Quantum cryptography describes the use of quantum mechanical effects (in particular quantum communication and quantum computation) to perform cryptographic tasks or to break cryptographic systems. <\/p>\n
Well-known examples of quantum cryptography are the use of quantum communication to exchange a key securely (quantum key distribution) and the hypothetical use of quantum computers that would allow the breaking of various popular public-key encryption and signature schemes (e.g., RSA and ElGamal). <\/p>\n
The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication (see below for examples). For example, quantum mechanics guarantees that measuring quantum data disturbs that data; this can be used to detect eavesdropping in quantum key distribution. <\/p>\n
Quantum cryptography was proposed first by Stephen Wiesner, then at Columbia University in New York, who, in the early 1970s, introduced the concept of quantum conjugate coding. His seminal paper titled \"Conjugate Coding\" was rejected by IEEE Information Theory but was eventually published in 1983 in SIGACT News (15:1 pp.7888, 1983). In this paper he showed how to store or transmit two messages by encoding them in two \"conjugate observables\", such as linear and circular polarization of light, so that either, but not both, of which may be received and decoded. He illustrated his idea with a design of unforgeable bank notes. In 1984, building upon this work, Charles H. Bennett, of the IBM Thomas J. Watson Research Center, and Gilles Brassard, of the Universit de Montral, proposed a method for secure communication based on Wiesners \"conjugate observables\", which is now called BB84.[1] In 1990 Artur Ekert developed a different approach to quantum key distribution based on peculiar quantum correlations known as quantum entanglement.[2] <\/p>\n
Random rotations of the polarization by both parties (usually called Alice and Bob) have been proposed in Kak's three-stage quantum cryptography protocol.[3] In principle, this method can be used for continuous, unbreakable encryption of data if single photons are used.[4] The basic polarization rotation scheme has been implemented.[5] <\/p>\n
The BB84 method is at the basis of quantum key distribution methods. Companies that manufacture quantum cryptography systems include MagiQ Technologies, Inc. of Boston, ID Quantique of Geneva, Switzerland, QuintessenceLabs (Canberra, Australia) and SeQureNet (Paris). <\/p>\n
The most well known and developed application of quantum cryptography is quantum key distribution (QKD), which is the process of using quantum communication to establish a shared key between two parties without a third party (Eve) learning anything about that key, even if Eve can eavesdrop on all communication between Alice and Bob. This is achieved by Alice encoding the bits of the key as quantum data and sending them to Bob; if Eve tries to learn these bits, the messages will be disturbed and Alice and Bob will notice. The key is then typically used for encrypted communication using classical techniques. For instance, the exchanged key could be used as the seed of the same random number generator both by Alice and Bob. <\/p>\n
The security of QKD can be proven mathematically without imposing any restrictions on the abilities of an eavesdropper, something not possible with classical key distribution. This is usually described as \"unconditional security\", although there are some minimal assumptions required including that the laws of quantum mechanics apply and that Alice and Bob are able to authenticate each other, i.e. Eve should not be able to impersonate Alice or Bob as otherwise a man-in-the-middle attack would be possible. <\/p>\n
Following the discovery of quantum key distribution and its unconditional security, researchers tried to achieve other cryptographic tasks with unconditional security. One such task was commitment. A commitment scheme allows a party Alice to fix a certain value (to \"commit\") in such a way that Alice cannot change that value while at the same time ensuring that the recipient Bob cannot learn anything about that value until Alice decides to reveal it. Such commitment schemes are commonly used in cryptographic protocols. In the quantum setting, they would be particularly useful: Crpeau and Kilian showed that from a commitment and a quantum channel, one can construct an unconditionally secure protocol for performing so-called oblivious transfer.[6]Oblivious transfer, on the other hand, had been shown by Kilian to allow implementation of almost any distributed computation in a secure way (so-called secure multi-party computation).[7] (Notice that here we are a bit imprecise: The results by Crpeau and Kilian[6] and Kilian[7] together do not directly imply that given a commitment and a quantum channel one can perform secure multi-party computation. This is because the results do not guarantee \"composability\", that is, when plugging them together, one might lose security. Later works showed, however, how composability can be ensured in this setting.) <\/p>\n
Unfortunately, early quantum commitment protocols[8] were shown to be flawed. In fact, Mayers showed that (unconditionally secure) quantum commitment is impossible: a computationally unlimited attacker can break any quantum commitment protocol.[9] <\/p>\n
<\/p>\n