Home/Concepts/Quantum Computing/Quantum Cryptography

Quantum Cryptography

Secure communication with quantum key distribution

⏱️ 23 min⚑ 11 interactions

1. The Ultimate Encryption

Classical encryption can be broken with enough computing power. Quantum cryptography is different - it's protected by the laws of physics themselves. Any attempt to intercept the message is instantly detectable.

πŸ” Core Concept

Quantum cryptography uses quantum mechanics to create unbreakable encryption keys. The no-cloning theorem ensures that eavesdroppers can't copy quantum states, and measurement disturbance means any interception is immediately detected.

⚠️ The Quantum Threat to Classical Cryptography

How Modern Encryption Works (And Why It's Vulnerable)

πŸ”‘ Classical Public-Key Cryptography (RSA, ECC)

Security based on computational hardness: factoring large numbers (RSA) or solving discrete logarithm (ECC) is practically impossible for classical computers.

Example: RSA-2048
Public key: Product of two 1024-bit primes
Classical attack: ~300 trillion years with best algorithms
Assumed safe? Yes... until quantum computers ❌

The problem: Security depends on belief that no fast algorithm exists. Shor's algorithm (1994) proved a quantum computer can factor in polynomial time β†’ RSA broken!

πŸ” Symmetric Encryption (AES)

Security based on key secrecy: AES-256 has 2256 possible keys. Brute force search is infeasible.

Classical attack:
AES-256: 2256 keys to try
Classical brute force: Billions of years
Status: Still secure βœ“

Quantum threat: Grover's algorithm reduces search to 2128 operations for AES-256. Still hard but weakened β†’ need AES-512 for quantum era!

❌ The Key Distribution Problem

Symmetric crypto (AES) is secure, but how do Alice and Bob agree on the key? Without quantum-vulnerable public-key crypto (RSA), they need a secure channel to share the key. Catch-22!

β€’ Meet in person? ❌ Not scalable
β€’ Use RSA? ❌ Quantum computers will break it
β€’ Trusted courier? ❌ Can be intercepted or compromised
Conclusion: Classical crypto has no solution for quantum-safe key distribution!

Quantum Solution: Information-Theoretic Security

Quantum Key Distribution (QKD) achieves information-theoretic securityβ€”security proven by laws of physics, not computational assumptions.

βœ… Three Quantum Principles Enable QKD
1. No-Cloning Theorem
Statement: You cannot create an identical copy of an unknown quantum state.
Consequence: Eavesdropper (Eve) can't intercept photon, copy it, and forward original to Bob. She must measure (destroying state) and resendβ€”this introduces errors Alice and Bob can detect!
2. Measurement Disturbance
Statement: Measuring a quantum system in the wrong basis randomizes the outcome and alters the state.
Consequence: Eve doesn't know which basis Alice used. If she guesses wrong (50% chance), her measurement introduces errors β†’ detection guaranteed!
3. Quantum Uncertainty
Statement: Complementary properties (like H/V vs D+/D- polarization) cannot be simultaneously measured with certainty.
Consequence: Even if Eve uses perfect equipment, quantum mechanics prohibits her from extracting full information without disturbing the state!
🎯 What QKD Provides
βœ“ Secure key distribution: Alice and Bob get identical random key
βœ“ Eavesdropping detection: Any interception causes detectable errors
βœ“ Forward secrecy: Past keys remain secure even if future quantum computers break other methods
βœ“ Unconditional security: Protected by physics, not computational assumptions

The key insight: QKD doesn't encrypt data directly. It securely distributes a random key that Alice and Bob then use with AES or one-time pad. The quantum magic is in key distribution, not encryption!

🚨
The Post-Quantum Race

"Harvest now, decrypt later" attacks are already happening. Adversaries record encrypted traffic today, knowing that future quantum computers will decrypt it. Organizations handling sensitive long-term secrets (medical records, state secrets, financial data) need quantum-safe solutions now. QKD provides immediate protection: keys generated today are secure against any future technology because security comes from physics, not math. While post-quantum classical algorithms (lattice-based, hash-based) are being standardized, they still rely on assumptions about computational hardness. QKD eliminates assumptions entirelyβ€”it's the only provably secure solution for the quantum era. The race isn't just about when quantum computers arriveβ€”it's about protecting data that must stay secret for decades.

πŸ“‘ Interactive: Photon Polarization States

2. BB84 Quantum Key Distribution

🎯 Interactive: Choose Protocol

πŸ’‘ Currently selected: BB84 is the most widely used QKD protocol, proven secure against any attack allowed by quantum mechanics.

πŸ“‘ BB84 Protocol: How Quantum Key Distribution Works

The Complete BB84 Procedure (Step-by-Step)

BB84 (Bennett & Brassard, 1984) is the first and most famous quantum key distribution protocol. Here's how Alice and Bob create a shared secret key:

Step 1: Alice Prepares Random Qubits

Alice generates two random bit strings: one for data, one for bases.

Example (16 bits):
Random bits: 0 1 1 0 1 0 0 1 1 1 0 0 1 0 1 1
Random bases: + Γ— + + Γ— + Γ— Γ— + Γ— + Γ— + + Γ— +
(+ = Rectilinear: ↔️↕️, Γ— = Diagonal: ↗️↖️)
Encoding rules:
Rectilinear (+): 0 β†’ ↔️ (H), 1 β†’ ↕️ (V)
Diagonal (Γ—): 0 β†’ ↗️ (D+), 1 β†’ ↖️ (D-)

Result: Alice sends polarized photons over quantum channel (fiber optic or free space). Each photon encodes 1 bit in a random basis.

Step 2: Bob Measures in Random Bases

Bob doesn't know which basis Alice used! He randomly chooses his own measurement basis for each photon.

Bob's random bases:
Alice sent: + Γ— + + Γ— + Γ— Γ— + Γ— + Γ— + + Γ— +
Bob measures: + + Γ— + + Γ— Γ— + + Γ— Γ— Γ— + Γ— Γ— +
Match? βœ“ βœ— βœ— βœ“ βœ— βœ— βœ“ βœ— βœ“ βœ“ βœ— βœ“ βœ“ βœ— βœ“ βœ“

Key insight: When bases match (βœ“), Bob gets Alice's bit correctly. When bases differ (βœ—), Bob gets random 50/50 resultβ€”useless!

Step 3: Basis Reconciliation (Public Channel)

Alice and Bob publicly announce which bases they used (but NOT the bit values!). They keep only photons where bases matched.

Public conversation:
Alice: "I used bases: + Γ— + + Γ— + Γ— Γ— + Γ— + Γ— + + Γ— +"
Bob: "I used bases: + + Γ— + + Γ— Γ— + + Γ— Γ— Γ— + Γ— Γ— +"
Match indices: 1, 4, 7, 9, 10, 12, 13, 15, 16 (9 bits kept)
Sifted key (bases matched):
Alice's bits: 0 0 0 1 1 0 1 1 1 (9 bits)
Bob's bits: 0 0 0 1 1 0 1 1 1 (should match!)

Efficiency: ~50% of photons survive (when bases match randomly). This is the "sifted key" but not yet secureβ€”Eve might have interfered!

Step 4: Error Checking (Detect Eavesdropping)

Alice and Bob sacrifice some bits to test for eavesdropping. They publicly compare a random subset of their sifted key.

Test sample (e.g., bits 2, 5, 8):
Alice: 0, 1, 1
Bob: 0, 1, 1
Result: All match! QBER = 0% β†’ Likely secure βœ“

Decision rules:

β€’ QBER < 11%: Channel secure, continue βœ“
β€’ QBER > 11%: Eavesdropper likely, abort! ❌
β€’ QBER = 25%: Maximum for intercept-resend attack (Eve guessing randomly)
Step 5: Error Correction & Privacy Amplification

Even without Eve, photon loss and detector noise cause small error rates. Alice and Bob use classical error correction to fix these, then apply privacy amplification to remove any information Eve might have gained.

Final processing:
1. Error correction: Fix random bit flips (parity checks)
2. Privacy amplification: Hash key to shorter length
Output: Provably secure shared key!

Final key rate: Starting with N photons β†’ ~N/2 sifted β†’ ~N/4 after error correction and privacy amplification. This is the secure key!

Why BB84 Is Unconditionally Secure

BB84's security doesn't depend on computational hardness or assumptions. It's guaranteed by quantum mechanics:

1. No-cloning theorem: Eve cannot copy photons without disturbing them. Any measurement affects the state.
2. Basis randomness: Eve doesn't know Alice's basis. Wrong basis β†’ 50% error rate β†’ 25% QBER β†’ detected!
3. Public basis announcement: After measurement, revealing bases is safeβ€”Eve already committed to her measurement results.
4. Error detection: Any interference β†’ errors β†’ detected via QBER check β†’ abort if compromised.

Mathematical proof: Security proven against ANY attack allowed by quantum mechanics (Shor-Preskill 2000, Mayers 2001). Even an adversary with unlimited computing power and access to all future quantum technologies cannot break BB84 without being detected!

🎯
BB84 In Practice

Modern BB84 implementations use single-photon sources (laser attenuated to ~0.1 photons/pulse) and single-photon detectors (avalanche photodiodes or superconducting nanowires). Key rates: ~1 Mbps at 10 km, ~1 Kbps at 100 km in fiber. The protocol has been proven secure in thousands of deployments worldwide, from Swiss banking networks (2007) to Chinese quantum satellites (2016). BB84 isn't just theoreticalβ€”it's the foundation of the emerging quantum internet, providing the only form of communication that's secure against both current and future threats. The protocol's simplicity (just 4 polarization states, random bases, public comparison) belies its profound implications: information-theoretic security is achievable in the real world!

πŸ‘©β€πŸ”¬ Interactive: Alice Prepares Photons

Alice's Settings:
Bob's Settings:
βœ…
Bases Match!

πŸ“Š Interactive: Key Generation Progress

Photons Sent
0
Matching Bases
0
~0%
Key Length
0
bits
QBER
0%
error rate
πŸ’‘ BB84 Efficiency: Only ~50% of photons contribute to the final key (when bases match). The rest are discarded during basis reconciliation.

3. Detecting Eve (The Eavesdropper)

πŸ•΅οΈ The Mathematics of Eavesdropping Detection

Eve's Dilemma: The Intercept-Resend Attack

The most straightforward attack: Eve intercepts each photon, measures it, then sends a new photon to Bob based on her measurement. Why does this fail?

❌ The Attack Sequence (Doomed to Fail)
Scenario: Alice sends |H⟩ (horizontal, encoding bit 0 in + basis)
Alice: Sends |H⟩ ↔️ (0 in + basis)
↓ Photon travels through quantum channel
Eve: Intercepts! But doesn't know Alice used + basis
Eve: Randomly chooses Γ— basis to measure
Eve: Measures in Γ— basis β†’ Gets random result (50% D+, 50% D-)
Eve: Assumes she got it right, sends what she measured
↓ Eve's resent photon (in Γ— basis)
Bob: Randomly chooses + basis (same as Alice!)
Bob: Measures photon sent by Eve in + basis
Bob: Gets random result (50% H, 50% V) β†’ Wrong 50% of time!

The error cascade: Eve measures in wrong basis (50% chance) β†’ photon state randomized β†’ Bob gets wrong result (50% of that 50%) β†’ 25% error rate in matching bases β†’ detected!

⚠️ Error Rate Mathematics
Calculating QBER (Quantum Bit Error Rate):
β€’ Eve measures in wrong basis: 50% of time
β€’ When Eve wrong + Bob matches Alice's basis:
β†’ Bob gets random result β†’ 50% error
β€’ Overall error rate: 0.5 Γ— 0.5 = 25%
QBER = 25% reveals intercept-resend attack!
Security thresholds:
β€’ QBER β‰ˆ 0%: No eavesdropper βœ“
β€’ QBER = 1-3%: Detector noise, tolerable βœ“
β€’ QBER > 11%: Security compromised ❌
β€’ QBER = 25%: Intercept-resend attack detected ❌
🎯 Why Eve Can't Avoid Detection

Could Eve use more sophisticated attacks? Quantum mechanics says no:

Q: Can Eve measure without disturbing?
A: No. Heisenberg uncertainty: Measuring H/V vs D+/D- are incompatible. Perfect measurement in one basis β†’ complete randomness in other.
Q: Can Eve clone the photon and measure later?
A: No. No-cloning theorem forbids copying unknown quantum states. Can't make backup to measure in all bases.
Q: Can Eve entangle with photon without measuring?
A: Possible, but... Entanglement creates correlations that still show up as errors during error checking. Still detected!
Q: Can Eve intercept only some photons?
A: Yes, but... She gets partial info (e.g., 10% of bits) and introduces proportional errors (2.5% QBER for 10% intercept). Alice/Bob detect via statistical tests.

Advanced Attacks and Countermeasures

πŸ”§ Photon Number Splitting (PNS) Attack

Real single-photon sources sometimes emit multi-photon pulses (e.g., 2 photons instead of 1). Eve can:

1. Block all single-photon pulses (Bob expects some loss)
2. For multi-photon pulses: steal one photon, send others to Bob
3. Store stolen photons until bases announced
4. Measure in correct basis β†’ get bits without introducing errors!
Countermeasure: Decoy states (Lo-Chau-Mayers 2005). Alice randomly varies intensity. Eve's attack changes statistics β†’ detected! Modern QKD all uses decoy states.
πŸ’‰ Trojan Horse Attack

Eve sends bright laser pulses into Alice's or Bob's equipment, hoping to probe internal states or create side channels.

Countermeasure: Optical isolators (one-way valves for light) prevent backflow. Monitor for unexpected light entering equipment.
πŸŽ›οΈ Detector Blinding

Eve sends bright continuous light to saturate Bob's detectors, then controls when they click β†’ defeats quantum randomness!

Countermeasure: Measurement-device-independent QKD (MDI-QKD). Bob's detectors untrustedβ€”security proven even if Eve controls them! Based on entanglement swapping.
πŸ›‘οΈ
The Security Proof Guarantee

BB84's security has been mathematically proven against any attack allowed by quantum mechanics (Mayers 2001, Shor-Preskill 2000, Lo-Chau 1999). The proofs are composableβ€”security holds even if Eve has unlimited memory, computational power, and advanced quantum technology. The QBER threshold (11% for BB84) is a hard limit imposed by physics, not engineering. If QBER < 11%, Alice and Bob can extract a secure key via privacy amplification (hashing to remove partial info Eve might have). The 11% comes from information theory: above this, Eve's information about the key exceeds Alice-Bob's shared information β†’ no secret key possible. This isn't breakable by "better math"β€”it's a fundamental bound from quantum information theory. Real systems aim for QBER < 3% to provide comfortable security margin. The beauty of QKD: security is quantifiable and verifiable via error rates!

πŸ•΅οΈ Interactive: Add an Eavesdropper

Eavesdropper (Eve) Present
βœ… Channel is secure
Security Status: ❓ UNKNOWN
0 errors detected in 0 matching bases
0.0%
QBER
πŸ’‘ Security Threshold: QBER above 11% indicates eavesdropping. Alice and Bob abort the protocol and try again on a new channel.

πŸ”— Interactive: Entanglement-Based QKD

The E91 protocol uses entangled photon pairs. Bell inequality violations prove the entanglement is genuine and not being simulated by an eavesdropper.

βœ“ Excellent
Bell Inequality
4.00
S parameter
Classical Limit
2.00
max classical
Quantum Max
2.83
Tsirelson bound
βœ… Bell inequality violated! Entanglement is genuine and secure.

πŸ“ The Distance Problem: Why QKD Range Is Limited

Photon Loss: The Fundamental Challenge

Unlike classical signals that can be amplified, single photons cannot be amplified without measuring (destroying quantum state). This limits QKD range.

❌ Why Classical Repeaters Don't Work

Classical networks use repeaters: detect signal, amplify, retransmit. Why can't we do this for quantum?

β€’ Detection = Measurement: Measuring photon collapses superposition
β€’ No-cloning: Can't copy quantum state to amplify
β€’ Uncertainty: Can't measure polarization in all bases simultaneously
Result: Classical repeater = eavesdropper! Defeats security.
πŸ“‰ Exponential Photon Loss in Fiber
Attenuation in optical fiber (1550 nm):
Loss rate: ~0.2 dB/km
10 km: 10^(-0.2Γ—10/10) = 40% photons survive
50 km: 10^(-0.2Γ—50/10) = 1% photons survive
100 km: 10^(-0.2Γ—100/10) = 0.01% photons survive
300 km: Only ~10^-6 photons survive!

Key rate impact: Exponential loss β†’ exponential drop in key rate. Practical limit: ~300 km in fiber without repeaters.

☁️ Free-Space and Satellite QKD

In free space (air/vacuum), photons travel farther but face atmospheric turbulence and beam divergence.

Ground-to-ground: ~10-50 km (weather dependent)
Limited by fog, rain, turbulence. Needs clear line of sight.
Satellite-to-ground: ~1000+ km effective range
Photons pass through atmosphere briefly (last 10 km). China's Micius satellite (2016) demonstrated 1200 km QKD.
Satellite-to-satellite: Unlimited in vacuum
No atmospheric loss. Future backbone for global quantum internet.

Solutions: Quantum Repeaters and Trusted Nodes

πŸ”— Quantum Repeaters (Future)

Use quantum memory and entanglement swapping to extend range without measuring photons directly.

How it works:
1. Create entangled pairs at repeater stations
2. Store entanglement in quantum memory (seconds to minutes)
3. Perform Bell measurement to swap entanglement
4. Extend entanglement across multiple hops

Status: Research phase. Challenges: long-coherence quantum memory, high-fidelity operations. Timeline: 2030s for practical deployment.

πŸ” Trusted Node Networks (Current)

Break long distance into short QKD links with intermediate trusted nodes that measure, decrypt, and re-encrypt.

Example: A β†’ N₁ β†’ Nβ‚‚ β†’ B
β€’ QKD link Aβ†’N₁ (50 km): Key K₁
β€’ QKD link N₁→Nβ‚‚ (50 km): Key Kβ‚‚
β€’ QKD link Nβ‚‚β†’B (50 km): Key K₃
β€’ Total: 150 km coverage via 3 short links

Security caveat: Nodes must be physically secured (e.g., in locked facilities). Compromise of any node breaks security. Not truly end-to-end secure, but practical for current deployments.

🌐
Building the Quantum Internet

Current QKD networks use trusted nodes for metropolitan and regional coverage (e.g., China's 2000+ km Beijing-Shanghai network, Europe's OpenQKD testbeds). Satellite QKD bridges continentsβ€”China's Micius satellite connects Beijing, Vienna, and has demonstrated intercontinental key distribution. The long-term vision: quantum repeaters enable true end-to-end entanglement distribution without trusted intermediaries, allowing quantum internet for ultra-secure communication, distributed quantum computing, and quantum sensing networks. Distance limitations are being overcome through hybrid architectures: fiber for metro, satellite for long-haul, quantum repeaters for future continental backbone. Key rates improve with better detectors (superconducting nanowires achieve 90%+ efficiency), wavelength multiplexing (multiple channels in same fiber), and higher rep rates. The goal: Mbps key rates at 100+ km by 2030.

πŸ“ Interactive: Distance Challenge

100,000 bits/sec
0 km100 km300 km
Key Generation Rate:
100.0
Kbps
βœ… Metropolitan (0-50 km)
Fiber optic: High key rates, commercially viable
⚠️ Long Distance (50-150 km)
Requires trusted nodes or quantum repeaters
❌ Ultra Long (150+ km)
Satellite QKD or future quantum repeaters needed

4. Real-World Implementation

🌍 Interactive: Application Scenarios

🏦
Commercial
Banking & Finance
Secure interbank communications and transaction verification
Example: JPMorgan, HSBC quantum networks
πŸ›οΈ
Active
Government & Defense
Military communications and classified data transmission
Example: Chinese quantum satellite Micius
☁️
Pilot
Cloud Data Centers
Securing data center interconnections and backup transfers
Example: Google, Amazon quantum links
πŸ₯
Research
Healthcare
Patient data privacy and hospital network security
Example: Medical records protection

βš–οΈ Interactive: QKD vs Classical Cryptography

FeatureQuantum (QKD)Classical (RSA, AES)
Security Basisβœ… Laws of physics⚠️ Computational hardness
Quantum Computer Threatβœ… Immune❌ Vulnerable (Shor's algorithm)
Eavesdropping Detectionβœ… Guaranteed❌ Undetectable
Key Distribution⚠️ Requires special hardwareβœ… Software-based
Distance⚠️ Limited (~300 km)βœ… Unlimited
Cost⚠️ High (specialized equipment)βœ… Low (standard hardware)

πŸš€ Interactive: Quantum Internet Timeline

2024-2025
Metropolitan Networks
Current
City-scale QKD networks operational in major hubs
100%
2025-2030
Quantum Repeaters
Development
First-generation repeaters extend range to 1000+ km
40%
2030-2035
Continental Networks
Planned
Intercontinental quantum communication via satellites
15%
2035-2040
Global Quantum Internet
Vision
Worldwide quantum network with full entanglement distribution
5%

5. Key Takeaways

πŸ”

Physics-Based Security

Quantum cryptography's security comes from fundamental physics, not computational assumptions. Even infinitely powerful computers cannot break it without being detected.

πŸ•΅οΈ

Guaranteed Detection

The no-cloning theorem ensures eavesdroppers cannot copy quantum states. Any measurement attempt disturbs the system and reveals their presence through increased error rates.

πŸ“‘

BB84 Protocol

The BB84 protocol uses random bases to encode bits in photon polarization. Only matching bases contribute to the final key, providing built-in authentication.

πŸ”—

Entanglement Power

E91 uses entangled pairs and Bell inequality tests to verify security. Violations of Bell inequalities prove the quantum correlations are genuine and untapped.

πŸ“

Distance Limitations

Photon loss in fiber limits QKD to ~300 km. Quantum repeaters and satellite links are being developed to extend range for a global quantum internet.

🌐

Commercial Reality

QKD networks are already operational for banking, government, and enterprise use. Metropolitan-scale deployments are growing, with continental networks on the horizon.