Documente Academic
Documente Profesional
Documente Cultură
Hoi-Kwong Lo
Center for Quantum Information and Quantum Control
Dept. of Electrical & Comp. Engineering (ECE); &
Dept. of Physics
University of Toronto
• Postdocs:
Kai Chen°
Kiyoshi Tamaki *
Bing Qi
• Grad Students:
Benjamin Fortescu, Fred Fung*, Leilei Huang*,
Xiongfeng Ma, Jamin Sheriff*, Yi Zhao*
• Research Assistant:
Ryan Bolen° * Joining this Fall 3
° Leaving this Fall
QUESTION:
Is there a tradeoff between security
and performance in a real-life
quantum key distribution system?
4
Killing two birds with one stone
5
Outline
1. Motivation and Introduction
2. Problem
3. Our Solution and its significance
6
1. Motivation and Introduction
7
Commercial Quantum Crypto products
available on the market Today!
MAGIQ TECH.
ID QUANTIQUE
8
Bad News (for theorists)
Up till now, theory of quantum key distribution
(QKD) has lagged behind experiments.
Opportunity:
By developing theory, one can bridge gap between
theory and practice.
9
Theory and Experiment go hand in hand.
10
Key Distribution Problem
Eve
Alice Bob
11
Bennett and Brassard’s scheme (BB84)
Alice Bob
ASSSUMPTIONS:
1. Source: Emits perfect single photons. (No multi-photons)
2. Channel: noisy but lossless. (No absorption in channel)
3. Detectors: a) Perfect detection efficiency. (100 %)
4. Basis Alignment: Perfect. (Angle between X and Z basis
is exactly 45 degrees.)
Assumptions lead to security proofs:
Mayers (BB84), Lo and Chau (quantum-computing protocol),
Biham et al. (BB84), Ben-Or (BB84), Shor-Preskill (BB84), …
a a a
IMPOSSIBLE
13
Photon-number splitting attack against multi-photons
A multi-photon signal CAN be split. (Therefore, insecure.)
a a
a
Bob
Splitting attack
a
Alice
Eve
Summary: Single-photon good.
Multi-photon bad.
14
QKD : Practice
Reality:
1. Source: (Poisson photon number distribution)
Mixture. Photon number = n with probability: n
e
Some signals are, in fact, double photons! n!
2. Channel: Absorption inevitable. (e.g. 0.2 dB/km)
3. Detectors:
(a) Efficiency ~15% for Telecom wavelengths
(b) “Dark counts”: Detectors will claim to have
detected signals with some probability even
when the input is a vacuum.
4. Basis Alignment: Minor misalignment inevitable.
17
2. Problem
18
Big Problem: Nice guys come last
Alice:
Bob:
Eve:
Bob:
Eve:
21
Prior Art Result
Worst case scenario: all multi-photons sent by
Alice reach Bob.
Need to prove that some single photons, , still
reach Bob.
Bob:
Eve:
Alice: N signals
Bob: x signals
25
Procedure of Decoy State QKD (Toy Model).
A) Signal state: Poisson photon number distribution μ (at Alice).
B) Decoy state: = two-photon signals
27
Hwang’s original decoy state idea
28
Drawback of Hwang’s original idea
29
Can we make
things rigorous?
YES!
30
3. Our solution:
31
Experimental observation
2 n
Yield: Q( ) Y0e
Y1e Y2e (
) ... Yne (
) ....
2 n!
2 n
Error Rate: Q( ) E( ) Y0e e0 Y1e e1 Y2e ( )e2 ... Yne (
)en ....
2 n!
If Eve cannot treat the decoy state any differently from a signal state
Yn(signal)=Yn(decoy), en(signal)=en(decoy)
34
Old Picture
Theory Experiment
Secure bits per signal: S = O (η2). S= O (η).
Maximal distance: d ~ 40km. d >130km.
35
NEW Picture
Theory Experiment
Secure bits per signal: S = O (η). S= O (η).
Maximal distance: d >130 km. d >130km.
36
Bonus
• The optimal average photon number μ of signal state
can be rather high (e.g. μ = 0.5).
37
Compare results with and without decoy states
The key generation rate as a function of distance
-2
10
-3
10 Key parameters:
-4
GYS Wavelength: 1550nm
10
Channel loss: 0.21dB/km
Signal error rate: 3.3%
Key generate rate
-5
10
Dark count: 8.5*10-7 per pulse
-6
10 Receiver loss and detection
-7
10
efficiency: 4.5%
Error correction ineffiency:
Without Decoy Decoy
-8
10 f(e)=1.22
-9
10
0 20 40 60 80 100 120 140 160 180 200
Transmission distance [km]
The experiment data for the simulation come from the recent paper:
C. Gobby, Z. L. Yuan, and A. J. Shields, Applied Physics Letters, (2004)
38
Robustness of our results
We found that our results are stable to small
changes in:
39
Generality of our idea
40
Related Work
41
Summary
1. Decoy state BB84 allows:
• Secure bits per signal: O (η)
where η : channel transmittance.
• Distance > 130km
42
Theory and Experiment go hand in hand.
43
THE END
44