A3/Technical challenges of quantum cryptography
In the previous sections we have seen the B84 quantum cryptography protocol and how its security is founded on the principle of "no measurement without disturbance". We will now discuss the technical challenges of practical quantum cryptography.
Single photon sources
The most important technical assumption in the BB84 protocol was that Alice is able to prepare a single photon state. If the signal she sends contains more than one photon, it would be possible for Eve to divide the signal and measure parts of it, which would compromise the security. This is also called a “beam splitting attack”. If Eve could divide the signals, she would only need to store them until after the bases are revealed to get full information about the key. So, for the presented protocol it is of upmost importance for the security to use single photon source.
The production of reliable single photon sources is a technical challenge. For cryptography it is necessary to have a source which produces in every signal exactly one photon. It would not be sufficient to consider a source which produces one photon per pulse on average. The latter would be easy to implement: Simply take any laser and attenuate the beam until there is in average only one photon left. But the photon number laser light follows the Poisson distribution, which means that even if the source has one photon on average, there will be many pulses containing zero photons, two photons or more than two photons. This means that attenuated sources are not suitable for BB84.
With the BB84 we have only considered the most simple (one could also say the most pure) form of protocol. There are more evolved schemes that also work with attenuated sources, like the class of so called decoy state protocols. Here, Alice uses attenuated sources at different levels of attenuation, which help Alice and Bob to guard against beam splitting attacks.
Single photon detectors
Another challenge to implement the BB84 (or similar protocols) is to have reliable detectors at the single photon level. Bob’s ideal detector was capable of detecting any single photon from Alice with certainty. Practical detectors usually come with a trade-off here: the more likely a single photon detection, the more likely also a dark count (i.e. a click without incident photon) becomes. A typical value for the detection efficiency per single photon today would be around 20%, where high efficient detector reach 40%.
A different strategy to circumvent quantum cryptography systems is known as quantum hacking. In this scheme, Eve does not try to interact with the signal coming from Alice, but she will send additional signals to Bob, that will influence his detectors. In certain realisations, Eve is capable of temporarily blinding some of Bob’s detectors. Depending on the concrete implementation this can give her a loophole to basically control Bob’s basis choice. Current implementations of quantum cryptography have to be thoroughly checked for such hacking possibilities.
And we stress again, that there are still side channels possible apart from quantum physics. If Eve would for instance be able to read Bob’s power consumption and infer from this, at which time he changes his basis, she could use this information to trick him. These problems are also present in any classical cryptography system, but quantum cryptography still needs to go some distance to connect the mathematical proofs of security with reliable implementations.