A Seminar Report On

QUANTUM CRYPTOGRAPHY
Submitted by

Vikram Chandra Raushan

In partial fulfillment for the award of the degree
Of

B.Tech in Instrumentation
At

Department of Instrumentation Cochin University of Science and Technology (CUSAT) Kochi-682022, Kerala 2011

CONTENTS
1. INTRODUCTION....................................................... ...............................3
1.1 1.2 INTRODUCTION TO CLASSICAL AND QUANTUM CRYPTOGRAPHY INTRODUCTION TO QUANTUM COMPUTER ....................................4
1.2.1 POTENTIAL OF QUANTUM COMPUTERS .....................................5

2. HISTORY...................................................................................................8 2.1 HISTORY OF CRYPTOGRAPHY..........................................................8 2.2 HISTORY OF QUANTUM CRYPTOGRAPHY.......................................9 3. CLASSICAL CRYPTOGRAPHY...........................................................11 3.1 SECRET KEY ENCRYPTION.............................................................11 3.1.1 ONE-TIME PAD.......................................................................12 3.2 PUBLIC KEY ENCRYPTION.............................................................14 3.2.1 RSA ALGORITHM ....................................................................14 3.3 LIMITATIONS..................................................................................16 4. QUANTUM CRYPTOGRAPHY............................................................18 4.1 QUBIT........................................................................... ..................18 4.2 QUBIT REPRESENTATION.......................................... .....................18 4.3 FUNDAMENTALS............................................................................19 4.4 UNCONDITIONAL SECURITY CRITERION.......................................21 4.5 QUANTUM-KEY DISTRIBUTION.....................................................22 4.5.1 UNCERTAINTY .......................................................................22 4.5.2 ENANGLEMENT ......................................................................23 4.5.3 BB84 PROTOCOL .....................................................................23 4.5.4 EKERT PROTOCOL ..................................................................25 5. QUANTUM BIT COMMITMENT PROTOCOL...................................27 5.1 BB84 QUANTUM BIT COMMITMENT PROTOCOL ...........................28 5.1.1 THE COMMIT PROCEDURE ......................................................28 5.1.2 THE UNVEIL PROCEDURE ........................................................29 6. OUTLOOKS.............................................................. ..............................30 6.1 OTHER QUANTUM KEY DISTRIBUTION PROTOCOLS ....................30 6.2 EXPERIMENTAL STATUS ................................................................30 6.3 CURRENT CHALLENGES.................................................................31 7. CONCLUSIONS & FUTURE SCOPE....................................................33 8. REFERENCES........................................................... ..............................34

Department of Instrumentation (CUSAT)

Page 2

1. Introduction
1.1 Introduction to Classical And Quantum Cryptography

Cryptography is the science related to transmit information such that access to it is restricted entirely to the intended recipient, even if the transmission itself is received by others. This science of code making is of increasing importance with the advent of broadcast and network Communication, such as electronic transactions, the Internet, e-mail, and cell phones, where sensitive monetary, business, political, and personal communications are transmitted over public channels. An algorithm, which is called a cipher in this context, scrambles or encrypts the original message known as plain text via some rule such that restoring the original message is hard and almost impossible without knowledge of the secret key. This scrambled message is called the cipher text or crypto text. The cipher text is transmitted, and the receiver (who possesses the secret key) can easily recover the message by unscrambling or decrypting the transmission message. In cryptography, the security depends on keeping the encryption and decryption algorithms secret. Today, however we use ciphers i n which these algorithms could be revealed to anybody without compromising the security. In such ciphers, a set of specific parameters, called a key, is used together with the plain text and crypto text as an input to the encrypting and decrypting algorithm respectively. The security of the cryptogram depends entirely on the secrecy of the key. The key should be first distributed through some secure and reliable channel. However, any classical key distribution can in principle be monitored, without the legitimate users realizing that any eavesdropping has taken place. Public key cryptography (PKC) avoids the key distribution problem by exploiting the fact that certain mathematical operations are easier to do in one direction than the other. The most popular public key cryptosystem, RSA (Rivest-Shamir-Adleman) gets its security from the difficulty of factoring large numbers. If ever mathematicians or computer scientists come up with fast and clever procedures for these mathematical operations then the whole privacy of widespread cryptosystems could vanish overnight. Recent work in quantum computation suggests that in principle quantum computers might factorize huge
Department of Instrumentation (CUSAT) Page 3

integers in practical times, which could jeopardize the secrecy of many modern cryptographic techniques. But quantum cryptography promises to revolutionize secure communication at an even more fundamental level. The security of quantum cryptography relies on the laws of physics, in contrast to traditional public key cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security. Quantum cryptographic devices typically employ individual photons of light and take advantage of Heisenberg's uncer tainty principle, according to which measuring a quantum system in general disturbs it and yields incomplete information about its state before the measurement. Eavesdropping on a quantum communications channel therefore causes an unavoidable disturbance, alerting the legitimate users. If the level of eavesdropping is below a certain threshold a key can be produced which is guaranteed as secure, otherwise no secure is possible and communication is aborted. Quantum cryptography is only used to produce and d istribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt and decrypt a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD (Quantum Key Distribution) is the one-time pad, as it is provably secure when used with a secret, random key.
1.2 Introduction to Quantum Computer

Where a classical computer obeys the well understood laws of classical physics, a quantum computer harnesses physical phenomenon unique to quantum mechanics (especially quantum interference) to realize a fundamentally new mode of information processing. In a quantum computer, the fundamental unit of information (called a quantum bit or qubit), can exist not only in a state corresponding to the logical state 0 or 1 as in a classical bit, but also in states corresponding to superposition of these classical states, with a numerical coefficient representing the probability for each state. In general a quantum computer with n qubits can be in an arbitrary superposition of up to  different states simultaneously (comparing to a normal computer that c an only be in one of these states at any one time). For example, a 300-qubit quantum computer has a state described by (approximately ) complex numbers, more than the number of atoms in the observable universe. A quantum
Department of Instrumentation (CUSAT) Page 4

computer operates by man ipulating those qubits with a fixed sequence of quantum logic gates. The sequence of gates to be applied is called a quantum algorithm. A quantum computer looks like this, taking producing output qubits, the register :
input qubits, the register  , and

F is the function (mathematical or logical) to operate on qubits. The input register can be prepared as a superposition of all 0 to states.The computer then calculates in parallel the function applied to all integers simultaneously. For real problems, arrange so the probability amplitudes of the output state strongly favour the desired output from  . Quantum computers are like huge multidimensiona l arrays of slits that generate interference patterns in the wave functions. Design the array right, and the pattern solves your problem. A quantum computer is probabilistic: we may need to run it multiple times before we get the answer we want. It is able to solve certain problems much faster than any classical computer. Both practical and theoretical research continues, and many national government and military funding agencies support quantum computing research to develop quantum computers for both civilian and national security purposes, such as cryptanalysis.
1.2.1 Potential of Quantum Computers

The biggest success so farand the event which ignited the current explosive growth of the field of quantum computing was Peter Shors 1994 discovery of an efficient quantum algorithm for finding the prime factors (factoring) of large integers. By making clever use of superposition, interference, quantum parallelism, and some classical number theory, Shors algorithm finds a factor of a number in
Department of Instrumentation (CUSAT) Page 5

time roughly the square of the length of the input (which is  bits). In contrast, every known classical algorithm requires exponential time to factor. Since factoring is one of the most elementary aspects of number theory, the oldest mathematical discipline, and centuries of efforts by the greatest mathematicians have not yielded better methods, it is widely believed that such better methods either do not exist or are prohibitively difficult to find. In fact, this belief underlies most of current public-key cryptography, notably the RSA system, ubiquitously used on the Internet and in the financial world. Such crypto-systems can be broken if one can factor large numbers fast. Accordingly, the advent of quantum computi ng compromises all such systems  if a quantum computer can be built, then most of current crypto graphy becomes totally insecure, and, for example, electronic money can be forged. What quantum computing takes away with one hand (classical public -key crypto), it gives back in another form with the other (quantum secret -key crypto).In 1984, Bennett and Brassard found a scheme which allowed two distant parties to obtain a shared secret key via quantum mechanical communication. Their scheme was always believed to be fully secure against any type of spy or eavesdropper, and recently this has indeed been fo rmally proven. On the other hand, some other parts of electronic transactions, like unforgeable signatures, appear to be beyond the power of quantum methods. A third application is Grover's 1996 algorithm fo r searching databases. Consider finding some specific record in a large unordered database of N items. Classically, there is no smarter method than just to go through all records sequentially, which will require expected times steps for a record in general position. Grover's algorithm, however, uses quantum superposition to examine all records at the same time , and finds the desired record in roughly steps. Examining  records with unit microsecond probes, this is the difference between about two months of computing and one second of computing. His algorithm also allows solving the widespread and notoriously hard NP-complete problems (such as the travelling salesman problem) quadratically faster than known classical me thodsreducing say exponential time with exponent to exponential time with exponent    . A fourth application was initially conceived and primarily developed in collaboration with the CWI (Centrum voor Wiskunde en Informatica, University of Amsterdam) group. It deals with the setting where two separated
Department of Instrumentation (CUSAT) Page 6

parties, Alice and Bob, want to compute some function (only known to Alice) and (only known to Bob).

depending on

A simple scheme would be for Alice to send her to Bob and then let Bob do all the work by himself, but this may take a lot of bits of communication and often there are much more clever schemes requiring less communication. The field of communication complexity examines the optimal number of bits that have to be communicated in order to compute the function at hand. What happens if we generalize this setting to the quantum world and allow Alice and Bob the use of quantum computers and qubit -communication? It turns out that some tasks can be solved with significantly less communication if we allow such quantization. We have obtained similar advantages by sticking to classical communication, but allowing Alice and B ob the use of preestablished entangled qubits. Both approaches beat the limits provable for just classical communication. The above developments suggested the vision that all computation can be enormously speeded up by quantum computers. But not so! CWI's researchers obtained strong and general limitations of quantum computers as well. Grover's algorithm is quadratically faster than classical search algorithms. It was already known that such a quadratic speed -up is the best quantum computers can achieve for searching a database, so exponential speed -ups cannot be obtained for this problem. CWI-researchers recently showed that the same holds for all problems in the database-setting of Grover's algorithm: for all such problems, quantum computers can be at most polynomially faster than classical computers. Limiting results like the above, of course, do not preclude exponential speedups in different settings, like Shors, or a clever future setting as yet unknown. Exploring this potential of quantum computation remains an exciting and important task for computer scientists and physicists alike.

Department of Instrumentation (CUSAT)

Page 7

2. Hi
2. Hi The art of cryptography began at least 2,500 years ago and has played an i portant role in history ever since. The pri ary motivating factor behind cryptography development and research has been to keep military communications secret from the enemy. Julius Caesar used an early substitution cipher, which now bears his name, for communication with his generals. The Caesar cipher used a shift of three places along in the alphabet to convert a plain text letter to a cipher text one, so A enciphered to D, B to E and so on.

Pla n Text

C pher Text

Fi .2. .Ceaser Ci

er.

Cryptanalysis, the art of code-breaking, has developed as a science parallel to cryptography. The simple substitution cipher was now no longer as secure as it once had been due to a widely-used cryptanalysis techni ue known as frequency analysis. Code-breakers, when given a large enough piece of cipher text, would detail the frequency with which each letter occurred. Using this information, and bearing in mind the frequency with which letters normally occur in standard written English (E is most common, followed by T, then A etc.) it is possible for the cryptanalyst to make tentative guesses as to which letters in the cipher text equate to which in the plaintext. It is quickly apparent whether these guesses are accurate and using knowledge of other linguistic characteristics of English (U always comes after Q for example) the substitution cipher can be relatively easily unravelled. Perhaps one of the most famous cryptograms, the Zimmerman Note1propelled the U.S. into orld ar I when the cryptogram was broken in 1917.Around this time Gilbert S. Vernam of American Telephone and Telegraph Company
The telegram was sent by German Foreign Minister Arthur Zimmerman to the German embassy in Mexico, and promised US territory to Mexico if they allied with Germany.
1

Depa t ent f Inst

entat n (C

h ft of Th ee places along alphabets



Pa e 8

and Major Joseph o. Mauborgne of the U.S. Army Signal Corps developed the first truly unbreakable code called the Vernam cipher. One distinctive feature of the code is its need for a key as long as the message is being transmitted and is never reused to send another message. (The Vernam cipher is also known as the one-time pad from the practice of furnishing the key to spies in the form of a tear-off pad, each sheet of which was to be used once and then carefully destroyed.)The discovery of the Vernam cipher did not create much of a stir at the time, probably because the cipher's unbreakability was not definitively proved until later and because its massive key requirements made it impractical for general use. Because of this limitation, soldiers and diplomats continued to rely on weaker ciphers using shorter keys. Academic interest in cryptology grew more intense in the mid-1970s, when Whitfield Diffie, Martin E. Hellman and Ralph C. Merkle, then at Stanford University, discovered the principle of public key cryptography (PKC). Soon afterward, in 1977, Ronald L. Rivest, Adi Shamir and Leonard M. Adleman, then at the Massachusetts Institute of Technology, devised a practical implementation the RSA algorithm.
2.2 History of Quantum Cryptography

Several years before the discovery of public -key cryptography, another striking development had quietly taken place the union of cryptography with quantum mechanics. Around 1970 Stephen J. Wiesner, then at Columbia University, wrote a paper entitled Conjugate Coding, explaining how quantum physics could be used, at least in principle, to accomplish two tasks that were impossible from the perspective of classical physics. One task was a way to produce bank notes that would be physically impossible to counterfeit. The other was a scheme for combining two classical me ssages into a single quantum transmission from which the receiver could extract either message but n ot both. Unfortunately, Wiesners paper was rejected by the journal to which he sent it, and it went unpublished until 1983. In1979, two computer scientists, Charles Bennett a researcher for IBM, and Gilles Brassard from the University of Montreal, who knew of Wiesners ideas began thinking of how to combine these ideas with public key cryptography. They soon realized that these ideas could be used as a substitute for PKC two users, who shared no secret initially, could communicate secretly, but now with absolute and provable security, barring violations of acceptedphysical laws realised that the application of quantum theory in the field of cryptography could have the potential to create a cipher giving absolute
Department of Instrumentation (CUSAT) Page 9

security for eternity. Initial work was hampered by the ubiquitous problem of key distribution; if a conventional key -exchange system was used, such as RSA, any security would be quickly lost to a brute-force attack using quantum computer. Bennett and Brassard made the breakthrough in 1984, giving the first QKD scheme known as BB84 protocol.

Fig.2.2.Quantum cryptographic apparatus constructed at IBM generates and measures flashes of polarised light across a free air optical path of 32 centimetres. On average, each flash consists of one tenth of photon.

In October 1989 at 3 oclock in the morning at IBMs Thomas J. Watson Research Centre near New York, Dr. Charles Bennett and a research student named John Smolin witnessed the first ever quantum cryptographic exchange. Using polarised light photons, computers called Alice and Bob successfully negotiated a completely secure channel of communication over a distance of 32 centimetres. Quantum cryptography had now finally moved from the theoretical to the practical arena. At about the same time, the theoretical ideas of David Deutsch of the University of Oxford led to conceive of a slightly different cryptosystem based on quantum correlations. In early 1991, utilizing ideas conceived by Massimo Palma of the University of Palermo, John Rarity and Paul Tapster of the British Defence Research Agency started experiments implementing Ekerts cryptosystem.

Department of Instrumentation (CUSAT)

Page 10

3. Classical Cryptography
Before turning to quantum cryptography, a brief review of classical cryptography, its current challenges has been presented in this section. There are two branches of modern cryptographic techniques: a) Secret Key Encryption (Symmetric Encryption) b) Public Key Encryption (Asymmetric Encryption)
3.1 Secret Key Encryption

Lets take one example of a classical encryption method, the one -time pad. Definition 3.1 A (deterministic, symmetric) cryptosystem is a five-tuple satisfying the following conditions: 1. , is a finite set of possible plain texts. 2. , is a finite set of possible cipher texts. 3. , is a finite set of possible keys. 4. For each  , there is an encryption rule   and a corresponding decryption rule  , where  and  are functions for each plain text element   . satisfying In the basic scenario in cryptography, we have two parties who wish to communicate over an insecure channel, such as a phone line or a computer network. Usually, these parties are referred to as Alice and Bob. Since the communication channel is insecure, a n eavesdropper, called Eve, may intercept the messages that are sent over this channel. By agreeing on a secret key via a secure communication method, Alice and Bob can make use of a cryptosystem to keep their information secret, even when sent over the insecure channel. This situation is illustrated in figure below.

Fig.3.1.Communication between Alice and Bob, with Eve intercepting.

Department of Instrumentation (CUSAT) Page 11

The method of encryption works as follows. For her secret message , Alice usesthe key and the encryption rule to obtain the ciphertext . She sends Bob the cipher text over the insecure channel. Knowing the key , Bob can easily decrypt the cipher text by the decryption rule   Knowing the cipher text but missing the key , there is no easy way for Eve to determinethe original message .

Fig.3.2. Principle of Symmetric (Secret Key) Encryption.

There exist many cryptosystems in modern cryptography to transmit secret messages. An early well-known system is the one-time pad, which is also known as the Vernam cipher. The one-time pad is a substitution cipher. Despite its advantageous properties, which we will discuss later on, the one-time pads drawback is the costly effort needed to transmit and store the secret keys.
3.1.1 One-Time Pad (OTP)

Assume two pads of paper containing identical random sequences of letters were somehow previously produced and securely issued to both. Alice chooses the appropriate unused page from th e pad. The way to do this is normally arranged for in advance, as for instance use the 9th sheet on 25 August, or use the next available sheet for the next message. The material on the selected sheet is the key for this message. Each letter from the pad will be combined in a predetermined way with one letter of the message. For plaintext elements in  , we use capital letters and some punctuation marks, which we encode as numbers ranging from 0 to 29, see Figure3.3.
A 00 B 01 C 02 D 03 E 04 .... .... X 23 Y 24 Z 25 ! 27 . 29

26

28

Fig.3.3. Letters and punctuation marks encoded by numbers from 0 to 29.

Department of Instrumentation (CUSAT)

Page 12

Next, we describe how Alice and Bob use the one-time pad to transmit their messages. If key material begins with  and the message is  , then the coding would be done as shown in Figure 3.4.
Plain text m m encoded Key k c encoded Cipher text c

O 14 06 20 U

N 13 13 26

E 04 02 06 G

28 01 29 .

T 19 14 03 D

I 08 05 13 N

M 12 07 19 T

E 04 18 22 W

26 05 01 B

P 15 26 11 L

A 00 13 13 N

D 03 28 01 B

Fig.3.4. Encryption example for one-time pad.

Suppose Alice and Bob share a joint secret key of length   , where each key symbol   is chosen uniformly at random. Let be a given message of length , which Alice wishes to encrypt. For each plaintext letter  , Alice adds the plaintext numbers to the key numbers. The result is taken modulo . For example, the last letter of the plaintext from Figure 3.4, , is encoded by . The corresponding key is  , so we have . Since   , our plaintext letter is encrypted as . The cipher text thus to be sent to Bob is


Decryption works similarly by subtracting, character by character, the key letters from the corresponding cipher text letters. So the encryption and decryption can be written as respectively
   

Secret-key schemes o er the advantage of encrypting messages with relatively short keys and of operating at high rates. For instance, hardware implementations of the Advanced Encryption Standard (AES) can yield encryption rates on the order of ; however, security relies not only on the existence of hardly breakable algorithms, but also on the ability of distributing secure keys e ciently between Alice and Bob.

Department of Instrumentation (CUSAT)

Page 13

3.2 Public Key Encryption

Public-key encryption schemes (also called asymmetric schemes) proposed as a solution to the key distribution problem.

were

Fig.3.5. Principle of Asymmetric (Public Key) Encryption.

In PKC, the encryption algorithm is known to everyone. It involves a public key and a private key; the public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key . In other words, the public key plays the role of an open vault that anyone can close but that cannot be opened by anybody but Bob. Evidently, this scheme is useful, provided that the knowledge of does not allow one to recover the key  . The keys are not independent in practice, but are usua lly constructed based on mathematical conjectures suggesting that recovering from cannot be done in a reasonable time.
3.2.1 RSA (Rivest-Shamir-Adleman) Algorithm

The widely used RSA algorithm is one example of PKC. Anyone wanting to receive a message publishes a key, which contains two numbers. A sender converts a message into a series of digits, and performs a simple mathematical calculation on the series using the publicly available numbers. Messages are deciphered by the recipient by performing another operation, known only to him. In principle, an eavesdropper could deduce the decryption method by factoring one of the published numbers, but this is chosen to typically exceed 100 digits and to be the product of only two large prime numbers, so that there is no known way to accomplish this factorization in a practical time. The RSA algorithm involves three steps key generation, encryption and decryption.

Department of Instrumentation (CUSAT)

Page 14

y Key generation

The keys (public and private) for the RSA algorithm are generated the following way: 1. Choose two distinct prime numbers and .For security purposes, the integers and should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test. 2. Compute  . is used as the modulus for both the public and private keys. 3. Compute  , where , is the Euler's totient function. 4. Choose an integer such that and , i.e. and are coprime. , is released as the public key exponent. having a short bit-length and small Hamming weight results in more efficient encryption most commonly  . However, small values of (such as 3) have been shown to be les s secure in some settings. 5. Determine    , i.e. d is the multiplicative inverse .This is more clearly stated as solve for given  . This is often computed using the extended Euclidean algorithm. is kept as the private key exponent. Here, of  


The public key consists of the modulus n and the public (or encryption) exponent  . The private key consists of the private (or decryption) exponent which must be kept secret.
y Encryption

Alice transmits her public key to Bob and keeps the private key secret. Bob then wishes to send message M to Alice. He first turns M into an integer m, such that by using an agreed-upon reversible protocol known as a padding scheme. He then computes the cipher text corresponding to
  .This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice.Note that at least nine values of m will yield a ciphertext equal to , but this is very unlikely to occur in practice. y Decryption

Alice can recover from by using her private key exponent via computing  .Given , she can recover the original message M by reversing the padding scheme. It can be seen through an example:
Department of Instrumentation (CUSAT) Page 15

1. Choose two distinct prime numbers, such as    . 2. Compute  , giving . 3. Compute the totient of the product as , giving . 4. Choose any number that is coprime to . Choosing a prime number for leaves us only to check that is not a divisor of  .Let e = 17. 5. Compute  , the modular multiplicative inverse of   yielding . The public key is . For a padded plaintext message , the encryption function is  . The private key is . For an encrypted cipher text , the decryption function is  . In real life situations the primes selected would be much larger .
3.3 Limitations

In secret key encryption, a k-bit secret key is shared by two users, who use it to transform plaintext inputs to crypto text for transmission and back to plaintext upon receipt. To make unauthorized decipherment more difficult, the transformation algorithm can be carefully designed to make each bit of output depend on every bit of the input. With such an arrangement, a key of 128-bits used for encoding results in a choice of about   The encrypted message should be secure; assuming that brute force and massive parallelism are employed; a billion computers doing a billion operations per second would require a trillion years to decrypt it. In practice, analysis of the encryption algorithm might make it more vulnerable, but increase in the size of the key can be used to offset this. The main practical problem with secret key encryption is exchanging a secret key. In principle any two users who wished to communicate could first meet to agree on a key in advance, but in practice this could be inconvenient. Also a large database would be needed to store the se pre-determined keys, and such storage is not secure. Other methods for establishing a key, such as the use of secure courier or private knowledge, could be impractical for routine communication between many users. But any discussion of how the key is to be chosen that takes place on a public communication channel could in principle be intercepted and used by an eavesdropper.
Department of Instrumentation (CUSAT) Page 16

One proposed method for solving this key distribution problem i s the appointment of a central key distribution server. Every potential communicating party registers with the server and establishes a secret key. The server then relays secure communications between users, butte server itself is vulnerable to attack.  In brief, Classical cryptography (used today relies on the hardness of certain mathematical problems) faces the following two problems: First, the security of many classical cryptosystems is based on the hardness of problems such as integer factoring or the discrete logarithm problem. But since these problems typically are not provably hard, the corresponding cryptosystems are potentially insecure. For example, the famous and widely used RSA public-key cryptosystem could easily be broken if large integers were easy to factor. The hardness of integer factoring, however, is not a proven fact but rather a hypothesis. Computing the RSA secret key from the corresponding public key is polynomial -time equivalent to integer factoring. Second, the theory of quantum computation has yielded new methods to tackle these mathematical problems in a much more efficient way. Although there are still numerous challenges to overcome before a working quantum computer of sufficient power can be built, in theory many classical ciphers (in particular public-key cryptosystems such as RSA) might be broken by such a powerful machine. However, while quantum computation seems to be a severe challenge to classical cryptography in a possibly not so distant future, at the same time it offers new possibilities to build encryption methods that are safe even against attacks performed by means of a quantum computer. Quantum cryptography extends the power of classical cryptography by protecting the secrecy of messages using the physical laws of quantum mechanics.

Department of Instrumentation (CUSAT)

Page 17

4. Quantum Cryptography
4.1 Qubit

Qubit or quantum bit is the fundamental unit of quantum information the quantum analogue of the classical bit. A bit has the following two values 0 or 1. There is no intermediate state between them, i.e. the value of the bit cannot be in a superposition. A quantum bit can store information in states of 0, 1, and as a combination of both states simultaneously due to quantum superposition. There exist many possibilities to physically represent a qubit in practice. Any two-level system can be used as a qubit. Multilevel systems can be used as well, if they possess two states that can be effectively decoupled from the rest (e.g., ground state and first excited state of a nonlinear oscillator). For example, the polarization of a light particle can represent the state of a qubit. Even a cat with its two basic states dead and alive, introduced by Schrdinger [1935] to visualize fundamental concepts of quantum mechanics, might serve as a representation. The cats problemor fortune from the animals point of viewwhen being used as a quantum system is its sheer size compared to that of an atom or light particle. There is no way to protect such a big quant um instance from interaction with its environment, which in turn will result in decoherence of the superposition of the cat. Some physical representation of qubit (choices of basis are conventional only) has been given below:
Physical Support Name Information Support

`0

`1

Photon Electron

Polarization encoding Electronic Spin Electron number

Polarization of Light Spin Charge

Horizontal Up No electron

Vertical Down One electron

4.2 Qubit Representation

The two states in which a qubit may be measured are known as basis states (or basis vectors). As is the tradition with any sort of quantum states   is used to represent them. This means that

Introduced in 1930 by Paul Dirac, The expressionN`] (left part N` is called bra and right part `] is called ket) is typically interpreted as the probability amplitude for the state ] to collapse into the stateN.
2

Department of Instrumentation (CUSAT)

Page 18

the two computational basis states are conventionally written as`0 and `1 (pronounced ket 0 and ket 1 ). In general, a quantum state `] is an element of a finite-dimensional complex vector space (or Hilbert space) H. The state vector `] of a quantum system describes the state at any point in time of the entire system. We denote the scalar product of two states N` and `] byN`], where ]`  `] is the conjugate transpose of`]. It is convenient to deal with normalized states, so we require ]`] = 1 for all states `]that have a physical meaning. A pure qubit state is a linear superposition of the basis states. This means that the qubit can be represented as a linear combination of `0 and `1
`] ` `

Where and are probability amplitudes and can in general both be complex numbers.This is due to the fact that the quantum mechanical equation of motion, the Schrdinger equation, is linear any linearsuperposition of its solutions (the quantum states) is also a solution. Since we require quantum states to be normalized, we find that the coefficients in (1) have to fulfil `E` `F` , where `` denotes the absolute value.
4.3 Fundamentals

Since photon polarization measurements form the foundation for the most common quantum cryptographic techniques, it is important to first understand their properties. Electromagnetic waves such as light waves can exhibit the phenomenon of polarization, in which the direction of the electric field vibrations is constant or varies in some definite way. A polarization filter is a material that allows only light of a specified polarization direction to pass. According to quantum theory, light waves are propagated as discrete particles known as photons.Photons are some pretty amazing particles. They have no mass; they're the smallest measure of light, the quantum of the electromagnetic field, carrying energy, momentum, and angular momentum. They can exist in all of their possible states at once, called the wave function. This means that whatever directions a photon can spin in  say, diagonally, vertically and horizontally  it does all at once. Light in this state is called unpolarized. If the light is randomly polarized, only half of it will pass a perfect filter. The polarization of the light is carried by the direction of the angular
Department of Instrumentation (CUSAT) Page 19

momentum or spin of the photons. A photon either will or will not pass through a polarization filter, but if it emerges it will be aligned with the filter regardless of its initial state; there are no partial photons. Information about the photon's polarization can be determined by using a photon detector to determine whether it passed through a filter.

Fig.4.1. Polarization by a filter.

Fig.4.2. Polarization of Photons.

Department of Instrumentation (CUSAT)

Page 20

The foundation of quantum cryptography lies in the Heisenberg uncertainty principle, which states that certain pairs of physical properties are related in such a way that measuring one property prevents the observer from simultaneously knowing the value of the other. But when dealing with photons for encryption, Heisenberg's principle can be used to our advantage. For instance, once the photons are polarized, they can't be accurately measured again, except by a filter like the one that initially produced their current spin. So if a photon with a vertical spin is measured through a diagonal filter, either the photon won't pass through the filter or the filter will affect the photon's behavior, causing it to take a diagonal spin. In this sense, the information on the photon's original polarization is lost, and so, too, is any information attached to the photon's spin.
4.4 Unconditional Security Criterion

An unconditional secure cryptosystem is one that does not depend for its effectiveness on unproven assumptions about computational hardness . An interesting special case is perfect security : an encryption algorithm is perfectly secure if a cipher text produced using it provides no information about the plaintext without knowledge of the key. The unconditional security criterion, w hich ensures that messages and code words are statistically independent, essentially means that the fore mentioned guessing strategy is the best st rategy that an eavesdropper can implement to retrieve messages. In particular, th ere are no correlations between messages and code words that could be exploited, and unconditionally secure schemes are immune to cryptanalysis techniques. Shannon proved that the only encryption scheme satisfying the unconditional security criterion is the so -called one-time pad. Alice and Bob are assumed to share perfectly random secret keys whose size is at least as long as the messages that they wish to exchange, and they encrypt or decrypt messages by summing key bits and message bits (modular addition). Shannons result states that it is impossible to ensure unconditional security with modern cryptographic techniques based on the repeated use of small secret keys. Since each key bit can be used only once, the result is even more disappointing as the one-time pad encryption is impractical unless there exist some e cient means for distributing secret keys between Alice and Bob.

Department of Instrumentation (CUSAT)

Page 21

4.5 Quantum-Key Distribution (QKD)

Quantum cryptography solves the problem of distributing keys. It is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key. Quantum cryptography exploits the quantum mechanic al property that a qubit cannot be copied or amplified without disturb ing its original state. This is the statement of the No-Cloning Theorem [Wootters and Zurek 1982].

Fig.4.3. There is no perfect quantum copier.

The essence of this theorem is the main ingredient of quantum key distribution, where Alice and Bob use a quantum channel to exchange a sequence of qubits, which will then be used to create a key for the one -time pad in order to communicate over an insecure channel. Any disturbance of the qubits, for example caused by Eve trying to measure the qubits state, can be detected with high probability. Quantum cryptographic devices typically employ individual photons of light and take advantage of either the Heisenberg Uncertainty principle or Quantum Entanglement.
4.5.1 Uncertainty

Unlike in classical physics, the act of mea surement is an integral part of quantum mechanics. So it is possible to encode information into quantum
Department of Instrumentation (CUSAT) Page 22

properties of a photon in such a way that any effort to monitor them disturbs them in some detectable way. The effect arises because in quantum theory, certain pairs of physical properties are complementary in the sense that measuring one property necessarily disturbs the other. This statement is known as the Heisenberg uncertainty principle. The two complementary properties that are often used in quantum cryptography, are two types of photon's polarization, e.g. rectilinear (vertical and horizontal) and diagonal (at 45 and 135).
4.5.2 Entanglement

It is a state of two or more quantum particles, e.g. photons, in which many of their physical properties are strongly correlated. The entangled particles cannot be described by specifying the states of individual particles and they may together share information in a form which cannot be accessed in any experiment performed on either of the particles alone. This happens no matter how far apart the particles may be at the time.
4.5.3 BB84 Protocol

The BB84 protocol was proposed by Charles H.Bennett and Gilles Brassard [1984]. This is the first protocol designed to employ quantum mechanics for two parties to agree on a joint secret key. In this protocol, Alice and Bob use a quantum channel to send qubits. They are also connected by a classical channel, which is insecure against an eavesdropper but unjammable. Alice and Bob use four possible quantum states in two conjugate bases (say, the rectilinear basis+ and the diagonal basis).We use and = for the classical signal 0, and we use and = for the classical signal 1. Note that the two bases are connected by the so-called Hadamard transformation

In the following way: We have, = and,

= , and vice-versa, since 

 .

Department of Instrumentation (CUSAT)

Page 23

Alices String Alices Basis Bobs Basis Bobs String Same Basis? Bits to keep Test Key

1 + + 1 Y 1 Y

1 + R N

0 + + 0 Y 0 N 0

1 + R N

0 0 Y 0 N 0

0 + + 0 Y 0 Y

1 1 Y 1 N 1

0 + R N

1 1 Y 0 N 1

1 1 Y 1 N 1

1 + + 1 Y 1 N 1

1 + + 1 Y 1 Y

0 + + 0 Y 0 Y

0 + + 0 Y 0 N 0

Table 1. The BB84 Key Distribution Protocol. Here, Y and N stands for Yes and No, respectively, and R means that Bob obtains random result.

The protocol works as follows (See Table 1 for illustration): (1) Alice randomly prepares qubits, each in one of the four states and sends them to Bob. (2) For each qubit that Bob receives, he chooses at random one of the two bases (+ or ) and measures the qubit with respect to that basis. In the case of a perfectly noiseless channel, if Bob chooses the same basis as Alice, his measurement result is the same as the classical bit that Alice prepared. If the bases differ, Bobs result is completely random. (3) Alice tells Bob via the classical channel which basis she used for each qubit. They keep the bits where Bob has used the same basis f or his measurement as Alice. This happens in about half the cases, so they will have approximately bits left. These are forming the so-called sifted key. (4) Alice and Bob choose a subset of the sifted key to estimate the error -rate. They do so by announcing publicly the bit values of the subset. If they differ in too many cases, they abort the protocol, since its security cannot be guaranteed. (5) Finally, Alice and Bob obtain a joint secret key from the remaining bits by performing error correction and privacy amplification. Eves goal is to learn at least some part of the key . Thus, an obvious strategy for her is to intercept the qubits being transmitted from Alice to Bob. She cannot simply copy the qubits, since this would contradict the No-Cloning Theorem. In order to extract some information, she is forced to measure (and thus destroy) them. But since she does not know the basis in which they were prepared (Alice announces this information only after Bob received all signals), she can only guess or just flip a coin for the selection of the measurement basis. In about half
Department of Instrumentation (CUSAT) Page 24

the cases, she will happen to choose the same basis as Alice and get completely correlated bit values. In the other half, her results will be random and uncorrelated. Bob certainly expects to receive something from Alice, so Eve needs to send some qubits to him. However, she still has no idea which basis Alice used, so she prepares each qubit in the sa me basis as she measured it (or she chooses a basis at random). These newly created qubits again match Alices bases in only half of the cases. After Bob receives Eves qubits, he measures them, and Alice and Bob apply the sifting. Because of Eves disturbance, about half of Bobs key was measured in a different basis than it was prepared by Alice. Since Bobs result is random in those cases, his sifted key will contain about 25% errors. In the error-estimation stage, if Alice and Bob obtain such a high error rate, it would be wise for them to abort the protocol. If the error rate is below an agreed threshold value, Alice and Bob can eliminate errors with (classical) error correction. A simple method for error correction works as follows: Alice chooses two bits at random and tells Bob the XOR-value of the two bits. Bob tells Alice if he has the same value. In this case, they keep the first bit and discard the second bit. If their values differ, they discard both bits. The remaining bits form the key. The last stage of the protocol is privacy amplification [Maurer 1993; Bennett et al. 1995]a procedure in which Alice and Bob eliminate (or, at least, drastically reduce)Eves knowledge about the key. They do so by choosing random pairs of bits of the sifted key and replacing them by their corresponding XOR-values. Thus, they halve the length of the key, in order to amplify their privacy. Note that Eve has less knowledge about the XOR-value, even if she knew the values of the single bits with high probability (but not with certainty).Note that these simple methods for error correction and privacy amplification do not always work. For the general case, there exist more sophisticated strategies.
4.5.4 Ekert Protocol

In 1991 Artur Ekert proposed a new QKD protocol whose security relies on the entangled pairs of photons. These can be creat ed by Alice, by Bob, or by some source separate from both of them, including eavesdropper Eve. The photons are distributed so that Alice and Bob each end up with one photon from each pair. The scheme relies on two properties of entanglement. First, the en tangled states are perfectly correlated in the sense that if Alice and Bob both measure
Department of Instrumentation (CUSAT) Page 25

whether their particles have vertical or horizontal polarizations, they will always get the same answer with 100% probability. The same is true if they both measure any other pair of complementary (orthogonal) polarizations. However, the particular results are completely random; it is impossible for Alice to predict if she (and thus Bob) will get vertical polarization or horizontal polarization. Second, any attempt at eavesdropping by Eve will destroy these correlations in a way that Alice and Bob can detect.

Department of Instrumentation (CUSAT)

Page 26

5. Quantum Bit Commitment Protocol

When talking about quantum cryptography, everyone is thinking about key distribution. There are, however, other cryptographic applications as well, such as bit commitment. A bit commitment protocol based on quantum mechanics was introduced by Brassard et al. [1993]. The unconditiona l security of the protocol (which means that the security of the protocol is independent of the computational resources, such as computing time, amount of memory used, and computer technology of the cheater) has been accepted without proof [Yao 1995]. Two years after it had been proposed, the protocol turned out to be insecure [Mayers 1995]. A commitment protocol is a procedure in which one party, say Alice, deposits a message such that no one (and in partic ular not Alice) can read it nor change it. At some point in the future, Alice can announce her message, and with high certainty it can be proven that the revealed message is the same as the one Alice had deposited originally. To illustrate this situation, suppose Bob wants to auction off a diamond ring, subject to the condition that each person wishing to participate in the auction can bid only one single amount of money. After each person has chosen a specific amount, the highest bidder gets the ring. So everyone writes their own bid on a piece of paper, puts it into a personal safe, which is then locked and given to Bob. Until all bids have been submitted to Bob, each bidder keeps the key matching the l ock of his or her safe. In this way Bob cannot see any of the bids, which in turn cannot be changed once they have been submitted, since only Bob has acc ess to the committed safes. All keys are handed over to Bob after he has received all safes from the people participating in the auction. The different offers are compared in public, so that everybody can be sure that only the highest bidder walks away with the diamond and an empty wallet. We can describe this commitment protocol mathematically as follows: The protocol has two stages, the commit phase and the unveil p hase. Alice commits herself to the data by computing   , and she sends to Bob. Alice unveils the commitment by showing Bob the preimage of . In classical cryptography, and in particular in public-key cryptography, one-way functions are used for commitment. In quantum cryptography, we want to make use of the laws of quantum mechanics to create a fair protocol for both sides. Bit commitment is a special case of a commitment protocol, where the data m consists of only one single bit.

Department of Instrumentation (CUSAT)

Page 27

It is widely believed that it is impossible to create a perfectly secure classical bit commitment protocol. Regarding the extension to the quantum world, it was shown that unconditionally secure quantum bit commitment is also impossible [Mayers 1997; Lo and Chau 1997]. However, when relaxing the security constraints, quantum bit commitment becomes possible in slightly modified frameworks. One example is Kents quantum bit commitment protocol, which is based on special relativity theory [Kent 1999]. Another example is due to Damgard et al. [2005] who proposed a quantum bit commitment protocol that is secure in the bounded storage model.
5.1 BB84 Quantum bit commitment protocol

A quantum bit commitment protocol can be created from the BB84 quantum key distribution protocol with a few minor changes in the BB84 protocol [Bennett and Brassard 1984]. Just as in the classical bit commitment protocol, the quantum protocol starts with the commit phase and ends with the unveil phase.
5.1.1 The commit procedure

(1) Alice chooses a bit    . (2) Alice creates a random binary string   with bits. (3) If Alice wants to commit to 0, she does a quantum encoding of each bit in the two basis states of the rectilinear basis +. If she wants to commit to 1, she encodes the bits in the two basis states of the diagonal basis . Let denote the basis chosen for  . (4) Alice sends the sequence of encoded quantum states to Bob. (5) Bob chooses a random measurement basis (rectilinear or diagonal) for e ach of the received quantum states, i.e., he chooses a string of random bases    . He measures the state in the basis , and denotes the outcome by  . If we take a look at the two density matrices for the states corresponding to and , respectively, it is easy to see that they are the same, and equal to the identitymatrix. Thus, Bob has no chance to get any information about the bit  .

Department of Instrumentation (CUSAT)

Page 28

5.1.2 The unveil procedure

(1) Alice publishes (i.e., the basis that she used for encoding) and the string . (2) For about half of the states, Bob used the same basis for his measurement as Alice used for encoding. In these cases Bob can verify that Alices revealed bits are matching his measurement results. How could a dishonest party cheat in this protocol? For example, Alice could choose the bit for the commit phase, so she encodes the states with the diagonal basis .Later during the unveil phase, she changes her mind and tells Bob that she committed tothe bit , so Bob assumes that Alice has used the rectilinear basis +. In approximately  cases, Bob measures the states with the rectilinear basis +, and in these cases Alicehas to guess the bits Bob measured. Since Alices success to make a right gue ss for onebit is , her overall cheating will not be detected with a probability of  . Once is chosen large enough, Alice has practically no chance to manipulate the protocol by this probabilistic method. But what if Alice uses specially entangled states? Alice could create pairs of entangled states and send one part of each pair to Bob. She doesnt have to commit to a bit in the beginning, because she can perform a measurement right before the unveil phase. If, for example, she chooses bit  , she measures the states that she has kept inthe rectilinear basis +. Bobs measurement results will be perfectly correlated, due to the shape of the entangled state. If Alice wants to choose bit instead, she measures the states that she has kept in the diagonal basis . The state is form-invariant under a basis rotation by ; Alices announced encoded states will again match Bobs measurement results. Thus, Bob has no chance to notice the attack.

Department of Instrumentation (CUSAT)

Page 29

6. Outlooks
The security of quantum key distribution relies on the inviolable laws of quantum mechanics: nonorthogonal quantum states are used as signal states in the BB84 protocol. The impossibility of perfect cloning of nonorthogonal states implies the security of this protocol. In the security proof for the BB84 protocol, we have employed an equivalent entanglement-based protocol. The main idea is that local measurements on a maximally entangled state, shared by Alice and Bob, have perfectly correlated outcomes tha t can be used as the key. A maximally entangled state is necessarily pure, and a pure state cannot be entangled with an eavesdroppers state thus Eve cannot learn anything about the key. The idea for quantum cryptography with entangled states goes back to Ekert [1991], who suggested confirming the existence of quantum correlations in the state of Alice and Bob by a Bell inequality test.
6.1 Other Quantum Key Distribution Protocols

A variety of quantum -key distribution protocols can be found in the literature. All known prepare-and-measure schemes can be seen as variations of the BB84 protocol, which are obtained by changing the number and/or dimension of the quantum states. Bennett [1992] proposed a protocol-which now is named after him the B92 protocol in which only two nonorthogonal states are used. In the so-called six-state protocol [Bru1998; Bechmann -Pasquinucci and Gisin 1999], the six eigenstates of the three Pauli operators are used. In this protocol, it is more difficult for Eve to retrieve any information, thus the security is enhanced. A recently suggested protocol [Scarani et al. 2004] introduces a new sifting method: rather than announcing the basis, Alice gives Bob a list of two nonorthogonal states from which the signal state was taken. This protocol has certain security advantages that are connected with experimental implementations of quantum cryptography.
6.2 Experimental Status

In recent years, much effort has been devoted to experiments on quantum cryptography, and much progress has been made . In most experiments,

Department of Instrumentation (CUSAT)

Page 30

polarized photons are representing the qubits: photons are polarized if their electromagnetic field oscillates in a fixed direction of space. Polarization-based encoding works be st for free-space communication systems rather than fibre-optic lines. Data are transmitted faster in free-space systems, but they cannot traverse the longer distances of fibre-optic links. In March 2004, NEC scientists in Japan sent a single photon over a 150-km fibreoptic link, breaking the transmission distance record for quantum cryptography. The most commercially viable QKD systems rely on fibre-optic links limited to 100 to 120 km. At longer distances, random noise degrades the photon stream. Quantum keys cannot travel far over fibre optic lines, and, thus, they can work only between computers directly connected to each other. As of March 2007 the longest distance over which quantum key distribution has been demonstrated using optic fibre is 148.7 km, ach ieved by Los Alamos/NIST using the BB84 protocol. Significantly, this distance is long enough for almost all the spans found in today's fibre networks. The distance record for free space QKD is 144km between two of the Canary Islands, achieved by a European collaboration using entangled photons (the Ekert scheme) in 2006, and using BB84 enhanced with decoy states in 2007. The experiments suggest transmission to satellites is possible, due to the lower atmospheric density at higher altitudes. For example although the minimum distance from the International Space Station to the ESA Space Debris Telescope is about 400 km, the atmospheric thickness is about an order of magnitude less than in the European experiment, thus yielding less attenuation compared to this experiment.
6.3 Current Challenges

Like everything in the world of information security, quantum cryptography is not panacea. The main drawbacks of quantum cryptography are due to the following two reasons:
Man in the middle attack

Quantum cryptography is vulnerable to a man -in-the-middle attack when used without authentication to the same extent as a ny classical protocol, since no principle of quantum mechanics can distinguish friend from foe. As in the classical case, Alice and Bob cannot authenticate each other and establish a secure connection without some means of verifying each other's identities (such
Department of Instrumentation (CUSAT) Page 31

as an initial shared secret). If Alice and Bob have an initial shared secret then they can use an unconditionally secure authentication scheme (such as CarterWegman) along with quantum key distribution to exponentially expand this key, using a small amount of the new key to authenticate the next session. Several methods to create this initial shared secret have been proposed, for example using a 3rd party or chaos theory.
Photon number splitting attack

In the BB84 protocol Alice sends quantum states to Bob using single photons. In practice many implementations use laser p ulses attenuated to a very low level to send the quantum states. These laser pulses contain a very small amount of photons, for example 0.2 photons per pulse, which are distributed according to a Poissons distribution. This means most pulses actually contain no photons (no pulse is sent), some pulses contain 1photon (which is desired) and a few pulses contain 2 or more photons. If the pulse contains more than one photon, then Eve can split of the extra photons and transmit the remaining single photon to Bob. This is the basis of the photon number splitting attack, where Eve stores these extra photons in a quantum memory until Bob detects the remaining single photon and Alice reveals the encoding basis. Eve can then measure her photons in the correct basis and obtain information on the key without introducing detectable errors. There are several solutions to this problem. The most obvious is to use a true single photon source instead of an attenuated laser. While such sources are still at a developmental stage QKD has been carried out successfully with them. However as current sources operate at a low efficiency and frequency key rates and transmission distances are limited. Another solution is to modify the BB84 protocol, as is done for example in the SARG04 protocol, in which the secure key rate scales as t3 / 2. The most promising solution is the decoy state idea, in which Alice randomly sends some of her laser pulses with a lower average photon number. These decoy states can be used to detect a PNS attack, as Eve has no way to tell which pulses are signal and which decoy. Using this idea the secure key rate scales as t, the same as for a single photon source. This idea has been implemented successfully in several QKD experiments, allowing for high key rates secure against all known attacks.

Department of Instrumentation (CUSAT)

Page 32

7. Conclusion and Future Scope

Quantum cryptography promises to revolutionize secure communication by providing security based on the fundamental laws of physics, instead of the current state of mathematical algorithms or computing technology. The devices for implementing such methods exist and the performance of demonstration systems is being continuously improved. Within the next few years, if not months, such systems could start encrypting some of the most valuable secrets of government and industry. Future developments will focus on faster photon det ectors, a major factor limiting the development of practical systems for widespread commercial use. Chip Elliott, BBN's principal engineer, says the company is working with the University of Rochester and NIST's Boulder Laboratories in Colorado to develop practical superconducting photon detectors based on niobium nitride, which would operate at 4 K and 10 GHz. The ultimate goal is to make QKD more reli able, integrate it with today's telecommunications infrastructure, and increas e the transmission distance and rate of key generation. Thus the Long-term goals of quantum key distribution are the realistic implementation via fibres, for example, for different buildings of a bank or company, and free space key exchange via satellites. Quantum cryptography already provides the most advanced technology of quantum information science, and is on the way to achieve the (quantum) jump from university laboratories to the real world.

Department of Instrumentation (CUSAT)

Page 33

8. References

1. Physical-layer security. Doctoral Thesis / Dissertation | Georgia Institute of Technology | GRIN 2. http://en.wikipedia.org/wiki/Quantum_cryptography 3. http://en.wikipedia.org/wiki/One-time_pad 4. http://en.wikipedia.org/wiki/RSA 5. http://en.wikipedia.org/wiki/Qubit 6. http://www.aip.org/tip/INPHFA/vol-10/iss-6/p22.html 7. http://www.perimeterinstitute.ca/personal/dgottesman/QKD .html 8. http://www.physics.umd.edu/courses/Phys402/AnlageSpring 09/TheNoCloningTheoremWoottersPhysicsTodayFeb2009p7 6.pdf 9. http://pages.cs.brandeis.edu/~pablo/qbc/node4.html
10. http://www.research.ibm.com/people/b/bennetc/bennettc198

469790513.pdf

Department of Instrumentation (CUSAT)

Page 34