Pushing the limits

How quantum key exchange works

A laser generates a series of single photons, each in one of two polarizations: horizontal or vertical. Each one represents a single bit, 1 or 0, depending on its polarization.


As the photons travel toward a receiver, some go straight, others are tilted at a 45-degree angle.


While the receiver catches the photons, it randomly switches between orientations. If the orientation of the photon and receiver match when the photon is caught, the receiver can accurately read whether the photon represents 1 or 0.


Over a separate channel, the sender transmits to the receiver the list of orientations in which the photons were sent. The receiver matches this list against its own orientation when the photons were caught.


The sender and receiver then discard the bits that were caught in the wrong orientation and cannot be accurately read.


The remaining bits create a random list of 1s and 0s shared by the sender and receiver. The list can be used as an encryption key.


'William Jackson

NIST's Joshua Bienfang can send a laser pulse with a single photon'but only in about 10 percent of the tries.

The goal of NIST's quantum crypto research is to see how fast keys can be distributed, physicist Charles Clark says.

Henrik G. de Gyor

NIST raises the speed limit for crypto key distribution

The National Institute of Standards and Technology is using quantum physics to push the limits of cryptographic key distribution.

The quantum communications test bed has succeeded in delivering usable bits in the form of millions of individual photons per second.

'We have cleared 3.5 Mbps within current parameters,' physicist Joshua C. Bienfang said.

Those bits could be used to create secure cryptographic keys at speeds that might open the way for new applications.

The quantum system does not encrypt data, it only exchanges bits that could be used for an encryption key.

'This is not a matter of sending information, but of generating a bunch of random bits' and delivering them securely, said Charles Clark, chief of NIST's Electron and Optical Physics Division.

The transmission process involves sending individual photons'elemental particles of light'through different polarizations and orientations to represent bits. The laws of physics dictate that observing such a particle alters it, which would make eavesdropping essentially impossible.

'Detecting a photon involves its destruction,' Clark said. 'If someone tried to eavesdrop, they would induce an error rate so high that it would be noticed.'

NIST is not the first organization to exchange encryption keys by quantum physics. At least two companies, MagiQ Technologies Inc. of New York and the Swiss company id Quantique, have commercial products using the technology.

'The scheme is almost universally accepted,' Bienfang said, 'although people are starting to generate other protocols. What we are doing here is generating keys at greater speed. Our goal is to see how fast we can do key distribution.'

So far, the NIST system is doing it about 100 times faster than the commercial products.

The ability to generate large numbers of keys quickly and distribute them securely would make so-called one-time pads feasible for many new uses. And one-time pads are the most secure type of cryptography known.

A one-time pad consists of a list of random crypto keys shared by the sender and receiver. Because each key is random, instead of generated by a scheme known to both sender and receiver, 'there is no way to break a truly random one-time pad,' Clark said.

The trick is generating the keys quickly, then securely distributing copies to the sender and receiver.

'The one-time pad shifts the burden from encryption to key distribution,' Bienfang said.

NIST's quantum communications system could shoulder some of that burden. Work on the test bed began about two years ago, and it became functional this spring.
[IMGCAP(2)]
'It is free-space optical technology,' Bienfang said. A point-to-point link connects a sending mechanism on the 12th floor of the administration building on the NIST campus in Gaithersburg, Md., to a receiver in another building 730 meters away.

The link has two channels: a traditional communications channel using laser pulses to exchange information, and a quantum channel that sends and receives individual photons.

Acadia Optronics LLC of Rock-ville, Md., assisted with the system design and hardware.

The traditional communications channel uses equipment left over from the 2000 Sydney Olympics. Lining up the sender and receiver requires a computer system to compensate for sway and temperature changes.

'During the day the buildings heat up and shift up and down a bit,' Bienfang said.

Single photons

But the really tricky part is the quantum channel. 'It is essential to the quantum communications protocol that you use single photons,' Clark said. And there are no commercial products for rapidly generating and detecting single photons.

NIST's experiments use a laser whose intensity has been reduced to the point that it can emit a single photon'sometimes.

'We are actually sending one single photon out of every 10 pulses,' Bienfang said.

Clark called that way of generating single photons 'unbelievably inefficient.'

Even so, the test bed can generate the photons faster than they can be detected at the other end. The receiver can detect single photons once every 1.5 nanoseconds.

Despite those limitations, the hardware still outpaces the software.

'It has exceeded our ability to do error correction,' Bienfang said. A separate team is working on that problem.

NIST's high bit speeds are the result of better timing on the communications link. For the receiver to register the proper photon, it must know when the photon is coming. Most quantum systems use an asynchronous scheme, in which the sender notifies the receiver that a photon is on the way.

But NIST uses a synchronous method called a temporal gateway, in which photons are sent according to a schedule, and the sender and receiver are synchronized.

This requires precise timing, which fortunately already exists for Ethernet networking.

Sending and receiving a photon is not the end of the process. The bits must go through what Clark called 'a process of distillation,' involving error correction and privacy amplification by a pair of circuit boards. Out of this process, the million or more bits the NIST system each second can deliver about 140,000 sifted bits usable for a key.

Even at a rate of 140 Kbps, cryptographic keys aren't yet arriving fast enough. The researchers expect that the process, when perfected, will first be used to boost security of existing applications, such as frequent rekeying of Secure Sockets Layer sessions. As speed increases, the process could even provide strong encryption for streaming media.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above