Quantum cryptography: Difference between revisions

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Revision as of 02:35, 18 April 2024 edit Headbomb (talk \| contribs) Edit filter managers, Autopatrolled, Extended confirmed users, Page movers, File movers, New page reviewers, Pending changes reviewers, Rollbackers, Template editors 473,507 edits ce ← Previous edit		Revision as of 13:29, 30 August 2025 edit undo James.mafu (talk \| contribs) 70 edits No edit summary Tag: Visual edit Next edit →
(47 intermediate revisions by 22 users not shown)
Line 3: {{Use dmy dates\|date=September 2020}} '''Quantum cryptography''' is the science of exploiting [[Quantum mechanics\|quantum mechanical]] properties such as quantum entanglement, measurement disturbance, no-cloning theorem, and the principle of superposition to perform various [[cryptographic]] tasks.<ref>{{Cite journal\|last1=Gisin\|first1=Nicolas\|last2=Ribordy\|first2=Grégoire\|last3=Tittel\|first3=Wolfgang\|last4=Zbinden\|first4=Hugo\|display-authors=\|year=2002\|title=Quantum cryptography\|url=https://journals.aps.org/rmp/abstract/10.1103/RevModPhys.74.145\|journal=Reviews of Modern Physics\|volume=74\|issue=1\|pages=145–195\|doi=10.1103/RevModPhys.74.145\|arxiv=quant-ph/0101098\|bibcode=2002RvMP...74..145G\|s2cid=6979295}}</ref><ref name=":4">{{Cite journal\|last1=Pirandola\|first1=S.\|last2=Andersen\|first2=U. L.\|last3=Banchi\|first3=L.\|last4=Berta\|first4=M.\|last5=Bunandar\|first5=D.\|last6=Colbeck\|first6=R.\|last7=Englund\|first7=D.\|last8=Gehring\|first8=T.\|last9=Lupo\|first9=C.\|last10=Ottaviani\|first10=C.\|last11=Pereira\|first11=J. L.\|display-authors=et al.\|year=2020\|title=Advances in quantum cryptography\|url=https://www.osapublishing.org/aop/abstract.cfm?uri=aop-12-4-1012\|journal=Advances in Optics and Photonics\|volume=12\|issue=4\|pages=1012–1236\|arxiv=1906.01645\|doi=10.1364/AOP.361502\|bibcode=2020AdOP...12.1012P\|s2cid=174799187}}</ref><ref>{{Cite ~~The~~journal ~~best~~\|last=Renner ~~known~~\|first=Renato ~~example~~\|last2=Wolf \|first2=Ramona \|date=2023 \|title=Quantum Advantage in Cryptography \|url=https://doi.org/10.2514/1.J062267 \|journal=AIAA Journal \|volume=61 \|issue=5 \|pages=1895–1910 \|doi=10.2514/1.J062267 \|issn=0001-1452}}</ref> Historically defined as the practice of encoding messages, a concept now referred to as encryption, cryptography plays a crucial role in the secure processing, storage, and transmission of information across various domains. One aspect of quantum cryptography is [[quantum key distribution]] (QKD), which offers an [[Information-theoretic security\|information-theoretically secure]] solution to the [[key exchange]] problem. The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication. Furthermore, quantum cryptography affords the authentication of messages, which allows the legitimates parties to prove that the messages wre not wiretaped during transmission.<ref>{{Cite journal \|last=Gisin \|first=Nicolas \|last2=Ribordy \|first2=Grégoire \|last3=Tittel \|first3=Wolfgang \|last4=Zbinden \|first4=Hugo \|date=2002-03-08 \|title=Quantum cryptography \|url=https://link.aps.org/doi/10.1103/RevModPhys.74.145 \|journal=Reviews of Modern Physics \|volume=74 \|issue=1 \|pages=145–195 \|doi=10.1103/RevModPhys.74.145}}</ref> For example, in a cryptographic set-up, it is [[No-cloning theorem\|impossible to copy]] with perfect fidelity, the data encoded in a [[quantum state]]. If one attempts to read the encoded data, the quantum state will be changed due to [[wave function collapse]] ([[no-cloning theorem]]). This could be used to detect eavesdropping in QKD schemes, or in quantum communication links and networks. These advantages have significantly influenced the evolution of quantum cryptography, making it practical in today's digital age, where devices are increasingly interconnected and cyberattacks have become more sophisticated. As such quantum cryptography is a critical component in the advancement of a quantum internet, as it establishes robust mechanisms to ensure the long-term privacy and integrity of digital communications and systems.<ref>{{~~how~~Cite journal \|last=Mitra \|first=Saptarshi \|last2=Jana \|first2=Bappaditya \|last3=Bhattacharya \|first3=Supratim \|last4=Pal \|first4=Prashnatita \|last5=Poray \|first5=Jayanta \|date=~~August~~November ~~2023}}<!--~~2017 a\|title=Quantum ~~link~~cryptography: toOverview, ~~the~~security ~~appropriate~~issues ~~section~~and offuture ~~this~~challenges ~~article~~\|url=https://ieeexplore.ieee.org/abstract/document/8350006 ~~would~~\|journal=2017 be4th International ~~helpful~~Conference ~~here~~on Opto-->Electronics inand ~~[[quantum~~Applied ~~key distribution]]~~Optics (~~QKD~~Optronix) \|pages=1–7 \|doi=10.1109/OPTRONIX.2017.8350006}}</ref> == History == In the early 1970s, [[Stephen Wiesner]], then at Columbia University in New York, introduced the concept of quantum conjugate coding. His seminal paper titled "Conjugate Coding" was rejected by the [[IEEE Information Theory Society]] but was eventually published in 1983 in ''[[ACM SIGACT\|SIGACT News]]''.<ref name="ExpQC">{{cite journal\|last1=Bennett\|first1=Charles H.\|display-authors=etal\|title=Experimental quantum cryptography\|journal=Journal of Cryptology\|volume=5\|issue=1\|date=1992\|pages=3–28\|doi=10.1007/bf00191318\|s2cid=206771454\|doi-access=free}}</ref> In this paper he showed how to store or transmit two messages by encoding them in two "conjugate [[observable]]s", such as linear and circular [[Polarization (waves)\|polarization]] of [[photons]],<ref>{{cite journal\|last=Wiesner\|first=Stephen\|title=Conjugate coding\|journal=ACM SIGACT News\|volume=15\|issue=1\|date=1983\|pages=78–88\|doi=10.1145/1008908.1008920\|s2cid=207155055}}</ref> so that either, but not both, properties may be received and decoded. It was not until [[Charles H. Bennett (computer scientist)\|Charles H. Bennett]], of the IBM's [[Thomas J. Watson Research Center]], and [[Gilles Brassard]] met in 1979 at the 20th IEEE Symposium on the Foundations of Computer Science, held in Puerto Rico, that they discovered how to incorporate Wiesner's findings. "The main breakthrough came when we realized that photons were never meant to store information, but rather to transmit it."<ref name="ExpQC" /> In 1984, building upon this work, Bennett and Brassard proposed a method for [[secure communication]], which is now called [[BB84]], the first Quantum Key Distribution system.<ref>{{cite ~~journal\|last1=Bennett~~book\|first1=~~Charles~~C. H. \|~~last2~~last1=~~Brassard~~Bennett \|first2=~~Gilles~~G. \|~~title~~last2=Brassard \|chapter=Quantum cryptography: Public key distribution and coin tossing \|~~journal~~title=Proceedings of ~~IEEE~~the International Conference on Computers, Systems ~~and~~& Signal Processing, Bangalore, India \|volume=~~175~~1 \|~~page~~pages=8175–179 \|~~date~~publisher=IEEE \|year=1984 \|___location=New York }} Reprinted as {{cite journal\|first1=C. H. \|last1=Bennett \|first2=G. \|last2=Brassard \|title=Quantum cryptography: Public key distribution and coin tossing \|journal=Theoretical Computer Science \|series=Theoretical Aspects of Quantum Cryptography – celebrating 30 years of BB84 \|volume=560 \|number=1 \|date=4 December 2014 \|pages=7–11 \|doi=10.1016/j.tcs.2014.05.025 \|doi-access=free\|arxiv=2003.06557 }}</ref><ref>{{Cite web \|date=2023-11-29 \|title=What Is Quantum Cryptography? {{!}} IBM \|url=https://www.ibm.com/topics/quantum-cryptography \|access-date=2024-09-25 \|website=www.ibm.com \|language=en}}</ref> Independently, in 1991 [[Artur Ekert]] proposed to use Bell's inequalities to achieve secure key distribution.<ref>{{cite journal \| last1 = Ekert \| first1 = A \| year = 1991 \| title = Quantum cryptography based on Bell's theorem\| journal = Physical Review Letters \| volume = 67 \| issue = 6 \| pages = 661–663 \| doi = 10.1103/physrevlett.67.661 \| bibcode = 1991PhRvL..67..661E \| pmid = 10044956 \| s2cid = 27683254 }}</ref> Ekert's protocol for the key distribution, as it was subsequently shown by [[Dominic Mayers]] and [[Andrew Yao]], offers device-independent quantum key distribution. Companies that manufacture quantum cryptography systems include [[MagiQ Technologies, Inc.]] (Boston), [[ID Quantique]] (Geneva), [[QuintessenceLabs]] (Canberra, Australia), [[Toshiba]] (Tokyo), [[QNu Labs]] (India) and SeQureNet (Paris). Line 47: ==== Quantum commitment ==== In addition to quantum coin-flipping, quantum commitment protocols are implemented when distrustful parties are involved. A [[commitment scheme]] allows a party Alice to fix a certain value (to "commit") in such a way that Alice cannot change that value while at the same time ensuring that the recipient Bob cannot learn anything about that value until Alice reveals it. Such commitment schemes are commonly used in cryptographic protocols (e.g. [[Quantum coin flipping]], [[Zero-knowledge proof]], [[secure two-party computation]], and [[Oblivious transfer]]). In the quantum setting, they would be particularly useful: Crépeau and Kilian showed that from a commitment and a quantum channel, one can construct an unconditionally secure protocol for performing so-called [[oblivious transfer]].<ref name="crepeau88ot" /> [[Oblivious transfer]], on the other hand, had been shown by Kilian to allow implementation of almost any distributed computation in a secure way (so-called [[secure multi-party computation]]).<ref name="kilian88founding" /> (Note: The results by Crépeau and Kilian<ref name="crepeau88ot" /><ref name="kilian88founding" /> together do not directly imply that given a commitment and a quantum channel one can perform secure multi-party computation. This is because the results do not guarantee "composability", that is, when plugging them together, one might lose security.) ~~Unfortunately, early~~Early quantum commitment protocols<ref name="brassard93commitment"/> were shown to be flawed. In fact, Mayers showed that ([[Unconditional security (cryptography)\|unconditionally secure]]) quantum commitment is impossible: a computationally unlimited attacker can break any quantum commitment protocol.<ref name="mayers97commitment"/> Yet, the result by Mayers does not preclude the possibility of constructing quantum commitment protocols (and thus secure multi-party computation protocols) under assumptions that are much weaker than the assumptions needed for commitment protocols that do not use quantum communication. The bounded quantum storage model described below is an example for a setting in which quantum communication can be used to construct commitment protocols. A breakthrough in November 2013 offers "unconditional" security of information by harnessing quantum theory and relativity, which has been successfully demonstrated on a global scale for the first time.<ref>{{Cite journal \|doi = 10.1103/PhysRevLett.111.180504\|pmid = 24237497\|title = Experimental Bit Commitment Based on Quantum Communication and Special Relativity\|journal = Physical Review Letters\|volume = 111\|issue = 18\|pages = 180504\|year = 2013\|last1 = Lunghi\|first1 = T.\|last2 = Kaniewski\|first2 = J.\|last3 = Bussières\|first3 = F.\|last4 = Houlmann\|first4 = R.\|last5 = Tomamichel\|first5 = M.\|last6 = Kent\|first6 = A.\|last7 = Gisin\|first7 = N.\|last8 = Wehner\|first8 = S.\|last9 = Zbinden\|first9 = H.\|arxiv = 1306.4801\|bibcode = 2013PhRvL.111r0504L\|s2cid = 15916727}}</ref> More recently, Wang et al., proposed another commitment scheme in which the "unconditional hiding" is perfect.<ref>{{Cite journal\|last1=Wang\|first1=Ming-Qiang\|last2=Wang\|first2=Xue\|last3=Zhan\|first3=Tao\|title=Unconditionally secure multi-party quantum commitment scheme\|journal=Quantum Information Processing\|language=en\|volume=17\|issue=2\|pages=31\|doi=10.1007/s11128-017-1804-7\|issn=1570-0755\|year=2018\|bibcode=2018QuIP...17...31W\|s2cid=3603337}}</ref> Line 73: The goal of position-based quantum cryptography is to use the ''geographical ___location'' of a player as its (only) credential. For example, one wants to send a message to a player at a specified position with the guarantee that it can only be read if the receiving party is located at that particular position. In the basic task of ''position-verification'', a player, Alice, wants to convince the (honest) verifiers that she is located at a particular point. It has been shown by Chandran ''et al.'' that position-verification using classical protocols is impossible against colluding adversaries (who control all positions except the prover's claimed position).<ref name="chandran09classical"/> Under various restrictions on the adversaries, schemes are possible. Under the name of 'quantum tagging', the first position-based quantum schemes have been investigated in 2002 by Kent. A US-patent<ref name="kent06patent"/> was granted in 2006. The notion of using quantum effects for ___location verification first appeared in the scientific literature in 2010.<ref name="Malaney10location"/><ref name="Malaney10blocation"/> After several other quantum protocols for position verification have been suggested in 2010,<ref name="kent10first"/><ref name="Lau10insecurity"/> Buhrman et al. claimed a general impossibility result:<ref name="buhrman10impossible"/> using an enormous amount of [[quantum entanglement]] (they use a doubly exponential number of [[EPR pairs]], in the number of qubits the honest player operates on), colluding adversaries are always able to make it look to the verifiers as if they were at the claimed position. However, this result does not exclude the possibility of practical schemes in the bounded- or noisy-quantum-storage model (see above). Later Beigi and König improved the amount of EPR pairs needed in the general attack against position-verification protocols to exponential. They also showed that a particular protocol remains secure against adversaries who controls only a linear amount of EPR pairs.<ref name="Beigi11"/> It is argued in<ref name="Malaney16location"/> that due to time-energy coupling the possibility of formal unconditional ___location verification via quantum effects remains an open problem. ~~It is worth mentioning that the~~The study of position-based quantum cryptography also has ~~also~~ connections with the protocol of port-based quantum teleportation, which is a more advanced version of quantum teleportation, where many EPR pairs are simultaneously used as ports. === Device-independent quantum cryptography === Line 92: == Quantum cryptography beyond key distribution == So far, quantum cryptography has been mainly identified with the development of quantum key distribution protocols. ~~Unfortunately, symmetric~~Symmetric cryptosystems with keys that have been distributed by means of quantum key distribution become inefficient for large networks (many users), because of the necessity for the establishment and the manipulation of many pairwise secret keys (the so-called "key-management problem"). Moreover, this distribution alone does not address many other cryptographic tasks and functions, which are of vital importance in everyday life. Kak's three-stage protocol has been proposed as a method for secure communication that is entirely quantum unlike quantum key distribution, in which the cryptographic transformation uses classical algorithms.<ref>{{cite journal\|last1=Thapliyal\|first1=K.\|last2=Pathak\|first2=A.\|title=Kak's three-stage protocol of secure quantum communication revisited\|journal=Quantum Information Processing\|volume=17\|issue=9\|date=2018\|page=229\|doi=10.1007/s11128-018-2001-z\|arxiv=1803.02157\|bibcode=2018QuIP...17..229T\|s2cid=52009384}}</ref> Besides quantum commitment and oblivious transfer (discussed above), research on quantum cryptography beyond key distribution revolves around quantum message authentication,<ref>{{Cite journal\|last1=Nikolopoulos\|first1=Georgios M.\|last2=Fischlin\|first2=Marc\|date=2020\|title=Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources\|journal=Cryptography\|language=en\|volume=4\|issue=4\|pages=31\|doi=10.3390/cryptography4040031\|arxiv=2011.06849\|s2cid=226956062\|doi-access=free}}</ref> quantum digital signatures,<ref>{{Cite arXiv \|eprint = quant-ph/0105032\|last1 = Doescher\|first1 = C.\|title = Quantum Digital Signatures\|last2 = Keyl\|first2 = M.\|year = 2001}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevLett.113.040502\|pmid = 25105603\|title = Realization of Quantum Digital Signatures without the Requirement of Quantum Memory\|journal = Physical Review Letters\|volume = 113\|issue = 4\|pages = 040502\|year = 2014\|last1 = Collins\|first1 = Robert J.\|last2 = Donaldson\|first2 = Ross J.\|last3 = Dunjko\|first3 = Vedran\|last4 = Wallden\|first4 = Petros\|last5 = Clarke\|first5 = Patrick J.\|last6 = Andersson\|first6 = Erika\|last7 = Jeffers\|first7 = John\|last8 = Buller\|first8 = Gerald S.\|arxiv = 1311.5760\|bibcode = 2014PhRvL.113d0502C\|s2cid = 23925266}}</ref> quantum one-way functions and public-key encryption,<ref>{{Cite journal \|arxiv=quant-ph/0403069\| doi = 10.1007/s00145-011-9103-4\|title = Computational Indistinguishability Between Quantum States and its Cryptographic Application\|journal = Journal of Cryptology\|volume = 25\|issue = 3\|pages = 528–555\|year = 2011\|last1 = Kawachi\|first1 = Akinori\|last2 = Koshiba\|first2 = Takeshi\|last3 = Nishimura\|first3 = Harumichi\|last4 = Yamakami\|first4 = Tomoyuki\|citeseerx = 10.1.1.251.6055\|s2cid = 6340239}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevLett.84.2030\|pmid = 11017688\|title = Cryptographical Properties of Ising Spin Systems\|journal = Physical Review Letters\|volume = 84\|issue = 9\|pages = 2030–2033\|year = 2000\|last1 = Kabashima\|first1 = Yoshiyuki\|last2 = Murayama\|first2 = Tatsuto\|last3 = Saad\|first3 = David\|arxiv = cond-mat/0002129\|bibcode = 2000PhRvL..84.2030K\|s2cid = 12883829}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevA.77.032348\|title = Applications of single-qubit rotations in quantum public-key cryptography\|journal = Physical Review A\|volume = 77\|issue = 3\|pages = 032348\|year = 2008\|last1 = Nikolopoulos\|first1 = Georgios M.\|arxiv = 0801.2840\|bibcode = 2008PhRvA..77c2348N\|s2cid = 119097757}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevA.79.042327\|title = Deterministic quantum-public-key encryption: Forward search attack and randomization\|journal = Physical Review A\|volume = 79\|issue = 4\|pages = 042327\|year = 2009\|last1 = Nikolopoulos\|first1 = Georgios M.\|last2 = Ioannou\|first2 = Lawrence M.\|arxiv = 0903.4744\|bibcode = 2009PhRvA..79d2327N\|s2cid = 118425296}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevA.85.022342\|title = Symmetries and security of a quantum-public-key encryption based on single-qubit rotations\|journal = Physical Review A\|volume = 85\|issue = 2\|pages = 022342\|year = 2012\|last1 = Seyfarth\|first1 = U.\|last2 = Nikolopoulos\|first2 = G. M.\|last3 = Alber\|first3 = G.\|arxiv = 1202.3921\|bibcode = 2012PhRvA..85b2342S\|s2cid = 59467718}}</ref><ref>{{Cite journal\|last1=Nikolopoulos\|first1=Georgios M.\|last2=Brougham\|first2=Thomas\|date=2016-07-11\|title=Decision and function problems based on boson sampling\|url=https://link.aps.org/doi/10.1103/PhysRevA.94.012315\|journal=Physical Review A\|volume=94\|issue=1\|pages=012315\|doi=10.1103/PhysRevA.94.012315\|arxiv=1607.02987\|bibcode=2016PhRvA..94a2315N\|s2cid=5311008}}</ref><ref>{{Cite journal\|last=Nikolopoulos\|first=Georgios M.\|date=2019-07-13\|title=Cryptographic one-way function based on boson sampling\|url=https://doi.org/10.1007/s11128-019-2372-9\|journal=Quantum Information Processing\|language=en\|volume=18\|issue=8\|pages=259\|doi=10.1007/s11128-019-2372-9\|arxiv=1907.01788\|bibcode=2019QuIP...18..259N\|s2cid=195791867\|issn=1573-1332}}</ref> quantum key-exchange,<ref>{{Cite journal \|last=Nikolopoulos \|first=Georgios M. \|date=2025-01-16 \|title=Quantum Diffie–Hellman key exchange \|journal=APL Quantum \|volume=2 \|issue=1 \|pages=016107 \|doi=10.1063/5.0242473 \|issn=2835-0103\|doi-access=free \|arxiv=2501.09568 }}</ref> quantum fingerprinting<ref>{{Cite journal \|doi = 10.1103/PhysRevLett.87.167902\|pmid = 11690244\|title = Quantum Fingerprinting\|journal = Physical Review Letters\|volume = 87\|issue = 16\|pages = 167902\|year = 2001\|last1 = Buhrman\|first1 = Harry\|last2 = Cleve\|first2 = Richard\|last3 = Watrous\|first3 = John\|last4 = De Wolf\|first4 = Ronald\|arxiv = quant-ph/0102001\|bibcode = 2001PhRvL..87p7902B\|s2cid = 1096490}}</ref> and entity authentication<ref>{{Cite journal\|last1=Nikolopoulos\|first1=Georgios M.\|last2=Diamanti\|first2=Eleni\|date=2017-04-10\|title=Continuous-variable quantum authentication of physical unclonable keys\|url= \|journal=Scientific Reports\|language=en\|volume=7\|issue=1\|pages=46047\|doi=10.1038/srep46047\|pmid=28393853\|pmc=5385567\|arxiv=1704.06146\|bibcode=2017NatSR...746047N\|issn=2045-2322}}</ref><ref>{{Cite journal\|last=Nikolopoulos\|first=Georgios M.\|date=2018-01-22\|title=Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack\|url=https://link.aps.org/doi/10.1103/PhysRevA.97.012324\|journal=Physical Review A\|volume=97\|issue=1\|pages=012324\|doi=10.1103/PhysRevA.97.012324\|arxiv=1801.07434\|bibcode=2018PhRvA..97a2324N\|s2cid=119486945}}</ref><ref>{{Cite journal\|last1=Fladung\|first1=Lukas\|last2=Nikolopoulos\|first2=Georgios M.\|last3=Alber\|first3=Gernot\|last4=Fischlin\|first4=Marc\|date=2019\|title=Intercept-Resend Emulation Attacks against a Continuous-Variable Quantum Authentication Protocol with Physical Unclonable Keys\|journal=Cryptography\|language=en\|volume=3\|issue=4\|pages=25\|doi=10.3390/cryptography3040025\|arxiv=1910.11579\|s2cid=204901444\|doi-access=free}}</ref> (for example, see [[Quantum readout of PUFs]]), etc. == Y-00 protocol == Line 100: The review paper summarizes it well.<ref name="doi.org">{{Cite book\|last1=Verma\|first1=Pramode K.\|last2=El Rifai\|first2=Mayssaa\|last3=Chan\|first3=K. W. Clifford\|title=Multi-photon Quantum Secure Communication \|date=2018-08-19\|chapter=Secure Communication Based on Quantum Noise\|series=Signals and Communication Technology \|pages=85–95 \|doi=10.1007/978-981-10-8618-2_4 \|isbn=978-981-10-8617-5 \|s2cid=56788374 \|chapter-url=https://doi.org/10.1007/978-981-10-8618-2_4}}</ref> Unlike quantum key distribution protocols, the main purpose of Y-00 is to transmit a message without eavesdrop-monitoring, not to distribute a key. Therefore, [[privacy amplification]] may be used only for key distributions.<ref name="Takehisa 23417–23426">{{Cite journal\|last=Takehisa\|first=Iwakoshi\|date=2020-01-27\|title=Analysis of Y00 Protocol Under Quantum Generalization of a Fast Correlation Attack: Toward Information-Theoretic Security\|journal=IEEE Access \|volume=8 \|pages=23417–23426 \|doi=10.1109/ACCESS.2020.2969455 \|s2cid=210966407 \|url=https://doi.org/10.1109/ACCESS.2020.2969455\|arxiv=2001.11150\|bibcode=2020IEEEA...823417I }}</ref> Currently, research is being conducted mainly in Japan and China: e.g.<ref>{{Cite journal\|last1=Hirota\|first1=Osamu \|display-authors=etal \|date=2010-09-01\|title=Getting around the Shannon limit of cryptography\|journal=SPIE Newsroom \|doi=10.1117/2.1201008.003069 \|url=https://doi.org/10.1117/2.1201008.003069\|url-access=subscription}}</ref><ref>{{Cite journal\|last1=Quan\|first1=Yu \|display-authors=etal \|date=2020-03-30\|title=Secure 100Gb/s IMDD transmission over 100 km SSMF enabled by quantum noise stream cipher and sparse RLS-Volterra equalizer\|journal=IEEE Access \|volume=8 \|pages=63585–63594 \|doi=10.1109/ACCESS.2020.2984330 \|s2cid=215816092 \|doi-access=free\|bibcode=2020IEEEA...863585Y }}</ref> The principle of operation is as follows. First, legitimate users share a key and change it to a pseudo-random keystream using the same pseudo-random number generator. Then, the legitimate parties can perform conventional optical communications based on the shared key by transforming it appropriately. For attackers who do not share the key, the wire-tap channel model of [[Aaron D. Wyner]] is implemented. The legitimate users' advantage based on the shared key is called "advantage creation". The goal is to achieve longer covert communication than the [[information-theoretic security]] limit ([[one-time pad]]) set by Shannon.<ref>{{Cite journal\|last=Wyner\|first=A. D.\|date=October 1975\|title=The Wire-Tap Channel\|journal=Bell System Technical Journal \|volume=54 \|issue=8 \|pages=1355–1387 \|doi=10.1002/j.1538-7305.1975.tb02040.x \|s2cid=21512925 \|url=https://doi.org/10.1002/j.1538-7305.1975.tb02040.x\|url-access=subscription }}</ref> The source of the noise in the above wire-tap channel is the uncertainty principle of the electromagnetic field itself, which is a theoretical consequence of the theory of laser described by [[Roy J. Glauber]] and [[E. C. George Sudarshan]] ([[coherent state]]).<ref>{{Cite journal\|last=Roy J. \|first=Glauber\|date=1963-06-15\|title=The Quantum Theory of Optical Coherence\|journal=Physical Review \|volume=130 \|issue=6 \|pages=2529–2539 \|doi=10.1103/PhysRev.130.2529 \|bibcode=1963PhRv..130.2529G \|doi-access=free }}</ref><ref>{{Cite journal\|last=E. C. G. \|first=Sudarshan\|date=1963-04-01\|title=Equivalence of Semiclassical and Quantum Mechanical Descriptions of Statistical Light Beams\|journal=Physical Review Letters \|volume=10 \|issue=7 \|pages=277–279 \|doi=10.1103/PhysRevLett.10.277 \|bibcode=1963PhRvL..10..277S \|url=https://doi.org/10.1103/PhysRevLett.10.277\|url-access=subscription }}</ref><ref>{{Cite book\|last1=Walls\|first1=D. F.\|last2=Milburn\|first2=G. J.\|date=January 2008\|title=Quantum optics\|publisher=Springer \|isbn=9783540285731 \|url=https://books.google.com/books?id=LiWsc3Nlf0kC}}</ref> Therefore, existing optical communication technologies are sufficient for implementation that some reviews describes: e.g.<ref name="doi.org"/> Furthermore, since it uses ordinary communication laser light, it is compatible with existing communication infrastructure and can be used for high-speed and long-distance communication and routing.<ref>{{Cite journal\|last1=Hirota\|first1=Osamu \|display-authors=etal \|date=2005-08-26\|title=Quantum stream cipher by the Yuen 2000 protocol: Design and experiment by an intensity-modulation scheme\|journal=Physical Review A \|volume=72 \|issue=2 \|page=022335 \|doi=10.1103/PhysRevA.72.022335 \|arxiv=quant-ph/0507043 \|bibcode=2005PhRvA..72b2335H \|s2cid=118937168 \|url=https://doi.org/10.1103/PhysRevA.72.022335}}</ref> <ref>{{Cite journal\|last1=Yoshida\|first1=Masato \|display-authors=etal \|date=2021-02-15\|title=10 Tbit/s QAM Quantum Noise Stream Cipher Coherent Transmission Over 160 Km\|journal=Journal of Lightwave Technology \|volume=39 \|issue=4 \|pages=1056–1063 \|doi=10.1109/JLT.2020.3016693 \|bibcode=2021JLwT...39.1056Y \|s2cid=225383926 \|url=https://doi.org/10.1109/JLT.2020.3016693\|url-access=subscription }}</ref> <ref>{{Cite book\|last1=Futami\|first1=Fumio \|display-authors=etal \|title=Optical Fiber Communication Conference \|date=March 2018\|chapter=Dynamic Routing of Y-00 Quantum Stream Cipher in Field-Deployed Dynamic Optical Path Network\|pages=Tu2G.5 \|doi=10.1364/OFC.2018.Tu2G.5 \|isbn=978-1-943580-38-5 \|s2cid=49185664 \|chapter-url=https://doi.org/10.1364/OFC.2018.Tu2G.5}}</ref> <ref>{{Cite book\|last1=Tanizawa\|first1=Ken\|last2=Futami\|first2=Fumio\|date=2020\|title=Security-Enhanced 10,118-km Single-Channel 40-Gbit/s Transmission Using PSK Y-00 Quantum Stream Cipher\|pages=1–4 \|doi=10.1109/ECOC48923.2020.9333304 \|isbn=978-1-7281-7361-0 \|s2cid=231852229 \|url=https://doi.org/10.1109/ECOC48923.2020.9333304}}</ref> Line 112: Although the main purpose of the protocol is to transmit the message, key distribution is possible by simply replacing the message with a key.<ref>{{Cite journal\|last=Yuen\|first=Horace P.\|date=November 2009\|title=Key Generation: Foundations and a New Quantum Approach\|journal=IEEE Journal of Selected Topics in Quantum Electronics \|volume=15 \|issue=6 \|pages=1630–1645 \|doi=10.1109/JSTQE.2009.2025698 \|arxiv=0906.5241 \|bibcode=2009IJSTQ..15.1630Y \|s2cid=867791 \|url=https://doi.org/10.1109/JSTQE.2009.2025698}}</ref><ref name="Takehisa 23417–23426"/> Since it is a symmetric key cipher, it must share the initial key previously; however, a method of the initial key agreement was also proposed.<ref>{{Cite journal\|last=Iwakoshi\|first=Takehisa \|date=2019-06-05\|title=Message-Falsification Prevention With Small Quantum Mask in Quaternary Y00 Protocol\|journal=IEEE Access \|volume=7 \|pages=74482–74489 \|doi=10.1109/ACCESS.2019.2921023 \|s2cid=195225370 \|doi-access=free \|bibcode=2019IEEEA...774482I }}</ref> On the other hand, it is currently unclear what implementation realizes [[information-theoretic security]], and security of this protocol has long been a matter of debate.<ref>{{Cite journal\|last1=Nishioka\|first1=Tsuyoshi \|display-authors=etal \|date=2004-06-21\|title=How much security does Y-00 protocol provide us?\|journal=Physics Letters A \|volume=327 \|issue=1 \|pages=28–32 \|doi=10.1016/j.physleta.2004.04.083 \|arxiv=quant-ph/0310168 \|bibcode=2004PhLA..327...28N \|s2cid=119069709 \|url=https://doi.org/10.1016/j.physleta.2004.04.083}}</ref><ref>{{Cite journal\|last1=Yuen \|first1=Horace P. \|display-authors=etal \|date=2005-10-10\|title=Comment on:'How much security does Y-00 protocol provide us?'[Phys. Lett. A 327 (2004) 28]\|journal=Physics Letters A \|volume=346 \|issue=1–3 \|pages=1–6 \|doi=10.1016/j.physleta.2005.08.022 \|bibcode=2005PhLA..346....1Y \|url=https://doi.org/10.1016/j.physleta.2005.08.022\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Nishioka\|first1=Tsuyoshi \|display-authors=etal \|date=2005-10-10\|title=Reply to:"Comment on:'How much security does Y-00 protocol provide us?'" [Phys. Lett. A 346 (2005) 1]\|journal=Physics Letters A \|volume=346 \|issue=1–3 \|doi=10.1016/j.physleta.2005.08.022 \|bibcode=2005PhLA..346....1Y \|url=https://doi.org/10.1016/j.physleta.2005.08.022\|url-access=subscription }}</ref><ref>{{Cite ~~arxiv~~arXiv\|last1=Nair\|first1=Ranjith \|display-authors=etal \|date=2005-09-13\|title=Reply to:'Reply to:"Comment on:'How much security does Y-00 protocol provide us?'"'\|~~arxiv~~eprint=quant-ph/0509092 ~~\|bibcode=2005quant.ph..9092N~~ }}</ref><ref>{{Cite journal\|last1=Donnet\|first1=Stéphane \|display-authors=etal \|date=2006-08-21\|title=Security of Y-00 under heterodyne measurement and fast correlation attack\|journal=Physics Letters A \|volume=356 \|issue=6 \|pages=406–410 \|doi=10.1016/j.physleta.2006.04.002 \|bibcode=2006PhLA..356..406D \|url=https://doi.org/10.1016/j.physleta.2006.04.002\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Yuen\|first1=Horace P. \|display-authors=etal \|date=2007-04-23\|title=On the security of Y-00 under fast correlation and other attacks on the key\|journal=Physics Letters A \|volume=364 \|issue=2 \|pages=112–116 \|doi=10.1016/j.physleta.2006.12.033 \|arxiv=quant-ph/0608028 \|bibcode=2007PhLA..364..112Y \|s2cid=7824483 \|url=https://doi.org/10.1016/j.physleta.2006.12.033}}</ref><ref>{{Cite journal\|last=Mihaljević\|first=Miodrag J.\|date=2007-05-24\|title=Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach\|journal=Physical Review A \|volume=75 \|issue=5 \|page=052334 \|doi=10.1103/PhysRevA.75.052334 \|bibcode=2007PhRvA..75e2334M \|url=https://doi.org/10.1103/PhysRevA.75.052334\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Shimizu\|first1=Tetsuya \|display-authors=etal \|date=2008-03-27\|title=Running key mapping in a quantum stream cipher by the Yuen 2000 protocol\|journal=Physical Review A \|volume=77 \|issue=3 \|page=034305 \|doi=10.1103/PhysRevA.77.034305 \|bibcode=2008PhRvA..77c4305S \|url=https://doi.org/10.1103/PhysRevA.77.034305\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Tregubov\|first1=P. A.\|last2=Trushechkin\|first2=A. S.\|date=2020-11-21\|title=Quantum Stream Ciphers: Impossibility of Unconditionally Strong Algorithms\|journal= Journal of Mathematical Sciences\|volume=252\|pages=90–103\|doi=10.1007/s10958-020-05144-x\|s2cid=254745640 }}</ref><ref>{{Cite journal\|last=Iwakoshi\|first=Takehisa\|date=February 2021\|title=Security Evaluation of Y00 Protocol Based on Time-Translational Symmetry Under Quantum Collective Known-Plaintext Attacks\|journal=IEEE Access \|volume=9 \|pages=31608–31617 \|doi=10.1109/ACCESS.2021.3056494 \|s2cid=232072394 \|doi-access=free\|bibcode=2021IEEEA...931608I }}</ref> == Implementation in practice == In theory, quantum cryptography seems to be a successful turning point in the [[information security]] sector. However, no cryptographic method can ever be absolutely secure.<ref>{{Cite journal\|last1=Scarani\|first1=Valerio\|last2=Bechmann-Pasquinucci\|first2=Helle\|last3=Cerf\|first3=Nicolas J.\|last4=Dušek\|first4=Miloslav\|last5=Lütkenhaus\|first5=Norbert\|last6=Peev\|first6=Momtchil\|date=2009-09-29\|title=The security of practical quantum key distribution\|url=http://dx.doi.org/10.1103/revmodphys.81.1301\|journal=Reviews of Modern Physics\|volume=81\|issue=3\|pages=1301–1350\|doi=10.1103/revmodphys.81.1301\|arxiv=0802.4155\|bibcode=2009RvMP...81.1301S\|s2cid=15873250\|issn=0034-6861}}</ref> In practice, quantum cryptography is only conditionally secure, dependent on a key set of assumptions.<ref name=":12">{{Cite thesis\|last=Zhao\|first=Yi\|date=2009\|title=Quantum cryptography in real-life applications: assumptions and security\|url=https://pdfs.semanticscholar.org/ccc3/cb3422d8b2b02f66515d45710a09df8c56d0.pdf\|archive-url=https://web.archive.org/web/20200228224625/https://pdfs.semanticscholar.org/ccc3/cb3422d8b2b02f66515d45710a09df8c56d0.pdf\|url-status=dead\|archive-date=2020-02-28\|bibcode=2009PhDT........94Z\|s2cid=118227839}}</ref> === Single-photon source assumption === The theoretical basis for quantum key distribution assumes the use of single-photon sources. However, such sources are difficult to construct, and most real-world quantum cryptography systems use faint laser sources as a medium for information transfer.<ref name=":12" /> These multi-photon sources open the possibility for eavesdropper attacks, particularly a photon splitting attack.<ref name=":22">{{Cite journal\|last=Lo\|first=Hoi-Kwong\|title=Decoy State Quantum Key Distribution\|date=2005-10-22\|url=http://dx.doi.org/10.1142/9789812701633_0013\|journal=Quantum Information Science\|publisher=WORLD SCIENTIFIC\|volume=94\|issue=23\|page=143\|doi=10.1142/9789812701633_0013\|pmid=16090452\|bibcode=2005qis..conf..143L\|isbn=978-981-256-460-3\|arxiv=quant-ph/0411004}}</ref> An eavesdropper, Eve, can split the multi-photon source and retain one copy for herself.<ref name=":22" /> The other photons are then transmitted to Bob without any measurement or trace that Eve captured a copy of the data.<ref name=":22" /> Scientists believe they can retain security with a multi-photon source by using decoy states that test for the presence of an eavesdropper.<ref name=":22" /> However, in 2016, scientists developed a near perfect single photon source and estimate that one could be developed in the near future.<ref>{{Cite journal\|last1=Reimer\|first1=Michael E.\|last2=Cher\|first2=Catherine\|date=November 2019\|title=The quest for a perfect single-photon source\|url=https://www.nature.com/articles/s41566-019-0544-x\|journal=Nature Photonics\|language=en\|volume=13\|issue=11\|pages=734–736\|doi=10.1038/s41566-019-0544-x\|bibcode=2019NaPho..13..734R\|s2cid=209939102\|issn=1749-4893\|url-access=subscription}}</ref> === Identical detector efficiency assumption === Line 124: === Deprecation of quantum key distributions from governmental institutions === Because of the practical problems with quantum key distribution, some governmental organizations recommend the use of post-quantum cryptography (quantum resistant cryptography) instead. For example, the US [[National Security Agency]],<ref name="NSA">{{cite web \|title=Quantum Key Distribution (QKD) and Quantum Cryptography (QC) \|url=https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/ \|publisher=[[National Security Agency]] \|access-date=16 July ~~16,~~ 2022}} {{PD-notice}}</ref> [[European Union Agency for Cybersecurity]] of EU (ENISA),<ref>Post-Quantum Cryptography: Current state and quantum mitigation, Section 6 "Conclusion" [https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation]</ref> UK's [[National Cyber Security Centre (United Kingdom)\|National Cyber Security Centre]],<ref>[https://www.ncsc.gov.uk/whitepaper/quantum-security-technologies Quantum security technologies]</ref> French Secretariat for Defense and Security (ANSSI),<ref>[https://~~www.ssi~~cyber.gouv.fr/en/~~publication~~publications/should-quantum-key-distribution-be-used~~-for~~-secure-communications/ Should Quantum Key Distribution be Used for Secure Communications?]</ref> and German Federal Office for Information Security (BSI)<ref>{{cite web \| url=https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/Quantenkryptografie/quantenkryptografie.html \| title=Quantum Cryptography }}</ref> recommend post-quantum cryptography. For example, the US National Security Agency addresses five issues:<ref name="NSA" /> Line 135: In response to problem 1 above, attempts to deliver authentication keys using post-quantum cryptography (or quantum-resistant cryptography) have been proposed worldwide. On the other hand, quantum-resistant cryptography is cryptography belonging to the class of computational security. In 2015, a research result was already published that "sufficient care must be taken in implementation to achieve information-theoretic security for the system as a whole when authentication keys that are not information-theoretic secure are used" (if the authentication key is not information-theoretically secure, an attacker can break it to bring all classical and quantum communications under control and relay them to launch a [[man-in-the-middle attack]]).<ref>{{Cite journal\|last1=Pacher\|first1=Christoph\|last2=et\|first2=al.\|date=January 2016\|title=Attacks on quantum key distribution protocols that employ non-ITS authentication\|journal=Quantum Information Processing \|volume=15 \|issue=1 \|pages=327–362 \|doi=10.1007/s11128-015-1160-4 \|arxiv=1209.0365 \|bibcode=2016QuIP...15..327P \|s2cid=254986932 \|url=https://doi.org/10.1007/s11128-015-1160-4}}</ref> Ericsson, a private company, also cites and points out the above problems and then presents a report that it may not be able to support the [[zero trust security model]], which is a recent trend in network security technology.<ref>{{Cite arXiv\|last1=Mattsson\|first1=J. P. \|display-authors=etal \|date=December 2021\|title=Quantum-Resistant Cryptography \|class=cs.CR \|eprint=2112.00399 }}</ref> === Quantum cryptography in education === Quantum cryptography, specifically the BB84 protocol, has become an important topic in physics and computer science education. The challenge of teaching quantum cryptography lies in the technical requirements and the conceptual complexity of quantum mechanics. However, simplified experimental setups for educational purposes are becoming more common,<ref>{{Cite journal \|last1=Bloom \|first1=Yuval \|last2=Fields \|first2=Ilai \|last3=Maslennikov \|first3=Alona \|last4=Rozenman \|first4=Georgi Gary \|title=Quantum Cryptography—A Simplified Undergraduate Experiment and Simulation \|journal=Physics \|volume=4 \|issue=1 \|year=2022 \|pages=104–123 \|doi=10.3390/physics4010009 \|doi-access=free \|bibcode=2022Physi...4..104B }}</ref> allowing undergraduate students to engage with the core principles of quantum key distribution (QKD) without requiring advanced quantum technology. == References == Line 140 ⟶ 144: <!-- ** hidden code of the cite journal reference template because is not working * Cite error: <ref> tag with name "BB84" defined in <references> is not used in prior text; see the help page.; see the [[Help:Cite_errors/Cite_error_references_missing_key\|help page.]] 1:05 pm [[GMT+1\|local time]] ~~1st~~1 ~~december~~December 2010 <ref name="BB84"> {{cite conference Line 156 ⟶ 160: <!-- ** hidden code of the cite journal reference template because is not working * Cite error: <ref> tag with name "wiesner83conjugate" defined in <references> is not used in prior text; see the [[Help:Cite_errors/Cite_error_references_missing_key\|help page.]] 1:01 pm [[GMT+1\|local time]] ~~1st~~1 ~~december~~December 2010 <ref name="wiesner83conjugate"> {{cite journal Line 337 ⟶ 341: <ref name="koenig09noisy">{{Cite journal \|arxiv = 0906.1030\|last1 = Doescher\|first1 = C.\|title = Unconditional security from noisy quantum storage\|journal = IEEE Transactions on Information Theory\|volume = 58\|issue = 3\|pages = 1962–1984\|last2 = Keyl\|first2 = M.\|last3 = Wullschleger\|first3 = Jürg\|year = 2009\|doi = 10.1109/TIT.2011.2177772\|s2cid = 12500084}}</ref> <ref name="kent10first">{{Cite journal \|arxiv = 1008.2147\|last1 = Doescher\|first1 = C.\|title = Quantum Tagging: Authenticating Location via Quantum Information and Relativistic Signalling Constraints\|journal = Physical Review A\|volume = 84\|issue = 1\|pages = 012326\|last2 = Keyl\|first2 = M.\|last3 = Spiller\|first3 = Timothy P.\|year = 2011\|doi = 10.1103/PhysRevA.84.012326\|bibcode = 2011PhRvA..84a2326K\|s2cid = 1042757}}</ref> <ref name="kent06patent"> Line 496 ⟶ 500: \|publisher=NIST \|id=NISTIR 8105 \|access-date=~~July~~ 20, July 2018 \|doi=10.6028/NIST.IR.8105}}</ref>-->