IMPROVEMENTS TO QKD METHODS

Abstract

There is herein disclosed a method of performing Quantum Key Distribution for generating a shared secret key, the method including, at a first node, preparing or measuring a plurality of non-orthogonal quantum states, each of the plurality of non-orthogonal quantum states being prepared or measured using a respective one of a first set of basis states, and, at a second node, preparing or measuring the plurality of non-orthogonal quantum states each, of the plurality of non-orthogonal quantum states being prepared or measured using a respective one of a second set of basis states, and, at a third node, obtaining an indication of the first set of basis states from the first node and performing a key agreement stage with a fourth node to agree the shared secret key, the key agreement stage involving the first and second sets of basis states.

Claims

1. A method of performing Quantum Key Distribution for generating a shared secret key, the method comprising at a first node, preparing or measuring a plurality of non-orthogonal quantum states, each of the plurality of non-orthogonal quantum states being prepared or measured using a respective one of a first set of basis states; at a second node, preparing or measuring the plurality of non-orthogonal quantum states, each of the plurality of non-orthogonal quantum states being prepared or measured using a respective one of a second set of basis states; and at a third node, obtaining an indication of the first set of basis states from the first node and performing a key agreement stage with a fourth node to agree upon the shared secret key, the key agreement stage involving the first set of basis states and the second set of basis states.

2. The method according to claim 1, wherein the fourth node is different from the second node.

3. The method according to claim 1, further comprising, at the third node, obtaining the first set of basis states from the first node via an optical link.

4. The method according to claim 1, further comprising transmitting, from the first node to the third node, an indication of bit values encoded onto the plurality of non-orthogonal quantum states.

5. The method according to claim 1, further comprising transmitting, from the first node to the third node, an indication of a time of transmission of the plurality of non-orthogonal quantum states from the first node.

6. The method according to claim 4, wherein the transmissions between the first node and the third node are encrypted.

7. The method according to claim 6, wherein the encryption is symmetric key encryption.

8. The method according to claim 1, further comprising performing an authentication check between the third node and the fourth node.

9. The method according to claim 1, wherein the third node and the fourth node perform encrypted communication with each other using the shared quantum key.

10. The method according to claim 1, further comprising transmitting, from the second node to the fourth node, an indication of which of the second set of basis states were used to measure the plurality of non-orthogonal quantum states.

11. The method according to claim 11, wherein the transmitting takes place over an optical fiber.

12. The method according to claim 10, further comprising encrypting the indication of which of the second set of basis states were used to measure the plurality of non-orthogonal quantum states.

13. The method according to claim 1, further comprising transmitting, from the second node to the fourth node, an indication of the measured bit values of the plurality of non-orthogonal quantum states.

14. The method according to claim 1, wherein the fourth node is the same as the second node.

15. An arrangement for performing Quantum Key Distribution (QKD) in order to generate a shared secret key, the arrangement comprising: a first node and a second node, the first node being adapted to prepare or measure a plurality of non-orthogonal quantum states using a respective one of a first set of basis states, the second node being adapted to prepare or measure a plurality of non-orthogonal quantum states using a respective one of a second set of basis states, the arrangement further comprising a third node and a fourth node, the third node being adapted to obtain an indication of the first set of basis states from the first node, and to perform a key agreement stage with the fourth node to agree the shared secret key, the key agreement stage involving the first set of basis states and the second set of basis states.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0027] The disclosure will now be described in detail, for illustration purposes only, and with reference to the appended drawings, in which:

[0028] FIG. 1 is a schematic view of a known QKD arrangement.

[0029] FIG. 2 is a schematic view of a further known QKD arrangement.

[0030] FIG. 3 is a schematic view of a first embodiment in accordance with the disclosure.

[0031] FIG. 4 is a schematic view of a second embodiment in accordance with the disclosure.

DETAILED DESCRIPTION

[0032] FIG. 1 shows a known QKD arrangement 1 operating on the BB84 protocol. It comprises a transmitter 2 (referred to as Alice) and a receiver 3 (referred to as Bob). Alice 2 is connected to Bob 3 by a quantum communication channel 4 and also by a classical (i.e. non-quantum) communication channel 5. The quantum channel 4 is an optical fiber and the classical channel 5 is also an optical fiber.

[0033] The process of QKD involves two stages: the quantum transmission stage and the key agreement stage. The quantum transmission stage involves, at Alice 2, encoding a randomly-chosen bit value (1 or 0) onto an optical pulse, then preparing the pulse in one of two basis states (again, randomly chosen), and then transmitting the pulse to Bob 3 via the quantum channel 4. Alice uses a random number (RNG) generator (not shown) to obtain the random 1 or 0 value and uses a different RNG to obtain the random basis state. In the example of QKD described here, preparing the pulse in a basis state means preparing the pulse in a particular polarization. In the first basis state the direction of polarization is rectilinear. In the second basis state the direction of polarization is diagonal, i.e. at 45° to the rectilinear direction.

[0034] Bob receives the pulse transmitted by Alice. Bob measures the pulse by randomly choosing one of the two basis states, and measuring the received pulse in that basis state and measuring the bit value. If the basis state Bob has chosen happens to be the same as the basis state Alice used, the bit value Bob measures will be the same as the bit value Alice used. If Bob's basis state is not the same as Alice's, the bit value Bob measures will be a random value. This process is repeated on each of a string of pulses. For each pulse, Alice records the time of transmission, the bit value that Alice encodes onto the pulse and the basis state Alice uses. Bob records the time of receipt of the pulse, the basis state that Bob uses and the bit value that Bob measures.

[0035] Next comes the key agreement stage. Bob sends Alice a list containing, for each pulse in the string received by Bob: (i) the time Bob received the pulse and (ii) the basis state that Bob measured the pulse in. Alice then replies to Bob, indicating which of the pulses Bob measured using the same basis state that Alice used. Each of Alice and Bob then discard their bit values which correspond to pulses for which Alice and Bob used different basis states. This leaves Alice and Bob with the same list of bit values (i.e. 1's and 0's). This list is a quantum key which Alice and Bob can use to encrypt messages for sending between them via a classical channel.

[0036] As noted above, a problem is that the pulses do not propagate over large distances in optical fiber. This means that it is not possible to establish a quantum key between remote nodes. A prior art system for addressing this is shown at FIG. 2. FIG. 2 shows an Alice 12, which I will refer to as first Alice 12, a Bob 23 which I will refer to as second Bob 23 and a trusted node 20. Trusted node 20 contains a Bob (first Bob 13) which is connected to first Alice 12 by both quantum and classical channels. Trusted node 20 also contains an Alice (second Alice 22) which is connected to second Bob 23 by both quantum and classical channels. First Alice 12 and second Bob 23 are connected by a classical channel 21. In use, first Alice 12 establishes a quantum key with first Bob 13 in the manner described above. First Alice and first Bob are then able to send data between each other securely over the classical channel linking them by encrypting that data using their shared quantum key. Furthermore, second Alice 22 establishes a quantum key with second Bob 13 in the manner described above. Second Alice and second Bob are also then able to send data between each other securely over the classical channel linking them by encrypting that data using their shared quantum key. First Bob 13 and second Alice 22 then each give their respective quantum key to trusted node 20, which combines the two quantum keys into a third key by performing a simple XOR operation. First Bob 13 and second Alice 22 then encrypt the third key using their respective quantum keys and send them to first Alice 12 and second Bob 23 respectively. First Alice 12 and second Bob 23 can then communicate data securely over the classical channel linking them by encrypting the data using the third key.

[0037] The present disclosure addresses the problem in a different way—see FIG. 3. In the present disclosure, there is a conventional QKD transmitter which will be referred to as Original Alice 32. Original Alice 32 corresponds to the first node defined above. Furthermore there is a conventional QKD receiver which will be referred to as Original Bob 33. Original Bob 33 corresponds to the second node defined above. Original Alice 32 and Original Bob 33 are linked by a quantum channel 34. The distance between Original Alice 32 and Original Bob 33 is approximately 1 km.

[0038] Original Alice 32 and Original Bob 33 perform the quantum transmission stage of a conventional QKD process. In other words, for each of a string of pulses, Original Alice 32 encodes a random value in a random basis state and transmits the pulse to Original Bob 33. Alice records the value, basis state and transmission time. Original Bob 33 the measures the incoming pulse in its own randomly chosen basis state. Original Bob 33 records the basis state it used, the measured value and the receipt time.

[0039] Original Alice has established a secure link to a remote node 38 via a classical channel 36. The remote node 38 will be referred to as Virtual Alice 38. This link is secured using public key cryptography. Once the quantum transmission stage has finished, Original Alice 32 encrypts its data (i.e. the encoded value, basis state used and transmission time for each pulse) using the symmetric encryption algorithm AES512. Original Alice 32 then sends this encrypted data to Virtual Alice 38 via a classical channel 36. Virtual Alice 38 corresponds to the third node defined above. Virtual Alice 38 receives and decrypts the data. The classical channel 36 is an optical fiber. The distance between Original Alice 32 and Virtual Alice 38 is approximately 50 km.

[0040] Furthermore, Original Bob 33 encrypts its own data (i.e. the measured bit value, basis state used and receipt time for each pulse) using the symmetric encryption algorithm AES512 and sends it to a remote node 39 via a classical channel 37. The remote node 39 will be referred to as Virtual Bob 39. Virtual Bob 39 corresponds to the fourth node defined above. Virtual Bob 39 receives and decrypts the data. The classical channel 37 is an optical fiber. The distance between Original Bob 33 and Virtual Bob 39 is approximately 50 km. The distance between Virtual Alice 38 and Virtual Bob 39 is approximately 50 km.

[0041] Please note that the distances mentioned in the preceding two paragraphs are for illustration only and could be much larger, e.g. thousands of kilometers.

[0042] Virtual Alice 38 then performs the key agreement stage with Virtual Bob 39. This key agreement stage follows the conventional QKD key agreement process described above. In particular, Virtual Bob 39 sends Virtual Alice 38 a list containing, for each pulse in the string: (i) the basis state that Original Bob 33 used; and (ii) the time that Original Bob 33 received the pulse. Virtual Alice 38 then replies to Virtual Bob 39, indicating which of the pulses Original Bob 33 measured using the same basis state that Original Alice 32 used. These transmissions between Virtual Alice 38 and Virtual Bob 39 are encrypted using a secret key shared by Virtual Alice 38 and Virtual Bob 39. Each of Virtual Alice 38 and Virtual Bob 39 then discard their bit values which correspond to pulses for which Original Alice 32 and Original Bob 33 used different basis states. This leaves Virtual Alice 38 and Virtual Bob 39 with the same list of bit values. This list is a quantum key which Virtual Alice 38 and Virtual Bob 39 can use to encrypt data for sending between them via the classical channel 35.

[0043] If the link 39 between Original Alice 32 and Virtual Alice 38 were hacked, this alone would not give the hacker the quantum key that Virtual Alice 38 and Virtual Bob 39 have established. The hacker would obtain, for each pulse, the value Original Alice 32 encoded, the basis state Original Alice 32 applied and the time of transmission by Original Alice 32. However, to obtain the quantum key, the hacker would also need the basis states original Bob 33 used when receiving the pulses. To obtain that data, the hacker would additionally have to hack the link 37 between original Bob 33 and Virtual Bob 39. Obtaining the quantum key would therefore involve cracking two totally separate AES encryptions.

[0044] A further embodiment of the disclosure is depicted in FIG. 4. FIG. 4 shows a satellite 42 which is capable of sending a signal to a base station 43. The base station 43 is connected by a classical channel 47 (which is an optical fiber) to the premises 49 of a customer who will be a party to the secure communication. The satellite 42 acts as the Alice in QKD and the base station 43 acts as Bob. The satellite 42 performs the quantum transmission stage of QKD with the base station 43. In other words, for each of a string of pulses, satellite 42 prepares a random bit value in a random basis state and transmits the pulse to base station 43. Satellite 42 records the bit value, basis state and transmission time. Base station 43 measures each incoming pulse in a randomly chosen basis state. Base station 43 records the basis state it used, the measured bit value and the receipt time.

[0045] Once the quantum transmission stage has finished, base station 43 encrypts the encoded bit value it measured, the basis state it used and receipt time for each pulse, using the symmetric encryption algorithm AES512. Base station 43 then sends this encrypted data to the customer 49 via a classical channel 47. The customer 49 then decrypts the data.

[0046] The satellite 42 encrypts the encoded bit value it measured, the basis state it used and receipt time for each pulse, using the symmetric encryption algorithm AES512. The satellite 42 then continues moving on its path around the globe and establishes a new quantum key with a second base station 50 by conventional QKD. The satellite 42 then encrypts the encrypted data with the quantum key and transmits it to the second base station 50. The second base station 50 decrypts the data, re-encrypts it with a key it shares with a second customer 52 and sends the re-encrypted data to the second customer 52 via link 51. The first customer 49 (Virtual Bob) and the second customer 52 (Virtual Alice) are therefore each on possession of the necessary data for performing the key agreement stage with each other. This is what they then do. In particular, customer 49 sends its record of encoded bit values and receipt times to customer 52 over a public key encrypted classical link (not shown). Customer 52 then sends customer 49 an indication of which pulses share common basis states. Both customers then discard the bit values corresponding to pulses for which different basis states were used, leaving the two customers with the same list of bit values (i.e. a shared secret quantum key). The two customer can then use this key to perform QKD encrypted communication with each other over the classical channel.