Share this article:

Challenges of implementing quantum key distribution

By Thomas Cox, Trainee Patent Attorney and Phil Davies, Partner

Previously we discussed quantum key distribution (QKD), a form of quantum cryptography that relies on the inviolability of the laws of physics for its security, and outlined the BB84 protocol for transmitting a secret key between two parties, Alice and Bob, using the polarization of photons. We also highlighted advantages of QKD over traditional RSA encryption, including that the development of quantum computers pose no threat to the underlying security of QKD and that QKD enables Alice and Bob to detect the presence of an eavesdropper.

In this article, we explore some of the difficulties and challenges of trying to implement QKD into a real network.

Get in touchCorporate headshot of Phil DaviesCorporate headshot of Thomas Cox

Thomas Cox | thomascox@hlk-ip.com

Phil Davies | pdavies@hlk-ip.com 

QKD is theoretically completely secure, as it is impossible to violate the laws of physics on which the security of QKD relies. However, in practice there are several issues that result in QKD being unable to guarantee complete security.

Man-in-the-middle attack

What is the problem?

QKD is susceptible to a man-in-the-middle attack, where an attacker (called Mallory) simultaneously pretends to be Bob to Alice and pretends to be Alice to Bob1. Mallory essentially inserts himself in the channel between Alice and Bob with neither aware that they are no longer communicating with the intended recipients of the message. Mallory would then use the QKD protocol used by Alice and Bob to separately establish different keys with each of Alice and Bob.

Therefore, a man-in-the-middle attack allows Mallory to relay messages between Alice and Bob to make them believe that they are directly talking to each other without Mallory being present. Additionally, Mallory may intercept the messages and then replace them with false messages.

Is there a solution?

QKD cannot be used to prevent such an attack. Instead, Alice and Bob must authenticate each other first, such as by using a mutually trusted certificate authority.

However, a man-in-the-middle attack is a problem that is not unique to QKD. Such attacks are generally possible against any communication that involves Alice and Bob sharing a public key to encrypt their message. Hence, the man-in-the-middle attack also affects non-quantum cryptography, including RSA encryption. Authentication may also be used to evade the man-in-the-middle attack for communication using RSA encryption.

Photon number splitting (PNS) attack

What is the problem?

It is very difficult to produce equipment that can reliably produce and detect single photons1, particularly over long distances. Therefore, in practice, QKD protocols are implemented using a source that produces multiple photons at a time, wherein the multiple photons are encoded according to the same basis. For example, the source may be a laser producing a small amount of coherent light.

The consequence of Alice transmitting multiple photons instead of single photons to Bob is that Eve can separate a single photon or a small number of photons from the group of photons that are sent by Alice per bit. Eve can then measure the photon that she obtained while allowing the rest to pass on to Bob. To guarantee that she uses the correct basis when measuring the obtained photon, Eve can store the photon in a quantum memory and wait until Alice and Bob publicly share the bases they used for each photon (as they are required to do to implement the BB84 protocol)2. Therefore, Eve can measure her stored photon in the correct basis.

This process allows Eve to obtain information without disturbing the photons that are received by Bob. In the ideal implementation of QKD, where only single photons are used, this is impossible for Eve to do, as she cannot measure a single photon she intercepts without altering it, and therefore her presence would be detectable to Alice and Bob (as we outlined in the previous article).

Is there a solution?

There are some solutions to this problem:

  • Use a single photon source (which is difficult to achieve)
  • Use decoy states1: Alice randomly sends some of her laser pulses with a lower average photon number. These decoy states can be used to detect a PNS attack, as Eve has no way to tell which pulses are signal and which are decoy.

QKD over a large distance

What is the problem?

For Alice and Bob to securely share their secret key with each other in the BB84 protocol, they must transmit photons. Over short distances, this poses little issue (currently QKD has been achieved over distances further than 100km)3. However, there is a significant challenge in transmitting photons over long distances whilst maintaining their quantum states. For QKD to be effective across inter-city or global distances this challenge must be addressed.

In digital communication, information bits are transmitted as photons in an optical fibre. An advantage of optical fibres is that they provide very low loss of the transmitted light. Hence, they are effective at transmitting light over hundreds of kilometres. In an optical fibre, the intensity of the transmitted signal attenuates exponentially with the transmission distance, due to photons being scattered. For example, photons may be scattered such that they cease to be a part of the relevant bit packet or, in certain cases, such that they escape the core of the optical fibre. Photons may also backscatter. Additionally, photons may be absorbed by the fibre. As photons are required to travel a very large distance, to prevent the intensity of the transmitted signal from being too greatly reduced, optical fibres may typically be supplemented with repeaters.

A repeater acts to amplify a compensation signal and can supplement the energy lost during the carrier transmission. To do this, the repeater measures the incoming signal, copies it and then transmits the copied signal at a higher power towards its destination.

However, the classical repeaters that are used in current forms of communication cannot be applied to quantum communication. This is because the no-cloning theorem states that a quantum state cannot be copied (as discussed in a previous article). Consequently, if a classical repeater is used to boost a signal of light comprising photons with particular quantum states, such as polarization states, when the repeater measures the photon states it will destroy them.

Is there a solution?

As one possible solution to this problem, quantum repeaters are being developed, which exploit the principle of quantum entanglement.

Quantum entanglement is a phenomenon where two or more photons can interact such that the two photons are no longer independent of each other. For a pair of entangled photons, this means that a measurement performed on one of the pair of photons instantaneously affects the other photon, irrespective of the distance between the pair of photons. Hence, when a photon is entangled with another photon, the quantum state of that photon, such as its polarization, is coupled with the quantum state of the other photon.

A useful consequence of quantum entanglement is the phenomenon of quantum teleportation, which allows a quantum state of one quantum particle to be transferred to another quantum particle to which it is entangled4.

Quantum repeaters work by teleporting the quantum state of a photon from Alice to the quantum state of a photon with Bob. This is achieved through the process of entanglement swapping5:

  1. Alice entangles two photons, A and Ea, into a Bell pair (the maximally entangled state of two photons).
  2. Bob also entangles two different photons, B and Eb, into a Bell pair.
  3. Alice sends one of her photons, E­a, to a quantum repeater. Bob also sends one of his photons, E, to the quantum repeater. The quantum repeater performs a special measurement on the two photons, called a Bell measurement, such that the quantum state of E­a is teleported onto B, and resulting in qubits A and B becoming entangled.

Therefore, a quantum repeater works by accepting entangled photons from both Alice and Bob and then converts those into a photon pair entangled between Alice and Bob.

If Alice and Bob are positioned at two ends of a particular distance, and the quantum repeater is placed in the middle, the result of the entanglement swapping is to entangle two photons over twice the distance required to send each photon of the initial entangled pairs. A network of quantum repeaters could be used to chain these entanglement swaps to generate a single long-distance entanglement of Alice’s and Bob’s photons from many short-distance entanglements.

The development of quantum repeaters is not the only solution being worked on. As an example, another possible solution involves using ‘trusted’ repeater nodes in a network6. This may comprise a first node in the network, which aims to communicate with a destination node, agreeing a quantum key with an intermediate node which is a part of a path to the destination node. The intermediate node then exchanges a quantum signal with the next node in the path, which may be the target node. The intermediate node communicates with the first node using the previously established quantum key details of the quantum signal sent or received by the intermediate node. The first node then performs a key agreement step to agree a quantum key directly with the targeted node. Having established a quantum key with the current target node the method is repeated but with the next node in the network path as the target node, until the destination node is reached. The final quantum key agreed with the destination node can then be used for encrypting communication between the first node and the destination node.

Summary

Despite all the challenges associated with implementing QKD in a real network, successful implementations of the process have been achieved. In 2006, QKD was achieved using entangled photons between two of the Canary Islands (a distance of over 144km)7. In 2017, the BB84 protocol was implemented over satellite links between ground stations in China and Austria8.

As the size and complexity of quantum computers continues to increase, so too will the investment and research into ways of keeping information secure. Therefore, quantum key distribution, and other cryptographic techniques relying on the laws of quantum mechanics, may provide a new standard for protecting digital information.

In a future article, we will discuss patent trends in QKD.

Need assistance?

Reach out to our Electronic Systems & Circuits team to learn more about how we can support you.

This is for general information only and does not constitute legal advice. Should you require advice on this or any other topic then please contact hlk@hlk-ip.com or your usual HLK advisor.

Quantum Computers – why do they pose a threat to digital security?

In this article, we demystify the fundamental principles and potential applications of this ground-breaking technology.

Read the article

Quantum key distribution

We explore quantum key distribution, a form of cryptography which relies on quantum mechanics for its security and discuss some of the advantages quantum key distribution may provide over RSA.

Read the article

HLK bubble graphic HLK bubble graphic

Keep up-to-date with the latest IP insights and updates as well as upcoming webinars and seminars via HLK’s social media.