Quantum cryptography: Difference between revisions

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Revision as of 15:37, 28 October 2024 edit HeyCallMeRed (talk \| contribs) 1 edit the second paragraph of the overview of the quantum key distribution article, which is linked in this sentence, answers "how" explicitly. The previous sentence contains a link to the no-cloning theorum article, which answers "how" implicitly in its first sentence. Tags: Mobile edit Mobile web edit ← Previous edit		Revision as of 13:29, 30 August 2025 edit undo James.mafu (talk \| contribs) 70 edits No edit summary Tag: Visual edit Next edit →
(32 intermediate revisions by 13 users not shown)
Line 3: {{Use dmy dates\|date=September 2020}} '''Quantum cryptography''' is the science of exploiting [[Quantum mechanics\|quantum mechanical]] properties such as quantum entanglement, measurement disturbance, no-cloning theorem, and the principle of superposition to perform various [[cryptographic]] tasks.<ref>{{Cite journal\|last1=Gisin\|first1=Nicolas\|last2=Ribordy\|first2=Grégoire\|last3=Tittel\|first3=Wolfgang\|last4=Zbinden\|first4=Hugo\|display-authors=\|year=2002\|title=Quantum cryptography\|url=https://journals.aps.org/rmp/abstract/10.1103/RevModPhys.74.145\|journal=Reviews of Modern Physics\|volume=74\|issue=1\|pages=145–195\|doi=10.1103/RevModPhys.74.145\|arxiv=quant-ph/0101098\|bibcode=2002RvMP...74..145G\|s2cid=6979295}}</ref><ref name=":4">{{Cite journal\|last1=Pirandola\|first1=S.\|last2=Andersen\|first2=U. L.\|last3=Banchi\|first3=L.\|last4=Berta\|first4=M.\|last5=Bunandar\|first5=D.\|last6=Colbeck\|first6=R.\|last7=Englund\|first7=D.\|last8=Gehring\|first8=T.\|last9=Lupo\|first9=C.\|last10=Ottaviani\|first10=C.\|last11=Pereira\|first11=J. L.\|display-authors=et al.\|year=2020\|title=Advances in quantum cryptography\|url=https://www.osapublishing.org/aop/abstract.cfm?uri=aop-12-4-1012\|journal=Advances in Optics and Photonics\|volume=12\|issue=4\|pages=1012–1236\|arxiv=1906.01645\|doi=10.1364/AOP.361502\|bibcode=2020AdOP...12.1012P\|s2cid=174799187}}</ref><ref>{{Cite ~~The~~journal ~~best~~\|last=Renner ~~known~~\|first=Renato ~~example~~\|last2=Wolf \|first2=Ramona \|date=2023 \|title=Quantum Advantage in Cryptography \|url=https://doi.org/10.2514/1.J062267 \|journal=AIAA Journal \|volume=61 \|issue=5 \|pages=1895–1910 \|doi=10.2514/1.J062267 \|issn=0001-1452}}</ref> Historically defined as the practice of encoding messages, a concept now referred to as encryption, cryptography plays a crucial role in the secure processing, storage, and transmission of information across various domains. One aspect of quantum cryptography is [[quantum key distribution]] (QKD), which offers an [[Information-theoretic security\|information-theoretically secure]] solution to the [[key exchange]] problem. The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication. Furthermore, quantum cryptography affords the authentication of messages, which allows the legitimates parties to prove that the messages wre not wiretaped during transmission.<ref>{{Cite journal \|last=Gisin \|first=Nicolas \|last2=Ribordy \|first2=Grégoire \|last3=Tittel \|first3=Wolfgang \|last4=Zbinden \|first4=Hugo \|date=2002-03-08 \|title=Quantum cryptography \|url=https://link.aps.org/doi/10.1103/RevModPhys.74.145 \|journal=Reviews of Modern Physics \|volume=74 \|issue=1 \|pages=145–195 \|doi=10.1103/RevModPhys.74.145}}</ref> For example, in a cryptographic set-up, it is [[No-cloning theorem\|impossible to copy]] with perfect fidelity, the data encoded in a [[quantum state]]. If one attempts to read the encoded data, the quantum state will be changed due to [[wave function collapse]] ([[no-cloning theorem]]). This could be used to detect eavesdropping in [[QKD schemes, or in quantum ~~key~~communication ~~distribution]]~~links and networks. These advantages have significantly influenced the evolution of quantum cryptography, making it practical in today's digital age, where devices are increasingly interconnected and cyberattacks have become more sophisticated. As such quantum cryptography is a critical component in the advancement of a quantum internet, as it establishes robust mechanisms to ensure the long-term privacy and integrity of digital communications and systems.<ref>{{Cite journal \|last=Mitra \|first=Saptarshi \|last2=Jana \|first2=Bappaditya \|last3=Bhattacharya \|first3=Supratim \|last4=Pal \|first4=Prashnatita \|last5=Poray \|first5=Jayanta \|date=November 2017 \|title=Quantum cryptography: Overview, security issues and future challenges \|url=https://ieeexplore.ieee.org/abstract/document/8350006 \|journal=2017 4th International Conference on Opto-Electronics and Applied Optics (~~QKD~~Optronix) \|pages=1–7 \|doi=10.1109/OPTRONIX.2017.8350006}}</ref> == History == In the early 1970s, [[Stephen Wiesner]], then at Columbia University in New York, introduced the concept of quantum conjugate coding. His seminal paper titled "Conjugate Coding" was rejected by the [[IEEE Information Theory Society]] but was eventually published in 1983 in ''[[ACM SIGACT\|SIGACT News]]''.<ref name="ExpQC">{{cite journal\|last1=Bennett\|first1=Charles H.\|display-authors=etal\|title=Experimental quantum cryptography\|journal=Journal of Cryptology\|volume=5\|issue=1\|date=1992\|pages=3–28\|doi=10.1007/bf00191318\|s2cid=206771454\|doi-access=free}}</ref> In this paper he showed how to store or transmit two messages by encoding them in two "conjugate [[observable]]s", such as linear and circular [[Polarization (waves)\|polarization]] of [[photons]],<ref>{{cite journal\|last=Wiesner\|first=Stephen\|title=Conjugate coding\|journal=ACM SIGACT News\|volume=15\|issue=1\|date=1983\|pages=78–88\|doi=10.1145/1008908.1008920\|s2cid=207155055}}</ref> so that either, but not both, properties may be received and decoded. It was not until [[Charles H. Bennett (computer scientist)\|Charles H. Bennett]], of the IBM's [[Thomas J. Watson Research Center]], and [[Gilles Brassard]] met in 1979 at the 20th IEEE Symposium on the Foundations of Computer Science, held in Puerto Rico, that they discovered how to incorporate Wiesner's findings. "The main breakthrough came when we realized that photons were never meant to store information, but rather to transmit it."<ref name="ExpQC" /> In 1984, building upon this work, Bennett and Brassard proposed a method for [[secure communication]], which is now called [[BB84]], the first Quantum Key Distribution system.<ref>{{cite ~~journal\|last1=Bennett~~book\|first1=~~Charles~~C. H. \|~~last2~~last1=~~Brassard~~Bennett \|first2=~~Gilles~~G. \|~~title~~last2=Brassard \|chapter=Quantum cryptography: Public key distribution and coin tossing \|~~journal~~title=Proceedings of ~~IEEE~~the International Conference on Computers, Systems ~~and~~& Signal Processing, Bangalore, India \|volume=~~175~~1 \|~~page~~pages=8175–179 \|~~date~~publisher=IEEE \|year=1984 \|___location=New York }} Reprinted as {{cite journal\|first1=C. H. \|last1=Bennett \|first2=G. \|last2=Brassard \|title=Quantum cryptography: Public key distribution and coin tossing \|journal=Theoretical Computer Science \|series=Theoretical Aspects of Quantum Cryptography – celebrating 30 years of BB84 \|volume=560 \|number=1 \|date=4 December 2014 \|pages=7–11 \|doi=10.1016/j.tcs.2014.05.025 \|doi-access=free\|arxiv=2003.06557 }}</ref><ref>{{Cite web \|date=2023-11-29 \|title=What Is Quantum Cryptography? {{!}} IBM \|url=https://www.ibm.com/topics/quantum-cryptography \|access-date=2024-09-25 \|website=www.ibm.com \|language=en}}</ref> Independently, in 1991 [[Artur Ekert]] proposed to use Bell's inequalities to achieve secure key distribution.<ref>{{cite journal \| last1 = Ekert \| first1 = A \| year = 1991 \| title = Quantum cryptography based on Bell's theorem\| journal = Physical Review Letters \| volume = 67 \| issue = 6 \| pages = 661–663 \| doi = 10.1103/physrevlett.67.661 \| bibcode = 1991PhRvL..67..661E \| pmid = 10044956 \| s2cid = 27683254 }}</ref> Ekert's protocol for the key distribution, as it was subsequently shown by [[Dominic Mayers]] and [[Andrew Yao]], offers device-independent quantum key distribution. Companies that manufacture quantum cryptography systems include [[MagiQ Technologies, Inc.]] (Boston), [[ID Quantique]] (Geneva), [[QuintessenceLabs]] (Canberra, Australia), [[Toshiba]] (Tokyo), [[QNu Labs]] (India) and SeQureNet (Paris). Line 92: == Quantum cryptography beyond key distribution == So far, quantum cryptography has been mainly identified with the development of quantum key distribution protocols. Symmetric cryptosystems with keys that have been distributed by means of quantum key distribution become inefficient for large networks (many users), because of the necessity for the establishment and the manipulation of many pairwise secret keys (the so-called "key-management problem"). Moreover, this distribution alone does not address many other cryptographic tasks and functions, which are of vital importance in everyday life. Kak's three-stage protocol has been proposed as a method for secure communication that is entirely quantum unlike quantum key distribution, in which the cryptographic transformation uses classical algorithms.<ref>{{cite journal\|last1=Thapliyal\|first1=K.\|last2=Pathak\|first2=A.\|title=Kak's three-stage protocol of secure quantum communication revisited\|journal=Quantum Information Processing\|volume=17\|issue=9\|date=2018\|page=229\|doi=10.1007/s11128-018-2001-z\|arxiv=1803.02157\|bibcode=2018QuIP...17..229T\|s2cid=52009384}}</ref> Besides quantum commitment and oblivious transfer (discussed above), research on quantum cryptography beyond key distribution revolves around quantum message authentication,<ref>{{Cite journal\|last1=Nikolopoulos\|first1=Georgios M.\|last2=Fischlin\|first2=Marc\|date=2020\|title=Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources\|journal=Cryptography\|language=en\|volume=4\|issue=4\|pages=31\|doi=10.3390/cryptography4040031\|arxiv=2011.06849\|s2cid=226956062\|doi-access=free}}</ref> quantum digital signatures,<ref>{{Cite arXiv \|eprint = quant-ph/0105032\|last1 = Doescher\|first1 = C.\|title = Quantum Digital Signatures\|last2 = Keyl\|first2 = M.\|year = 2001}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevLett.113.040502\|pmid = 25105603\|title = Realization of Quantum Digital Signatures without the Requirement of Quantum Memory\|journal = Physical Review Letters\|volume = 113\|issue = 4\|pages = 040502\|year = 2014\|last1 = Collins\|first1 = Robert J.\|last2 = Donaldson\|first2 = Ross J.\|last3 = Dunjko\|first3 = Vedran\|last4 = Wallden\|first4 = Petros\|last5 = Clarke\|first5 = Patrick J.\|last6 = Andersson\|first6 = Erika\|last7 = Jeffers\|first7 = John\|last8 = Buller\|first8 = Gerald S.\|arxiv = 1311.5760\|bibcode = 2014PhRvL.113d0502C\|s2cid = 23925266}}</ref> quantum one-way functions and public-key encryption,<ref>{{Cite journal \|arxiv=quant-ph/0403069\| doi = 10.1007/s00145-011-9103-4\|title = Computational Indistinguishability Between Quantum States and its Cryptographic Application\|journal = Journal of Cryptology\|volume = 25\|issue = 3\|pages = 528–555\|year = 2011\|last1 = Kawachi\|first1 = Akinori\|last2 = Koshiba\|first2 = Takeshi\|last3 = Nishimura\|first3 = Harumichi\|last4 = Yamakami\|first4 = Tomoyuki\|citeseerx = 10.1.1.251.6055\|s2cid = 6340239}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevLett.84.2030\|pmid = 11017688\|title = Cryptographical Properties of Ising Spin Systems\|journal = Physical Review Letters\|volume = 84\|issue = 9\|pages = 2030–2033\|year = 2000\|last1 = Kabashima\|first1 = Yoshiyuki\|last2 = Murayama\|first2 = Tatsuto\|last3 = Saad\|first3 = David\|arxiv = cond-mat/0002129\|bibcode = 2000PhRvL..84.2030K\|s2cid = 12883829}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevA.77.032348\|title = Applications of single-qubit rotations in quantum public-key cryptography\|journal = Physical Review A\|volume = 77\|issue = 3\|pages = 032348\|year = 2008\|last1 = Nikolopoulos\|first1 = Georgios M.\|arxiv = 0801.2840\|bibcode = 2008PhRvA..77c2348N\|s2cid = 119097757}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevA.79.042327\|title = Deterministic quantum-public-key encryption: Forward search attack and randomization\|journal = Physical Review A\|volume = 79\|issue = 4\|pages = 042327\|year = 2009\|last1 = Nikolopoulos\|first1 = Georgios M.\|last2 = Ioannou\|first2 = Lawrence M.\|arxiv = 0903.4744\|bibcode = 2009PhRvA..79d2327N\|s2cid = 118425296}}</ref><ref>{{Cite journal \|doi = 10.1103/PhysRevA.85.022342\|title = Symmetries and security of a quantum-public-key encryption based on single-qubit rotations\|journal = Physical Review A\|volume = 85\|issue = 2\|pages = 022342\|year = 2012\|last1 = Seyfarth\|first1 = U.\|last2 = Nikolopoulos\|first2 = G. M.\|last3 = Alber\|first3 = G.\|arxiv = 1202.3921\|bibcode = 2012PhRvA..85b2342S\|s2cid = 59467718}}</ref><ref>{{Cite journal\|last1=Nikolopoulos\|first1=Georgios M.\|last2=Brougham\|first2=Thomas\|date=2016-07-11\|title=Decision and function problems based on boson sampling\|url=https://link.aps.org/doi/10.1103/PhysRevA.94.012315\|journal=Physical Review A\|volume=94\|issue=1\|pages=012315\|doi=10.1103/PhysRevA.94.012315\|arxiv=1607.02987\|bibcode=2016PhRvA..94a2315N\|s2cid=5311008}}</ref><ref>{{Cite journal\|last=Nikolopoulos\|first=Georgios M.\|date=2019-07-13\|title=Cryptographic one-way function based on boson sampling\|url=https://doi.org/10.1007/s11128-019-2372-9\|journal=Quantum Information Processing\|language=en\|volume=18\|issue=8\|pages=259\|doi=10.1007/s11128-019-2372-9\|arxiv=1907.01788\|bibcode=2019QuIP...18..259N\|s2cid=195791867\|issn=1573-1332}}</ref> quantum key-exchange,<ref>{{Cite journal \|last=Nikolopoulos \|first=Georgios M. \|date=2025-01-16 \|title=Quantum Diffie–Hellman key exchange \|journal=APL Quantum \|volume=2 \|issue=1 \|pages=016107 \|doi=10.1063/5.0242473 \|issn=2835-0103\|doi-access=free \|arxiv=2501.09568 }}</ref> quantum fingerprinting<ref>{{Cite journal \|doi = 10.1103/PhysRevLett.87.167902\|pmid = 11690244\|title = Quantum Fingerprinting\|journal = Physical Review Letters\|volume = 87\|issue = 16\|pages = 167902\|year = 2001\|last1 = Buhrman\|first1 = Harry\|last2 = Cleve\|first2 = Richard\|last3 = Watrous\|first3 = John\|last4 = De Wolf\|first4 = Ronald\|arxiv = quant-ph/0102001\|bibcode = 2001PhRvL..87p7902B\|s2cid = 1096490}}</ref> and entity authentication<ref>{{Cite journal\|last1=Nikolopoulos\|first1=Georgios M.\|last2=Diamanti\|first2=Eleni\|date=2017-04-10\|title=Continuous-variable quantum authentication of physical unclonable keys\|url= \|journal=Scientific Reports\|language=en\|volume=7\|issue=1\|pages=46047\|doi=10.1038/srep46047\|pmid=28393853\|pmc=5385567\|arxiv=1704.06146\|bibcode=2017NatSR...746047N\|issn=2045-2322}}</ref><ref>{{Cite journal\|last=Nikolopoulos\|first=Georgios M.\|date=2018-01-22\|title=Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack\|url=https://link.aps.org/doi/10.1103/PhysRevA.97.012324\|journal=Physical Review A\|volume=97\|issue=1\|pages=012324\|doi=10.1103/PhysRevA.97.012324\|arxiv=1801.07434\|bibcode=2018PhRvA..97a2324N\|s2cid=119486945}}</ref><ref>{{Cite journal\|last1=Fladung\|first1=Lukas\|last2=Nikolopoulos\|first2=Georgios M.\|last3=Alber\|first3=Gernot\|last4=Fischlin\|first4=Marc\|date=2019\|title=Intercept-Resend Emulation Attacks against a Continuous-Variable Quantum Authentication Protocol with Physical Unclonable Keys\|journal=Cryptography\|language=en\|volume=3\|issue=4\|pages=25\|doi=10.3390/cryptography3040025\|arxiv=1910.11579\|s2cid=204901444\|doi-access=free}}</ref> (for example, see [[Quantum readout of PUFs]]), etc. == Y-00 protocol == Line 100: The review paper summarizes it well.<ref name="doi.org">{{Cite book\|last1=Verma\|first1=Pramode K.\|last2=El Rifai\|first2=Mayssaa\|last3=Chan\|first3=K. W. Clifford\|title=Multi-photon Quantum Secure Communication \|date=2018-08-19\|chapter=Secure Communication Based on Quantum Noise\|series=Signals and Communication Technology \|pages=85–95 \|doi=10.1007/978-981-10-8618-2_4 \|isbn=978-981-10-8617-5 \|s2cid=56788374 \|chapter-url=https://doi.org/10.1007/978-981-10-8618-2_4}}</ref> Unlike quantum key distribution protocols, the main purpose of Y-00 is to transmit a message without eavesdrop-monitoring, not to distribute a key. Therefore, [[privacy amplification]] may be used only for key distributions.<ref name="Takehisa 23417–23426">{{Cite journal\|last=Takehisa\|first=Iwakoshi\|date=2020-01-27\|title=Analysis of Y00 Protocol Under Quantum Generalization of a Fast Correlation Attack: Toward Information-Theoretic Security\|journal=IEEE Access \|volume=8 \|pages=23417–23426 \|doi=10.1109/ACCESS.2020.2969455 \|s2cid=210966407 \|url=https://doi.org/10.1109/ACCESS.2020.2969455\|arxiv=2001.11150\|bibcode=2020IEEEA...823417I }}</ref> Currently, research is being conducted mainly in Japan and China: e.g.<ref>{{Cite journal\|last1=Hirota\|first1=Osamu \|display-authors=etal \|date=2010-09-01\|title=Getting around the Shannon limit of cryptography\|journal=SPIE Newsroom \|doi=10.1117/2.1201008.003069 \|url=https://doi.org/10.1117/2.1201008.003069\|url-access=subscription}}</ref><ref>{{Cite journal\|last1=Quan\|first1=Yu \|display-authors=etal \|date=2020-03-30\|title=Secure 100Gb/s IMDD transmission over 100 km SSMF enabled by quantum noise stream cipher and sparse RLS-Volterra equalizer\|journal=IEEE Access \|volume=8 \|pages=63585–63594 \|doi=10.1109/ACCESS.2020.2984330 \|s2cid=215816092 \|doi-access=free\|bibcode=2020IEEEA...863585Y }}</ref> The principle of operation is as follows. First, legitimate users share a key and change it to a pseudo-random keystream using the same pseudo-random number generator. Then, the legitimate parties can perform conventional optical communications based on the shared key by transforming it appropriately. For attackers who do not share the key, the wire-tap channel model of [[Aaron D. Wyner]] is implemented. The legitimate users' advantage based on the shared key is called "advantage creation". The goal is to achieve longer covert communication than the [[information-theoretic security]] limit ([[one-time pad]]) set by Shannon.<ref>{{Cite journal\|last=Wyner\|first=A. D.\|date=October 1975\|title=The Wire-Tap Channel\|journal=Bell System Technical Journal \|volume=54 \|issue=8 \|pages=1355–1387 \|doi=10.1002/j.1538-7305.1975.tb02040.x \|s2cid=21512925 \|url=https://doi.org/10.1002/j.1538-7305.1975.tb02040.x\|url-access=subscription }}</ref> The source of the noise in the above wire-tap channel is the uncertainty principle of the electromagnetic field itself, which is a theoretical consequence of the theory of laser described by [[Roy J. Glauber]] and [[E. C. George Sudarshan]] ([[coherent state]]).<ref>{{Cite journal\|last=Roy J. \|first=Glauber\|date=1963-06-15\|title=The Quantum Theory of Optical Coherence\|journal=Physical Review \|volume=130 \|issue=6 \|pages=2529–2539 \|doi=10.1103/PhysRev.130.2529 \|bibcode=1963PhRv..130.2529G \|doi-access=free }}</ref><ref>{{Cite journal\|last=E. C. G. \|first=Sudarshan\|date=1963-04-01\|title=Equivalence of Semiclassical and Quantum Mechanical Descriptions of Statistical Light Beams\|journal=Physical Review Letters \|volume=10 \|issue=7 \|pages=277–279 \|doi=10.1103/PhysRevLett.10.277 \|bibcode=1963PhRvL..10..277S \|url=https://doi.org/10.1103/PhysRevLett.10.277\|url-access=subscription }}</ref><ref>{{Cite book\|last1=Walls\|first1=D. F.\|last2=Milburn\|first2=G. J.\|date=January 2008\|title=Quantum optics\|publisher=Springer \|isbn=9783540285731 \|url=https://books.google.com/books?id=LiWsc3Nlf0kC}}</ref> Therefore, existing optical communication technologies are sufficient for implementation that some reviews describes: e.g.<ref name="doi.org"/> Furthermore, since it uses ordinary communication laser light, it is compatible with existing communication infrastructure and can be used for high-speed and long-distance communication and routing.<ref>{{Cite journal\|last1=Hirota\|first1=Osamu \|display-authors=etal \|date=2005-08-26\|title=Quantum stream cipher by the Yuen 2000 protocol: Design and experiment by an intensity-modulation scheme\|journal=Physical Review A \|volume=72 \|issue=2 \|page=022335 \|doi=10.1103/PhysRevA.72.022335 \|arxiv=quant-ph/0507043 \|bibcode=2005PhRvA..72b2335H \|s2cid=118937168 \|url=https://doi.org/10.1103/PhysRevA.72.022335}}</ref> <ref>{{Cite journal\|last1=Yoshida\|first1=Masato \|display-authors=etal \|date=2021-02-15\|title=10 Tbit/s QAM Quantum Noise Stream Cipher Coherent Transmission Over 160 Km\|journal=Journal of Lightwave Technology \|volume=39 \|issue=4 \|pages=1056–1063 \|doi=10.1109/JLT.2020.3016693 \|bibcode=2021JLwT...39.1056Y \|s2cid=225383926 \|url=https://doi.org/10.1109/JLT.2020.3016693\|url-access=subscription }}</ref> <ref>{{Cite book\|last1=Futami\|first1=Fumio \|display-authors=etal \|title=Optical Fiber Communication Conference \|date=March 2018\|chapter=Dynamic Routing of Y-00 Quantum Stream Cipher in Field-Deployed Dynamic Optical Path Network\|pages=Tu2G.5 \|doi=10.1364/OFC.2018.Tu2G.5 \|isbn=978-1-943580-38-5 \|s2cid=49185664 \|chapter-url=https://doi.org/10.1364/OFC.2018.Tu2G.5}}</ref> <ref>{{Cite book\|last1=Tanizawa\|first1=Ken\|last2=Futami\|first2=Fumio\|date=2020\|title=Security-Enhanced 10,118-km Single-Channel 40-Gbit/s Transmission Using PSK Y-00 Quantum Stream Cipher\|pages=1–4 \|doi=10.1109/ECOC48923.2020.9333304 \|isbn=978-1-7281-7361-0 \|s2cid=231852229 \|url=https://doi.org/10.1109/ECOC48923.2020.9333304}}</ref> Line 112: Although the main purpose of the protocol is to transmit the message, key distribution is possible by simply replacing the message with a key.<ref>{{Cite journal\|last=Yuen\|first=Horace P.\|date=November 2009\|title=Key Generation: Foundations and a New Quantum Approach\|journal=IEEE Journal of Selected Topics in Quantum Electronics \|volume=15 \|issue=6 \|pages=1630–1645 \|doi=10.1109/JSTQE.2009.2025698 \|arxiv=0906.5241 \|bibcode=2009IJSTQ..15.1630Y \|s2cid=867791 \|url=https://doi.org/10.1109/JSTQE.2009.2025698}}</ref><ref name="Takehisa 23417–23426"/> Since it is a symmetric key cipher, it must share the initial key previously; however, a method of the initial key agreement was also proposed.<ref>{{Cite journal\|last=Iwakoshi\|first=Takehisa \|date=2019-06-05\|title=Message-Falsification Prevention With Small Quantum Mask in Quaternary Y00 Protocol\|journal=IEEE Access \|volume=7 \|pages=74482–74489 \|doi=10.1109/ACCESS.2019.2921023 \|s2cid=195225370 \|doi-access=free \|bibcode=2019IEEEA...774482I }}</ref> On the other hand, it is currently unclear what implementation realizes [[information-theoretic security]], and security of this protocol has long been a matter of debate.<ref>{{Cite journal\|last1=Nishioka\|first1=Tsuyoshi \|display-authors=etal \|date=2004-06-21\|title=How much security does Y-00 protocol provide us?\|journal=Physics Letters A \|volume=327 \|issue=1 \|pages=28–32 \|doi=10.1016/j.physleta.2004.04.083 \|arxiv=quant-ph/0310168 \|bibcode=2004PhLA..327...28N \|s2cid=119069709 \|url=https://doi.org/10.1016/j.physleta.2004.04.083}}</ref><ref>{{Cite journal\|last1=Yuen \|first1=Horace P. \|display-authors=etal \|date=2005-10-10\|title=Comment on:'How much security does Y-00 protocol provide us?'[Phys. Lett. A 327 (2004) 28]\|journal=Physics Letters A \|volume=346 \|issue=1–3 \|pages=1–6 \|doi=10.1016/j.physleta.2005.08.022 \|bibcode=2005PhLA..346....1Y \|url=https://doi.org/10.1016/j.physleta.2005.08.022\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Nishioka\|first1=Tsuyoshi \|display-authors=etal \|date=2005-10-10\|title=Reply to:"Comment on:'How much security does Y-00 protocol provide us?'" [Phys. Lett. A 346 (2005) 1]\|journal=Physics Letters A \|volume=346 \|issue=1–3 \|doi=10.1016/j.physleta.2005.08.022 \|bibcode=2005PhLA..346....1Y \|url=https://doi.org/10.1016/j.physleta.2005.08.022\|url-access=subscription }}</ref><ref>{{Cite arXiv\|last1=Nair\|first1=Ranjith \|display-authors=etal \|date=2005-09-13\|title=Reply to:'Reply to:"Comment on:'How much security does Y-00 protocol provide us?'"'\|eprint=quant-ph/0509092 }}</ref><ref>{{Cite journal\|last1=Donnet\|first1=Stéphane \|display-authors=etal \|date=2006-08-21\|title=Security of Y-00 under heterodyne measurement and fast correlation attack\|journal=Physics Letters A \|volume=356 \|issue=6 \|pages=406–410 \|doi=10.1016/j.physleta.2006.04.002 \|bibcode=2006PhLA..356..406D \|url=https://doi.org/10.1016/j.physleta.2006.04.002\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Yuen\|first1=Horace P. \|display-authors=etal \|date=2007-04-23\|title=On the security of Y-00 under fast correlation and other attacks on the key\|journal=Physics Letters A \|volume=364 \|issue=2 \|pages=112–116 \|doi=10.1016/j.physleta.2006.12.033 \|arxiv=quant-ph/0608028 \|bibcode=2007PhLA..364..112Y \|s2cid=7824483 \|url=https://doi.org/10.1016/j.physleta.2006.12.033}}</ref><ref>{{Cite journal\|last=Mihaljević\|first=Miodrag J.\|date=2007-05-24\|title=Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach\|journal=Physical Review A \|volume=75 \|issue=5 \|page=052334 \|doi=10.1103/PhysRevA.75.052334 \|bibcode=2007PhRvA..75e2334M \|url=https://doi.org/10.1103/PhysRevA.75.052334\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Shimizu\|first1=Tetsuya \|display-authors=etal \|date=2008-03-27\|title=Running key mapping in a quantum stream cipher by the Yuen 2000 protocol\|journal=Physical Review A \|volume=77 \|issue=3 \|page=034305 \|doi=10.1103/PhysRevA.77.034305 \|bibcode=2008PhRvA..77c4305S \|url=https://doi.org/10.1103/PhysRevA.77.034305\|url-access=subscription }}</ref><ref>{{Cite journal\|last1=Tregubov\|first1=P. A.\|last2=Trushechkin\|first2=A. S.\|date=2020-11-21\|title=Quantum Stream Ciphers: Impossibility of Unconditionally Strong Algorithms\|journal= Journal of Mathematical Sciences\|volume=252\|pages=90–103\|doi=10.1007/s10958-020-05144-x\|s2cid=254745640 }}</ref><ref>{{Cite journal\|last=Iwakoshi\|first=Takehisa\|date=February 2021\|title=Security Evaluation of Y00 Protocol Based on Time-Translational Symmetry Under Quantum Collective Known-Plaintext Attacks\|journal=IEEE Access \|volume=9 \|pages=31608–31617 \|doi=10.1109/ACCESS.2021.3056494 \|s2cid=232072394 \|doi-access=free\|bibcode=2021IEEEA...931608I }}</ref> == Implementation in practice == Line 118: === Single-photon source assumption === The theoretical basis for quantum key distribution assumes the use of single-photon sources. However, such sources are difficult to construct, and most real-world quantum cryptography systems use faint laser sources as a medium for information transfer.<ref name=":12" /> These multi-photon sources open the possibility for eavesdropper attacks, particularly a photon splitting attack.<ref name=":22">{{Cite journal\|last=Lo\|first=Hoi-Kwong\|title=Decoy State Quantum Key Distribution\|date=2005-10-22\|url=http://dx.doi.org/10.1142/9789812701633_0013\|journal=Quantum Information Science\|publisher=WORLD SCIENTIFIC\|volume=94\|issue=23\|page=143\|doi=10.1142/9789812701633_0013\|pmid=16090452\|bibcode=2005qis..conf..143L\|isbn=978-981-256-460-3\|arxiv=quant-ph/0411004}}</ref> An eavesdropper, Eve, can split the multi-photon source and retain one copy for herself.<ref name=":22" /> The other photons are then transmitted to Bob without any measurement or trace that Eve captured a copy of the data.<ref name=":22" /> Scientists believe they can retain security with a multi-photon source by using decoy states that test for the presence of an eavesdropper.<ref name=":22" /> However, in 2016, scientists developed a near perfect single photon source and estimate that one could be developed in the near future.<ref>{{Cite journal\|last1=Reimer\|first1=Michael E.\|last2=Cher\|first2=Catherine\|date=November 2019\|title=The quest for a perfect single-photon source\|url=https://www.nature.com/articles/s41566-019-0544-x\|journal=Nature Photonics\|language=en\|volume=13\|issue=11\|pages=734–736\|doi=10.1038/s41566-019-0544-x\|bibcode=2019NaPho..13..734R\|s2cid=209939102\|issn=1749-4893\|url-access=subscription}}</ref> === Identical detector efficiency assumption === Line 124: === Deprecation of quantum key distributions from governmental institutions === Because of the practical problems with quantum key distribution, some governmental organizations recommend the use of post-quantum cryptography (quantum resistant cryptography) instead. For example, the US [[National Security Agency]],<ref name="NSA">{{cite web \|title=Quantum Key Distribution (QKD) and Quantum Cryptography (QC) \|url=https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/ \|publisher=[[National Security Agency]] \|access-date=16 July 2022}} {{PD-notice}}</ref> [[European Union Agency for Cybersecurity]] of EU (ENISA),<ref>Post-Quantum Cryptography: Current state and quantum mitigation, Section 6 "Conclusion" [https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation]</ref> UK's [[National Cyber Security Centre (United Kingdom)\|National Cyber Security Centre]],<ref>[https://www.ncsc.gov.uk/whitepaper/quantum-security-technologies Quantum security technologies]</ref> French Secretariat for Defense and Security (ANSSI),<ref>[https://cyber.gouv.fr/en/publications/should-quantum-key-distribution-be-used-secure-communications/ Should Quantum Key Distribution be Used for Secure Communications?]</ref> and German Federal Office for Information Security (BSI)<ref>{{cite web \| url=https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/Quantenkryptografie/quantenkryptografie.html \| title=Quantum Cryptography }}</ref> recommend post-quantum cryptography. For example, the US National Security Agency addresses five issues:<ref name="NSA" /> Line 136: Ericsson, a private company, also cites and points out the above problems and then presents a report that it may not be able to support the [[zero trust security model]], which is a recent trend in network security technology.<ref>{{Cite arXiv\|last1=Mattsson\|first1=J. P. \|display-authors=etal \|date=December 2021\|title=Quantum-Resistant Cryptography \|class=cs.CR \|eprint=2112.00399 }}</ref> === Quantum ~~Cryptography~~cryptography in ~~Education~~education === Quantum cryptography, specifically the BB84 protocol, has become an important topic in physics and computer science education. The challenge of teaching quantum cryptography lies in the technical requirements and the conceptual complexity of quantum mechanics. However, simplified experimental setups for educational purposes are becoming more common ,<ref>{{Cite journal \|last1=Bloom \|first1=Yuval \|last2=Fields \|first2=Ilai \|last3=Maslennikov \|first3=Alona \|last4=Rozenman \|first4=Georgi Gary \|title=Quantum Cryptography—A Simplified Undergraduate Experiment and Simulation \|journal=Physics \|volume=4 \|issue=1 \|year=2022 \|pages=104–123 \|doi=10.3390/physics4010009 \|doi-access=free \|bibcode=2022Physi...4..104B }}</ref> allowing undergraduate students to engage with the core principles of quantum key distribution (QKD) without requiring advanced quantum technology. ~~, allowing undergraduate students to engage with the core principles of quantum key distribution (QKD) without requiring advanced quantum technology.~~ == References ==