, Quantum Cryptography utilizes the concepts of
Quantum Physics which provides us with ultimate security against the cleverest eavesdroppers of
the present age. Quantum cryptography has the potential to guarantee perfectly secure
communications, but until now all prototype systems have been point-to-point links rather than
networks that share connections. Furthermore, Quantum Cryptography eliminates completely the
possibility of eavesdropping.
2. Classical Cryptographic Communication Systems

2.1 Generalities & Terminology

Broadly Speaking, cryptography is the problem of doing communication or computation
involving two or more parties who may not trust one another. The best known cryptographic
problem is the transmission of secret messages. For example, you may wish to give your credit

2
card to a merchant in exchange for goods, hopefully without any harmful third party intercepting
your credit card number. The way this is done is to use a cryptographic protocol. The most
important distinction is between private key cryptosystems and public key cryptosystems.
Let us first illustrate a brief description of a classical cryptographic system in Figure 1:

Fig. 1 - classical cryptographic system

A message, called plaintext P, is encrypted via a secret key K into ciphertext C, sent over a
non-secure communication channel, and finally decrypted via a secret key K` back into readable
plaintext P. Following the conventions of the cryptographic literature, we shall refer to the
transmitter as Alice, to the receiver as Bob, and to an adversarial eavesdropper as Eve.






3
2.2 Cryptographic Protocols (Symmetric vs. Asymmetric)

The way a private key cryptosystem works is that two parties, Alice & Bob, wish to
communicate by sharing a private key, which they only know. The exact form of the key doesnt
matter at this point think of a string of zeros and ones. The point is that this key is used by
Alice to encrypt the information she wishes to send to Bob. After Alice encrypts the message she
sends the encrypted information to Bob who must now recover the original information. How
Alice exactly encrypts the message depends upon the private key, so that to recover the original
message Bob needs to know the private key, in order to undo the transformation Alice applied.




Fig.2 Private-Key Cryptography

Unfortunately, private key cryptosystems have some severe problems in many contexts. The
most fundamental problem is how to distribute the keys? In many ways, the key distribution
problem is just as difficult as the original problem of secret communication an opponent third
party may be eavesdropping on the key distribution, and then uses the intercepted key to decrypt
some of the message transmission [2].
A simple, yet highly effective private key cryptosystem is Vernam Cipher, sometimes called
a one-time pad. Alice and Bob begin with n-bit secret key strings, which are identical. Alice
encodes her n-bit message by adding the message and key together, and Bob decodes by
subtracting to invert the encoding, as illustrated in Figure 3.



4










Fig. 3 Vernam Cipher

The great feature of this system is that as long as the key strings are truly secret, it is provably
secure. That is, when the protocol used by Alice and Bob succeeds, it does so with arbitrarily
high probability: an eavesdropper Eve can always jam the communication channel, but Alice and
Bob will never use the same key to encrypt any other texts. So all the plaintexts having the same
lengths are candidates for decryption and hence the exact text is unknown!!

Ultimately, the security of a cryptogram depends on the length of the key. In the 1940s, Claude
E. Shannon, the father of information theory, showed that if the key is shorter than the message
being encrypted, some information about the message can be inferred from the cryptogram by a
sufficiently powerful adversary. This leakage of information occurs regardless of how
complicated the encryption process may be. In contrast, the message can be completely and
unconditionally hidden from the eavesdropper by cryptosystems such as the Vernam Cipher, in
which the key is as long as the message is purely random and is used only once.






Fig. 4 Claude E. Shannon

5
The major difficulty of private key cryptosystems, as weve seen, is secure distribution of key
bits. In particular, the Vernam cipher is secure only as long as the number of key bits is at least
as large as the size of the message being encoded, and key bits cannot be reused! Thus, the large
amount of key bits needed makes such schemes impractical for general use. Furthermore, key
bits must be delivered in advance, guarded assiduously until used, then destroyed afterwards;
otherwise, in principle, such classical information can be copied without disturbing the originals,
thus compromising the security of the whole protocol. Despite these drawbacks, private key
cryptosystems such as the Vernam cipher continue to be used because of their provable security,
with key material delivered by clandestine meetings, trusted couriers, or private secured
communications links.
The second major type of cryptosystem is the public key cryptosystems. Public key
cryptosystems dont rely on Alice and Bob sharing a secret key in advance. Instead, Bob simply
publishes a public key, which is made available to the general public, such as in a diary. Alice
can make use of this public key to encrypt a message which she sends to Bob. What is interesting
is that a third party cannot use Bobs public key to decrypt the message! Strictly speaking, we
shouldnt say cannot. Rather, the encryption transformation is chosen in a very clever and non-
trivial way so that it is extremely difficult (though not impossible, at least theoretically) to invert,
given only the knowledge of the public key. To make inversion easy, Bob has a secret key
matched to his public key, which together enable him to easily perform the decryption. This
secret key is not known to anybody other than Bob, who can therefore be confident that he only
can read the contents of Alices transmission, to the extent it is unlikely that anybody else has the
computational power to invert the encryption algorithm, given only the public key. Public key
cryptosystems solve the key distribution problem by making it unnecessary for Alice and Bob to
share a private key before communicating [1].



Fig.5 Public-Key Cryptography



6
Rather remarkably public key cryptography did not achieve widespread use until the mid-1970s,
when it was proposed independently by Whitfield Diffie and Martin Hellman, and by Ralph
Merkle, revolutionizing the field of cryptography. Soon Afterward, Ronald Rivest, Adi Shamir
and Leonard Adleman developed the RSA cryptosystems, which at the time of writing is the
most widely deployed public key cryptosystems, believed to offer a fine balance security and
practical usability. In 1997 it was disclosed that these ideas public-key cryptography, the
Diffie-Hellman and RSA cryptosystems were actually invented in the late 1960s and early
1970s by researchers working at the British intelligence agency GCHQ.
(a) (b)
Fig.6 (a) W. Diffie & M. Hellman, authors of the first published paper on public-key cryptography
(b) R. Rivest, A. Shamir & L. Adleman, the developers of the RSA Cryptosystem
The key to the security of public key cryptosystems is that it should be difficult to invert the
encryption stage if only the public key is available. For example, it turns out that inverting the
encryption stage of RSA is a problem closely related to factorization. Much of the presumed
security of RSA comes from the belief that factoring is a problem hard to solve on a classical
computer. However, Shors fast algorithm for factoring on a quantum computer could be used to
break RSA! Similarly, there are other public key cryptosystems which can be broken if a fast
algorithm for solving the discrete logarithm problem like Shors quantum algorithm for
discrete logarithm were known. This practical application of quantum computers to break
cryptographic codes has excited much of the interest in quantum computation and quantum
information theory.




7
The Rivest-Shamir-Adleman (RSA) Cryptosystem:
Here we focus on the most popular public-key cryptosystem namely the RSA. This is a public-
key cryptosystem whose security is based on the belief that there is no fast way of factoring
numbers that are the product of two large primes.
Suppose that Alice wants to send an RSA encrypted message to Bob, The RSA encryption-
decryption procedure works as follows [1]:

Key generation: Bob picks randomly two distinct and large prime numbers and
define and . Then, Bob picks a random integer that is
relatively prime to and computes the unique integer in the range from
the formula . This computation can be achieved efficiently using for
instance the extended Euclidean algorithm for the greatest common divisor (GCD).
Bobs private key is , and his public key is .
Encryption: Alice obtains Bobs public key from some sort of yellow pages or
an RSA public key directory. Alice then writes her message as a sequence of numbers (for
example she can replace each letter with a number, which represents the location of that letter
in the alphabet). Alice encrypts the message into a cryptogram by the rule:

And sends the resulting cryptogram to Bob.
Decryption: Receiving the cryptogram , Bob decrypts it by the formula:

8


















The obvious method of cracking the RSA scheme:
In order to recover plaintext from cryptogram, an outsider, who knows , would
have to solve the congruence

.
Solving such equation is believed to be a hard computational task for classical computers. So far,
no classical algorithm that computes the solution efficiently when n is large integer (say 200
decimal digits long or more) has been found. However, if we know the prime decomposition of
it is a piece of cake to figure out our private key: we simply follow the key generation procedure
and solve the congruence .This can be done efficiently even when p and q are
very large. Thus, in principle, anybody who knows can find by factoring : The security of
RSA therefore relies among others on the assumption that factoring large numbers is
computationally difficult. In the context of classical computation, such a difficulty has never
been proven. Worse still there is a quantum algorithm that factors large numbers efficiently. This
means that the security of the RSA cryptosystem will be completely compromised if large-scale
quantum computation becomes one day practical.
In 1978 Rivest, Shamir and Adleman conjectured that any general method of breaking their
scheme yields an efficient algorithm for factorization. This would establish the point that any
method of cracking the RSA scheme was as difficult as factorization. As yet, this conjecture is
unproven rigorously.
~ Example:
The following example is taken from Rivest, Shamir, and Adleman (1978)
[2]. Suppose we take 47 59 as our pair of primes, So that
2773
Using a variant of the Euclidean algorithm: 7. Then with 2773 and
encoding the alphabet in the form
SPACE=00, A=01, B=02, C=03, . , Z=26
The message: ITS ALL GREEK TO ME is represented as
M= 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500
Thus we will encipher the message as 10 blocks of 4 digits. The first block

1
920 will be enciphered by
1
920
17
948 2773
And the whole message is enciphered as
C= 0948 2342 1084 1444 2663 2390 0778 0774 0219 1655
The reader may check that deciphering works, for example
948
157
920 2773 etc.

9
3. A Glance at Quantum Computation Theory
3.1 Quantum Bits or Qubits

QUANTUM INFORMATION science begins by generalizing the fundamental resource of
classical information bits to quantum bits, or QUBITs. Just as bits are ideal objects abstracted
from the principles of classical physics, qubits are ideal quantum objects abstracted from the
principles of quantum mechanics. Bits can be represented by magnetic regions on disks, voltages
in circuitry, or graphite marks made by a pencil on paper. The functioning of these classical
physical states as bits does not depend on the details of how they are realized. Similarly, the
properties of a qubit are independent of its specific physical representation as the spin of an
atomic nucleus, say, or the polarization of a photon of light. A bit is described by its state, 0 or 1.
Likewise, a qubit is described by its quantum state. Two possible quantum states for a qubit
correspond to the 0 and 1 of a classical bit. In quantum mechanics, however, any object that has
two different states necessarily has a range of other possible states, called superpositions, which
entail both states to varying degrees. The allowed states of a qubit are precisely all those states
that must be available, in principle, to a classical bit that is transplanted into a quantum world.
Qubit states correspond to points on the surface of a sphere (Blochs Sphere), with the 0 and 1
being the south and north poles. The continuum of states between 0 and 1 fosters many of the
extraordinary properties of quantum information [3].
Were going to describe qubits as mathematical objects with certain specific properties. But
hang on, you may say, I thought qubits were physical objects. Its true that qubits, like bits, are
realized as actual physical systems. However, we shall treat qubits as abstract mathematical
objects. The beauty of treating qubits as abstract entities is that this kind of treatment gives us
freedom to construct a general theory of quantum computation and quantum information which
does not depend upon a specific system for its realization.
As a classical bit has a state either 0 or 1 A qubit also has a state. Two possible states for a
qubit are the states |0and |, which as you might guess correspond to the states 0 and 1 for a
classical bit. Notation like | is called Dirac notation for states in quantum mechanics. The
difference between bits and qubits is that a qubit can be in a state other than |0 or |. It is also
possible to form linear combinations of those states, often called superposition:
| |0 |
The numbers and are complex numbers, although for many purposes not much lost by
thinking of them as real numbers. In other words, the state of a qubit is a vector in a two-
dimensional vector space, namely Hilbert space. The special states |0 | are known as
computational basis states, and form an orthonormal basis for this vector space.

10
We can examine a bit to determine whether it is in the state 0 or 1. For example, computers do
this all the time when they retrieve the contents of their memory. Rather remarkably, we cannot
examine a qubit to determine its quantum state, that is, the values of and . Instead, quantum
mechanics tells us that we can only acquire much more restricted information about the quantum
state. When we measure a qubit we get either the result 0, with probability ||

, or the result 1,
with probability ||

. Naturally, ||

||

, since the probabilities must sum to one.

Geometrically, we can interpret this as the condition that the qubits state be normalized to length
1. Thus, in general a qubits state is a unit vector in a two-dimensional complex vector space.










Classical (i.e. non-quantum) BIT

A BIT can have one of two states: 0 or 1.
A bit can be represented by a transistor
switch set to off or on or abstractly
by an arrow pointing up or down.



Quantum BIT (QUBIT)

A QUBIT, the quantum version of a bit,
has many more possible states. The states
can be represented by an arrow pointing
to a location on a sphere (called Blochs
Sphere). The north pole is equivalent to
1, the south pole to 0. The other locations
are quantum superpositions of 0 and 1.
Fig.7 Classical Bit vs. Quantum Bit

How much information is represented by a qubit? Paradoxically, there is an infinite number of
points on the unit sphere, so that in principle one could store an entire text of Shakespeare in the
infinite binary expansion of (the latitude of some point of the Blochs sphere). However, this
conclusion turns out to be misleading, because of the behaviour of qubit when observed. Recall
that measurement of a qubit will give only either 0 or 1. Furthermore, measurement changes the
state of a qubit, collapsing it from its superposition of |0 or | to the specific state consistent
with the measurement result. Why deos this type of collapse occur? Nobody knows. This
behaviour is simply one of the fundamental postulates of quantum mechanics.


11
A QUBIT might seem to contain an
infinite amount of information because its
coordinates can encode an infinite
sequence of digits. But the information in
a qubit must be extracted by a
measurement (Collapse postulate of
Quantum Mechanics). When the qubit is
measured, quantum mechanics requires
that the result is always an ordinary bit (a
0 or a 1). The probability of each
outcome depends on the qubits
latitude.

Fig.8 Measurement of a Qubit
3.2 The road to a Quantum Computer

In the early 1980s, Feynman, Manin, and others recognized that certain quantum phenomena -
phenomena associated with entangled particles - could not be simulated efficiently on standard
computers. Turning this observation around, researchers wondered whether these quantum
phenomena could be used to speed up computation in general. Over the last two decades, a small
group of researchers undertook the task of reconsidering the models underlying information and
computation, and providing formal models.
David Deutsch developed a notion of a quantum mechanical Turing machine. Bernstein,
Vazirani, and Yao showed that quantum computers can do anything a classical computer can do
with at most a small (logarithmic) slow down.
















Fig. 9 Classical computer vs. Quantum computer performance.


12
The early 1990s saw the first truly quantum algorithms, algorithms with no classical analogy that
were provably better than any possible classical algorithms. The first of these was Deutschs
algorithm, later generalized to the Deutsch-Jozsa algorithm. These initial quantum algorithms
were able to solve problems efficiently with certainty that classical techniques can solve
efficiently only with high probability. Such a result is of no practical interest since any machine
has imperfections so can only solve problems with high probability. Furthermore, the problems
solved were highly artificial. Nevertheless, such results were of high theoretical interest since
they proved that quantum computation is theoretically more powerful than classical computation
[5].

These results inspired Peter Shors 1994 polynomial-time quantum algorithm for factoring
integers. This result provided a solution to a well-studied problem of practical interest. A
classical polynomial-time solution has long eluded researchers. Many security protocols base
their security entirely on the computational difficulty of this problem. Shors factoring algorithm
and related results mean that once a large enough quantum computer is built, all standard public
key encryption algorithms will be completely insecure.







Fig. 10 Peter Shor, the developer of a quantum algorithm for factoring integers








13
4. Quantum Cryptographic Communication Systems

4.1 Quantum Key Distribution (QKD)

One of the earliest discoveries in quantum computation and quantum information theory was that
quantum mechanics can be used to do key distribution in such a way that Alice and Bobs
security cannot be compromised. This procedure is known as quantum key distribution (QKD).
The basic idea is to exploit the quantum mechanical principle that observation in general disturbs
the system being observed. Thus, if there is an eavesdropper will be visible as a disturbance of
the communication channel Alice and Bob are using to establish the key. Alice and Bob can then
throw out the key bits established while the eavesdropper was listening in, and start over. The
first quantum cryptographic ideas were proposed by Stephen Wiesner in the late 1960s, but
unfortunately were not accepted for publication! In 1984 Charles Bennet and Gilles Brassard,
building on Wiesners earlier work, proposed a protocol using quantum mechanics to distribute
keys between Alice and Bob, without any possibility of a compromise. Since then numerous
quantum cryptographic protocols have been proposed, and experimental prototypes developed.
At the time of this writing, the experimental prototypes are nearing the stage where they may be
useful in limited-scale real-world applications [3].
Quantum Key Distribution (QKD) is a protocol which is provably secure, by which private
key bits can be created between two parties over a public channel. Then, the key can be used to
implement a classical private key cryptosystem, to enable the parties to communicate securely.
The only requirement for the QKD protocol is that qubits can be communicated over the public
channel with an error rate lower than a certain threshold. The security of the resulting key is
guaranteed by the properties of quantum information, and thus is conditioned only on
fundamental laws of physics being correct!
The basic idea behind QKD is the following fundamental observation: Eve cannot gain any
information from the qubits transmitted from Alice to Bob without disturbing their state. First of
all, by no-cloning theorem (It is not possible to make a copy of an unknown quantum state), Eve
cannot clone Alices qubit. Second, Information gain implies disturbance due to Heisenbergs
uncertainty principle (In any attempt to distinguish between two non-orthogonal quantum states,
information gain is only possible at the expense of causing disturbance to the signal).




14
4.2 The BB84 Quantum Cryptographic Protocol without
noise

In this section we give a detailed description of the BB84 protocol in a noise-free environment
and in terms of polarization states of a single photon. It is the first quantum cryptographic
communication protocol which was invented in 1984 by Bennet and Brassard. Please note that
the BB84 protocol could be equally well described in terms of any other two-state quantum
system.






Fig. 11 C. Bennet (left) & G. Brassard (right), the inventors of the BB84 Protocol
Let be the two dimensional Hilbert space whose elements represent the polarization states of a
single photon. In describing BB84, we use two different orthogonal bases of . They are the
rectilinear polarization basis which consists of the vectors |and | , and the diagonal
polarization basis which consists of the vectors | and | .
The BB84 protocol utilize any two incompatible orthogonal quantum alphabets in the Hilbert
space . For our description of BB84, we have selected the following alphabets:

rectilinear polarization quantum
Alphabet

Vector Bit
| 1
| 0
diagonal polarization quantum
Alphabet

Vector Bit
| 1
| 0
Fig. 12 Alphabets of the rectilinear & diagonal polarization bases

15

Bennet and Brassard note that, if Alice were to use only one specific orthogonal quantum
alphabet for her communication to Bob, then Eves eavesdropping could go undetected. For Eve
could intercept Alices transmission with 100% accuracy, and then imitate Alice using only the
orthogonal quantum alphabet

, then Eve could measure each bit of Alices transmission with

a device based on some diagonal polarization measurement operator. Or if Alice used only the
orthogonal quantum alphabet

, then Eve could measure each transmitted bit with a device

based on some linear polarization measurement operator.
The above strategy used by Eve is called opaque eavesdropping (There are more sophisticated
eavesdropping strategies).
To assure the detection of Eves eavesdropping, Bennet and Brassard require Alice and Bob to
communicate in two stages, the first stage over a one-way quantum communication channel from
Alice to Bob, the second stage over a two-way classical public communication channel.











Fig. 13 A quantum cryptographic communication system for securely transferring random key.





16
Stage Communication over a quantum channel
In the first stage, Alice is required, each time she transmits a single bit, to use randomly with
equal probability one of the two orthogonal alphabets

or

. Since no measurement
operator of

is compatible with any measurement operator of

, it follows from the

Heisenberg uncertainty principle that no one, not even Bob or Eve, can receive Alices
transmission with accuracy greater than 75%.
This can be seen as follows. For each bit transmitted by Alice, One can choose a measurement
operator compatible with either

or

, but not both. Because of incompatibility, there is no

simultaneous measurement operator for both

and

. Since one has no knowledge of

Alices secret choice of quantum alphabet, 50% of the time (with probability 05) one will guess
correctly, i.e. choose a measurement operator compatible with Alices choice, and 50% of the
time (with probability 05) one will guess incorrectly. If one guesses correctly, then Alices
transmitted bit is received with probability 1. On the other hand, if one guesses incorrectly,
Alices transmitted bit is received correctly with probability 0.5. Thus in general, the probability
of correctly receiving Alices transmitted bit is

3
4

For each bit transmitted by Alice, we assume that Eve performs one of two actions, opaque
eavesdropping with probability 0 , or no eavesdropping with probability . Thus,
if , Eve is Eavesdropping on each transmitted bit; and if 0 , Eve is not Eavesdropping
at all.
Because Bobs and Eves choice of measurement operator are randomly independent of each
other and Alices choice of Alphabet, Eves eavesdropping has an immediate and detectable
impact on Bobs received bits. Eves eavesdropping causes Bobs error rate to jump from 0.25 to

4

3
8

8

Thus, if Eve eavesdrops on every bit (i.e. ) then Bobs error rate jumps from
1

to

(a 50%
increase).

Stage Communication over a public channel
In stage 2, Alice and Bob communicate in two phases over a public channel to check for Eves
presence by analyzing Bobs error rate.


17
Phase 1 of Stage : Extraction of raw key
This phase is dedicated to eliminate the bit locations (and hence the bits at these locations) at
which error could have occurred without Eves eavesdropping. Bob begins by publicly
communicating with Alice and telling her which measurement operators he used for each of the
received bit. Alice then in turn publicly communicates to Bob and tells him which of his
measurement operator choices were correct. After this two-way communication, Alice and Bob
delete the bits corresponding to the incompatible measurement choices to produce shorter
sequences of bits which we call respectively Alices raw key and Bobs raw key.
If there is no intrusion, then Alices and Bobs raw keys will be in total agreement. However, if
Eve has been at work, then corresponding bits of Alices and Bobs raw keys will not agree with
probability
0

4



Phase 2 of Stage : Detection of Eves intrusion via error detection
Alice and Bob now initiate a two way conversation over the public channel to test for Eves
presence.
In the absence of noise, any discrepancy between Alices and Bobs raw keys is a proof of Eves
intrusion. So to detect Eve, Alice and Bob select a publicly agreed upon random subset of m bit
locations in the raw key, and publicly compare corresponding bits, making sure to discard from
raw key each bit as it is revealed.
One comparison, at least, should reveal inconsistency, then Eves eavesdropping has been
detected. In this case, Alice and Bob return to stage 1 and start over. On the other hand, if
inconsistencies are uncovered, then the probability that Eve escapes detection is [8]:

4
)

For example, if (i.e. Eve eavesdrops on every bit) and 200, then

(
3
4
)

0
5

Thus, if

is sufficiently small, Alice and Bob agree that Eve has not eavesdropped, and
accordingly adopt the remaining raw key as their final secret key.



18
Fig. 14 A brief description of BB84 Protocol [7]


19

Fig. 15 The first implementation of quantum cryptography by Bennet & Brassard in 1988:
communication over 30 cm [6]
All the quantum cryptographic systems we discuss in this paper can be implemented by
transmissions of individual photons over an optical fibre, each photon with a single bit encoded
in its quantum mechanical state space. We describe all of these systems in terms of the
polarization states of a single photon. It should be noted that they could equally well be
described in terms of any two-state quantum system. Examples of such a system include a
spin
1

particle, and a two-state level atom.

5. Conclusion

In classical (i.e. non-quantum) cryptography we saw that the major difficulty of private-key
cryptosystems is key distribution. We can overcome this issue by using a public-key
cryptosystem where we make the assumption that the communication cryptosystem is secure
because the eavesdropper cannot solve some difficult computational problems. But with the
emergence of quantum computer era we saw that all standard public key encryption algorithms
will be completely insecure.
Quantum Cryptography works on a different principle. It depends on some basic consequences
of quantum mechanics (namely Heisenbergs uncertainty principle & no-cloning theorem) to
achieve perfect key distribution. Thus, you cannot break a quantum cryptographic code unless
you can break the laws of physics.
Finally, it should be noted that the most important contribution of quantum cryptography is a
mechanism for detecting eavesdropping. This is a totally new contribution to the field of
cryptography. Neither private-key cryptographic systems nor public-key cryptographic systems
have such a capability.


sec


20

List of Acronyms
Qubit Quantum Bit
RSA Rivest-Shamir-Adleman Cryptosystem
QKD Quantum Key Distribution
BB84 Bennet-Brassard 1984 Protocol



















21

References

[1] J. A. Buchmann, Introduction to Cryptography. 2
nd
edition, Springer (2004).
[2] Dominic Welsh, Codes and Cryptography, Oxford Science Publications, CLARENDON
PRESS (1998).
[3] Michael A. Nielsen & Isaac L. Chuang, Quantum Computation and Quantum Information ,
Cambridge University Press (2001).
[4] N. David Mermin, Quantum computer science, An Introduction. Cambridge University Press
(2007).
[5] Phillip Kaye, Raymond Laflamme, Michele Mosca, An Introduction to quantum computing,
Oxford University Press (2007).
[6] C. H. Bennet, G. Brassard, A. K. Ekert. Quantum Cryptography. Scientific American,
Oct.1992 p.50.
[7] Gray Stix. Best-kept secrets: Quantum Cryptography has marched from theory to laboratory
to real products. Sceintific American, Jan.2005 p.78.
[8] C.H. Bennett, Quantum cryptography using any two non-orthogonal states, Phys. Rev. Lett.
68, 3121 (1991).