This paper will cover the field of quantum cryptography. Quantum cryptography is a method of securing information that has reached its time. Until now, any information sent across a network, even encrypted, has been subject to eavesdropping. There are no fool-proof methods of ensuring confidentiality of information. If a hacker captures the key for a message or file that uses public key cryptography, the encryption is useless. Quantum cryptography seeks to change this through the use of quantum mechanic fundamentals. Due to these fundamentals, a quantum system is disrupted whenever a person tries to measure or quantify it in some way. If a hacker were to intercept the key in a quantum cryptography system there would be detectable anomalies in the key. The message or file would not be sent if any anomalies are detected, therefore the information would not be compromised. This cannot be guaranteed in public key cryptography.

The Internet has changed our lives. Its incredible growth, especially over the last decade has excited both consumers and businesses. Along with the advantages it has brought in the way we live and work, it has also brought additional concerns. The biggest concern is the security of sensitive information when transmitted across the Internet. Identity theft has become increasingly common with information such as social security numbers, credit card numbers, bank account information, and personal details being transmitted millions of times a day. To help ensure the confidentiality of personal and corporate information IT professionals and others have turned to the use of encryption. Encryption is the encoding of information in order to make it unreadable to those who should not have access to the information. There are many methods of encryption available ranging from simple to extremely complex. No matter which method you choose, current methods are all based on the science of cryptography. Cryptography is not a new science. It has actually been around for centuries. Before the advent of computers cryptography was primarily used by governments, especially for the secrecy of military information. One of the earliest known uses of cryptography is the Caesar Cipher, which dates back to Roman times. (Tyson, 2008)

This encryption scheme is said to have been used by Julius Caesar for communicating secretly with his army. Caesar determined that by shifting each letter in a message a standard number of spaces, he could send his generals secure messages. The cipher he employed was simple but effective. He would shift each letter in a plaintext message three spaces to the right within the alphabet. Spaces and punctuation would remain unaltered. If an enemy happened to intercept the cipher text message, it would appear as gibberish since only Caesars generals knew the code. For example the order “Return to Rome” would become "UHWXUA WR URPH". Once his commanders received a message, they could decipher it by simply shifting each letter back three spaces to the left revealing the plaintext. (Trinity, 2006)

Although this was a strong enough encryption method for Caesar’s time, human based code is very easy for a computer to crack. In fact, due to our understanding of cryptography today, such ciphers can be cracked fairly easy by hand using advanced math and statistics. Therefore, encryption systems in use today on the Internet all use computer-based algorithms. The majority of computer encryption systems in use can be classified in one of two categories. They use either symmetric-key encryption or public-key (asymmetric) encryption.

Symmetric-key uses one key, a private key based on a particular algorithm, to both encrypt and decrypt a file. Public-key encryption uses two keys. One key, the public key which is shared, is used to encrypt a file. A second key, called a private key, is used to decrypt the file. This is done through the use of a hash value. The basic idea is to change the base input using the hash algorithm. A simple example would an input value of 10,000 multiplied by a hash of 150. The output would be a hash value of 1,500,000. If someone were to intercept the hash value, it would be difficult to determine the original value of 10,000 without having the hash algorithm. Hash algorithms are actually much more complex than this with keys being based on 128-bit numbers or higher. A 128-bit number has 2128 possible combinations. That’s 3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000 different values! (Tyson, 2008)

Even though this seems to be an astronomically high number, and one would wonder how this could not be fool-proof, there is one major flaw with the encryption methods currently being used. The key must be known by the communicating parties. The problem then lies in distributing the keys securely. If someone intercepts or discovers the key, even the most complex and expensive encryption system can be rendered useless. More often than not under today’s standards it is impossible to determine with absolute certainty that the keys being used have not been compromised. Quantum key cryptography, which is also called quantum key distribution, seeks to change this through the use of quantum mechanics. This method would allow users to produce a shared random bit string to encrypt and decrypt a message. Quantum key distribution would ensure that this string would only be known to the parties that the message is intended for.

The theory of quantum mechanics has been around for more than eighty years now. Although many of its concepts are counter-intuitive, it has provided an accurate description of the world at an atomic level. This theory has been used to make many of the major advances and discoveries of our time. Designing lasers, fiber-optics, hard drives, and computer chips have all been possible thanks to quantum mechanics. Thanks to an ever increasing understanding and further advances in technology we have begun to have the ability to manipulate the quantum states of individual subatomic particles. This allows us to use the strange quantum properties in a more direct way.
Humans are used to thinking of information in an abstract manner. Computers do not. We think of information being stored in computers as either a “0” or “1”. In actuality, information is represented physically by the presence or lack of an electrical charge, current, or beam of light. A positive charge or beam of light would represent a “1”. The lack of charge or light would represent a “0”. As technology advances circuits are becoming increasingly small. Quantum effects have become more important as we have approach manufacturing at nano-scale. Of course the ultimate limit in information technology would be to represent information by the quantum state of a single particle, such as the polarization of a photon. (Shields, Yuan, 2007)

Cryptography has become a vital part of protecting today's computer and communication networks. Quantum cryptography is a secure method of communications because it takes advantage of the strange unique properties of quantum states. Unlike classical physics, the simple act of measuring a quantum state will in general alter that state. This allows two users communicating using quantum cryptography to detect the presence of an eavesdropper trying to intercept the key. If an eavesdropper intercepts a key transmitted in quantum states and attempts to “measure” it, they cannot avoid altering it. The anomalies created would be detectable and the encrypted message or file would not be sent. It is important to understand that quantum cryptography is not used to transmit the message or file, but rather is used to produce and distribute a key. Users can use any encryption algorithm they chose to encipher or decipher a message. The message can then be transmitted across a standard communication channel without fear, since you know that the key is secure.

For the purposes of this paper we will use two users, Alice and Bob, in our examples. Let us assume Alice needs to send Bob a message or file, such as corporate bank account information, over an unsecured communication channel. Confidentiality is of the utmost importance. Therefore Alice and Bob need to use a secret key. Unlike other methods of distribution, quantum cryptography guarantees that no one else has the key. Alice can then choose any algorithm she wishes to encrypt her message into cipher text. The cipher text will be unintelligible to an eavesdropper who we will call Eve, but Bob would be able to use the secure key to decrypt the message. To further reduce the risk of key being discovered through cryptanalysis, quantum key distribution also allows the key to be frequently changed. (Yuan)

Devices used in quantum cryptography devices typically employ individual photons of light and use either the Heisenberg uncertainty principle or quantum entanglement. According to the Heisenberg uncertainty principle, certain pairs of physical properties are complementary to one another in the sense that measuring one property will disturb the other. There are two complementary properties that are often used in quantum cryptography. These complementary properties are the two types of polarization for photons. Rectilinear polarization is the vertical and horizontal polarization and diagonal polarization is at 45° and 135°.

Quantum entanglement is a state where the physical properties of two or more particles have physical properties that are strongly correlated. These particles may share information which cannot be quantified by measuring the state of a single particle. Even if you assess the state of one particle it gives no indication of the state of the other particles. The correlation of these physical properties exists no matter how far apart the particles may be.

There are two protocols based on these two theories of quantum mechanics. The first is based on the Heisenberg uncertainty principle and was created in 1984 theoretical physicists Charles Bennett at IBM and Gilles Brassard at the University of Montreal. It uses the polarization of photons to encode information and is called BB84 after its inventors and the year it was created. Using BB84, Alice would create a random bit, either a “0” or “1”. She would then select either a rectilinear or diagonal state to transmit it in specified in a table. She would then prepare a photon polarization state depending on the bit value and state. Alice would then transmit a single photon to Bob in the state specified. This protocol also relies on quantum randomness to keep an eavesdropper from learning the secret key. (Wikipedia, 2008)

The second protocol was created by Artur Ekert in 1991 and uses entangled pairs of photons. These pairs can be generated from either Alice or Bob. They can even be generated from a separate source as long as Alice and Bob each end up with a photon from the pair. The protocol relies on the properties of entanglement. We can make the entangled states of the photons perfectly correlated. For instance we can make the polarization of the particles opposite to each other. Therefore, if Alice and Bob both test their particles and Alice’s is vertical, Bob’s will be horizontal with 100% probability. This would also be true if they both measure any other pair of orthogonal polarizations. This would allow Bob to know the state of Alice’s particle and vice versa. However, Eve could not measure either one and determine the state of the other. In fact, any attempt to eavesdrop would ruin the correlation and be detectable.

These two protocols will provide Alice and Bob identical keys. If the keys differ, it could be because of Eve or even an imperfection in the transmission itself. If a key seems to be compromised there are two methods, information reconciliation and privacy amplification, to correct the issue. Information reconciliation is used to ensure Alice and Bob have identical keys and commonly uses the cascade protocol for error correction. This happens in several rounds and may give Eve additional information about the keys. This is where privacy amplification comes in. Privacy amplification uses a universal hash function to produce a new shorter key in such a way that Eve would have minimal information about the new key. The new key would be shortened based on the errors detected.

There is a huge commercial potential for quantum cryptography. In Europe and the US it has attracted private investment in several start-up companies. Presently these companies have targeted their business towards corporations and governments with high security concerns. Until now, couriers have been used for key distribution in high security situations, where traditional key distribution did not offer enough assurance. This method can be extremely time consuming, and there is still the chance a courier might be compromised. With quantum cryptography this would no longer be necessary since it is possible to detect any interception of the key. Quantum key distribution is also cheaper than a secure courier network as well as being more reliable and automated.

However, there are still some factors that prevent the wide adoption of quantum cryptography. The cost of equipment is still fairly high compared to traditional networking and encryption equipment. There has also been a lack of demonstrated threats against existing key exchange protocols for typical use. Many potential clients lack an understanding of the physics behind quantum mechanics. These clients are used to traditional cryptography instead. Users need reassurance from vendors that the equipment and methods involved are secure. Currently, security certification of equipment does not have a wide spread, accepted standard.

Despite these issues we may still see quantum key distribution trickle down to even home networks. The infrastructure is in already in place in many countries for a more widespread use. Fiber optic networks are being used in these countries for Internet as well as phone and television services. As the technology and market for quantum cryptography advances we can expect prices to drop. We could see these products in domestic applications in as little as ten years. (Wikipedia, 2008)

Resources:

* Mayers, D (2001).Unconditional security in quantum cryptography. Journal of the ACM. 48, 351-406.

* Smolin, A (2004).The early days of experimental quantum cryptography. IBM journal of Research and Developement. 48, 47.

Shields, A and Yuan, Z, (2007, May 1). Key to the Quantum Industry. Retrieved March 18, 2008, from physicsworld.com Web site: http://physicsworld.com/cws/article/print/27161

Tyson, J. How Encryption Works. Retrieved April 12, 2008, from Howstuffworks Web site: http://www.howstuffworks.com/encryption.htm

(2006, January 18). Cryptography--Caesar Cipher. Retrieved April 12, 2008, from Trinity College Web site: http://www.trincoll.edu/depts/cpsc/cryptography/caesar.html

(2008, March 16). Quantum Cryptography. Retrieved March 18, 2008, from Wikipedia Web site: http://en.wikipedia.org/wiki/Quantum_cryptography