Double phase encoding quantum key distribution

Abstract

A laser pulse representing a bit of a quantum key is split into two pulses. In addition to known round trip phase encoding schema, a secret phase key is modulated into one of the two pulses: P1 and P2. The secret phase key is used to identify whether the returning pulses originated from the sender, i.e., whether the key distribution has been attacked by an eavesdropper. A secret key phase modulator randomly modulates pulse P1. An attenuator then reduces the average photon number of the modulated pulse P1 to a selected level greater than one to increase the likelihood of efficient, successful transmission while reducing the possibility of eavesdropping, e.g., μ=10. Both pulses P1 and P2 are sent to the intended recipient and reflected to the sender. Pulse P2 is modulated upon return to the sender using the same secret phase key previously modulated into pulse P1. Therefore, when both pulses meet together at a coupler/beamsplitter of the sender, both pulses should contain the same secret key in their phase and therefore exhibit no resulting phase difference if the photon pulse is the same pulse originated by the sender. If the returning pulse is not the pulse originated by the sender then phase differences indicative of a so-called intercept-resend attack applied by an eavesdropper EVE are indicated by a large quantum bit error rate (“QBER”) will be detectable. If EVE applies photon-split attack, the secret phase key modulated by the sender prevents Eve from knowing the encoded key information in the photon(s). Therefore, double phase encoding QKD enables use of multi-photon pulses without unacceptable loss of security, thereby enhancing QKD bit rate.

Description

FIELD OF THE INVENTION

This invention relates generally to the field of network communications, and more particularly to cryptology.

BACKGROUND OF THE INVENTION

Public key encryption is currently a popular technique for secure network communications. Public key encryption utilizes “one-way functions” that are relatively simple for computers to calculate, but difficult to reverse calculate. In particular, a one way function f(x) is relatively easy for a computer to calculate given the variable x, but calculating x given f(x) is difficult for the computer, although not necessarily impossible. Some one way functions can be much more easily reverse calculated with the assistance of particular “trap door” information, i.e., a key. Public key cryptography utilizes such one-way functions in a two-key system in which one key is used for encryption and the other key is used for decryption. In particular, the one-way function is a “public key” which is openly advertised by Node A for the purposes of sending encrypted messages to Node A. The trap door key is a “private key” which is held in confidence by Node A for decrypting the messages sent to Node A. For two-way encrypted communications each node utilizes a different public key and a different private key. One advantage of this system is that secure key distribution is not required. However, advances in the capabilities of computers tend to erode the level of security provided by public key encryption because the difficulty of reverse calculating the one-way function decreases as computing capabilities increase.

It is generally accepted in the field of cryptology that the most secure encryption technique is the Vernam cipher, i.e., one-time pad. A Vernam cipher employs a key to encrypt a message that the intended recipient decrypts with an identical key. The encrypted message is secure provided that the key is random, at least equal to the message in length, used for only a single message, and known only to the sender and intended receiver. However, in modern communication networks the distribution of Vernam cipher keys is often impractical, e.g., because the keys can be quite long and key distribution itself is subject to eavesdropping.

One technique for secure key distribution is known as Quantum Key Distribution (“QKD”). Quantum Key Distribution transmits an individual photon for each bit of the key being distributed to an intended recipient. The photons may be polarization modulated in order to differentiate logic 1 from logic 0. Distribution of the quantum key is secure because of the laws of quantum physics. In particular, it is not possible to measure an unknown quantum state of a photon without modifying it. Hence, an eavesdropper attempting to intercept the key would introduce detectable errors into the key. Unfortunately, photon-per-bit key distribution is so inefficient with current technology as to be impractical. This is due in-part to the attenuation technique and equipment used to generate a single photon pulse. In particular, in order to avoid transmitting more than one photon the attenuator must be set such that about 91% of the attempted pulses generate zero photons.

SUMMARY OF THE INVENTION

In accordance with the invention, a method of Quantum Key Distribution to a target device, comprises the steps of: generating a pulse having multiple photons, the pulse representing at least one bit indicative of the Quantum Key; splitting the pulse into first and second sub-pulses; modulating the first sub-pulse on a first basis with a secret key; transmitting both the first and second sub-pulses to the target device; receiving the first and second sub-pulses back from the target device; modulating the second sub-pulse on the first basis with the secret key; and comparing the first and second sub-pulses to detect modulation mismatch of the first basis.

A network architecture operable to distribute a Quantum Key in accordance with the invention comprises: a first device including: a laser operable to generate a pulse having multiple photons, the pulse representing at least one bit indicative of the Quantum Key; a coupler operable to split the pulse into first and second sub-pulses; a first modulator operable to modulate the first sub-pulse on a first basis with a secret key; a port operable to transmit both the first and second sub-pulses to the target device; a port operable to receive the first and second sub-pulses back from a target device; logic operable to prompt modulation of the second sub-pulse on the first basis with the secret key; and logic operable to compare the first and second sub-pulses to detect modulation mismatch of the first basis.

A general advantage of the invention is more efficient and practical key distribution. Efficiency is enhanced because multiple photons can be used to represent each bit of the key. Using multiple photons enable use of attenuator setting that are less likely to result in zero photons (complete attenuation). Security is maintained using multiple pulses per bit because attempted eavesdropping can be detected from phase mismatches in the key pulses returned to the sender. Another advantage of the invention is that the need for active polarization compensation is obviated. In particular, since the initial pulse is split into two pulses which traverse the same round-trip path there is no need for polarization compensation. Further, the same laser can be employed for both synchronization and key distribution. Other advantages will be apparent in view of the following detailed description.

BRIEF DESCRIPTION OF THE FIGURES

FIGS. 1 and 2 are block diagrams illustrating distribution of a quantum key from node Bob to node Alice, wherein FIG. 1 shows processing of pulse P1 and FIG. 2 shows processing of pulse P2.

DETAILED DESCRIPTION

FIGS. 1 and 2 illustrate a node Alice (100) and a node Bob (102) of a communications network. Alice and Bob employ double phase encoding quantum key distribution (“QKD”). Alice, the sender of the quantum key, includes a phase modulator PMa (104) and a Faraday Mirror (106). Bob, the recipient of the quantum key, includes an attenuator (108), phase modulator PMb (110), phase modulator PMs (112), Polarization Beam Splitter (“PBS”) (114), a coupler (116), a laser diode (118), and photon detectors D0, D1 (120, 122).

A series of short laser pulses is employed for quantum key distribution between Bob and Alice. The short laser pulses are generated by the laser diode (118). Considering now the case of a single pulse from the laser diode, coupler C1 (116) splits the pulse into two pulses: P1 and P2. Pulse P1 is transmitted via the long loop and P2 is transmitted via the short loop.

Referring now to only FIG. 1, the phase modulator PMs (112) modulates a randomly-selected secret phase key Φs into the pulse P1 once it passes it. The secret phase key Φs is unknown to Alice and is used only by Bob. Although the secret phase is randomly generated, it should differ from any phase sequence modulated by phase modulators PMa and PMb, e.g., shift from the bases B1(0, π) and B2(π/2, 3 π/2). Phase modulator PMb (110) is inactive at this time. The horizontal polarization of pulse P1 is reflected by PBS (114) to the attenuator (108). The attenuator reduces the average photon number in pulse P1 to a selected level which is greater than one, so as to increase the likelihood of efficient, successful transmission, but not so large as to enable easy eavesdropping, e.g., μ=10. After suitable attenuation the pulse P1 is fed to an optical fiber (Q-channel).).

Alice is operable to receive pulse P1 from the optical fiber and enable phase modulator PMa (104) to modulate a phase shift ø1, selected randomly from bases B1 and B2 based on Alice's key bit. Faraday Mirror (“FM”) (106) then reflects P1 back and flips its polarization, i.e., a change of π/2. The resulting pulse P1 is then transmitted back to node Bob (102).

Node Bob (102) is operable to receive pulse P1 from node Alice (100). The PBS (114) is operable to transmit the returning pulse P1 to the short loop due to the polarization flip by FM (106) and subsequently to the coupler (116) where a combination is made with returning pulse P2.

Referring now to FIG. 2, after being generated at the coupler (116), pulse P2 takes the short loop at node Bob. The PBS (114) transmits the vertical polarization of P2. Pulse P2 is then subjected to the same attenuation as pulse P1 by the attenuator (108), e.g., μ=10. The pulse P2 travels over the optical fiber as was described above with regard to pulse P1. Alice is operable to receive pulse P2 from the optical fiber. Following receipt of pulse P2 Alice is operable to flip the polarization of pulse P2 at Faraday Mirror FM (106), i.e., a change of μ/2, and reflect the pulse P2 back onto the optical fiber. Phase modulator PMa (104) is inactive at this time. Bob is operable to receive the returning pulse P2 from Alice. The pulse P2 is reflected to the long loop at the PBS due it polarization flip at FM (106). On the long loop, phase modulator PMb (110) modulates a phase shift of ø2 onto pulse P2, by randomly selecting a basis from B1 (phase 0) and B2 (phase π/2). Phase modulator PMs then modulates pulse P2 with secret phase key Φs.

Referring again to both FIGS. 1 and 2, both pulses P1 and P2 arrive at the coupler of Bob at the same time because both pulses have traversed the same overall round-trip path, albeit with the loops in different order. Further, both pulses should contain the same secret phase key Φs. The phases of the returned pulses P1 and P2 at Bob's coupler are as follows:

pulse P1: ø1+Φs=Φ1

pulse P2: ø2+Φs=Φ2

Phase differences at Bob's coupler are then detected as follows: ΔΦ=Φ1−Φ2=ø1−ø2

ΔΦ=0: constructive interference→detector 0

ΔΦ=π: destructive interference→detector 1

ΔΦ: [0,π]→randomly detected.

After measuring the photon pulses, Bob publicly tells Alice his measurement types. Alice then tells Bob which are correct. If correct measurements are recorded in one detector, so-called one-click, there is no “intercept-resend” attack. Bob will continue BB84's error correction and privacy amplification and find the final shared secret key.

A photon-split attack is the most dangerous attack against a multi-photon quantum key distribution because each individual photon in a pulse has 100% of the information of the encoded key bit value. The current technique uses a secret phase key Φs modulated into pulse P1 on the way out and into pulse P2 after returning back. Because of its randomization of Φs, the attacker EVE can not correctly guess the secret phase key applied by Bob. Suppose that Eve uses a “photon-split” attack technique, i.e., Eve splits a single photon portion p1 from P1 and p2 from P2. Eve needs to combine p1 and p2 together to create an original photon which carries quantum key information. Also suppose that Eve learns the measurement information from the public communication between Bob and Alice and successfully guesses phase shifts ø1 and ø2. The difference of p1 and p2 will be ø1−ø2+φs. From here, we know that even if EVE knows ø1 and ø2, Eve still can not get a definitely constructive or destructive interference from p1 and p2 due to the unknown secret phase key φs. Therefore, the invention is an absolutely secure key distribution technique, even for multi-photon pulses.

While the invention is described through the above exemplary embodiments, it will be understood by those of ordinary skill in the art that modification to and variation of the illustrated embodiments may be made without departing from the inventive concepts herein disclosed. Moreover, while the preferred embodiments are described in connection with various illustrative structures, one skilled in the art will recognize that the system may be embodied using a variety of specific structures. Accordingly, the invention should not be viewed as limited except by the scope and spirit of the appended claims.

Claims

1. A method of Quantum Key Distribution between a first node and a second node, comprising the steps of: by the first node: generating a pulse having multiple photons, splitting the pulse into first and second sub-pulses; modulating the phase of the first sub-pulse with a secret key; transmitting both the first and second sub-pulses to the second node; by the second node: receiving the first and second sub-pulses from the first node; modifying at least one of the first and second sub-pulses; transmitting both the first and second sub-pulses back to the first node; by the first node: receiving the first and second sub-pulses from the second node; modulating the phase of the second sub-pulse with the secret key; and comparing the first and second sub-pulses to detect phase modulation mismatch.

2. The method of claim 1 wherein the modifying step includes the further step of the second node modulating a phase shift of the first sub-pulse selected randomly from bases B1 and B2 based on the second node's key bit.

3. The method of claim 2 wherein the modifying step includes the further step of the second node flipping the polarization of the first sub-pulse.

4. The method of claim 1 wherein the modifying step includes the further step of the second node flipping the polarization of the second sub-pulse.

5. The method of claim 1 including the further step of generating the secret key such that the secret key is random and equal to the Quantum Key in length.

6. The method of claim 1 including the further step of, prior to step of transmitting both the first and second sub-pulses to the second node, attenuating the first and second sub-pulses to reduce the number of photons to a selected number greater than one.

7. The method of claim 1 including the further step of the first node modulating a phase shift of the second sub-pulse selected randomly from bases B1 and B2 based on the first node's key bit.

8. The method of claim 1 including the further step of correlating Quantum Key bits of the first and second sub-pulses to facilitate quantum key distribution.

9. A network architecture operable to distribute a Quantum Key, comprising: a first device including: a laser operable to generate a pulse; a coupler operable to split the pulse into first and second sub-pulses, the first sub-pulse being sent to a long loop and the second sub-pulse being sent to a short loop; a first modulator in the long loop operable to modulate the phase of the first sub-pulse with a secret key; a port operable to transmit both the first and second sub-pulses to a second device, the second device being operable to modify at least one of the first and second sub-pulses; a port operable to receive the first and second sub-pulses back from the second device; a polarization beam splitter operable to send the first sub pulse to the short loop and to send the second sub-pulse to the long loop, where the phase of the second sub-pulse is modulated with the secret key, the first and second sub-pulses then being combined by the coupler; and detectors operable to detect phase modulation mismatch of the first and second sub-pulses.

10. The network architecture of claim 9 wherein the second device includes a phase modulator operable to modulate a phase shift of the first sub-pulse selected randomly from bases B1 and B2 based on a key bit.

11. The network architecture of claim 10 wherein the second device further includes a Faraday mirror operable to flip the polarization of the first sub-pulse.

12. The network architecture of claim 9 wherein the second device further includes a Faraday mirror operable to flip the polarization of the second sub-pulse.

13. The network architecture of claim 9 further including logic operable to generate the secret key such that the secret key is random and equal to the Quantum Key in length.

14. The network architecture of claim 9 further including an attenuator operable to attenuate the first and second sub-pulses to reduce the number of photons to a selected number greater than one.

15. The network architecture of claim 9 including logic operable to correlate Quantum Key bits of the first and second sub-pulses to facilitate quantum key distribution.

16. The network architecture of claim 9 further including a phase modulator operable to modulate a phase shift of the second sub-pulse selected randomly from bases B1 and B2 based on Bob's key bit.